Re: What's the deal with MS05-002 (KB891711.EXE) and Windows 98? [Archive]

Jack E Martinelli

03-27-05, 10:10 AM

something

I've received a request from the team that's working on the
KB891711 issue. They would like everyone in the USA who has had problems
with KB891711 to call 1-866-PCSafety (1-866-727-2338). If you can help
them with some info, they say they're close to reproducing the
problem--first step toward solving it. I have asked for, though not yet
received, assurances that callers will be taken more seriously than has
been reported thus far.

(According to at least a couple of people, when they called PSS they
were told that KB891711 wasn't a critical problem on Win98 and to just
uninstall it. KB891711 deals with a very *serious* vulnerability,
affecting pretty much all Windows systems, and anyone who can't get
patched decently should don at *least* a dozen condoms before journeying
out onto the internet.)

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

--
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm

http://www.microsoft.com/athome/security/protect/default.aspx
In Memorium: Alex Nichol
http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx
Your cooperation is very appreciated.
------
"98 Guy" <98@Guy.com> wrote in message news:42330B5D.1F0A641A@Guy.com...
>
> If you don't know what I'm talking about, look here:
>
> http://www.microsoft.com/technet/security/Bulletin/MS05-002.mspx
>
> If you're running Win 98, and have recently (within the past week)
> gone to Windows Updates and updated your computer, you almost
> certainly now have the file "KB891711.EXE" running in the background.
> It is set to run automatically at startup. First time any such update
> or security patch has been configured to operate (instead of simply
> replacing an existing file).
>
> Even though Micro$loth sez that MS05-002 (KB891711.EXE) is critical
> for Win-98, I've read where some (many) people are simply deactivating
> it (via msconfig).
>
> Does anyone really know the truth regarding Win-98 and KB891711.EXE?
>
> Is there anything special about it (like running it in safe mode to
> properly install it) ?
>
> Is it really needed? (for win-98) ?
>
> Is Win-98 really vulnerable to MS05-002 ???

Gary S. Terhune

03-27-05, 10:11 AM

something

Again, according to at least one person who's tried this latest number,
the right hand still doesn't know what the left hand is doing at MS. An
honest to God SNAFU. Unless you are stout of heart, I now recommend
holding off on those calls until I get *real* assurances.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"Jack E Martinelli" <jemartin_DELETE@NO_SPAM_gis.net> wrote in message
news:Owz1r8VMFHA.3852@tk2msftngp13.phx.gbl...
> I've received a request from the team that's working on the
> KB891711 issue. They would like everyone in the USA who has had
problems
> with KB891711 to call 1-866-PCSafety (1-866-727-2338). If you can help
> them with some info, they say they're close to reproducing the
> problem--first step toward solving it. I have asked for, though not
yet
> received, assurances that callers will be taken more seriously than
has
> been reported thus far.
>
> (According to at least a couple of people, when they called PSS they
> were told that KB891711 wasn't a critical problem on Win98 and to just
> uninstall it. KB891711 deals with a very *serious* vulnerability,
> affecting pretty much all Windows systems, and anyone who can't get
> patched decently should don at *least* a dozen condoms before
journeying
> out onto the internet.)
>
> --
> Gary S. Terhune
> MS MVP Shell/User
> http://www.grystmill.com/articles/cleanboot.htm
> http://www.grystmill.com/articles/security.htm
>
>
> --
> Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
> Help us help you: http://www.dts-L.org/goodpost.htm
>
> http://www.microsoft.com/athome/security/protect/default.aspx
> In Memorium: Alex Nichol
> http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx
> Your cooperation is very appreciated.
> ------
> "98 Guy" <98@Guy.com> wrote in message
news:42330B5D.1F0A641A@Guy.com...
background.[vbcol=seagreen]
update[vbcol=seagreen]
deactivating[vbcol=seagreen]
>
>

Bill in Co.

03-27-05, 10:11 AM

something

To warn people of the possible pitfalls of just blinding subscribing to the
"I need to get an update!" mantra.

Gary S. Terhune wrote:[vbcol=seagreen]
> So, your purpose in participating in this thread is......?
>
> --
> Gary S. Terhune
> MS MVP Shell/User
> http://www.grystmill.com/articles/cleanboot.htm
> http://www.grystmill.com/articles/security.htm
>
> "Bill in Co." <someone@earthlink.net> wrote in message
> news:OBIUs6QMFHA.2136@TK2MSFTNGP14.phx.gbl...
to[vbcol=seagreen]
update[vbcol=seagreen]
work[vbcol=seagreen]
yet....maybe[vbcol=seagreen]
The[vbcol=seagreen]
with[vbcol=seagreen]
<snipped for some brevity>

cquirke (MVP Windows shell/user)

03-27-05, 10:11 AM

something

On Thu, 24 Mar 2005 21:50:26 -0700, "Bill in Co."

>I can tell you this much, everything is working over here, including the
>troubleshooters!

>Well, except for that stupid file copy/delete problem in copying a large
>number of files in Windows Explorer (with IE 6 and Win98SE) - but that's
>been fixed by swapping those two DLL files.

More on that, please? Which two .DLL files?

>---------- ----- ---- --- -- - - - -
Gone to bloggery: http://cquirke.blogspot.com
>---------- ----- ---- --- -- - - - -

cquirke (MVP Windows shell/user)

03-27-05, 10:11 AM

something

On Fri, 25 Mar 2005 00:05:40 -0500, "PCR" <pcrrcp@netzero.net> wrote:

>Also, I'm sure, some of the security "flaws" MS are always fixing
>don't need a virus to cause harm, but just a malicious WEB site.

Read between the lines - for "web site", usually that means HTML, and
that can include unsolicited email "message text".

>---------- ----- ---- --- -- - - - -
Gone to bloggery: http://cquirke.blogspot.com
>---------- ----- ---- --- -- - - - -

PCR

03-27-05, 10:11 AM

something

Much as I hate to come to his defense, I suspect, if Terhune were
blindly doing anything, he'd 'a' fallen into an earthquake by now!

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Bill in Co." <someone@earthlink.net> wrote in message
news:%23cCQ6vWMFHA.2736@TK2MSFTNGP09.phx.gbl...
| To warn people of the possible pitfalls of just blinding subscribing
to the
| "I need to get an update!" mantra.
|
| Gary S. Terhune wrote:
| > So, your purpose in participating in this thread is......?
| >
| > --
| > Gary S. Terhune
| > MS MVP Shell/User
| > http://www.grystmill.com/articles/cleanboot.htm
| > http://www.grystmill.com/articles/security.htm
| >
| > "Bill in Co." <someone@earthlink.net> wrote in message
| > news:OBIUs6QMFHA.2136@TK2MSFTNGP14.phx.gbl...
| >> I'm computer savvy enough to know I'm done with those updates.
(YMMV).
| >> I've learned my lessons the hard way. That's my story, and I'm
stickin
| to
| >> it - well, at least for the most part, anyway!
| >>
| >> Gary S. Terhune wrote:
| >>> I didn't mean that to sound as harsh as it looks. I fully
understand why
| >>> people can't or don't want to repro the issue and/or waste more
time on
| >>> the problem, particularly those who aren't familiar with the joys
of
| >>> deliberately hacking their own systems, <eg>. Only, it would
certainly
| >>> help if those who have experienced the problem could give more
feedback
| >>> to the people who are now in charge of fixing it. Particularly
those
| >>> folks who are especially computer savvy.
| >>>
| >>> --
| >>> Gary S. Terhune
| >>> MS MVP Shell/User
| >>> http://www.grystmill.com/articles/cleanboot.htm
| >>> http://www.grystmill.com/articles/security.htm
| >>>
| >>> "glee" <glee29@spamindspring.com> wrote in message
| >>> news:e$tm5IPMFHA.4044@TK2MSFTNGP12.phx.gbl...
| >>>> Unfortunately, the machines I saw the problems on were at work,
the
| update
| >>>> was removed right away, and I can't put it back on to test, as it
is a
| work
| >>>> computer and I cannot "test" on those.
| >>>>
| >>>> I have not been able to repro the problem on another machine
| yet....maybe
| >>>> this weekend I can try on some old machines here at home.
| >>>> --
| >>>> Glen Ventura, MS MVP Shell/User, A+
| >>>> http://dts-l.org/goodpost.htm
| >>>>
| >>>> "Gary S. Terhune" <grystnews@mvps.org> wrote in message
| >>>> news:ORZGYJMMFHA.2384@tk2msftngp13.phx.gbl...
| >>>>> Just read the Win98.Gen_Discussion group, or the
WindowsME.General
| >>>>> group, and you'll see several examples of KB891711 causing
BSODs.
| >>>>> Believe me, there *is* a problem, and MS *is* working on a
solution.
| The
| >>>>> biggest problem we have, now, is most people who are having
trouble
| with
| >>>>> KB891711 don't seem to be willing to perform some rather simple
tests
| >>>>> and return the results.
| >>>>>
| >>>>> --
| >>>>> Gary S. Terhune
| >>>>> MS MVP Shell/User
| >>>>> http://www.grystmill.com/articles/cleanboot.htm
| >>>>> http://www.grystmill.com/articles/security.htm
| >>>>>
| <snipped for some brevity>
|
|

Bill in Co.

