Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Maintaining Windows 2000 for the Long Term?

Cliff posted more than 7 years ago | from the an-EOL'd-OS-on-life-support dept.

Windows 110

MarkWatson asks: "I keep two Windows machines: a Windows 2000 laptop (bought with XP, but installed an old Windows 2000 license and Linux) and a desktop with XP (dual boot to Linux). I would like to avoid ever buying a PC with Vista, a situation that looks good because I believe both my Windows systems are reliable, fast, and will service my Windows needs for the long term. My problem is this: I like Windows 2000 better for a few reasons, but mainly because the license is transferable. I would like to still be using Windows 2000 5 years from now in a secure and reliable way (again, just for when I need Windows). Since I am far from a Windows expert, I would like to know your strategy for archiving Microsoft's latest Windows 2000 updates, and generally dealing with security issues. My strategy is to set my firewall up to run in stealth mode and not use Windows for general web browsing. Any suggestions will be appreciated!" How would you keep an old Windows OS (like Win98, and WinXP in another year or two) running long after official support for it has ended?

cancel ×

110 comments

Sorry! There are no comments related to the filter you selected.

Seems to work for some people... (4, Funny)

goofyheadedpunk (807517) | more than 7 years ago | (#17473772)

Prayer?

I can support your W2K (3, Funny)

Jeremiah Cornelius (137) | more than 7 years ago | (#17476418)

What's your public IP?

Re:I can support your W2K (1)

karearea (234997) | more than 7 years ago | (#17478886)

What's your public IP?
127.0.0.1

still use it (1)

jrwr00 (1035020) | more than 7 years ago | (#17473798)

I would just still use it, i mean firefox will still support win2k way into the 3.0 stage, and so will most programs, as its ALL based on that old ass NT kernel. vista isnt like the transfer that happened with mac os7/8 and X ( i know you could still run os9 apps ) i like win2k, for laptops its da shit, but for the most part, i would just keep using it

Re:still use it (0)

Anonymous Coward | more than 7 years ago | (#17476032)

as its ALL based on that old ass NT kernel

That kernel been through a lot of changes, it based on that old assed kernel the way Windows 98 is based on DOS 1.0

That said, Windows 2000 IS NT 5.0, but XP is only NT 5.1 and 2003 is only NT 5.2. So the Windows developers don't seem to be making huge changes to the kernel anymore, except to 1) Add stability, 2) Add new features (aka reduce stability).

Re:still use it (1)

jrwr00 (1035020) | more than 7 years ago | (#17476668)

what i ment is that win2k winxp and vista are all NT based

Support ends but.... (3, Informative)

walterwalter (777821) | more than 7 years ago | (#17473820)

MS does discontinue support but the updates and whatnot are still available after they discontinue support. They just stop putting up new updates. You can "update" a fresh 98 install up to the point where they discontinues support and this seems to be what you are worried about.

Accept the realities (4, Informative)

SuiteSisterMary (123932) | more than 7 years ago | (#17473854)

Eventually, new patches will stop coming out for it. Sure, some people will hack up XP patches, where they can, but eventually they'll stop coming.

So, what can you do? Make sure that you're running what patches do exist, make sure you never ever expose it live to the Internet, make sure that all of your apps are patched, make sure that you're running fully up-to-date antivirus. Don't install any software which is at all questionable, don't visit any questionable websites. Turn off what you can; if you don't use WSH, turn it off. Turn off autoassociations for it, at least. Turn off as much of ActiveX as you can, javascript and so on. There are lots of guides to hardening Win2000/IIS and so on, and most of the reccomendations here are ones that you should be following anyway.

If you wait long enough, of course, people will be targeting Vista rather than Win2000/XP, and you won't have to worry about it; kind of like how Win98 is actually a fairly safe operating system to be running these days.

Oh, and scan it with an up-to-date BartPE disc every once in a while, just to be sure. Make sure you grab the module for Spybot from the Spybot website.

Re:Accept the realities (1)

LehiNephi (695428) | more than 7 years ago | (#17474110)

If you manually install updates by going to windowsupdate.com, it is entirely possible (though it takes about half a dozen clicks per patch) to download the patches for later use. I've saved all the patches, service packs, and rollouts, so if I have to reinstall, I can either build an nLite image, or install all the patches without internet access.

I have only one suggestion to add to the parent's suggestions: Set up and use a non-privileged account. You'll have to do a bit of fudging user/folder permissions for some applications to work (and some brain-dead programs won't work at all unless you're admin), but for the most part, you should be ok. A locked-down account will eliminate nearly all threats (excluding unpatched wormholes and privilege-escalating flaws) from viruses, spyware, viruses, etc. Even so, I'd still follow SuiteSisterMary's suggestions

Slightly more useful (1)

Captain Splendid (673276) | more than 7 years ago | (#17474532)

For Win2k, all you need to worry about is Service pack 4 [microsoft.com] and Update Rollup 1 [microsoft.com] .

Re:Slightly more useful (3, Informative)

supremebob (574732) | more than 7 years ago | (#17474768)

There were a bunch of security patches released after the Rollup, so you need to install those as well. IE 5 isn't supported anymore, either, so you might want to upgrade to IE 6 for those few sites that don't work right with Firefox.

Safe Windowsupdate (2, Informative)

silicon not in the v (669585) | more than 7 years ago | (#17474686)

As someone pointed out, the old updates and patches for Win98 and Win2K will still be available for a long time on WindowsUpdate. They just won't be releasing new ones. I have had to do re-installs for myself and friends several times, and I know can get owned before it finishes downloading the updates. So here is a pretty basic sequence to safely install and update. Preferrably this would all be done behind at least a basic consumer router, though.

Preferred software to have first--1. Your Windows install CDs 2. I have a utilities CD-R for new installs that has a bunch of stuff on it (Zone Alarm, Firefox, Thunderbird, Flash, Quicktime), but the two you really need are Zone Alarm and Firefox. Zone Alarm will control incoming and outgoing connections. 3. If the system is XP, hopefully have the Service Pack 2 on CD-R since it's a huge beast to download through WindowsUpdate.

Steps with the computer unhooked from the net:
Wipe the hard drive and do the basic Windows install.
Install Zone Alarm, Firefox.
Configure IE--it actually has a cool feature that I haven't seen in other browsers, where you can set the overall security settings, but list particular domains as exceptions. I turn up the overall settings to high/paranoid, and then list *.microsoft.com as lower security so it can run the WindowsUpdate ActiveX control.

Then plug into the router/internet.
Start into the repetitive patch and reboot sequence of WindowsUpdate. Zone Alarm will ask for permission whenever IE tries to access it, so you can just click "Allow" each time it asks, without setting it to permanently have permission.

You're fairly safe from that point, using Firefox for your browsing and keeping good control with Zone Alarm of which programs you want to have net access and when you want them to. You can continue pretty safely this way for many years, or as long as your hardware holds up. About the only danger vector is if you use a separate email client. Email attachments get downloaded, and you have the responsibility to be careful of what you accept and/or virus scan them. I just use Yahoo Mail, so everything gets virus scanned before it gets to my computer. I think most other web mail sites do that too.

