I won't attempt to give any details.

Probably worth updating. The updates for Real Player 10.5 and Yahoo Messenger 8.1 seem to work ok on my Win 98 even tho' they apparently are the latest versions.

I haven't tried the Adobe Reader yet, I hope there's a fix for the Win 98 version too. Don't know.

David H

There now appear to be at least a couple different groups of criminals exploiting the latest Adobe Reader vulnerability. Recommend updating. (Apparently Win 98 version 6.x may not be vulnerable, at least no critical update was offered for 6.x, maybe just not supported at all anymore.)

David H

criminals exploiting the latest Adobe Reader vulnerability. Recommend updating.

David, The new version of Adobe Reader 8.1.1 has been working fine for me thus far.

I am not upgrading Java because some people have reported problems with it working with the Mozilla platform.

David, The new version of Adobe Reader 8.1.1 has been working fine for me thus far.

I am not upgrading Java because some people have reported problems with it working with the Mozilla platform.

Peter,

Well Java Console wouldn't update my setup to the latest and greatest, but Adobe Reader 8.1 is not bad and so the old "half a loaf."


<g>

The Real Player 10.5 (and 11 beta?) patch(s) are available now. I think you have to click Help, About, then Update or such.

Interesting point is: there were actually 6 or 7 bugs fixed. The vulnerabilities fixed but not publicized may very well be critical security holes. Info apparently uncertain at this point in time.

Therefore update is recommended :)

David H

David, The new version of Adobe Reader 8.1.1 has been working fine for me thus far.

I am not upgrading Java because some people have reported problems with it working with the Mozilla platform.

FWIW, I Installed the free AOL XM radio player in Firefox 2.0.0.9 on Win 98 with JRE 5 and seems to work ok. JRE 5 DOES have updates to fix the latest security holes, etc.

AOL help for their player for XM radio said that the latest update 3 for JRE 6 had problems running the XM Radio player in FF (and Mozilla?). IIRC they recommended downgrading to JRE 6 update 2 or 1, I think. Sounded like a bad idea to me. Since JRE 5 apparently has all critical update available seems like better to downgrade to JRE 5. Perhaps JRE 5 would not work on XP or Vista, I don't know?

David H

I checked my FF , Tools , Add on's and it said the AOL audio playback component was incompatible with FF 2.0.0.9. So it may work but still have problems. Actually FF did crash when I exited it, I think. So maybe the AOL Radio plug in really does cause problems in FF.

David H.

TThe vulnerabilities fixed but not publicized may very well be critical security holes. Info apparently uncertain at this point in time.Frankly, I think it's a bit of a mistake to give out too much information about what the security holes are -- lest folks who hadn't found them yet go out and exploit them!

There now appear to be at least a couple different groups of criminals exploiting the latest Adobe Reader vulnerability. Recommend updating. (Apparently Win 98 version 6.x may not be vulnerable, at least no critical update was offered for 6.x, maybe just not supported at all anymore.)

David H

David,

Well, after a bit, v8.1 gave me much trouble with FF and KM. I have reverted to 5.1 instead and that works just fine. Don't know what vulnerabilities we are talking about, so I will try to be extra careful about what I open up without checking it with a virus scan.

David,

Well, after a bit, v8.1 gave me much trouble with FF and KM. I have reverted to 5.1 instead and that works just fine. Don't know what vulnerabilities we are talking about, so I will try to be extra careful about what I open up without checking it with a virus scan.
I am using Adobe Reader 6.0.6 1/8/07.

I think it's the latest version that will run on Windows 98.

There did not appear to be a critical update for it for the latest vulnerabilities reported. Don't know what that means: i.e. either not supported or not vulnerable. (Or both?)

I set NoScript in Firefox to require me to manually approve BEFORE running ANY plug in EVEN on ALLOWED sites for NoScript. This requires an extra two clicks to open a PDF AFTER I actually click a link to the PDF.

I suppose another possibility to enhance safety might be to set up GhostView or GhostScript to handle PDF files, on the assumption that those apps would have vulnerabilities less likely to be exploited since they are less used?

Unfortunately, in the case of zero-day exploits the exploits appear BEFORE the good guys recognize the vulnerability, so even scanning with virus or spy scanners may not catch all threats.

If you can find the link to a PDF file in question in a google search for example, you might be able to "view as HTML" to avoid the risk of actually opening the file on your own machine, when in doubt about the trustworthiness of the site or of the contributor of the file.

David H

I am using Adobe Reader 6.0.6 1/8/07.

I think it's the latest version that will run on Windows 98.