03-27-05, 10:11 AM

something

cquirke (MVP Windows shell/user) wrote:
> On Thu, 24 Mar 2005 21:50:26 -0700, "Bill in Co."
>
>
>
> More on that, please? Which two .DLL files?

browseui.dll
browselc.dll

If you swap these two with the older IE 5.5 versions, that problem goes
away. But be sure to put the newer IE6 ones in \program files\intenet
explorer

You'll (obviously) have to do some of this in DOS, since the files are used
by windows.

Here is the reference article:
http://www.frankprovo.com/win98ie6filesproblem.htm
[vbcol=seagreen]
>
> Gone to bloggery: http://cquirke.blogspot.com

Bill in Co.

03-27-05, 10:11 AM

something

I didn't say it with disrespect, but just as a cautionary measure. And I
think we are all entitled to have our own opinions.

I don't think there is one "right" answer for everyone in all situations -
that's all.

PCR wrote:[vbcol=seagreen]
> Much as I hate to come to his defense, I suspect, if Terhune were
> blindly doing anything, he'd 'a' fallen into an earthquake by now!
>
> --
> Thanks or Good Luck,
> There may be humor in this post, and,
> Naturally, you will not sue,
> should things get worse after this,
> PCR
> pcrrcp@netzero.net
> "Bill in Co." <someone@earthlink.net> wrote in message
> news:%23cCQ6vWMFHA.2736@TK2MSFTNGP09.phx.gbl...
the[vbcol=seagreen]
stickin[vbcol=seagreen]
why[vbcol=seagreen]
on[vbcol=seagreen]
feedback[vbcol=seagreen]
it[vbcol=seagreen]
yet....maybe[vbcol=seagreen]
The[vbcol=seagreen]
with[vbcol=seagreen]
tests[vbcol=seagreen]

cquirke (MVP Windows shell/user)

03-27-05, 10:11 AM

something

On Fri, 25 Mar 2005 00:42:47 -0500, "PCR" <pcrrcp@netzero.net> wrote:

>I would go for my full system backup in that circumstance. Although I've
>created a ton of partitions now, still I'm not that complex to restore.
>Good for you, though, to beat them in hand to hand combat, Colorado.

(referring to "difficult" malware)

At a basic theory level, the concept of "backup" is inherently broken:
- retain all wanted changes
- lose all unwanted changes

On what magical basis is "backup" supposed to separate these, before
you know what these unwanted changes are?

The answer is, dividing content by scope, so as to include all wanted
changes and exclude all unwanted changes. The classic scope is that
universal X-axis; time. You make your full system backup before
unwanted changes occur, and before you create further wanted changes.

Then when you have a problem, you restore that backup, losing no
wanted changes but losing all unwanted changes.

That's how I use SR (System Restore) when I'm about to do something I
know is risky, such as upgrade a Windows subsystem like DirectX when I
don't trust it will have a clean and effective uninstaller.

But it is the nature of malware to confound time-scoped backups. The
malware typically arrives without drawing attention to itself, is
incorporated into your full system backups, and only later (after
creating many wanted changes) do you realize you have a problem.

How does your "full system backup" magically fix that?

>---------- ----- ---- --- -- - - - -
Gone to bloggery: http://cquirke.blogspot.com
>---------- ----- ---- --- -- - - - -

Rick Chauvin

03-27-05, 10:11 AM

something

cquirke (MVP Windows shell/user) wrote:

> More on that, please? Which two .DLL files?

cquirke, if you can find a way to solve this problem without having to swap
to the old 5.5 dlls and what that means, you will be W9x's official grand
hero! :) <vbg>

The problem is real and is a royal p.i.t.a ..I get around it by holding the
Shift key when I want to delete anything out of the ordinary - and that seems
to keep me out of the problem, but I would really like to get this fixed
correctly once and for all !

I've seen the work you did with the TS-BATS setup you made for parallel
installs and what that represented in know-how for you to do that, and other
things, and so I'm complementing you forward to see if you can resolves this
issue for us too.

Rick

PCR

03-27-05, 10:11 AM

something

OK. But I'm thinking a WEB site can get one infected or otherwise be
malicious in a many ways.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"cquirke (MVP Windows shell/user)" <cquirkenews@nospam.mvps.org> wrote
in message news:mcp841hvuh3bmq3m5nk9gbh6sd5n80srfm@4ax.com...
| On Fri, 25 Mar 2005 00:05:40 -0500, "PCR" <pcrrcp@netzero.net> wrote:
|
| >Also, I'm sure, some of the security "flaws" MS are always fixing
| >don't need a virus to cause harm, but just a malicious WEB site.
|
| Read between the lines - for "web site", usually that means HTML, and
| that can include unsolicited email "message text".
|
|
|
| >---------- ----- ---- --- -- - - - -
| Gone to bloggery: http://cquirke.blogspot.com
| >---------- ----- ---- --- -- - - - -

Bill in Co.

03-27-05, 10:11 AM

something

But the issue has been effectively resolved, for all "practical purposes",
by swapping those two DLL files (IMO). Works GREAT over here!

Rick Chauvin wrote:
> cquirke (MVP Windows shell/user) wrote:
>
>
> cquirke, if you can find a way to solve this problem without having to
swap
> to the old 5.5 dlls and what that means, you will be W9x's official grand
> hero! :) <vbg>
>
> The problem is real and is a royal p.i.t.a ..I get around it by holding
the
> Shift key when I want to delete anything out of the ordinary - and that
seems
> to keep me out of the problem, but I would really like to get this fixed
> correctly once and for all !
>
> I've seen the work you did with the TS-BATS setup you made for parallel
> installs and what that represented in know-how for you to do that, and
other
> things, and so I'm complementing you forward to see if you can resolves
this
> issue for us too.
>
> Rick

PCR

03-27-05, 10:11 AM

something

You are right; timing is everything, & a good virus scan before doing
the backup could also be helpful, if not infallible. I suppose the best
protection would be to keep a bootable partition totally off of the NET,
but that can't be an easy option for everyone. Also, it, too, wouldn't
be infallible.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"cquirke (MVP Windows shell/user)" <cquirkenews@nospam.mvps.org> wrote
in message news:46s841trd25uq54qk5l6buat04rp90q37m@4ax.com...
| On Fri, 25 Mar 2005 00:42:47 -0500, "PCR" <pcrrcp@netzero.net> wrote:
|
| >I would go for my full system backup in that circumstance. Although
I've
| >created a ton of partitions now, still I'm not that complex to
restore.
| >Good for you, though, to beat them in hand to hand combat, Colorado.
|
| (referring to "difficult" malware)
|
| At a basic theory level, the concept of "backup" is inherently broken:
| - retain all wanted changes
| - lose all unwanted changes
|
| On what magical basis is "backup" supposed to separate these, before
| you know what these unwanted changes are?
|
| The answer is, dividing content by scope, so as to include all wanted
| changes and exclude all unwanted changes. The classic scope is that
| universal X-axis; time. You make your full system backup before
| unwanted changes occur, and before you create further wanted changes.
|
| Then when you have a problem, you restore that backup, losing no
| wanted changes but losing all unwanted changes.
|
| That's how I use SR (System Restore) when I'm about to do something I
| know is risky, such as upgrade a Windows subsystem like DirectX when I
| don't trust it will have a clean and effective uninstaller.
|
| But it is the nature of malware to confound time-scoped backups. The
| malware typically arrives without drawing attention to itself, is
| incorporated into your full system backups, and only later (after
| creating many wanted changes) do you realize you have a problem.
|
| How does your "full system backup" magically fix that?
|
|
|
| >---------- ----- ---- --- -- - - - -
| Gone to bloggery: http://cquirke.blogspot.com
| >---------- ----- ---- --- -- - - - -

PCR

03-27-05, 10:11 AM

something

Naturally, I, too, have only ever insulted Terhune entirely by accident.
And the day his Poodles fail to catch him by the toes toppling into an
earthquake, I will be the FIRST to write his obituary!