Offline Updater (5, Informative)

Bastardchyld (889185) | more than 7 years ago | (#17476362)

Heise Security released an script called Offline Updater.

This script will allow you to create all-inclusive, fully-automated update cds for the English and German versions of Windows 2000, Windows XP, and Windows 2003. The script will create a CD .iso for each OS and/or it can also create an all-inclusive DVD .iso for all of the above versions. You then burn the .isos you created and the installation is entirely automated (some reboots required but automatically continues with the install).

Here is an short and sweet write-up on this - http://www.heise-security.co.uk/articles/80682/3 [heise-security.co.uk]
Here is where you download the file (.zip) - http://www.heise.de/ct/ftp/projekte/offlineupdate/ ctupdate302.zip [heise.de]
Here is Heise Security's Forum on the script - http://www.heise-security.co.uk/forums/go.shtml?li st=1&forum_id=108277 [heise-security.co.uk]

Re:Safe Windowsupdate (1)

Richard W.M. Jones (591125) | more than 7 years ago | (#17478090)

And people still use this operating system? Incredible.

Rich.

Re:Safe Windowsupdate (1)

silicon not in the v (669585) | more than 7 years ago | (#17480388)

And people still use this operating system? Incredible.

Until TurboTax releases a Linux version...yes.

Re:Safe Windowsupdate (1)

TClevenger (252206) | more than 7 years ago | (#17482142)

Windows 2000? Yes, a well-known mobile phone company in the US still uses Win2K on 15,000+ desktops and laptops.

Re:Accept the realities (1)

tropicdog (811766) | more than 7 years ago | (#17476218)

There was a recent story here on Slashdot about how to collect and install Windows updates for a "not on the Internet situation."
Check out info from http://www.heise-security.co.uk/articles/80682 [heise-security.co.uk] for how to go about it. Haven't tried it myself yet but looks to be useful.

Re:Accept the realities (1)

ncc74656 (45571) | more than 7 years ago | (#17485280)

If you manually install updates by going to windowsupdate.com, it is entirely possible (though it takes about half a dozen clicks per patch) to download the patches for later use.

After a normal update run, you might check c:\WUTemp and see if the updates that were just installed are still there. I don't recall if Win2K behaves that way, but I think WinXP does. Using WindizUpdate [62nds.com] instead of Windows Update will also save patches (useful when you have clean WinWhatever installs on different hardware and need to patch both, as you download only once).

Re:Accept the realities (1)

Jeff DeMaagd (2015) | more than 7 years ago | (#17474378)

I don't think it should be a problem if you follow sensible precautions. Keep copies of the newest software that supports your operating system. I usually keep the installer files around anyway. Don't let Microsoft's software to access the Internet where ever possible, or with very heavy restrictions if absolutely necessary.

The real problem once those precautions are accounted for, is that if a new piece of desirable software doesn't support W2k, then it would take annoying hacking to disable or correct its installer's checker, or just upgrading to Windows XP / Vista.

Even if it may be ill-advised, last I heard is that Windows 98 still has 70 million users, I might have misheard it, but it's several tens of millions. If that many people are happy with 98, I can imagine that Windows 2000/XP will have even more hold-outs because it's quite a bit better.

Re:Accept the realities (1)

Bios_Hakr (68586) | more than 7 years ago | (#17483382)

Use Nlite to create an install disc with the latest service pack slipstreamed. After that, download the latest Autopatcher install.

Install with the slipstreamed disc and then run Autopatcher before you connect it to any network.

Install something like Zone Alarm and then connect it to the internet.

Go to windowsupdate and grab any patches you need. Aitopatcher is pretty good; WU won't have much to suggest.

Remember to keep versions of AVG, Autopatcher, Nlite, Zone Alarm, and any other applications you use on a CD. Many of those will be impossible to find in 5~10 years.

If you are really interested, the NSA has a step-by-step guide to securing Win2k. If you follow the guide (it's a DoD standard, so back-doors are a no-no), your box will be as secure as you can make it.

Finally, image the working drive using a bootable linux CD and the "dd" command. Ghost is crap; don't bother. Image that to a spare HD and lock that in a cabinet somewhere. If you get even a hint of spyware or unrequested HD or NIC activity, use "dd" to restore your image.

So long as the hardware does not die, you should be golden.

Virtualization? (4, Insightful)

petabyte (238821) | more than 7 years ago | (#17473868)

So ok, its not a perfect solution and might not fit as you didn't specify what you windows needs are, but what about running Win2k virtualized inside a vmware world? Both my laptop and desktop run Ubuntu only these days, but I do have an XP virtual machine on the desktop to "boot up" should I need something which requires Windows. I don't really find much of a reason to do that these days though.

If you do need to keep Windows natively on the hardware, I would advise setting up a hardware firewall between the machine and the internet, and browse securely with an up to date browswer (Firefox or Opera). Disable MS Filesharing if you don't use it.

Over the long term, you might want to consider why you're keeping Windows and find an alternative (Linux/OS X, whatever). I can't imagine that anything after Vista is going to be any better and well, you will have to upgrade your machines someday ...

Re:Virtualization? (2, Informative)

just_another_sean (919159) | more than 7 years ago | (#17474700)

This is also what I do. I run an XP, 2K and 2k3 Server in a vmware session if/when I need them.

Other then the lack of 3d graphics support (which I was hoping would let me run a few Windows games without
messing with wine) it works really well. All my business/job needs are met by this setup. Games... I'm still
working on that. ;-)

Re:Virtualization? (1)

hda (311214) | more than 7 years ago | (#17476732)

After running various Windozes in VMware for a couple of years I recently switched to QEMU [bellard.free.fr] . It works very well with a reasonable speed using the kernel accelerator module KQEMU.

Re:Virtualization? (1)

baomike (143457) | more than 7 years ago | (#17475310)

I also use a VMware installation of 2000. Works well. I use it for spread sheets
(excell is a good spread sheet)* and Turbotax.
I also keep it behind a firewall (dual home slackware with snort and iptables) .
Turbotax needs the internet for updates , however I do not use it for browsing.
I also only turn it on when needed.

As a solution it seem to work well.

* Yes gnumeric is good, but slack does not support gnome , and trying to gather
      the dependencies for gnumeric is a thankless/impossible task.

Re:Virtualization? (1)

sBox (512691) | more than 7 years ago | (#17481416)

Although I use VMWare for Win2K, if you don't want to pay for VMWare Workstation, you can use MS's VirtualPC [microsoft.com] for free while supplies last.

Re:Virtualization? (1)

el_chicano (36361) | more than 7 years ago | (#17488276)

Although I use VMWare for Win2K, if you don't want to pay for VMWare Workstation, you can use MS's VirtualPC for free while supplies last.
While I haven't had a chance to play with Virtual PC yet (mainly because I don't like running Windows as the host OS), unless you are running W2K3 Server Enterprise Edition as the host OS you will need a Windows license for the host as well as one for the virtual machine. That extra licensing cost for Windows is one reason why I prefer to use Linux as the host OS.
 
