Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

Should network connections only be advised via Virtual environments for 2000 & XP?

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

updated.
DP_LAN_wnt5_x86-32_1405191.7z - 11.1 MB   2AF77C3435780C5904A086924DC7229363C39F23

edit:  link removed; updated below

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

TechDud wrote:

Should network connections only be advised via Virtual environments for 2000 & XP?

please, we don't buy into all that fear mongering do we?  Run a good anti virus, have a backup plan. Have fun. big_smile

you can edit the first post with current links (and leave the historical links ... or not)

DP BartPE Tutorial   DP_BASE Tutorial   HWID's Tool     Read BEFORE you post    UserBars!
http://driverpacks.net/userbar/admin-1.png
The DriverPacks, the DP_Base program, and Support Forum are FREE!.

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

Well, help me to be a "fact-monger" then.  Pro-activity is far preferred to reactivity.  Murphy's Law is a good source of inspiration towards foresight, it would seem evident.  Is there a better stance?

This issue is also relevant to those that use XPMode as well, BTW.
Perhaps we could refer to a statement (by perhaps number one fear-monger :lol):

Microsoft wrote:

"Important

    As of April 8, 2014, technical support for Windows XP and Windows XP Mode is no longer available, including updates that help protect your PC. This means that if you continue to use Windows XP or use Windows XP Mode on a Windows 7 PC after support ends, your PC might become more vulnerable to security risks and viruses. Therefore, to keep your Windows 7 PC secure after support ends, we recommend that you only use Windows XP Mode if your PC is disconnected from the Internet."

     quoted from:  http://windows.microsoft.com/en-us/wind … -windows-7

Here are some more aspects:

ChrisH wrote:

"I have XP-specific applications that won't run under wine or any later windows, as well as some windows-only applications, so for me an XP VM is an absolute requirement, which I've given some thought to.

You are at risk, but you can bring the risk down to an acceptable level by:

    1. Not browsing in the VM - do that in the host, copy files across as required.
    2. If there's some bizarre reason why you really must browse in the guest, throw all the browser-based security you can at it (strict noscript etc.) and only for the sites you really have to (and see item 4.).
    3. Cutting out all non-essential services from XP (especially network-related ones, but note that networking is used to share folders to the host.
    4. Running your VM from a file system that appears to be called immutable in the docs - it's reset to the starting conditions on shutdown. I asked about this here.
    5. or running still-supported security software on the guest (it's no use if you can't keep it up-to-date, which you can't if loads from immutable storage).
    6. Firewalling the VM on the host (which I haven't done properly yet, so can't go into more detail, but basically close all the ports to start with)."

     quoted from Apr 30 at 15:43:  http://askubuntu.com/questions/458306/v … e-browsing

Here is one possible reason for recommending a linux VM.  That is, the very nature of not only the OS, yet some of the malware itself.

Joshua Cannell wrote:

"It’s not uncommon for the malware of today to include some type of built-in virtual machine detection."

     quoted from:  http://blog.malwarebytes.org/intelligen … detection/

Joshua Cannell wrote:

"It’s not so much what it can do, rather, it doesn’t want to do anything. Since average PC users don’t run their OS within a VM, it’s suspicious to be running in a virtual environment from the malware’s standpoint, as it drastically increases the likelihood that’s being analyzed and/or reverse engineered. This is something the malware’s creator wants to prevent."

     quoted from:  http://blog.malwarebytes.org/intelligen … mment-5861

Of course, that doesn't preclude infection, just further aberrant behavior for the most part.
Virtual machine hosts can be vulnerable, even linux hosts.

ggalaxy wrote:

"A successful attack from Windows users will be as follows ;
    * You installed wine application in ubuntu
    * you forget to configure UFW (the firewall)
    * you unintentionally clicked on a malware link from your win xp virtual box
    * you opened ports and didn't secure them
. In your case, you are going to install WINDOWS XP in Virtual box, and VBox will create a disk image which will be impossible for users to get outside the disk image and mess with your Ubuntu, however, if you have wine in your ubuntu, and wrongly clicked a malware link from your Win XP virtual box, that will lead the attacker to your ubuntu and execute commands and harm your computer."

     quoted from Jan 9 at 20:21:  http://askubuntu.com/questions/403079/i … for-ubuntu

Apologies for not expanding upon security in VMWare.  Am hoping more people will offer insight.

Then again, there's the whole current flawed trust model.

Moxie Marlinspike wrote:

"Essentially, at some point a decision was made to anchor trust in an organization like Comodo, and now we’re locked into trusting them — forever."

     quoted from:  http://www.thoughtcrime.org/blog/ssl-an … henticity/

Dan Goodin wrote:

"Of 3.45 million real-world connections made to Facebook servers using the transport layer security (TLS) or secure sockets layer protocols, 6,845, or about 0.2 percent of them, were established using forged certificates. The vast majority of unauthorized credentials were presented to computers running antivirus programs from companies including Bitdefender, Eset, and others. Commercial firewall and network security appliances were the second most common source of forged certificates."

     quoted from:  http://arstechnica.com/security/2014/05 … tificates/

Few do think of updating those RootCerts & getting the current revocation update.  The RootCerts package is only an optional update for the masses, and curiously hasn't seen an update since before the HeartBleed revelation.