OK, then. Just, keep your most important stuff isolated from the NET,
then, if you don't want any updates. Don't get lazy like I did &
ultimately keep a copy of your taxes on the hard drive! OK, bye.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Bill in Co." <someone@earthlink.net> wrote in message
news:eE7PZPXMFHA.3704@TK2MSFTNGP12.phx.gbl...
| I didn't say it with disrespect, but just as a cautionary measure.
And I
| think we are all entitled to have our own opinions.
|
| I don't think there is one "right" answer for everyone in all
situations -
| that's all.
|
| PCR wrote:
| > Much as I hate to come to his defense, I suspect, if Terhune were
| > blindly doing anything, he'd 'a' fallen into an earthquake by now!
| >
| > --
| > Thanks or Good Luck,
| > There may be humor in this post, and,
| > Naturally, you will not sue,
| > should things get worse after this,
| > PCR
| > pcrrcp@netzero.net
| > "Bill in Co." <someone@earthlink.net> wrote in message
| > news:%23cCQ6vWMFHA.2736@TK2MSFTNGP09.phx.gbl...
| >> To warn people of the possible pitfalls of just blinding
subscribing to
| the
| >> "I need to get an update!" mantra.
| >>
| >> Gary S. Terhune wrote:
| >>> So, your purpose in participating in this thread is......?
| >>>
| >>> --
| >>> Gary S. Terhune
| >>> MS MVP Shell/User
| >>> http://www.grystmill.com/articles/cleanboot.htm
| >>> http://www.grystmill.com/articles/security.htm
| >>>
| >>> "Bill in Co." <someone@earthlink.net> wrote in message
| >>> news:OBIUs6QMFHA.2136@TK2MSFTNGP14.phx.gbl...
| >>>> I'm computer savvy enough to know I'm done with those updates.
(YMMV).
| >>>> I've learned my lessons the hard way. That's my story, and I'm
| stickin
| >>>> to it - well, at least for the most part, anyway!
| >>>>
| >>>> Gary S. Terhune wrote:
| >>>>> I didn't mean that to sound as harsh as it looks. I fully
understand
| why
| >>>>> people can't or don't want to repro the issue and/or waste more
time
| on
| >>>>> the problem, particularly those who aren't familiar with the
joys of
| >>>>> deliberately hacking their own systems, <eg>. Only, it would
certainly
| >>>>> help if those who have experienced the problem could give more
| feedback
| >>>>> to the people who are now in charge of fixing it. Particularly
those
| >>>>> folks who are especially computer savvy.
| >>>>>
| >>>>> --
| >>>>> Gary S. Terhune
| >>>>> MS MVP Shell/User
| >>>>> http://www.grystmill.com/articles/cleanboot.htm
| >>>>> http://www.grystmill.com/articles/security.htm
| >>>>>
| >>>>> "glee" <glee29@spamindspring.com> wrote in message
| >>>>> news:e$tm5IPMFHA.4044@TK2MSFTNGP12.phx.gbl...
| >>>>>> Unfortunately, the machines I saw the problems on were at work,
the
| >>>>>> update was removed right away, and I can't put it back on to
test, as
| it
| >>>>>> is a work computer and I cannot "test" on those.
| >>>>>>
| >>>>>> I have not been able to repro the problem on another machine
| yet....maybe
| >>>>>> this weekend I can try on some old machines here at home.
| >>>>>> --
| >>>>>> Glen Ventura, MS MVP Shell/User, A+
| >>>>>> http://dts-l.org/goodpost.htm
| >>>>>>
| >>>>>> "Gary S. Terhune" <grystnews@mvps.org> wrote in message
| >>>>>> news:ORZGYJMMFHA.2384@tk2msftngp13.phx.gbl...
| >>>>>>> Just read the Win98.Gen_Discussion group, or the
WindowsME.General
| >>>>>>> group, and you'll see several examples of KB891711 causing
BSODs.
| >>>>>>> Believe me, there *is* a problem, and MS *is* working on a
solution.
| The
| >>>>>>> biggest problem we have, now, is most people who are having
trouble
| with
| >>>>>>> KB891711 don't seem to be willing to perform some rather
simple
| tests
| >>>>>>> and return the results.
| >>>>>>>
| >>>>>>> --
| >>>>>>> Gary S. Terhune
| >>>>>>> MS MVP Shell/User
| >>>>>>> http://www.grystmill.com/articles/cleanboot.htm
| >>>>>>> http://www.grystmill.com/articles/security.htm
| >>>>>>>
| >> <snipped for some brevity>
|
|

PCR

03-27-05, 10:11 AM

something

OK! OK! OOOKKK!!!

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Gary S. Terhune" <grystnews@mvps.org> wrote in message
news:OJ6$CGWMFHA.3340@TK2MSFTNGP14.phx.gbl...
| Again, according to at least one person who's tried this latest
number,
| the right hand still doesn't know what the left hand is doing at MS.
An
| honest to God SNAFU. Unless you are stout of heart, I now recommend
| holding off on those calls until I get *real* assurances.
|
| --
| Gary S. Terhune
| MS MVP Shell/User
| http://www.grystmill.com/articles/cleanboot.htm
| http://www.grystmill.com/articles/security.htm
|
| "Jack E Martinelli" <jemartin_DELETE@NO_SPAM_gis.net> wrote in message
| news:Owz1r8VMFHA.3852@tk2msftngp13.phx.gbl...
....snip

Gary S. Terhune

03-27-05, 10:11 AM

something

The latest from MS:

"Microsoft has received reports about issues with KB891711 on Windows
98,
Windows 98 SE and Windows ME. At this point, we have been able to
confirm these reports and are currently working on a resolution.

"Please note that by uninstalling the current update, the machine will
return to a vulnerable state. At this point, we are currently not aware
of customer's being exploited by way of the vulnerability fixed in
MS05-002 on Windows 98, Windows 98 SE and Windows ME. If you need
additional assistance regarding this update, please contact +1 (866)
PCSAFETY."

I'm now assured, and fairly confident, that anyone who answers that
number will be up to speed on the issue.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"Gary S. Terhune" <grystnews@mvps.org> wrote in message
news:OJ6$CGWMFHA.3340@TK2MSFTNGP14.phx.gbl...
> Again, according to at least one person who's tried this latest
number,
> the right hand still doesn't know what the left hand is doing at MS.
An
> honest to God SNAFU. Unless you are stout of heart, I now recommend
> holding off on those calls until I get *real* assurances.
>
> --
> Gary S. Terhune
> MS MVP Shell/User
> http://www.grystmill.com/articles/cleanboot.htm
> http://www.grystmill.com/articles/security.htm
>
> "Jack E Martinelli" <jemartin_DELETE@NO_SPAM_gis.net> wrote in message
> news:Owz1r8VMFHA.3852@tk2msftngp13.phx.gbl...
> problems
help[vbcol=seagreen]
> yet
> has
just[vbcol=seagreen]
> journeying
http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx[vbcol=seagreen]
> news:42330B5D.1F0A641A@Guy.com...
> background.
> update
simply[vbcol=seagreen]
critical[vbcol=seagreen]
> deactivating
KB891711.EXE?[vbcol=seagreen]
to[vbcol=seagreen]
>

glee

03-27-05, 10:11 AM

something

Well, that's not really true, Bill. It works for you, but may or may not work for
others. On some systems it may cause problems or strange behaviours. That's a long
way from "effectively resolved for all practical purposes"
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm

"Bill in Co." <someone@earthlink.net> wrote in message
news:OVVN0TYMFHA.3328@TK2MSFTNGP14.phx.gbl...
> But the issue has been effectively resolved, for all "practical purposes",
> by swapping those two DLL files (IMO). Works GREAT over here!
>
> Rick Chauvin wrote:
> swap
> the
> seems
> other
> this
>
>

Bill in Co.

03-27-05, 10:11 AM

something

For the few that have reported in here on this issue, it has seemed to work
for them too.

glee wrote:
> Well, that's not really true, Bill. It works for you, but may or may not
> work for others. On some systems it may cause problems or strange
> behaviours. That's a long way from "effectively resolved for all
practical
> purposes" --
[vbcol=seagreen]
> Glen Ventura, MS MVP Shell/User, A+
> http://dts-l.org/goodpost.htm
>
>
> "Bill in Co." <someone@earthlink.net> wrote in message
> news:OVVN0TYMFHA.3328@TK2MSFTNGP14.phx.gbl...
purposes",[vbcol=seagreen]
grand[vbcol=seagreen]
holding[vbcol=seagreen]

glee

03-27-05, 10:11 AM

something

:-) For the few, yes......but still a long way from "effectively resolved for all
practical purposes" <s>
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm

"Bill in Co." <someone@earthlink.net> wrote in message
news:OZxHQ4bMFHA.3076@TK2MSFTNGP14.phx.gbl...
> For the few that have reported in here on this issue, it has seemed to work
> for them too.
>
> glee wrote:
> practical
>
> purposes",
> grand
> holding
>
>

Gary S. Terhune

03-27-05, 10:11 AM

something

And there's *still* no knowing what got broken by employing this "fix".