The VMware Player and VMWare Server products [vmware.com] are both free (as in beer) to use. I find that the stripped down Server version of CentOS [centos.org] works wonderfully as the host OS and I use VMware to run Windows 98, 2000, XP and W2K3 Server virtual machines. As a matter of fact at work I am moving most of my servers to VMware Server both to better utilize the hardware we have as well as to simplify backing up those servers.
 
VMware Server is also available in a Windows version if you decide to use Windows as the host OS; while VMware recommends you run it on a Server verion of Windows you can successfully run it on a desktop version of Windows. You just need to ignore the warning that VMware server gives you, it is related to an artifical limitation imposed by Microsoft on IIS (only one website can be run on IIS on the desktop version of Windows, stopping the default website will allow the VMware management interface to run just fine).

Re:Virtualization? (2, Interesting)

Cheesey (70139) | more than 7 years ago | (#17487180)

Seconded! This is the way to go. Your Win2K system will survive hardware upgrades so long as your virtualisation software is available for the new platform. You won't have issues finding video and input drivers for your computer in a decade's time, or issues with access to the latest storage devices. And the VM protects you from nasties: if you mess up and install a virus by mistake, you can back it out with the Revert feature.

Go for VMware - you don't want to be locked in to VirtualPC, because that will tie you to a Windows host platform. VMware is in very common use: if the company does go bankrupt or drops support for your host platform, you'll be able to find free software to convert your virtual machine files to the VM software of the day. Which might be free software too!

Two different approaches (3, Informative)

megabyte405 (608258) | more than 7 years ago | (#17473942)

Win2k - Offline Updates: http://www.heise-security.co.uk/articles/80682 [heise-security.co.uk] . From a post here on Slashdot a while ago, it's a pretty slick tool. Just keep running it until they stop making updates for Win2k, then burn it to multiple high-quality archival CD's for safety :D A firewall (or even consumer router) never hurts, unless it's the Norton firewall.

Win98 - I'll agree with another poster, virtualize it. VMWare Player is your friend. (and why is Win98 your friend too? I suppose it's not WinME ;D )

Re:Two different approaches (1)

FuzzyDaddy (584528) | more than 7 years ago | (#17474416)

high-quality archival CD's for safety

Do you know of any brands of archival quality CD's? I have looked in vain for such a thing.

Re:Two different approaches (1)

Arctic Dragon (647151) | more than 7 years ago | (#17474784)

They'res also AutoPatcher [autopatcher.com] for offline patch installation, and it includes add-ons (such as Sun Java 6, TweakUI and the .Net framework).
They'res also Microsoft's Microsoft Baseline Security Analyzer [microsoft.com] which will scan your computer and notify you of missing security updates, and direct links to download them.

old software (2, Insightful)

matt328 (916281) | more than 7 years ago | (#17474116)

My concern would be that some sort of hardware failure will necessitate a software upgrade at some point in the next 5 years, especially with a laptop. I know you mentioned liking that the Win2k license is transferable so you could transfer it to new hardware, but good luck finding drivers for your new touch pad, or even display device that still support an EOL'd operating system.

I guess to answer your question as to how to keep Windows 2000 running for the next 5 years? Very carefully.

Re:old software (1)

nizo (81281) | more than 7 years ago | (#17478176)

That is the beauty of the vmware solutions mentioned above: since linux handles the underlying hardware, it presents the same interface to the windows side no matter what hardware you are running on. This is really really nice, since I can upgrade my hardware, re-install vmware, copy the vmware win2k files to the new machines, and it just works; win2k thinks it is on the exact same hardware. This is the setup I use at home to run photoshop, illustrator (both latest versions, wine compatibility isn't there yet), poser, vue, etc. So far everything works perfectly. In fact I think win2k runs better than ever, since it is seeing a standard set of hardware that it already has built-in drivers for, it seems way more stable than any other win2k installation I have ever used. Plus as an added bonus, I can backup win2k when vmware isn't running and restore it to the exact same state within minutes if something ever breaks.

Re:old software (0)

Anonymous Coward | more than 7 years ago | (#17480062)

I bought quite a few new devices last year for my win2k machine. Most of them work better with just plugging them in and them working, than installing the drivers (logitech bluetooth SUCKS)

Why (2, Informative)

gravis777 (123605) | more than 7 years ago | (#17485738)

Why bother? Yeah, so the license is transferable. Yeah, so 2000 has lower system requirements.

Do you really think your laptop will still be working in 5 to 10 years? Do you remember what we had 5-10 years ago?

5 years ago, my system was top of the line. 500 MHz. 192 meg of ram, an insane amount for the time.

10 years ago, had a pentium 90 MHz, with a whole 16 meg of ram, running the newest Windows 95 operating system.

Really, do you think you are going to keep your laptop that long?

So your license is transferable. Chances are, unless you are buying laptops from eBay or third party refurbished stuff, your laptop will come with a license for xp or vista. Why bother with your unpatched 2000 that has a transferable license?

What is up with all these people who say that they will never consider using XP or Vista? I think too many people are thinking of XP back when it was first released. Yes, there were all kinds of issues with it. It was a major rewrite of Windows - in a good way. Software vendors had to write better code, new drivers had to be made, and microsoft released some service packs..... and the result is that 5 years later, xp is not a half bad operating system. Yes, the OS is unforgiving to the ignorant, but patch your OS, run Spybot and the TeaTimer (the beta fixes the graphical glitches), and you ALREADY HAVE AN XP LICENSE ON THIS MACHINE!

Vista, in my testing enviornments, is proving to be a pretty freakin awsome operating systems. I would still say wait before upgrading for at least a few months, to let some of the security patches come out, but if you are going to buy a laptop with vista preinstalled, leave it on there. I mean, why purposely cripple yourself with an unsupported OS?

I have seen a few people complain how there are no longer updates for 98. The operating system is freakin 9 years old, 2000 is eight years old. Shoot, you would not have been trying to run Dos 3.3 on an computer in 1995 or 1997 and be complaining that you do not get new features and stuff like that would you? You would be laughed at.

Its 2007, dude! Windows 2000 came out at the end of 1999. Five years from now this operating system will be 13 years old!

If you are going to run a Microsoft OS, just run the one that comes bundled with your new computer. Shoot, Apple feakin releases a new version of their Operating System practically every year. Thank God that Microsoft's life expectancy for an OS seems to be hovering around the 6 year mark.

Even Linux distros stop supporting their old distros after a while. I am too lazy to look for this, but there was an article on Slashdot a couple of days ago that Fedora was going to stop updates for its early versions.

Its not like I am telling you to upgrade - the new OSes are already installed on your system, you have a freakin license. Why are you creating all this trouble DOWNGRADING your operating system, limiting your functionality, limiting your access to software, and limiting yourself from getting updates? You like 2000? Fine. Right click on your start bar in XP / Vista, goto properties, choose the custom start bar. Right click on your desktop, go to wallpaper, and turn off the windows bliss wallpaper. Then go to the Appearance tab and change the button layout and style from XP or Vista to Windows Classic. Whalla, you now have an operating system that looks like the Windows you know and love, but will recieve security patches. Your recycle bin just may be a different icon.