There did not appear to be a critical update for it for the latest vulnerabilities reported. Don't know what that means: i.e. either not supported or not vulnerable. (Or both?)

I set NoScript in Firefox to require me to manually approve BEFORE running ANY plug in EVEN on ALLOWED sites for NoScript. This requires an extra two clicks to open a PDF AFTER I actually click a link to the PDF.

I suppose another possibility to enhance safety might be to set up GhostView or GhostScript to handle PDF files, on the assumption that those apps would have vulnerabilities less likely to be exploited since they are less used?

Unfortunately, in the case of zero-day exploits the exploits appear BEFORE the good guys recognize the vulnerability, so even scanning with virus or spy scanners may not catch all threats.

If you can find the link to a PDF file in question in a google search for example, you might be able to "view as HTML" to avoid the risk of actually opening the file on your own machine, when in doubt about the trustworthiness of the site or of the contributor of the file.

David H

David,

My practice is to download PDF files and then run f-Prot for DOS on them and possibily AVG free before trying to open them. I don't like opening any kind of files online if I can help it.

I thought Frisk Iceland was supposed to be pulling their update service for F-Prot DOS/V3-Win about now? I know the ftp site's been down for months.

And Judy, Full Disclosure vs. telling only the vendor is a hot topic, and has been for several years. I'm undecided, just as I am when discarding a 3.00023 oz. bottle of shampoo at the airport.

And Judy, Full Disclosure vs. telling only the vendor is a hot topic, and has been for several years. I'm undecided, just as I am when discarding a 3.00023 oz. bottle of shampoo at the airport.I know, and I'm undecided as well, but think I would vote for telling only the vendor FIRST (with a short timeline) and then going public. And I'd keep my damned shampoo bottle.

I read that indeed, F-Prot for DOS no longer is available. I found the last downloadable version and have archived it, just in case.

I am using Adobe Reader 6.0.6 1/8/07.

David H

David,

I have been trying to download your version of the Reader without any success. Do you have a link so I can get this version somewhere?

Much thanks,

P.S. Don't bother. Figured it out. First I had to change my default browser back to IE, then got v6.02. To get to 6.05, I had to find an executable on the web and download it, then 6.06 too and all is well now.

Weird.

David,

I have been trying to download your version of the Reader without any success. Do you have a link so I can get this version somewhere?

Much thanks,

P.S. Don't bother. Figured it out. First I had to change my default browser back to IE, then got v6.02. To get to 6.05, I had to find an executable on the web and download it, then 6.06 too and all is well now.

Weird.
It was MOL a PITA for me too. Multi step process, IIRC.

David H

It was MOL a PITA for me too. Multi step process, IIRC.

David H

David,

Yes, a real PITA. As I recall, I had to download 6.0.1, then click on an internal update button. At various times I was downloading 02 and 03 and then I think 05 and 06. At one point in the process, the internal update refused to work and I had to enable IE as my browser, go back and search for the missing upgrade number and manually download it and install it, then it went ahead and finished through 05. 06 I had to manually download and install too. And I thought MS was bad; this was far worse. I have now zipped up the two manually downloaded files along with the 6.0.1 setup executable in case I ever need to do this again. The good news is that version 6 is working perfectly with all my browsers be they Gecko or Trident based!

I'm wondering if upgrading GhostScript and/or GhostView could be any worse? Probably not. If I ever have to reinstall Windows 98, I may go for GhostView instead of Adobe reader :(

I'm wondering if upgrading GhostScript and/or GhostView could be any worse? Probably not. If I ever have to reinstall Windows 98, I may go for GhostView instead of Adobe reader :(

David,

I was using Foxit, but it was slightly buggy with some files so I reverted to Adobe.

I was using Foxit, but it was slightly buggy with some files so I reverted to Adobe.
Sumatra PDF (http://blog.kowalczyk.info/software/sumatrapdf/)

Sumatra PDF (http://blog.kowalczyk.info/software/sumatrapdf/)

Mike,

Never heard of this one? And you use it all the time?

Tks

Yes, I do. It's small, portable, fast, and free. I find it very handy to look at most documents. If I need more functionality, then I use Acrobat or Acrobat Reader (depending on which of my computers I'm using).

Yes, I do. It's small, portable, fast, and free. I find it very handy to look at most documents. If I need more functionality, then I use Acrobat or Acrobat Reader (depending on which of my computers I'm using).

Mike,

Well, worth a shot then. I had used Foxit for that purpose and when that failed, took a step back to Reader 5. As that is now deemed too unsecure to use, I have had to try 8.1 which mucked up things and now 6.xxxx which has been working fine (so far in limited testing).

Tks