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"glee" <glee29@spamindspring.com> wrote in message
news:uv5xPgcMFHA.1156@TK2MSFTNGP09.phx.gbl...
> :-) For the few, yes......but still a long way from "effectively
resolved for all
> practical purposes" <s>
> --
> Glen Ventura, MS MVP Shell/User, A+
> http://dts-l.org/goodpost.htm
>
>
> "Bill in Co." <someone@earthlink.net> wrote in message
> news:OZxHQ4bMFHA.3076@TK2MSFTNGP14.phx.gbl...
to work[vbcol=seagreen]
may not[vbcol=seagreen]
having to[vbcol=seagreen]
official[vbcol=seagreen]
by[vbcol=seagreen]
and that[vbcol=seagreen]
this fixed[vbcol=seagreen]
parallel[vbcol=seagreen]
that, and[vbcol=seagreen]
resolves[vbcol=seagreen]
>

Rick Chauvin

03-27-05, 10:11 AM

something

Bill in Co. wrote:
> But the issue has been effectively resolved, for all "practical purposes",
> by swapping those two DLL files (IMO). Works GREAT over here!

Yes Bill we know full well your feelings about the issue, and others.
...been there done that...
Hey that reminds me of George Bindar Dundat <g> ...which I hope he is
doing well.

Bill you are probably a really big guy that no one would want to mess with in
a bar, and you have you own way and ideas about everything you do and you do
everything your own way - no matter what anyone tells you on countless
issues over the past years whether they are technically right or wrong. You
remind me of a stubborn bull in a china closet ...and over the years you buck
everything and everybody :)

Technically speaking the dll swap is a backwards hack in so many obvious
ways; however, I do totally understand and respect that you want to use it
and hey afterall I used it for 6 months myself and through that time
supported others in doing it just like you are. Yes I agree and it's
true that the way IE6 is stock with this problem is unacceptable.

I vote to get it fixed properly though so that those two dll's are inclusive
of all Numerous Updates that are Missing if swapped, no to mention any code
disconnects causing the other anomalies you will experience eventually. Yeah
Yeah I know I know, you don't care about updates anymore... Well, I do :)
If something is worth doing then it's worth doing right.

peace,
...and my post is not a putdown at you - it's just 'call it like it is' bar
talk over a few beers, and so take it in that context.

Rick

[vbcol=seagreen]
>
> Rick Chauvin wrote:

Bill in Co.

03-27-05, 10:11 AM

something

I'll let ya know when I encounter it! :-)
Speaking of "there's still no way of knowing"..., the same logic applies to
taking in some of those updates!

Gary S. Terhune wrote:[vbcol=seagreen]
> And there's *still* no knowing what got broken by employing this "fix".
>
> --
> Gary S. Terhune
> MS MVP Shell/User
> http://www.grystmill.com/articles/cleanboot.htm
> http://www.grystmill.com/articles/security.htm
>
> "glee" <glee29@spamindspring.com> wrote in message
> news:uv5xPgcMFHA.1156@TK2MSFTNGP09.phx.gbl...
resolved[vbcol=seagreen]
work[vbcol=seagreen]
not[vbcol=seagreen]
practical[vbcol=seagreen]
purposes",[vbcol=seagreen]
to[vbcol=seagreen]
official[vbcol=seagreen]
> by
that[vbcol=seagreen]
this[vbcol=seagreen]
parallel[vbcol=seagreen]
and[vbcol=seagreen]

Bill in Co.

03-27-05, 10:11 AM

something

Rick Chauvin wrote:
> Bill in Co. wrote:
purposes",[vbcol=seagreen]
>
> Yes Bill we know full well your feelings about the issue, and others.
> ..been there done that...

Not just my feeling - several others in here too.

> Hey that reminds me of George Bindar Dundat <g> ...which I hope he is
> doing well.
>
> Bill you are probably a really big guy that no one would want to mess with
in
> a bar, and you have you own way and ideas about everything you do and you
do
> everything your own way - no matter what anyone tells you on countless
> issues over the past years whether they are technically right or wrong.
You
> remind me of a stubborn bull in a china closet ...and over the years you
buck
> everything and everybody :)

Not a big guy, but a stubborn ornery one, one not easily swayed by "the
crowd".

Remember Emerson? "whoso would be a man, must be a non-conformist", and
that comes naturally for me. :-)

> Technically speaking the dll swap is a backwards hack in so many obvious
> ways; however, I do totally understand and respect that you want to use it
> and hey afterall I used it for 6 months myself and through that time
> supported others in doing it just like you are. Yes I agree and it's
> true that the way IE6 is stock with this problem is unacceptable.

TOTALLY UNACCEPTABLE!!!. If I had to live with THAT, I'd almost consider
switching back to IE 5.5 SP2, but I can't do that easily anyways, besides
which, at least now I have a little more protection, without "relying" on
those "sometimes problematic" "windows updates"

> I vote to get it fixed properly though so that those two dll's are
inclusive
> of all Numerous Updates that are Missing if swapped, no to mention any
code
> disconnects causing the other anomalies you will experience eventually.
Yeah
> Yeah I know I know, you don't care about updates anymore... Well, I do
:)
> If something is worth doing then it's worth doing right.

Yeah, but do you really think it's gonna happen in our lifetime? Come on
now, let's not be naive. (Of course I never thought I'd live to see the
Berlin Wall come down either)

> peace,
> ..and my post is not a putdown at you - it's just 'call it like it is' bar
> talk over a few beers, and so take it in that context.
>
> Rick

Good enough, Rick! :-)
[vbcol=seagreen]
holding[vbcol=seagreen]

Bill in Co.

03-27-05, 10:11 AM

something

Yea, but OTOH, I *do* know what got broken by this one this thread is all
about!! Or rather, I'm hearing about it in here - now. :-)

So, "you takes your choices...." :-)

Gary S. Terhune wrote:[vbcol=seagreen]
> And there's *still* no knowing what got broken by employing this "fix".
>
> --
> Gary S. Terhune
> MS MVP Shell/User
> http://www.grystmill.com/articles/cleanboot.htm
> http://www.grystmill.com/articles/security.htm
>
> "glee" <glee29@spamindspring.com> wrote in message
> news:uv5xPgcMFHA.1156@TK2MSFTNGP09.phx.gbl...
resolved[vbcol=seagreen]
work[vbcol=seagreen]
not[vbcol=seagreen]
practical[vbcol=seagreen]
purposes",[vbcol=seagreen]
to[vbcol=seagreen]
official[vbcol=seagreen]
> by
that[vbcol=seagreen]
this[vbcol=seagreen]
parallel[vbcol=seagreen]
and[vbcol=seagreen]

cquirke (MVP Windows shell/user)

03-27-05, 10:11 AM

something

On Fri, 25 Mar 2005 16:39:23 -0500, "PCR" <pcrrcp@netzero.net> wrote:

>OK. But I'm thinking a WEB site can get one infected or otherwise be
>malicious in a many ways.

Yep - increase in broadband and servers has changed things a bit.

First it was viruses spreading via disks, then via email.

Once you infect and spread between servers, things change in that
because servers don't get rebooted often and are always online,
there's less need to persist across reboots. So pure worms can run
purely as an in-memory process without ever existing as files; sure,
they die when the server's rebooted, but it's easy to re-infect the
server from some other infected server that's "watching" it.

OTOH, malware's generally gone pro, and there are so many
opportunities to make money in so many ways that are not legally
challenged, that it's easier to run your own site and exploit
visitors. In fact, web browsers and script-exteded HTML are designed
for exactly this purpose. As long as you stick to first-generation
spread (i.e. from site to victim, or via spam to victim) you're just
an aggressive business enterprise, not a virus bad guy.

In that sense; yes, both HTML via web pages and via spam are likely to
pose risks to your system.

>---------- ----- ---- --- -- - - - -
Gone to bloggery: http://cquirke.blogspot.com
>---------- ----- ---- --- -- - - - -

cquirke (MVP Windows shell/user)

03-27-05, 10:11 AM

something

On Fri, 25 Mar 2005 12:33:35 -0700, "Bill in Co."
>cquirke (MVP Windows shell/user) wrote:
[vbcol=seagreen]
[vbcol=seagreen]
[vbcol=seagreen]
>browseui.dll
>browselc.dll

>If you swap these two with the older IE 5.5 versions, that problem goes
>away. But be sure to put the newer IE6 ones in \program files\intenet
>explorer

OK. Jeez, that problem took a long time to get sorted out... and no
thanks to MS, by the look of it.

>Here is the reference article:
>http://www.frankprovo.com/win98ie6filesproblem.htm

When you say "IE5.5", do you mean IE 5.5 SP0, SP1 or SP2?