I am going to end this with stating what I have said over and over again in this reply - stop crippling yourself. Microsoft, in this case, did not screw you over by making you buy an upgrade, and its not like you are running some legacy hardware that will not run the new OSes. You already have them, you have the licensces, they came preinstalled on your machine, you were in no way inconvienineced by XP being preloaded on your system as that you do use Windows. YOU are the one who uninstalled it, YOU are the one who created these problems for yourself. And so what if the license does not transfer, the machine you buy after that will have its own license for Windows.

Go ahead, mark me as troll. If this was about someone who had 2000 and did not want to purchase an upgrade, that was one thing. That is not the case, he actually took a licensed copy of XP, uninstalled it, installed an operating system that is no longer supported and is now asking us for support. That's just stupidity there.

Re:Why (1)

paganizer (566360) | more than 7 years ago | (#17486638)

i'm just going to address one of your many points, "What is up with all these people who say that they will never consider using XP or Vista?"

I was a HP/UX admin before I got my MCSE and switched to the NT world; Win2k is the best operating system I've ever used.
I have a laptop running debian, a laptop running WinMCE, a server running Solaris VII, and all my house systems (6-8, depending on biz & family needs) run Win2k.
Every game ever made for DOS/Win works, either just straight up, or with VirtualPC. I'm able to disable version checking that forces WinXP, so no problems with them trying to force me to upgrade that way.
I've been running Tiny personal Firewall since win2k came out, my boxes are secure.
There is no logical reason to "upgrade" to something with integrated DRM, that requires more resources for no additional benefits.
I've been a semi-pro 3D graphics & special effects guy for about 4-5 years; everything runs rock steady on win2k with minimal OS overhead.
Using WinDiz, I get the updates that might apply to me on the win2k systems, skipping the ones that will install malware like DRM.
I Personally think a person would have to be an idiot to "upgrade" to WinXP or Vista, unless you are so inept you can not build your own systems and don't want to bother looking for the version-checking patches for games.

Note: I am forced to admit that the time will come when a 64-bit app for Windows will come out that will require me to make one machine a winXP-64 workstation. it will happen, and I don't see much chance of microsoft releasing the fully working 64-bit patch they made for Win2k. I'm just hoping whoever makes that 64-bit app makes a Linux or Mac version.

No - Windoze (1)

justkarl (775856) | more than 7 years ago | (#17474160)

I would like to avoid ever buying a PC with Vista
 
Sounds great in theory(I was pondering the lifecycle of my XP box just yesterday), but I like the idea of having support for my OS(I.e. updates.). As such, I think when MS ends support for XP in 2011 or 13, I think, I will probably buy maybe a new desktop to build from scratch with vista, or buy a new dell or something with vista prepackaged. When you think about it, $200 for a license of XP or Vista over 10 years isn't really that much. So why not keep your desktop standard for $20 a year?

Re:No - Windoze (1, Insightful)

Anonymous Coward | more than 7 years ago | (#17474322)

When you think about it, $200 for a license of XP or Vista over 10 years isn't really that much.

And yet, Linux is free. That $200 could be put to better things (hardware, bandwidth) rather than propping up a convicted monopolist. Windows has hidden expenses too in order to make it secure: (antivirus, personal firewall, anti-spyware, router). None of that is required for Linux.

Re:No - Windoze (1)

eln (21727) | more than 7 years ago | (#17474904)

You don't need a firewall to secure Linux? Really? What is your IP address?

Yes you need various add-on programs to properly secure Windows, but you can get all of them for free (AVG, AdAware, etc), so they aren't really expenses, hidden or otherwise. Similarly, you need various free software tools, as well as some level of expertise, to secure your Linux box. Most Linux distros may come stock in a more secure configuration than a stock Windows install, but that doesn't mean you can just leave them alone and expect to never get hacked.

Re:No - Windoze (0)

Anonymous Coward | more than 7 years ago | (#17475136)

linux has a firewall built into the kernel, iptables.

Re:No - Windoze (2, Informative)

eln (21727) | more than 7 years ago | (#17475212)

It still has to be configured. Most of the security software you need for Linux comes with the distribution, but it still has to be configured if you want it to do any good. My point is that Linux needs work to make it secure, just like Windows does. The difference is that with Linux the software is there and needs to be configured, while with Windows the software needs to be downloaded and configured.

Re:No - Windoze (1)

Dan Ost (415913) | more than 7 years ago | (#17475254)


I'm not the poster you're replying to, but my home machine is connected to the internet
without any firewall. The only network service I've got turned on is sshd and the only
reason it's on is because I turned it on. By default, there was nothing open.

Do I feel secure? Yeah, pretty much I do even though I haven't really done anything else
to secure my machines.

If I were to post my IP, what do you think you'd be able to do?

Re:No - Windoze (1)

chad.koehler (859648) | more than 7 years ago | (#17476242)

whois lookup, subpoena your ISP for your home address, and TP your house!

Re:No - Windoze (1)

petrus4 (213815) | more than 7 years ago | (#17485352)

Do I feel secure? Yeah, pretty much I do even though I haven't really done anything else
to secure my machines.


I really wish we had Theo deRaadt reading (and commenting) on this thread...I can't even begin to imagine how novel, riddled with expletives, and generally blistering the abuse you would get from him would be, I suspect. ;-)

Re:No - Windoze (1)

Dan Ost (415913) | more than 7 years ago | (#17488232)

Actually, my OBSD box is configured the same way (only sshd turned on).

Re:No - Windoze (1)

capebretonsux (758684) | more than 7 years ago | (#17478360)

Heh, heh.... My ip is the same as everyone else's, methinks... 127.0.0.1 Have at it! And good luck! All kidding aside, who installs linux without doing a little post-install maintenance? Shutting ports and services that aren't in use, etc. I don't believe I've ever had to install a security-related app on any of my systems AFTER the initial installation process. I don't bother with antivirus, I've run various flavors of linux for quite a while now without ever being infected with anything. I run a linksys router w/ basic firewall for my home network, but aside from that I don't bother much with ultra-paranoia levels of security. That being said, I change my passwords on a regular basis and make sure they aren't simple or too short. As far as AVG for windows goes, there are periodic popups 'encouraging' users to pony up cash for the non-free version (At least on the computers my non-computer-literate family runs) Same thing for zonealarm, etc. So the 'free' apps that you can use with windows DO come with the hidden expense of being annoyed from time to time. Now maybe I'm just overly sensitive to popups and the like, but being in complete control over my comp is a large part of what led me to convert to linux. Windows, in my opinion, is either for people who don't want/need to know much about the nitty-gritty about their computers. Or those who are required/forced to due to their occupation.

Re:No - Windoze (0)

Anonymous Coward | more than 7 years ago | (#17482948)


So why not keep your desktop standard for $20 a year?

  • microsoft gets your money
  • vista isn't worth the upgrade
  • microsoft gets your money
  • people think you're using it cos you like it
  • hardware requirements

Yeah, pretty much just the last one, but the other 4 are good reasons too.