How long ago did schannel.dll (TLS/SSL) see an update?
  The latest i see for w2k is v5.1.2195.6960 from Apr 8, 2005.  That must be vulnerable in so many ways.
  The latest for xp is v5.1.2600.6370 from Mar 28, 2013, so that should be OK for at least a little while.  That seems to indicate pro-activity on MS's part.
  2k3's latest is v5.2.3790.5014 from June 4, 2012.  Curious that the supported OS has the older implementation, unless i have miscalculated the latest update for 2k3.  (25000 Servers a day need 2k3 updated before July of next year???)

  Is that the revision of schannel.dll in XPMode?

"Secure channel (aka SChannel) - Introduced in Windows 2000 and updated in Windows Vista to support stronger AES encryption and ECC [6] This provider uses SSL/TLS records to encrypt data payloads. (schannel.dll)"

     quoted from:  url=https://en.wikipedia.org/wiki/Secur … _Interface

  XP lacks support for stronger AES encryption and ECC?  I think the availability of something like P-521 or greater is something that should be available in today's day & age (especially in light of recent WPA2 vulnerabilities - recommendations of usage of greater complexity encryption at minimum.
There is an update for 2k3 to support AES256-SHA at least.  https://support.microsoft.com/kb/948963
  Perhaps one approach would be to disable support for the lowest and least secure ciphers.  See http://support.microsoft.com/kb/245030.  Those could go into the changelog.

Anyway, how should an advisory read (perhaps in addition to "* use at your own risk *" in networking packs) ?     hmm
  "Avoid networking entirely on Win2000 unless it is a private wired and isolated network.  XP/2k3 will eventually and not necessarily in succession receive the same recommendation."???

  Check the changelogs and see if you disagree moderately to vehemently against any statement within, please.

Integrating official updates into one's source does seem like another proactive approach.  Of course, that is a whole other kettle of fish.
  There are some recent KB updates for xp that so-far seemingly have improved usb stability/performance from textmode on.
  Wouldn't integrating KB network files & related inbuilt protocols/drivers, etc. offer one less flaws and greater stability than what is stock for XPMode?  (What is stock in a XPMode distro?  I don't know.)

Ooo, XP sees another update, one for SilverLight --> http://www.microsoft.com/en-us/download … x?id=42250
  Just as well --> http://arstechnica.com/security/2014/05 … -the-rise/

OK; thanks for reminding me about the first post.  Will decorate the changelogs and get that up.  No wonder that one seems so popular.  d'oh.      :u

Last edited by TechDud (2014-05-23 22:35:27)

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

let me make it simple for you.

Even with a current OS there is no protection against a zero day threat.
It often takes MS and the Antivirus companies a month to discover threats and update their files and databases.
In MS's case obviously only supported OS's tongue.
which is only partially true, they did just release an out of band update for IE didn't they?

IT's all SMOKE and MIRRORS. MS OS's will always be vulnerable, Currently supported or not.
A secure windows machine does not exist.

I will repeat. Run a good AV. Have a Drive Image with ALL the updates ready to restore it.
User files should always be handled the same way, if you value it back it up.
If it's critical back it up off site too.

This is how every machine is treated, supported or not.

Are you really trying to tell me that just because MS supports an OS that i WON"T get exploited???? REALLY??

Come on, be serious.

Every machine is a target, supported by MS is not at all relevant to any user who either can backup restore or else knows someone who does.

I guess what I am saying is if you NEED to run XP for whatever reason you do so with no more or less risk than any other day on the net. Protect yourself a reasonable amount and know you are gong to take some lumps some day. (And that is different from normal how?)

DP BartPE Tutorial   DP_BASE Tutorial   HWID's Tool     Read BEFORE you post    UserBars!
http://driverpacks.net/userbar/admin-1.png
The DriverPacks, the DP_Base program, and Support Forum are FREE!.

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

Thank you for bringing practical perspective.

In light of the following, perhaps only Win2k need critical warning.  :lol
http://www.ryanvm.net/forum/viewtopic.p … 8a0#137215

Also wondering if a "real iron" nt5 system could be "cloaked" as a "virty" install to fool some malware.     hmm

Last edited by TechDud (2014-05-28 15:33:50)

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

i try to look at things from multiple perspectives, Practical is normally a good one.


Really nice link there. i am gonna try that right away LOL.

DP BartPE Tutorial   DP_BASE Tutorial   HWID's Tool     Read BEFORE you post    UserBars!
http://driverpacks.net/userbar/admin-1.png
The DriverPacks, the DP_Base program, and Support Forum are FREE!.