>---------- ----- ---- --- -- - - - -
Gone to bloggery: http://cquirke.blogspot.com
>---------- ----- ---- --- -- - - - -

cquirke (MVP Windows shell/user)

03-27-05, 10:11 AM

something

On Fri, 25 Mar 2005 15:34:13 -0500, "Rick Chauvin"
>cquirke (MVP Windows shell/user) wrote:

[vbcol=seagreen]
>cquirke, if you can find a way to solve this problem without having to swap
>to the old 5.5 dlls and what that means, you will be W9x's official grand
>hero! :) <vbg>

I would sooo like to fix this problem. It drives me mad, on my own
system - it's pathetic when you have to spwn a C:> (command prompt)
just to delete or rename files and create new dirs, because Windows is
too incompitent to do it properly. I haven't seen that degree of core
file management uselessness since Win3.yuk's UnDelete screw-up.

>The problem is real and is a royal p.i.t.a ..I get around it by holding the
>Shift key when I want to delete anything out of the ordinary - and that seems
>to keep me out of the problem

I routinely do that (it has the effect of bypassing Recycle Bin
directly to trash) and it doesn't fix the problem for me. What fixes
the problem (for a while) is Ctl+Alt+Del and killing Explorer, so that
the shell restarts. I've seen resource heaps go down with this
problem, but I've also seen the problem when the heaps were OK.

At one time I thought it had to do with damaged \Recyced folders, i.e.
those that lack the "special" Desktop.ini and thus look like regular
yellow folders in the drive's root dir. I played with that, and for a
while it looked like I could initiate the problem that way, but the
results were inconclusive and I abandoned testing.

>I've seen the work you did with the TS-BATS setup you made for parallel
>installs and what that represented in know-how for you to do that, and other
>things, and so I'm complementing you forward to see if you can resolves this
>issue for us too.

I'm flattered, but I doubt if I'll lick this - I'll certainly give it
a go, though. If time permitted, I might get medieval with FC and
pasting between .DLLs to find the rotten function call :-)

>---------- ----- ---- --- -- - - - -
Gone to bloggery: http://cquirke.blogspot.com
>---------- ----- ---- --- -- - - - -

PCR

03-27-05, 10:11 AM

something

PCR

03-27-05, 10:11 AM

something

OK. Protection against HTML is important, & against Script, too. Too bad
such wonderful tools must be emasculated, though. That might go a long
way toward protection against non-malicious WEB sites, that just somehow
picked up an infection. But a truly malicious site likely can destroy a
computer in any number of other ways, I'm still thinking.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"cquirke (MVP Windows shell/user)" <cquirkenews@nospam.mvps.org> wrote
in message news:hq8b41985dvdbfbta57mpc18v5n4uigfrr@4ax.com...
| On Fri, 25 Mar 2005 16:39:23 -0500, "PCR" <pcrrcp@netzero.net> wrote:
|
| >OK. But I'm thinking a WEB site can get one infected or otherwise be
| >malicious in a many ways.
|
| Yep - increase in broadband and servers has changed things a bit.
|
| First it was viruses spreading via disks, then via email.
|
| Once you infect and spread between servers, things change in that
| because servers don't get rebooted often and are always online,
| there's less need to persist across reboots. So pure worms can run
| purely as an in-memory process without ever existing as files; sure,
| they die when the server's rebooted, but it's easy to re-infect the
| server from some other infected server that's "watching" it.
|
| OTOH, malware's generally gone pro, and there are so many
| opportunities to make money in so many ways that are not legally
| challenged, that it's easier to run your own site and exploit
| visitors. In fact, web browsers and script-exteded HTML are designed
| for exactly this purpose. As long as you stick to first-generation
| spread (i.e. from site to victim, or via spam to victim) you're just
| an aggressive business enterprise, not a virus bad guy.
|
| In that sense; yes, both HTML via web pages and via spam are likely to
| pose risks to your system.
|
|
|
| >---------- ----- ---- --- -- - - - -
| Gone to bloggery: http://cquirke.blogspot.com
| >---------- ----- ---- --- -- - - - -

Bill in Co.

03-27-05, 10:11 AM

something

cquirke (MVP Windows shell/user) wrote:
> On Fri, 25 Mar 2005 12:33:35 -0700, "Bill in Co."
>
large[vbcol=seagreen]
that's[vbcol=seagreen]
>
>
>
>
> OK. Jeez, that problem took a long time to get sorted out... and no
> thanks to MS, by the look of it.

Nope. And I wouldn't hold my breath either (on MS fixing it).

>
> When you say "IE5.5", do you mean IE 5.5 SP0, SP1 or SP2?

I believe you can use any of them. (I happened to have had IE 5.5 SP2
installed at the time, before I "upgraded" to IE 6 SP1).

The point being: the problem developed with the newer versions (IE 6) of
browseui.dll and browselc.dll (although I think the main problem is due to
browseui.dll)
[vbcol=seagreen]
>
> Gone to bloggery: http://cquirke.blogspot.com

Bill in Co.

03-27-05, 10:11 AM

something

cquirke (MVP Windows shell/user) wrote:
> On Fri, 25 Mar 2005 15:34:13 -0500, "Rick Chauvin"
>
>
swap[vbcol=seagreen]
>
> I would sooo like to fix this problem.

It is "fixed" - just swap the damn files! Well, at least it's fixed over
here! And I'm in heaven for it now!! There is NO WAY I'll put those
files back, unless something major comes up - and it hasn't!

You have two choices now:
1) live with the problem, and suffer needlessly, or
2) join me in full contentment. :-)

(your call)
[vbcol=seagreen]
> It drives me mad, on my own
> system - it's pathetic when you have to spwn a C:> (command prompt)
> just to delete or rename files and create new dirs, because Windows is
> too incompetent to do it properly. I haven't seen that degree of core
> file management uselessness since Win3.yuk's UnDelete screw-up.
>
the[vbcol=seagreen]
seems[vbcol=seagreen]
>
> I routinely do that (it has the effect of bypassing Recycle Bin
> directly to trash) and it doesn't fix the problem for me. What fixes
> the problem (for a while) is Ctl+Alt+Del and killing Explorer, so that
> the shell restarts. I've seen resource heaps go down with this
> problem, but I've also seen the problem when the heaps were OK.
>
> At one time I thought it had to do with damaged \Recyced folders, i.e.
> those that lack the "special" Desktop.ini and thus look like regular
> yellow folders in the drive's root dir. I played with that, and for a
> while it looked like I could initiate the problem that way, but the
> results were inconclusive and I abandoned testing.
>
other[vbcol=seagreen]
this[vbcol=seagreen]
>
> I'm flattered, but I doubt if I'll lick this - I'll certainly give it
> a go, though. If time permitted, I might get medieval with FC and
> pasting between .DLLs to find the rotten function call :-)
>
>
>
> Gone to bloggery: http://cquirke.blogspot.com

PCR

03-27-05, 10:11 AM

something

COLORADO, RUN! There is an MSFT on the prowl, going by the name of
Bryant!

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Bill in Co." <someone@earthlink.net> wrote in message
news:ePfw3fkMFHA.2704@TK2MSFTNGP10.phx.gbl...
| cquirke (MVP Windows shell/user) wrote:
| > On Fri, 25 Mar 2005 15:34:13 -0500, "Rick Chauvin"
| >> cquirke (MVP Windows shell/user) wrote:
| >
| >>> More on that, please? Which two .DLL files?
| >
| >> cquirke, if you can find a way to solve this problem without having
to
| swap
| >> to the old 5.5 dlls and what that means, you will be W9x's official
grand
| >> hero! :) <vbg>
| >
| > I would sooo like to fix this problem.
|
| It is "fixed" - just swap the damn files! Well, at least it's
fixed over
| here! And I'm in heaven for it now!! There is NO WAY I'll put
those
| files back, unless something major comes up - and it hasn't!
|
| You have two choices now:
| 1) live with the problem, and suffer needlessly, or
| 2) join me in full contentment. :-)
|
| (your call)
|
| > It drives me mad, on my own
| > system - it's pathetic when you have to spwn a C:> (command prompt)
| > just to delete or rename files and create new dirs, because Windows
is
| > too incompetent to do it properly. I haven't seen that degree of
core
| > file management uselessness since Win3.yuk's UnDelete screw-up.
| >
| >> The problem is real and is a royal p.i.t.a ..I get around it by
holding
| the
| >> Shift key when I want to delete anything out of the ordinary - and
that
| seems
| >> to keep me out of the problem
| >
| > I routinely do that (it has the effect of bypassing Recycle Bin
| > directly to trash) and it doesn't fix the problem for me. What
fixes
| > the problem (for a while) is Ctl+Alt+Del and killing Explorer, so
that
| > the shell restarts. I've seen resource heaps go down with this
| > problem, but I've also seen the problem when the heaps were OK.
| >
| > At one time I thought it had to do with damaged \Recyced folders,
i.e.
| > those that lack the "special" Desktop.ini and thus look like regular
| > yellow folders in the drive's root dir. I played with that, and for
a
| > while it looked like I could initiate the problem that way, but the
| > results were inconclusive and I abandoned testing.
| >
| >> I've seen the work you did with the TS-BATS setup you made for
parallel
| >> installs and what that represented in know-how for you to do that,
and
| other
| >> things, and so I'm complementing you forward to see if you can
resolves
| this
| >> issue for us too.
| >
| > I'm flattered, but I doubt if I'll lick this - I'll certainly give
it
| > a go, though. If time permitted, I might get medieval with FC and
| > pasting between .DLLs to find the rotten function call :-)
| >
| >
| >
| >> ---------- ----- ---- --- -- - - - -
| > Gone to bloggery: http://cquirke.blogspot.com
| >> ---------- ----- ---- --- -- - - - -
|
|

Bill in Co.