Re:No - Windoze (1)

mrchaotica (681592) | more than 7 years ago | (#17483200)

So why not keep your desktop standard for $20 a year?

Because the "standard" is turning into a locked-down DRM hellhole, that's why. I want my computer to obey me, not the other way around!

Support (1)

onedobb (868860) | more than 7 years ago | (#17474184)

They will probably extend support on XP for a coupple of years. As for legacy operating systems, I would consider using virtualization. You can get a free version of VMware and place the older operating systems on that, and you will still have the security of the host operating system. It's an idea. I don't know if there is anything in the EULA that restricts using it at work.

Long-term: virtual; short-term: be careful (3, Informative)

davidwr (791652) | more than 7 years ago | (#17474226)

Others have already made good suggestions for the short-term, such as minimizing exposure, installing all patches, using non-IE browsers when necessary, etc.

If it's at all possible, block all traffic, incoming and outgoing, except what you need. If it's possible, only allow certain processes, such as firefox, to access the Internet at all.

Also, make a full-image backup plus frequent additional backups so you can restore your system if it gets compromised.

The long-haul solution is to go virtual. Get a lightweight Linux with your favorite VM and install Win2K on it. Back up the image frequently. This way if your laptop dies you can replace it and not worry about driver issues. Heck, you can even do all "Internet" traffic on the Linux side and restrict the Windows network to a private-virtual-lan with the host system. Even then, block all traffic except what you really need, such as for file transfer and for printing.

VMWare's killer feature (0)

Anonymous Coward | more than 7 years ago | (#17475728)

Snapshots.

Create a VM and set it up as you want. Then create a snapshot (VMWare Sever does this well). If you need to undo something, just revert the snapshot. This actually lets you take risks you otherwise wouldn't want to.

For example, last week I downloaded a few dozen viruses and spyware infested apps. I copied them to the VM, disabled networking support (in VMWare, not inside the VM) and installed them all. My reasoning? I built a new Linux netboot rescue system which included multiple virus scanners (BitDefener, F-Prot, AVG, and ClamAV). I wanted something to test it with. After shutting the VM down, I re-enabled networking and did a pxe-boot to the new rescue system. After testing it out I reverted the VM.

Using a VM rocks. Once you make a snapshot, you can do whatever you want to the system and not have to worry about consequences. Mess something up? Revert. Use IE6 and get pwn3d? Revert. Etc. No matter what you do the fix is a single click away.

The long-haul solution is to go virtual. Get a lightweight Linux with your favorite VM and install Win2K on it. Back up the image frequently. This way if your laptop dies you can replace it and not worry about driver issues. Heck, you can even do all "Internet" traffic on the Linux side and restrict the Windows network to a private-virtual-lan with the host system. Even then, block all traffic except what you really need, such as for file transfer and for printing.
With Firehol on the Linux-side you can restrict the VM's traffic as much as you want. You can blacklist anything, or just do a whitelist.

2k is under extended support until 2010 (4, Informative)

RingDev (879105) | more than 7 years ago | (#17474242)

Windows 2k retired from mainstream support on 6/30/2005. It is currently under extended support until 7/13/2010.

So for the next 3 1/2 years you will continue to receive security and critical patches, and you will be able to pay for support if you need it. So there's nothing to panic about yet.

After 2010 though, if MS doesn't extended support, you may want to look in a new direction. Possibly an emulator for Linux to run what ever 2k app you need, or a replacement for those apps you are using. Worst case scenario, (2k support ends and numerous viruses are released for it) you can still run it, you just have to take into consideration the extra security concerns.

Here is the page for MS's support life cycle info: http://support.microsoft.com/gp/lifeselectindex [microsoft.com]

-Rick

Re:2k is under extended support until 2010 (0)

Anonymous Coward | more than 7 years ago | (#17476404)

You'll be OK though, 2010 is going to be the year of the linux desktop ;)

Re:2k is under extended support until 2010 (2, Insightful)

CAIMLAS (41445) | more than 7 years ago | (#17476994)

I suspect that after Win2k is EOL'd, there wouldn't be many people using it anyway. Heck, I'd be surprised if there was much support for the hardware of 2010 in Win2k; it's already a pain to get currently new hardware working properly.

As a result of not many people using it (most of the poeple using Win2k will have upgraded/bought another computer by then - 8 or so years seems a bit long for your average home internet user to stick with an OS), there'd not be many people writing malicious stuff for it, simply put. Look at all the legacy OSes out there which people still use and don't have a proliferation of viruses or worms.

On the other hand, it may be MS who writes a malicious virus for Win2k when it's EOL'd - if there are still a significant number of people using Win2k, to attempt and force their hand.

Re:2k is under extended support until 2010 (1)

ADRA (37398) | more than 7 years ago | (#17481284)

The only annoyance I've ever had with Win2k drivers on brand new hardware is that ATI stopped linking the newest Catalyst drivers on their Win2k page, but if you go to the XP page, the drivers work great anyways. WDM made the driver boundary between supporting XP and 2k almost brain dead except for the device profiles that didn't exist in 2000 (bluetooth, etc..).

Sadly, the OS was almost completely ignored as a consumer desktop in the ramp up to XP which is a real shame because I still think its the best Windows version they've ever released.

Re:2k is under extended support until 2010 (1)

skiflyer (716312) | more than 7 years ago | (#17486204)

I have mod points, but I can't find the -1 Paranoid... wtf?

Use a Virtual Machine (3, Informative)

Natales (182136) | more than 7 years ago | (#17474244)

I have lots of customers who had this same concern about Windows NT. Virtually everybody had that beige box in the dark corner of the datacenter with a sign on top saying "don't touch" running some critical app in Windows NT, where registry modifications and tweaks go back years and couldn't be replicated. Newer hardware wouldn't support NT so they kept it running.

The ideal solution is a VM. At least if you use VMware ESX, the virtual hardware exposed by the VMM (virtual machine monitor) is always constant regardless of the physical hardware, and the virtual I/O devices are rather old, so any old OS would support it. In fact, in most cases this solution runs faster than the old beige box regardless of the virtualization tax due to the speed of the new processors.

You can keep a system running for years and years with this method, even backup the full VM as a file.

Disclaimer: I work for VMware, but I see this all the time with actual customers.

2003 Server (0)

Anonymous Coward | more than 7 years ago | (#17474408)

You could go from Windows 2000 to Windows XP or Windows 2003 Server and run it as desktop operating system.
I have heard that after some tweaks Windows 2003 Server apparently becomes a decent Windows desktop OS.

Run it in a virtual machine as other suggested might be a good idea too.

Or you could use Mozilla Firefox, use a hardware firewall, disable unneeded services, close unused ports. Harden the system with software such as 'xpy' and 'CMIA', etc.
* http://xpy.whyeye.org/ [whyeye.org]
* http://sourceforge.net/projects/cmia/ [sourceforge.net]

Use Windows Update. DO NOT use Internet Explorer.
Use an restricted account, do not use the administrator account.

