Password security in Win98

  • Thread starter Thread starter Rosivaldo Fernandes Alves
  • Start date Start date
R

Rosivaldo Fernandes Alves

Guest
I have a Win98 and a WinXP in a home LAN. In this group I've learned that a
Win98 account may access WinXP shared resources provided the latter has an
account with name and password identical to those of the account in the
former.

Since I think that Win98 stores the passwords in a much less safe way than
WinXP does, I'm somewhat worried about the risk of these passwords to be
cracked via this possible vulnerability, compromising my WinXP security.

Could some one help me about this?

Thanks in advance and forgive my poor English.

Rosivaldo.
 
Re: Password security in Win98

I have a Win98SE machine and a WinXP Pro machine that I network at home.

I do NOT use a password (or more exactly, I use a blank password) to log onto the
Win98SE machine, so I do not see any log-in screen when using that machine.

On my XP Pro system, I log on at the Welcome screen with a specific username and a
password.

I can access shared files and folders on the XP system from the 98SE system, and
vice versa.

So, your initial premise is not necessarily correct.

I suggest you ask your questions on this subject in an XP group or a networking
group.
--
Glen Ventura, MS MVP Shell/User, A+


"Rosivaldo Fernandes Alves" <rfa@jfse.gov.br> wrote in message
news:OwbWmXRPIHA.5164@TK2MSFTNGP03.phx.gbl...
>I have a Win98 and a WinXP in a home LAN. In this group I've learned that a Win98
>account may access WinXP shared resources provided the latter has an account with
>name and password identical to those of the account in the former.
>
> Since I think that Win98 stores the passwords in a much less safe way than WinXP
> does, I'm somewhat worried about the risk of these passwords to be cracked via
> this possible vulnerability, compromising my WinXP security.
>
> Could some one help me about this?
>
> Thanks in advance and forgive my poor English.
>
> Rosivaldo.
>
 
Re: Password security in Win98

glee wrote:
> I have a Win98SE machine and a WinXP Pro machine that I network at home.
>
> I do NOT use a password (or more exactly, I use a blank password) to log
> onto the Win98SE machine, so I do not see any log-in screen when using
> that machine.
>
> On my XP Pro system, I log on at the Welcome screen with a specific
> username and a password.
>
> I can access shared files and folders on the XP system from the 98SE
> system, and vice versa.

Slightly curious about this. I now have a similar setup, i.e. XP Pro on
one machine, 98SE on the other.

When I boot up the 98 box, I'm presented with two logon prompts. The
first one is for the network, where I log on with the name and password
from a second account on the XP Pro machine. Then comes the 98 logon
prompt. I've always logged in on that too (rather than cancel it). I
haven't tried seeing what happens if I just cancel the second one.


--
Regards

Nigel Stapley

www.judgemental.plus.com

<reply-to will bounce>
 
Re: Password security in Win98

"Nigel Stapley" <unet@judgemental.plus.com> wrote in message
news:13m1me883se649d@corp.supernews.com...
> glee wrote:
>> I have a Win98SE machine and a WinXP Pro machine that I network at home.
>>
>> I do NOT use a password (or more exactly, I use a blank password) to log onto the
>> Win98SE machine, so I do not see any log-in screen when using that machine.
>>
>> On my XP Pro system, I log on at the Welcome screen with a specific username and
>> a password.
>>
>> I can access shared files and folders on the XP system from the 98SE system, and
>> vice versa.
>
> Slightly curious about this. I now have a similar setup, i.e. XP Pro on one
> machine, 98SE on the other.
>
> When I boot up the 98 box, I'm presented with two logon prompts. The first one is
> for the network, where I log on with the name and password from a second account
> on the XP Pro machine. Then comes the 98 logon prompt. I've always logged in on
> that too (rather than cancel it). I haven't tried seeing what happens if I just
> cancel the second one.

If you Cancel the log-on for 98, I don't know if you'll be able to connect to the XP
machine or not....let me know. I don't Cancel in 98, I simply do not have a
password, so there is no log-in box. I don't keep the network cable attached unless
I am going to use it, so I don't get a log-on for the XP machine until I try to
access a resource.