03-27-05, 10:11 AM

something

Anita Bryant?

PCR wrote:[vbcol=seagreen]
> COLORADO, RUN! There is an MSFT on the prowl, going by the name of
> Bryant!
>
>
> --
> Thanks or Good Luck,
> There may be humor in this post, and,
> Naturally, you will not sue,
> should things get worse after this,
> PCR
> pcrrcp@netzero.net
> "Bill in Co." <someone@earthlink.net> wrote in message
> news:ePfw3fkMFHA.2704@TK2MSFTNGP10.phx.gbl...
swap[vbcol=seagreen]
grand[vbcol=seagreen]
over[vbcol=seagreen]
those[vbcol=seagreen]
holding[vbcol=seagreen]

Rick Chauvin

03-27-05, 10:11 AM

something

Bill in Co. wrote:
> Rick Chauvin wrote:

[...snips for brevity..]
[vbcol=seagreen]
> Not a big guy, but a stubborn ornery one, one not easily swayed by "the
> crowd".

Me neither, but a genuine right balance is the key.

> Remember Emerson? "whoso would be a man, must be a non-conformist", and
> that comes naturally for me. :-)

<smile>

> Yeah, but do you really think it's gonna happen in our lifetime? Come on
> now, let's not be naive.

Yes, and I'm far from being naive or a dreamer <g>

> (Of course I never thought I'd live to see the Berlin Wall come down
> either)

exactly

> Good enough, Rick! :-)

Take good care

Rick

Rick Chauvin

03-27-05, 10:11 AM

something

cquirke (MVP Windows shell/user) wrote:

> On Fri, 25 Mar 2005 15:34:13 -0500, "Rick Chauvin"
[vbcol=seagreen]
[vbcol=seagreen]
> I would sooo like to fix this problem. It drives me mad, on my own
> system - it's pathetic when you have to spwn a C:> (command prompt)
> just to delete or rename files and create new dirs, because Windows is
> too incompitent to do it properly. I haven't seen that degree of core
> file management uselessness since Win3.yuk's UnDelete screw-up.

[vbcol=seagreen]
> I routinely do that (it has the effect of bypassing Recycle Bin
> directly to trash) and it doesn't fix the problem for me. What fixes
> the problem (for a while) is Ctl+Alt+Del and killing Explorer, so that
> the shell restarts. I've seen resource heaps go down with this
> problem, but I've also seen the problem when the heaps were OK.

> At one time I thought it had to do with damaged \Recyced folders, i.e.
> those that lack the "special" Desktop.ini and thus look like regular
> yellow folders in the drive's root dir. I played with that, and for a
> while it looked like I could initiate the problem that way, but the
> results were inconclusive and I abandoned testing.

[vbcol=seagreen]
> I'm flattered, but I doubt if I'll lick this - I'll certainly give it
> a go, though. If time permitted, I might get medieval with FC and
> pasting between .DLLs to find the rotten function call :-)

Okay, thank you Chris.
Also with your connections at MS maybe you can forward the problem to the
appropriate people who have the power to fix it, or least help you fix it.
If the original coder sees the problem, I'm sure he will right away know
exactly what to do, click click type type here and there adding a few lines
of code in the right spot to neutralize the problem; and we'll be free at
last, free at last.

Thank you,
Rick
( I'll re-read your post better Monday Chris for some above details I wanted
to read again, but I'm off to Conn now for the weekend to visit my mom in the
nursing home, bless her! )
[vbcol=seagreen]
>
>
>
> Gone to bloggery: http://cquirke.blogspot.com

cquirke (MVP Windows shell/user)

03-27-05, 10:11 AM

something

On Sat, 26 Mar 2005 10:37:27 -0700, "Bill in Co."

>Speaking of "there's still no way of knowing"..., the same logic applies to
>taking in some of those updates!

Aye, and that's the problem - with fixes like this, as well as lack of
acknoledgement and fixing of the "fix", patches become just another
risky type of software that are best avoided in the interests of
stability. Patches fix real issues, and you may have only days before
these issues blow up (Lovesan vs. RPC, 30 days; Sasser vs. LSASS, 14
days; some recent events have negative lead times).

The problem is, you can't tell in advance which patches will turn out
to be as uber-crucial as RPC and LSASS (both affecting NT, not Win9x,
it's worth noting) and which will be a snore (remember ASN.1?).

With so many defects and patches - if MS didn't limit these to
once-a-month release, it's almost as real-time as av updates - it
becomes difficult to keep your eye on the details. It beciomes:

"My PC keeps getting malware'd, and I don't click anything!"
' Are you up to date with your patches? '

So we're between a rock (need to patch) and a hard place (dubious
quality control and follow-up of patches). Dumping the whole platform
and moving to (say) Linux isn't a solution, because any
similarly-complex platform that attracts significant market share
*will* have the same problem with one-in-a-thousand defects coming up
regularly, given there are so many million lines of code.

For example, notice how Firefox subversions have been a revolving door
lately, remeniscent of AdAware SE 1.00 through 1.05? The plan was for
Firefox 1.1 to come out this month, but we've had 1.0.01 and now 1.0.2
instead. Firefox is getting popular (I love it!) and that means it's
beginning to attract malware attention. Patches inevitably follow.

>Gary S. Terhune wrote:

My specific worry is the MIME-spoofing defects that are prevelant in
SP 5.5 SP0 and SP1. That's why I want to know whether using the SP2
versions of those .DLL will fix the problem (my hunch is, they may
not). That defect is IMO too dangerous to leave in the water, given
how pervasive HTML and the IE HTML renderer are, and how malware have
routinely exploited that hole since BadTrans.B in 2001.

The fix says; keep the fixed .DLL local in IE's dir, and have the old
ones visible system-wide (to keep Windows Explorer happy) in
%WinDir%\System. Which .DLL gets used if IE's renderer gets called
upon to read HTML content in an arbitrary location - say, a .TXT that
is internally HTML, or a .CHM in some free app's base dir, or HTML
passed through %Temp% by an email app, or a toxic "ReadMe" that you
clicked on to view from the middle of a .Zip in WinZip?

There may be more than one devil in the details.

[vbcol=seagreen]
>---------- ----- ---- --- -- - - - -
Gone to bloggery: http://cquirke.blogspot.com
>---------- ----- ---- --- -- - - - -

cquirke (MVP Windows shell/user)

03-27-05, 10:11 AM

something

On Sat, 26 Mar 2005 10:44:05 -0700, "Bill in Co."
>Rick Chauvin wrote:

Today's fun link:

http://c2.com/cgi/wiki?WhiteBicycleTechnology

That's how MS approached "HTML everywhere!", and we still feel the
echoes of that pain today.
[vbcol=seagreen]
>Remember Emerson? "whoso would be a man, must be a non-conformist", and
>that comes naturally for me. :-)

Oh great, thanks for reminding me I'm a nut-swinger. Mind you, I'm
happy if this puts me in the same company as so many virtual
nut-swingers, from Susan B Anthony, the Pankhursts etc. to the more
recent Atwoods, Piercys and Moorheads of the world.

[vbcol=seagreen]
>TOTALLY UNACCEPTABLE!!!.

Agreed - and thesre's no face-saving PR solution for MS on this one.
"We decided to let Win9x bleed because we're promoting a move to XP"
may well be the truth, but that's just another scandal - the leverage
of product defects to compel sales. I don't think MS would like legal
and regulatory eyes to dwell too long on that.