Consider virtualization (2, Interesting)

lar3ry (10905) | more than 7 years ago | (#17474422)

When my daughter wanted a system for college, I convinced her to get an iBook. "But that won't run Office!" she protested.

"Yes, it will," I answered, and purchased Office 2004 for her.

"But how about these other things I use all the time?"

I threw her a bonus: I configured a nice Kubuntu Linux system with all the apps that a student would need, including OpenOffice.org, Gimp, Evolution, Firefox, etc.

Then I threw her a second bonus: On the Kubuntu system, I installed VMWare, and installed Windows 2000 to run on it. Win2000 doesn't use as many resources as XP, but apps written for XP run fine on it. In addition, as the OP mentions, the license can transfer.

What about viruses? Well, I did not configure the virtual network interface for W2000. Anything she needs to run on Win2000 has to be downloaded first onto Kubuntu, and then through a shared drive, installed onto the Win2000 process. Viruses just have no vector to get into Win2000, except from trojans.

Now, this isn't the perfect situation, and there are some apps that just won't work for her (Internet Exploiter, her previously-favorite IM client, etc.). However, for those things that she just HAS to run on Windows for her schoolwork, she can run the programs at nearly full speed with just a little hassle. Over the last few months, she figured out how to streamline the process of getting files to/from Win2000, but she also figured out how to make do with the OS X applications, and to a lesser extent, the Kubuntu native applications as well. Since Firefox and a lot of the applications she runs on Kubuntu also run on the iBook, she has an easier time with Kubuntu coming back from the iBook.

Windows 2000 is now a distant third for her, and she is considering "retiring" that system after the next semester if she can get through the next semester without needing Win2000. (Probably won't happen, but back in September, that wasn't even being considered!)

She's happy, and if she just HAS to run something on Windows, she has the ability to do so.

She managed a 3.9 GPA this semester, so this setup didn't hurt her.

Re:Consider virtualization (5, Funny)

NineNine (235196) | more than 7 years ago | (#17474616)

She managed a 3.9 GPA this semester, so this setup didn't hurt her.

That may be true. But, did she get laid this semester, or did she have to spend all of her free nights dicking with this ungodly complicated system?

Re:Consider virtualization (1)

Slithe (894946) | more than 7 years ago | (#17475028)

That may be true. But, did she get laid this semester, or did she have to spend all of her free nights dicking with this ungodly complicated system?
I assume the GP is a dude, so this would be a bonus. How many fathers WANT young men to screw their daughters? Anyway, she's a chick. If she wanted some action, she would not have to look too hard; she could just go to her local LUG.

Re:Consider virtualization (0)

Anonymous Coward | more than 7 years ago | (#17475698)

How many fathers WANT young men to screw their daughters?

Don't pay any attention to NineNine. He's a washed-up pornographer who's just here to troll Linux advocates. Look at his history. Most of his comments are full of bizarre non-sequitors that try to tie in how difficult or useless Linux is. Although, I can't remember NineNine telling a father that his daughter should get fucked instead of using Linux. That's a new low for him.

Re:Consider virtualization (0)

Anonymous Coward | more than 7 years ago | (#17477378)

I enjoy reading NineNine's posts. He's got a sense of humor, and more often than not his trolling is based upon truth.

That iBook running Kubuntu Linux with a vmware partition running Windows 2000 shouts "Over complicated solution for a simple problem!" I mean why not just run OS-X?

Re:Consider virtualization (1)

JoshJ (1009085) | more than 7 years ago | (#17486010)

It's overcomplicated because the daughter was afraid of change in the first place. If she wasn't afraid of change, she wouldn't have needed the entire kubuntu setup to run win2000, she could simply have ran OS X, as you said.

well... (1)

r00t (33219) | more than 7 years ago | (#17484406)

I do, if:

a. young MAN, not MEN
b. daughter has reached full size
c. young man is in good condition
d. young man intends to keep her
e. young man would make a good husband, father, and son-in-law

Re:Consider virtualization (0)

Anonymous Coward | more than 7 years ago | (#17482496)

That may be true. But, did she get laid this semester, or did she have to spend all of her free nights dicking with this ungodly complicated system?
Yes. Yes she did.

Posting anonymously so lar3ry can't find me...

Re:Consider virtualization (1)

NMR Dude (783818) | more than 7 years ago | (#17485006)

That may be true. But, did she get laid this semester...

And now you see the true genius of his plan.

Re:Consider virtualization (3, Informative)

Lproven (6030) | more than 7 years ago | (#17476288)

Sounds like you don't know Mac OS very well. Pretty much all the stuff you cite - OpenOffice, Firefox, whatever - could have been run natively under OS X. You can even run many xNix apps from the Fink or OpenDarwin projects, tho' native OS X versions are usually much preferable.

Including running W2K under Virtual PC.

I see no need for what is effectively a triple-boot machine - OS X (with Classic, quadruple-boot), Linux /and/ Windows - when you could easily have made a simpler system by removing a whole OS from the equation.

There's not really much good reason for running Linux on a Mac - there are fewer drivers & proprietary apps in PPC form than x86 and OS X provides pretty much all the Unix goodness one could want.

The virtualisation idea isn't bad, but run W2K with up-to-date A/V and antispyware and so on, behind a hardware firewall, and it's pretty safe even today. Remove & replace all the MS internet apps and it's not bad at all.

Re:Consider virtualization (1)

lar3ry (10905) | more than 7 years ago | (#17479468)

Not an option. The iBook is PowerPC architecture, so the only way to run "Windows" is through Virtual PC, which would have had a speed cost.

What we ended up doing is setting up a Linux system, and it runs the same things that she can run on the iBook (well, the better looking apps run on the Mac). Running Firefox on OS X and Linux makes it easy for her to download stuff on Kubuntu and then switch to Win2K to do whatever HAS to be done on Windows.

As I said, she managed quite nicely. There was a bit of a learning effort, but aside from that, she's happy--and isn't that the important thing?

Re:Consider virtualization (1)

mrchaotica (681592) | more than 7 years ago | (#17483236)

Running Firefox on OS X and Linux makes it easy for her to download stuff on Kubuntu and then switch to Win2K to do whatever HAS to be done on Windows.

Wait, explain one more time why she couldn't run Virtual PC in OS X instead of Linux?

Re:Consider virtualization (1)

toddestan (632714) | more than 7 years ago | (#17484796)

Wait, explain one more time why she couldn't run Virtual PC in OS X instead of Linux?

It's an iBook. Can you say SLOW?

Re:Consider virtualization (1)

mrchaotica (681592) | more than 7 years ago | (#17485726)

Yes, I can -- I own an iBook too. However, I don't see how Linux really helps that situation much, since it's not as if it's that much more efficient than OS X.

Re:Consider virtualization (1)

dan_bethe (134253) | more than 7 years ago | (#17484400)

she's happy--and isn't that the important thing?

