I have been reading about the ani exploit all week and wondering whether everyone is ignoring 98/MEers like me or does this exploit truely NOT affect Windows 98/ME. There are 70 million 98/ME users worldwide and we are being ignored.

eEye digital has a 0-day patch which is self-removing upon installing MS’s patch if/when it comes;
http://research.eeye.com/html/alerts/zeroday/20070328.html

Mark, 98/ME are no longer supported by Microsoft as they have reached their “End Of Life.” They are vulnerable to this and MANY other exploits and it’s not recommended that they continue to be used whatsoever.

Recent Auto security updates for my aging Xp-Sp2 have been crippling my system with huge memory demands.
It may not be a conspiracy to force every machine to upgrade to Vista, but it sure seems to have the same effect.
Why are there more security updates per week now that Microsoft has determined that Xp is a system that no longer needs any support?

God I am glad I run Linux and can sit back and not worry about this crap. Now I wish my company did. Would have saved my team from putting in a ridiculous amount of time cleaning up a major virus problem this week. Not to mention saved the business impact.

Seriously, MS can’t even make a damned animated cursor that isn’t secure?

I’m going to make a car that runs on special fuel with special parts, then the next year stop making any fuel or parts for it. I’ll say the car reached it’s “end of life” and everything will be okay with me doing that, right usrbingeek?

Nobody is expecting Micros~1 to fully support old operating systems. A great many people DO expect them to patch the major vulnerabilities in it’s spaghetti code OS line though, which includes slightly older versions.

Windows 9x may have reached the end of it’s life cycle, but if you really explore the current threats to the windows OS you will find they are aimed at XP and Vista. Rule of thumb, only upgrade your OS when it will no longer do the tasks you need, not because someone has come out with prettier bells and whistles. I run a 98 machine, a 98SE machine, and an XP machine, I keep them all clean and virii free and have no problems.

anonymous, I don’t agree or support Microsoft using the EOL excuse. I’m only stating the facts.

Personally I think its crap and that they should provide security fixes for their software AS LONG AS IT’S IN USE by any customer.

I don’t expect 98/ME support but it would be nice if they tell us whether it is vulnerable or not. Not just ignore it like no one should be using it. Microsoft didn’t publicize the fact that they had a program that would solve the daylight savings time problem with 98/ME even though it was in their archive. It toke others to publicize how to get that program. I’m just glad that root kits can’t be used against 98/ME and most cybercriminals are ignoring 98/MEer’s because we are a less than 15% minority. My 98 system does everything I need it to do and I can’t afford to upgrade the same as many other people and businesses. If Linux was as easy and intuitive to use as Windows I would have changed by now.

Mark, there are rootkits in the wild for 98/ME. Most malware does still target 98/ME in addition to XP and now Vista. Don’t fool yourself into thinking that 98/ME is no longer a target. It most certainly is.

I know 98/ME is still vulnerable but everything I have read about root kits says they only target the NT/2000/XP kernel not the 98/ME kernel. Still is the ani exploit unique to the user.exe in NT/2000/XP or does it affect user.exe in 98/ME?

Mark, there are new reports that it does also affect 98/ME.

Here’s a 0-day patch that covers 98 thru vista at Zert;
http://zert.isotf.org/advisories/zert-2007-01.htm

Personally, I don’t screw around with MS update crap …a router, good software firewall and small fixes and patches such as this one and tweaks from grc.com along with common sense is all you need.

[...] Microsoft is preparing an emergency fix for the Serious Vulnerability Affects All Recent Windows Versions and hopes to have it ready for April 3, 2007. [...]

Thanks Dave. This is now the second time I have had to rely on users for the info on 98/ME. Since the big names won’t help us we will have to help ourselves. I will spread the word in my next COOLSITES newsletter. Please visit my website and check out my free newsletter at http://luem42.com Thanks again everyone. Mark Donaldson.

Microsoft Corp. will patch the Windows animated cursor vulnerability today, 4-3-7, a week early: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9015281 but when I tried their update service it would not list that patch for my 98/ME. I checked the update catalog and there wasn’t any listing for it. Any one know how to apply this update to 98/ME. Just another example of Microsoft’s OS discrimination against 70 million 98/ME users worldwide. Maybe we should start a class action lawsuit. Mark.

Zert has a webpage containing a benign version of the ani exploit that will crash your system if it’s vulnerable:

http://zert.isotf.org/tests/testani.htm

I’ve tried it from a few win-98 machines and they aren’t affected by the exploit.

I don’t think win-98 has any built-in associations for .ANI files (and I don’t have any .ani files on my system). The webpage above contains xpsp2_2180.jpg and xpsp2_2622.jpg. They appear (internally) to identify themselves as “RIFF” files (Resource Interchange File Format). Those files (when uploaded to VirusTotal) are identified as various forms of ANI exploits (viral, trojan, etc) by most of the AV software at VT.

If an OS doesn’t have any built-in association for .ani (or .riff?) files, then I can’t see how the exploit can work.

Keep in mind that MS has often (in the past) lumped Win-9x into lists of OS’s that were vulnerable to this or that exploit when in fact they weren’t.

I tried the Zert page Monday and it said that I may still be vulnerable even if the browser didn’t crash.

There is conflicting info here.

We need definitive info here. Are 98/ME systems vulnerable or not?

Read more about this on the usenet newsgroup:

microsoft.public.win98.gen_discussion

Subject: Windows 9x and the ANI (animated cursor) vulnerability

Dear 98 Guy:
Googled that usenet newsgroup: microsoft.public.win98.gen_discussion but can’t find it. How about providing a link to it please. Mark.