If I had resources to fix this (as one presumes MS has) I'd do this:
- get documentation on what's changed in those two .DLL
- any crucial exploits that depend on those files to fix?
- determine most recent .DLL that work via the fix (IE 5.5 SP2?)
- FC these against the IE 6 ones that don't work
- see if what FC finds can be mapped to particular functions
- if offset dependencies allow:
- paste across functions from IE 6 to old until old breaks
- paste across functions from old to IE 6 until IE 6 works
- zoom in and disassemble the problemetic function
- see if a logic error etc. can be found
- fix the function and issue fixed .DLLs as on-request hotfix
- after testing, issue as downloadable hotfix, then WinUpate

MS wouldn't have to hack around with FC, given they'd have the source
code. It would also be easier from them to read up on what changes
were made to these .DLL, and whether any exploits need these changes
to remain blocked. It would be a sad commentary on MS, if within a
few months of reading this post, somene ITW came up with a fix, even
though they lacked MS's advantage of source code and documentation.

Well, there's the gauntlet. Anyone care to pick it up? :-)

[vbcol=seagreen]
>---------- ----- ---- --- -- - - - -
Gone to bloggery: http://cquirke.blogspot.com
>---------- ----- ---- --- -- - - - -

cquirke (MVP Windows shell/user)

03-27-05, 10:11 AM

something

On Fri, 25 Mar 2005 09:39:09 -0800, "Gary S. Terhune"

>Again, according to at least one person who's tried this latest number,
>the right hand still doesn't know what the left hand is doing at MS. An
>honest to God SNAFU. Unless you are stout of heart, I now recommend
>holding off on those calls until I get *real* assurances.

Time to apply the Slim Shady Algorithm ...

http://mrpalmguru.com/uncyclopedia/index.php?title=Slim_Shady_Algorithm

.... will the real MS support policy please stand up? <g>

>---------- ----- ---- --- -- - - - -
Gone to bloggery: http://cquirke.blogspot.com
>---------- ----- ---- --- -- - - - -

Bill in Co.

03-27-05, 10:11 AM

something

cquirke (MVP Windows shell/user) wrote:
> On Sat, 26 Mar 2005 10:44:05 -0700, "Bill in Co."
>
> Today's fun link:
>
> http://c2.com/cgi/wiki?WhiteBicycleTechnology
>
> That's how MS approached "HTML everywhere!", and we still feel the
> echoes of that pain today.
>
>
> Oh great, thanks for reminding me I'm a nut-swinger. Mind you, I'm
> happy if this puts me in the same company as so many virtual
> nut-swingers, from Susan B Anthony, the Pankhursts etc. to the more
> recent Atwoods, Piercys and Moorheads of the world.
>
>
>
> Agreed - and thesre's no face-saving PR solution for MS on this one.
> "We decided to let Win9x bleed because we're promoting a move to XP"
> may well be the truth, but that's just another scandal - the leverage
> of product defects to compel sales. I don't think MS would like legal
> and regulatory eyes to dwell too long on that.
>
>
> If I had resources to fix this (as one presumes MS has) I'd do this:
> - get documentation on what's changed in those two .DLL
> - any crucial exploits that depend on those files to fix?
> - determine most recent .DLL that work via the fix (IE 5.5 SP2?)

IE 5.5 SP2 does work (that's what I've been using). However, whether or
not "browseui" and "browselc" changed between IE 5.5, IE 5.5 SP1, and IE 5.5
SP2, I don't know for sure, but if I were a betting man, I would guess at
least one of them did.

Well let's see, I notice the file dates on those two files are 12/03 and
7/01, respectively (in my particular case), so presumably the "browseui" one
was upgraded a tad with SP2.

> - FC these against the IE 6 ones that don't work
> - see if what FC finds can be mapped to particular functions
> - if offset dependencies allow:
> - paste across functions from IE 6 to old until old breaks
> - paste across functions from old to IE 6 until IE 6 works
> - zoom in and disassemble the problemetic function
> - see if a logic error etc. can be found
> - fix the function and issue fixed .DLLs as on-request hotfix
> - after testing, issue as downloadable hotfix, then WinUpate
>
> MS wouldn't have to hack around with FC, given they'd have the source
> code. It would also be easier from them to read up on what changes
> were made to these .DLL, and whether any exploits need these changes
> to remain blocked. It would be a sad commentary on MS, if within a
> few months of reading this post, somene ITW came up with a fix, even
> though they lacked MS's advantage of source code and documentation.
>
> Well, there's the gauntlet. Anyone care to pick it up? :-)

Oh yeah. I can see all of them running right over and picking up that
gauntlet! (LOL).

PCR

03-27-05, 07:16 PM

something

No! I'll do my best to protect you, though, soon as I return from
Saskatchewan!

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Bill in Co." <someone@earthlink.net> wrote in message
news:etc7S3kMFHA.3512@TK2MSFTNGP15.phx.gbl...
| Anita Bryant?
|
| PCR wrote:
| > COLORADO, RUN! There is an MSFT on the prowl, going by the name of
| > Bryant!
| >
| >
| > --
| > Thanks or Good Luck,
| > There may be humor in this post, and,
| > Naturally, you will not sue,
| > should things get worse after this,
| > PCR
| > pcrrcp@netzero.net
| > "Bill in Co." <someone@earthlink.net> wrote in message
| > news:ePfw3fkMFHA.2704@TK2MSFTNGP10.phx.gbl...
....snip

Ivan Bútora

03-27-05, 10:09 PM

something

> IE 5.5 SP2 does work (that's what I've been using). However, whether or
> not "browseui" and "browselc" changed between IE 5.5, IE 5.5 SP1, and IE 5.5
> SP2, I don't know for sure, but if I were a betting man, I would guess at
> least one of them did.
>
> Well let's see, I notice the file dates on those two files are 12/03 and
> 7/01, respectively (in my particular case), so presumably the "browseui" one
> was upgraded a tad with SP2.

I think the browselc.dll file has stayed the same for all versions of IE 5.5.
The browseui.dll file has been modified by recent security updates, the latest one being MS05-014. The version of browseui.dll from that patch is 5.50.4948.700.

Rick Chauvin

03-27-05, 10:09 PM

something

cquirke (MVP Windows shell/user) wrote:

[....]
[vbcol=seagreen]
[vbcol=seagreen]
> If I had resources to fix this (as one presumes MS has) I'd do this:
> - get documentation on what's changed in those two .DLL
> - any crucial exploits that depend on those files to fix?
> - determine most recent .DLL that work via the fix (IE 5.5 SP2?)

...any version of those dll's from 5.5 worked just fine, it was the first
release of IE6 and absolutely irregardless of what others think, even SP1
still has the same exact problem. About the dll's though and mostlikely it
is them, but just because swapping the dll's do appear on the surface to
eliminate the problem does not mean 100% it is the dll's that's the issue in
the first place - it could be other things closely related. In circuit
troubleshooting and no doubt it's the same with software, I've seen time and
time again where you think it may be one component causing a problem where in
the end it may end up have been another down the line causing the
malfunction. Always had to keep an open mind.

> - FC these against the IE 6 ones that don't work
> - see if what FC finds can be mapped to particular functions
> - if offset dependencies allow:
> - paste across functions from IE 6 to old until old breaks
> - paste across functions from old to IE 6 until IE 6 works
> - zoom in and disassemble the problemetic function
> - see if a logic error etc. can be found
> - fix the function and issue fixed .DLLs as on-request hotfix
> - after testing, issue as downloadable hotfix, then WinUpate

Okay, sounds good to me :) Who's the programmer at MS that has the know how
and access to do this?

Chris, would you do me a favor, there is the other thread in this group that
has two conversations going on within it, if you want to please read it and
reply to your other fellow MVP's as to any pertinent facts that you can help
let them know there is a problem, because as it stands surprisingly to me
they do not think there is a problem at all and that it was already fixed -
which I am baffled at why they think that.
Please look for this header:

From: "Jerry Bryant [MSFT]"
Newsgroups: microsoft.public.win98.gen_discussion............. ...
Sent: Saturday, March 26, 2005 2:06 AM
Subject: MS05-002 on 9x and ME

Thank you,
Rick

[vbcol=seagreen]
> MS wouldn't have to hack around with FC, given they'd have the source
> code. It would also be easier from them to read up on what changes
> were made to these .DLL, and whether any exploits need these changes
> to remain blocked. It would be a sad commentary on MS, if within a
> few months of reading this post, somene ITW came up with a fix, even
> though they lacked MS's advantage of source code and documentation.
>
> Well, there's the gauntlet. Anyone care to pick it up? :-)
>
>
>
> Gone to bloggery: http://cquirke.blogspot.com

03-28-05, 07:21 PM

something

I too have been told that there is a problem with this update as I have
posted earlier. So why is this update still listed as a critical
update at the Windows update site? Some people have their machines
automatically updated. If this update is giving so many people
problems, MS should have maybe pulled it or at least given precautions.

cquirke (MVP Windows shell/user)

03-28-05, 07:21 PM

something

On Sun, 27 Mar 2005 21:16:04 -0500, "Rick Chauvin"
>cquirke (MVP Windows shell/user) wrote:

(about Explorer.exe bogging down after bulk file operations)
[vbcol=seagreen]
[vbcol=seagreen]
>..any version of those dll's from 5.5 worked just fine, it was the first
>release of IE6 and absolutely irregardless of what others think, even SP1
>still has the same exact problem.