Well since you asked, no it's not. The most important thing is that it serves objective requirements in a sustainable and self-managing way. That's what makes a person happy, not just complacent. Your setup is obviously irrationally complex just for the sake of complexity. I can hardly believe anyone would agree to implement it or to accept critical dependency upon this rube goldbergian machination, and upon having to have their own personal sysadmin living who-knows-where for its continued operation, for a degree program. Everyone else pointed out how it makes no sense whatsoever and defeats its own purpose, and you had it all sewn up in the first place with MacOS and possibly VirtualPC. These are just some utterly bizarre criteria that allegedly are and are not options, and it's inconceivable how a person could both know how to do all this *and* actually decide to do it. You laboriously admitted to this madness, and then debated against common sense, in public, so there's no way you're getting out of those facts.

So I'll just point out, since you asked, that it also defeats your own objections to common sense. "speed cost" makes no sense, as the entire purpose of Windows in that scenario is as a black sheep or last resort in the first place, and both your user and your usage case are in no way whatsoever speed sensitive. By that illogic, then if you spent less than $5000 on the Windows machine, there was a so-called "speed cost". Since you asked.

Kindly please stop pretending to rebut objective common sense. It doesn't like that.

Re:Consider virtualization (1)

DerekLyons (302214) | more than 7 years ago | (#17485956)

I see no need for what is effectively a triple-boot machine - OS X (with Classic, quadruple-boot), Linux /and/ Windows - when you could easily have made a simpler system by removing a whole OS from the equation.

That's the problem - the OP doesn't give a fig a simple, and only gives functionality as passing nod. What he cares about is imposing *his* political and religious beliefs on others. (And has the unmitigated gall to call the forced behavior a 'bonus'.)
 
Ending up being modded +5 only shows the bigotry and dual standards inherent on Slashdot - if he bragged about making his daughter take a bible to college and forcing her to read ten verses every night to do her homework, he'd be modded and flamed into oblivion.

Re:Consider virtualization (1)

Lproven (6030) | more than 7 years ago | (#17489972)

I think you're probably right there!

If you keep it... (1)

Sfing_ter (99478) | more than 7 years ago | (#17474424)

If you keep it next to your OS2/Warp box, then all should be well.... ahem....
Realistically, by the time patches stop coming out, everything will have moved on. 64bit computing is here, the only thing holding it back is software and drivers, which are whooshing their way towards us as we speek. So keep using it, keep getting what patches are available, move away from Microsoft tools to make yourself more secure, enjoy.

You may also just want to get a virtual machine running on your linux box, boot a win2k vm.

I still use Windows 3.1 and W2K for some stuff (1)

Aging_Newbie (16932) | more than 7 years ago | (#17474468)

You would be amazed how well Windows 3.1 runs with office applications and old printers like a LaserJet Series II. With a Pentium 166 it runs like greased lightning and with Celerons / AMD chips it is even faster. Memory requirements are so small that it runs on anything but can only use 32 meg. When they stopped support for 3.1 they issued a bunch of patches to Office, the Jet Engine, and other stuff for Y2K and with those it is quite useful. No USB but not needed for a light and fast machine. With modern hardware, Access is quite amazing with small 1 GB databases. Networking is a pain but I run it standalone as a desktop system. With a winsock driver it even does dialup with Gopher :-)

One of these days I will set it up with a flash disk (compact flash in a 2.5" drive adapter) so it has no moving parts. 1GB is an amazing amount of storage for Windows 3.1.

I currently keep a W2K box too with 32 bit applications. I only allow it on the LAN and not on the Internet and it does very well. I agree that it is worth keeping, probably considerably better than XP for a true legacy OS. I am not sure that there will be any major patches needed for W2K if you keep it off the web. Mostly it just runs along happily and will do so until lack of device support makes it unusable.

Re:I still use Windows 3.1 and W2K for some stuff (0)

Anonymous Coward | more than 7 years ago | (#17475164)

Memory requirements are so small that it runs on anything but can only use 32 meg.

Windows for Workgroups 3.1 runs fine with a quarter-gig of ram (it may support more - I didn't check), boots quickly off a cd-rom, and is just FAST!!!

Re:I still use Windows 3.1 and W2K for some stuff (1)

Cheesey (70139) | more than 7 years ago | (#17487132)

Windows for Workgroups 3.1 runs fine with a quarter-gig of ram (it may support more - I didn't check), boots quickly off a cd-rom, and is just FAST!!!

Someone will say this about XP in 10 years time. And it will be true - by comparison to the latest incarnation, XP will appear highly secure and efficient, helpfully lacking support for the latest DRM "features".

Re:I still use Windows 3.1 and W2K for some stuff (1)

Jaysyn (203771) | more than 7 years ago | (#17480924)

Check this out for your Win 3.11 installations.

http://www.calmira.de/ [calmira.de]

Virtualization (1)

plopez (54068) | more than 7 years ago | (#17474494)

You may want to eventually run it on a Linux box using a vitual machine. That would sandbox it, give you the ability to cature 'snapshots' for rapid recovery and keep hardware cost down (you only pay for one box).

HD 137 GB (3, Informative)

rlp (11898) | more than 7 years ago | (#17474632)

Windows 2000 does not support drives > 137 GB. I just reinstalled Win 2000 on an (older) box with a 200 GB drive. It reported the drive size as 137 GB. The C partition (20GB) was fine, but the D partition (180 GB) was inaccessible. It suggested I run diagnostics. Fortunately I did NOT do this. Instead I installed Service Pack 4 and then did further upgrades on-line. It first required me to manually upgrade to IE6, and then install the MS BITS update package followed by 50-60 patches. Several reboots were required. After that partition D was fine. I did a quick Google and learned that running a file system check before the SP4 install would have completely corrupted the partition. So, maintaining Win 2K systems is already somewhat painful. As MS removes support, it will become more so.

Re:HD 137 GB (4, Informative)

greg1104 (461138) | more than 7 years ago | (#17475008)

It supports larger drives just fine; I have a 750GB drive happily running on my Windows 2000 box. To fully use a hard drives that's >137GB, Windows 2000 requires service pack 3 or later and a registry hack [microsoft.com] . You didn't need the IE and other extra patches just to be able to use the other partition.

Windows XP requires service pack 1 and a registry hack [microsoft.com] . It's possible for OEMs to upgrade the copy of XP they ship to have this feature by default.

For people who just have to format the entire hard drive as one big partition, then this limitation in Windows 2000 can be annoying. Those of us who prefer to keep the OS drive on the small side, separating out data files onto a separate partition, are barely effected by it. I'm already going to install SP4 on any new Windows 2000 system anyway, so I just need to remember which registry key to tickle after that's done and this problem goes away.

Re:HD 137 GB (1)

Dmala (752610) | more than 7 years ago | (#17476604)

Those of us who prefer to keep the OS drive on the small side, separating out data files onto a separate partition, are barely effected by it.

Unless, of course, you forget about the limit and store all of your drivers and update files on the second partition... which is inaccessible after a reinstall. GAH!

Re:HD 137 GB (1)

crabpeople (720852) | more than 7 years ago | (#17479444)

Well then you would just use a live cd to copy them over yes?

Re:HD 137 GB (1)

srvivn21 (410280) | more than 7 years ago | (#17479962)

Even better is to make an unattended install disk (using a tool like nlite [nliteos.com] , or following the directions from a site like http://unattended.msfn.org/unattended.xp/ [msfn.org] ) which includes the proper service pack, drivers AND registry tweak.