Also, you may have your 98 networking configured differently than I do, as far as
the Primary Network Logon and so forth, in the Network control panel.
--
Glen Ventura, MS MVP Shell/User, A+
 
Re: Password security in Win98

"Rosivaldo Fernandes Alves" <rfa@jfse.gov.br> wrote in message
news:OwbWmXRPIHA.5164@TK2MSFTNGP03.phx.gbl...
>I have a Win98 and a WinXP in a home LAN. In this group I've learned that a Win98
>account may access WinXP shared resources provided the latter has an account with
>name and password identical to those of the account in the former.

AFAIK that's only in a Domain on a server. You should only need to have the proper
components/protocols installed in order to share folders/files in a Workgroup.

>
> Since I think that Win98 stores the passwords in a much less safe way than WinXP
> does, I'm somewhat worried about the risk of these passwords to be cracked via this
> possible vulnerability, compromising my WinXP security.

Depending on the XP version depends on how well you can lock up the XP machine from
compromise, XP Pro is much more secure than Home. Also, as long as you keep you LAN
secured from any unauthorized access from the WAN it will minimize any security
breach. Lastly you should not let any unauthorized access on any machine from
anywhere by anyone that can not be 100% trusted.

>
> Could some one help me about this?
>
> Thanks in advance and forgive my poor English.
>
> Rosivaldo.
>

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375
 
Re: Password security in Win98



"Rosivaldo Fernandes Alves" <rfa@jfse.gov.br> wrote in message
news:OwbWmXRPIHA.5164@TK2MSFTNGP03.phx.gbl...
| I have a Win98 and a WinXP in a home LAN. In this group I've learned that
a
| Win98 account may access WinXP shared resources provided the latter has an
| account with name and password identical to those of the account in the
| former.
|
| Since I think that Win98 stores the passwords in a much less safe way than
| WinXP does, I'm somewhat worried about the risk of these passwords to be
| cracked via this possible vulnerability, compromising my WinXP security.
|
| Could some one help me about this?
|
| Thanks in advance and forgive my poor English.
|
| Rosivaldo.
|
|

It appears that this party either has a need to use passwords, or believes
that they do. Also, the networking help groups generally supply the
recommendation to use passwords and USERS to increase the security of one's
system.

It would be interesting to review why this party, who presently uses
passwords, believes they need or wishes to use passwords.

Others have posted personal preference or personal setup, but may have
overlooked the question itself [though perhaps I have mistaken the query].

The query appears to relate to HOW to ensure passwords were not exposed,
and whether there was any way to ensure they were protected.

Simple File Sharing would be the easiest configuration, particularly if the
Internet accessing system was the XP system using a firewall, perhaps in an
ICS configuration, with a firewall and preferably a router. However, this
still leaves the issues which appeared to be included in the query.

If the computers in question, are not part of a domain [and protected by
other aspects therein], then the Windows 98 system is not really protected
related to password protection. Using blank passwords would be a security
hole, and easily found and circumvented, the same as using some easily
guessable password would be.


IF the concern is a more secured system, both local and Internet, then
Users and passwords within the local system is one more layer of
protection.

The original poster is correct, in that 98 stores its passwords in a much
more insecure way. In fact, its been something that I also was once
concerned with, to the point that third party programs were used to encrypt
and protect them [and related files]. The decryption was done automatically
and essentially invisibly. The old PGP suite included networking security,
which could use various forms [encryptors] to increase security. There were
also other programs which could be used to encrypt/decrypt passwords and
supplied such *on demand*. I'm not sure, however, whether some of these were
*network aware*.

It might be of interest, to review some of those programs, and whether they
could, perhaps, provide additional security in the 9X environment.


--
MEB
http://peoplescounsel.orgfree.com
________
 
Re: Password security in Win98

glee wrote:

>
> If you Cancel the log-on for 98, I don't know if you'll be able to
> connect to the XP machine or not....let me know.

Yep, you can.

--
Regards

Nigel Stapley

www.judgemental.plus.com

<reply-to will bounce>
 
Back
Top