I can confirm IE 6 SP1 has the same problem - that's what I have!

>About the dll's though and most likely it is them, but just because
>swapping the dll's do appear on the surface to eliminate the problem
>does not mean 100% it is the dll's that's the issue in the first place - it
>could be other things closely related.

Sure; it may be a point of fix, though.

BrowseUI.dll is quite large, nearly 1M, so it's likely there's a lot
of action there. BrowseLC.dll is a little 62k wisp of a thing, so
it's interesting that it is cited as a co-defendent - especially as
similar-wildcard-matching BrowseWM.dll was not.

[vbcol=seagreen]
>Okay, sounds good to me :)

I've started looking for IE 5.5 SP0, SP1 and SP2 versions of those
files, which I'll keep as templates .5S0, .5S1 and .5S2 along with my
regular .6S1 copy. I'll write a .BAT that will copy these into place
over the active ones after testing it's in DOS mode (they are
otherwise "in use"). Then I'll play, renaming each pair, and then
individual ones, into place for long enough to test-to-fix (about a
week per pass before I'd say it's OK).

>Chris, would you do me a favor, there is the other thread in this group that
>has two conversations going on within it, if you want to please read it and
>reply to your other fellow MVP's as to any pertinent facts that you can help
>let them know there is a problem, because as it stands surprisingly to me
>they do not think there is a problem at all and that it was already fixed -
>which I am baffled at why they think that.

>Please look for this header:

>From: "Jerry Bryant [MSFT]"
>Newsgroups: microsoft.public.win98.gen_discussion............. ...
>Sent: Saturday, March 26, 2005 2:06 AM
>Subject: MS05-002 on 9x and ME

I'm not on least-significant-byte terms with .kb articles or patch
numbers, but AFAIK what's happening is that this discussion we are in
now, is in fact in the middle of a thread on an unrelated and far more
recent patch (the one that runs as a resident process).

Both are problems, but different ones. Certainly the one that Jerry
is chasing up for MS is the new one, and it's good that this is being
pursued. What we are talking about - unless I'm badly confused - is a
far older issue that was raised as e.g. of previous patch gone wrong

>---------- ----- ---- --- -- - - - -
Gone to bloggery: http://cquirke.blogspot.com
>---------- ----- ---- --- -- - - - -

Rick Chauvin

03-28-05, 07:21 PM

something

cquirke (MVP Windows shell/user) wrote:
> On Sun, 27 Mar 2005 21:16:04 -0500, "Rick Chauvin"
>
> (about Explorer.exe bogging down after bulk file operations)
>
>
>
> I can confirm IE 6 SP1 has the same problem - that's what I have!

Yes I know, but this thread we have flagged is now lost in eternity of posts
and is also as the other one under a different heading.

>
> Sure; it may be a point of fix, though.
>
> BrowseUI.dll is quite large, nearly 1M, so it's likely there's a lot
> of action there. BrowseLC.dll is a little 62k wisp of a thing, so
> it's interesting that it is cited as a co-defendent - especially as
> similar-wildcard-matching BrowseWM.dll was not.
>
>
>
> I've started looking for IE 5.5 SP0, SP1 and SP2 versions of those
> files, which I'll keep as templates .5S0, .5S1 and .5S2 along with my
> regular .6S1 copy. I'll write a .BAT that will copy these into place
> over the active ones after testing it's in DOS mode (they are
> otherwise "in use"). Then I'll play, renaming each pair, and then
> individual ones, into place for long enough to test-to-fix (about a
> week per pass before I'd say it's OK).

Okay that's great, thanks much.
In the end others will thank you too.

>
>
[vbcol=seagreen]
> I'm not on least-significant-byte terms with .kb articles or patch
> numbers, but AFAIK what's happening is that this discussion we are in
> now, is in fact in the middle of a thread on an unrelated and far more
> recent patch (the one that runs as a resident process).

Yes I realize that, but so is this one!

I suppose a new thread can be started, but I don't choose to be that leader
and it's not my own personal cross to bear although I do care and want to
make it right and I'm only trying to help others out to actually get the
problem fixed for a change. I sincerely think now though that those in
position didn't realize they had a problem with this, but I feel it warrants
just as much attention as that KB891711 post Jerry made and is why I tagged
onto it; although I wish some of the others that have jumped into that
thread would just kept it to a more professionally dialogue of helping
instead of some of the unhelpful sputterings that detracts from the positive
goal I'd like to see come about.

> Both are problems, but different ones. Certainly the one that Jerry
> is chasing up for MS is the new one, and it's good that this is being
> pursued. What we are talking about - unless I'm badly confused - is a
> far older issue that was raised as e.g. of previous patch gone wrong

Yes I agree, just like this thread is though.
Jerry's made his post, and I took the opportunity at that moment to bring up
the other subject just to get his attention, perhaps it should of been in a
different thread and I'm sorry about that now, but I can't change that. You
can start a new thread if you want - You have more hands on qualifications
than I do to effect change and to properly technically discuss the situation.
I will always help where I can.

I have to amend something in that other thread now though.

Thank you,
Rick

[vbcol=seagreen]
>
>
> Gone to bloggery: http://cquirke.blogspot.com

Leonard F Kiesling

04-08-05, 10:11 PM

something

have problem since update of kb891711. win 98se, ie 6.0, high speed cable
modem, dell desktop xpst-450, norton av 2002. i have found the sequence of
events i performed to cause blue screen 06 error:
open windows media player 7.1; play songs from media guide; close media
player. open ie; error screen occurs. or open ie; open media player; close
ie; re-open ie; error occurs.

if i do NOT open media player, all seems ok. open & close ie as needed; no
errors. shut down normal.

when error screen comes on, i press any key once to return to windows, & it
does. then i alt-ctl-del & end task kb981711. i can go on ie with no
problem. re-start is best fix. i just don't use the media player.

does this info help?

i hope microsoft sends auto update to fix. any ideas when?

thank you, len kiesling

"Gary S. Terhune" <grystnews@mvps.org> wrote in message
news:ORZGYJMMFHA.2384@tk2msftngp13.phx.gbl...
> Just read the Win98.Gen_Discussion group, or the WindowsME.General
> group, and you'll see several examples of KB891711 causing BSODs.
> Believe me, there *is* a problem, and MS *is* working on a solution. The
> biggest problem we have, now, is most people who are having trouble with
> KB891711 don't seem to be willing to perform some rather simple tests
> and return the results.
>
> --
> Gary S. Terhune
> MS MVP Shell/User
> http://www.grystmill.com/articles/cleanboot.htm
> http://www.grystmill.com/articles/security.htm
>
> "SFB - KB3MM" <Mickey@MouseHouse.com> wrote in message
> news:e57ATN5JFHA.2784@TK2MSFTNGP09.phx.gbl...
> work.....
> yet.
> one
> havoc
> For
> with all
> want to
> these
> on
> KB891711, the
> patch
> Keep in
> "important" for
> pointed
> so
> probably *is*
> secure
> not
> decided I
> nothing
> thing is
> Internet.
> but what
> this
> apparently
> that
> this
> way to
> and have
> will be
> running
> fix but
> while
> need
> with the
> Ethernet
> you do
> asking for
> although
> could
> with
> to try
> the
> can
> past
> almost
> the
> any
> (instead of
> is
> simply
> safe
>

PA Bear

04-08-05, 10:11 PM

something

Excessive cross-posting removed.

It won't be fixed without your help!

See this recent post from MS:
http://groups-beta.google.com/group/microsoft.public.security/msg/399ff690be41f455

1. Uninstall 891711.

2. Call 1-866-PCSAFETY and indicate that you are having issues with a
security update.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security

Mastering Newsgroups in Outlook Express
http://www.microsoft.com/windows/ie/community/columns/newsgroups.mspx

Leonard F Kiesling wrote:
> have problem since update of kb891711. win 98se, ie 6.0, high speed cable
> modem, dell desktop xpst-450, norton av 2002. i have found the sequence of
> events i performed to cause blue screen 06 error:
> open windows media player 7.1; play songs from media guide; close media
> player. open ie; error screen occurs. or open ie; open media player; close
> ie; re-open ie; error occurs.
>
> if i do NOT open media player, all seems ok. open & close ie as needed; no
> errors. shut down normal.
>
> when error screen comes on, i press any key once to return to windows, &
> it does. then i alt-ctl-del & end task kb981711. i can go on ie with no
> problem. re-start is best fix. i just don't use the media player.
>
> does this info help?
>
> i hope microsoft sends auto update to fix. any ideas when?