Re:HD 137 GB (1)

scdeimos (632778) | more than 7 years ago | (#17483500)

WTF? Windows 2k SP3 and later *does* support drives bigger than 137GB [microsoft.com] . If you're not installing from an SP4 CD, make one with slipstreaming [microsoft.com] .

I just mentioned that the 137GB patch exists the other day and got modded a Troll - this guy tells a blatant falsehood and gets Informative? What's with the Mods around here?

Re:HD 137 GB (1)

silverdirk (853406) | more than 7 years ago | (#17486724)

I apologize for not looking up the link, but google for "slipstream". You can take your installation disc and apply all the service packs to it. Then you have an install disc that installs SP4 and detects all newer hardware at install time. Also, reduces the time window where you're vulnerable to worms while getting the updates. Also prevents you from having to reboot the system 10 times while getting all the components that can't be installed concurrently.

Here's a quick list: (0)

Anonymous Coward | more than 7 years ago | (#17474634)

1) Use an outgoing firewall. I love Kerio, but it keeps flashing from the system tray on Windows 2000 (in XP you can at least hide the icon). Only permit Firefox, Miranda, Skype, Java(W), etc. to access the net. Disallow the system to use the net, and also block any attempts of IE to connect to the net. Block all incoming connections except for Skype and Java (for that blue frog thing or the feline webserver).
2) Don't install stuff and don't use IE. The best computer is the one with the tiniest amount of software on it that still does the job. Prefer programs that unzip & run to programs that require installation/registry writing, etc.
3) I've never done so, but you may be insterested in something like ghosting the system to be able to restore it quickly or maybe using deepfreeze, etc.

Enjoy! :)

Unofficial SP5? (1)

WillAdams (45638) | more than 7 years ago | (#17474812)

I had good luck w/ the unofficial Windows 98 second edition update (forget the name though).

I've been meaning to try the SP5 for Windows 2000:

http://www.majorgeeks.com/download4817.html [majorgeeks.com]

Anyone had any luck w/ it?

William

don't worry, be happy ... pls consider (1)

2TecTom (311314) | more than 7 years ago | (#17474822)

Win2k is has been patched right up. Patches and updates for components like .net run-times will continue to receive official support. Scanners will be updated as will browsers. IMHO, simply keeping up to date and running the appropriate scanners and root kit revealers will keep Win2k more secure than newer, less well known OSs.

What will kill Win2k is most likely an inability to support higher performance real-time hardware and software. I have already seen systems that won't even boot Win98, OS9, etc.

Re:don't worry, be happy ... pls consider (0)

Anonymous Coward | more than 7 years ago | (#17484142)

You hit the nail on the head there.

I still use Win98 and 2K along side Gentoo, and my biggest problem with Win98 is hardware support.
I use a NForce3 chipset AGP Athlon64 board, which is right on the limit of support - Anything beyond this will NOT work on Win98.

If I upgrade, it will have to be to a VIA 'board as nVidia have totally dropped support for '98 and less.
My biggest problem is Soundcard and Video cards - Creative Labs have ALREADY dropped support for EVERY OS except XP on their sound cards, and both nVidia and ATI only support 2k and up with their stuff.
Then there's issues with new tech like SATA and PCI-Express.

2k will have that problem too - Really, it shouldn't because 2k supports WDM and is similar enough to XP that I don't get why OEMs deliberately don't support it...

Virtualisation can counter a lot of this, but obviously things like 3D and sound acceleration are difficult to work...

Ghost (1)

Marxist Hacker 42 (638312) | more than 7 years ago | (#17475638)

I know it's old tech- but if you can get ahold of Ghost PE, I suggest burning a "clean install" to a series of DVDs. Keep important data on machines you trust, and when you do need that Win2k machine for some special use, you can always just restore the backup from DVDs first, overwriting the entire partition. Windows will continue to work for you for decades that way- I've got an image of a Win95 machine I still use from time to time.

I'm probably too optimistic but (0)

Anonymous Coward | more than 7 years ago | (#17475872)

maybe you'll eventually have both an acceptable (in terms of licensing and absence of drm bullshit) and supported Windows-compatible operating system in ReactOS [reactos.com] .

DST issues on 2K (1)

jaxom_01 (720138) | more than 7 years ago | (#17477270)

Wasn't it just announced that Microsoft would not be releasing a patch to anything less than XP for the new TimeZone changes that happen this spring?

http://support.microsoft.com/kb/928388 [microsoft.com]

You'll have to remember to manually change the time each time it is supposed to change and then fix it when the broken version of 2K tries to change it for you.

-Aaron

Just run it inside an emulator (1)

Thunderbear (4257) | more than 7 years ago | (#17479968)

At that time install your new computer with a basic Linux, install vmware server on that, and install Windows 2000 on top of that.

Enjoy :)

Windows98SE (1)

prolene (1016716) | more than 7 years ago | (#17487326)

The time required to get Windows 2000 going is a complete waste. Go for Windows98SE, download following programs to keep it safe:

1. Zonealarm with antivirus.
2. http://www.msfn.org/board/index.php?showtopic=8080 0&st=0 [msfn.org]
3. Use firefox as your primary browser.
4. New games will not run, but games till 2004 may run.
5. Maximum Ram on Windows98SE is 512 MB
6. Post all your queries at MSFN.

Re:Windows98SE (1)

Don't Click Here (1036124) | more than 7 years ago | (#17492160)

ZoneAlarm? Seriously? Ever try anything else? You like the way ZA soaks up massive resources, or is it the false sense of security because it always appears to be "Doing Something Important"TM ? A few years back, ZA was crash prone, full of holes and pushed by dubious tests on dubious websites. I wouldn't touch it with a 39 1/2 foot pole, even if it is "fixed" now. Ever try to uninstall it? Ever do it without breaking something?

Agree with the "VMWare is free" chorus. Install 98 in VMWare on a Linux host. If you insist on running it natively, then a hardware firewall is the only way to go. I'd never install anything from ZoneAlarm, Norton, or McAfee anyway. I'm busily removing McAfee "Security" Center from yet another malware infected computer right now. Try a lightweight effective antivirus such as NOD32. If you are broke, AVG Free is still better than Norton or McAfee. Run Ad-Aware and Spybot.

Someone point me to an easily configured software firewall for Windows that actually works as well as a hardware firewall or even iptables for Linux. I don't know of one. If you do, please clue me in.

Don't log in as local Administrator (1)

DonChron (939995) | more than 7 years ago | (#17490006)

Even though exploits and bugs will continue to surface long after MS stops releasing patches, you'll save yourself a lot of risk if you log in as an unprivileged user. If you use the NTFS file system (and fixacls.exe if you have to convert after the install) your general-purpose login will have very few ways to wreck the system. Sure, there are privilege escalation attacks, but you'll be protected from many common bugs and exploits.

Keep a local admin account, or two, using a strong password. Change the default Administrator to a different user name and only use the admin priv's for maintenance.

Good luck.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>