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

Further --> http://www.theregister.co.uk/2014/05/26 … pocalypse/

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

Updated Realtek PCIe driver from May 31 release & added USB FE LAN driver.  Also included an old SMSC network driver.     big_smile

DP_LAN_wnt5_x86-32_1406041.7z - 11.13 MB   20220260BDC69D8B6EA76AC7A31A493CCFD96561

edit:  link removed - updated near topic end

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

I'm assuming my posting #83 - here: http://forum.driverpacks.net/viewtopic. … 70&p=4 no longer applies to much of anything?

http://d1syubgj0w3cyv.cloudfront.net/cdn/farfuture/ajoHKH618C_cS2O6V00_aY3Cse0ggjzP4uxI8Hk5viw/perpetual:forever/userbar/donator-3.png

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

It does remind me of this discussion. Thank you again.
Go ahead and remind me of the NT6 updated driver CD's.  Am going to need your insight there.

Will be watching LA Kings defenceman Willy Mitchell - the pride of Port McNeill !
  The odd passing 70,000 tonne container ship to ports in California may contain sand & gravel from that town, by the way.

Last edited by TechDud (2014-06-05 11:05:31)

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

The only input I can put forth at this time is that Intel 18_3 was the last that worked on XP (as far as I was able to determine) and 19_0 installed just fine in Win 7 and 8.

http://d1syubgj0w3cyv.cloudfront.net/cdn/farfuture/ajoHKH618C_cS2O6V00_aY3Cse0ggjzP4uxI8Hk5viw/perpetual:forever/userbar/donator-3.png

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

RealTek Ethenet - latest I found at their web site:

PCIE_Install_XP_5826_07242014

Install_Win7_7088_07242014

Install_Win8_8.1_8034_07242014

http://d1syubgj0w3cyv.cloudfront.net/cdn/farfuture/ajoHKH618C_cS2O6V00_aY3Cse0ggjzP4uxI8Hk5viw/perpetual:forever/userbar/donator-3.png

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

Thank you, sir.

Updated:
DP_LAN_wnt5_x86-32_1408061.7z - 11.14 MB   D1A8D57E0FEA044E3B4EF5AADB200DF00BBBFC3E

edit:  link removed - updated near topic end

Last edited by TechDud (2014-08-08 23:26:21)

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

for DriverPacks folder:
DP_LAN_wnt5_x86-32_1411251.7z - 10.65 MB   77F7CC78213AD08048F524601C6B08D26CAFF4CF

for 3rd party DriverPacks folder, or SAD3 installation:
DP_LAN_USB_wnt5_x86-32_1411251.7z - 3.6 MB   D0A8390227944F18F2EA9A157BCD1AF2D6303218

for 3rd party DriverPacks folder, or side-by-side with DP_LAN for SAD3 installation:
DP_LAN-Utils_wnt5_x86-32_1410231.7z - 312.1 KB   020C233E109EA74779295486AF10E933B2484532

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

DP_AVM_Broadband (now deprecated) has been incorporated into the LAN packs, and Proset v14 & Realtek's utility included in the optional DP_LAN-Utils pack.

·DP_LAN_wnt5_x86-32_1412241.7z - 12.26 MB   A4332B6A35BFBB9044DE1CE94489FDD91CD6D1D7

·DP_LAN-Utils_wnt5_x86-32_1412221.7z - 15.94 MB   0B4E620BA600F948972980C0429DDF71F5416BF8

·DP_LAN_USB_wnt5_x86-32_1412241.7z - 6.29 MB   A4618C199CD4374466C905830E075BF27EBD682F

Last edited by TechDud (2014-12-28 05:22:13)

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

Harden_XP_TCPIP_Stack_by_GH0st.reg has been included.

GH0st wrote:

"Here are some security tweaks I include with every install I do. I have had great success with them! Posting them for you all to consider."
   ... "1) This is a GREAT tool, highly recommended: Seconfig XP" [https://seconfig.sytes.net/?sv=1.1] ". Select the "For home" option, then "Apply", reboot!
        2) Been using this for years, nice security tool Windows Worms Doors Cleaner 1.4.1" [http://go4softwares.com/2013/02/02/wind … ner-1-4-1/] " Select options, reboot!
        3) Then add the following manually in to your registry. Some may already be present."
     quoted from:  http://www.ryanvm.net/forum/viewtopic.p … 92e#138610

You might also like the KB Schannel reg mods included as XP_KB3009008_Schannel_Registry_Mods_by_TechDud.zip
   reference:   KB245030 & KB3009008 http://support.microsoft.com/kb/245030
                          FixIt! available for IE:  http://support.microsoft.com/kb/3009008

·DP_LAN_wnt5_x86-32_1412311.7z - 12.26 MB   B4B7831B8D7E6B7483161D9229F787671FEC6DC3

Last edited by TechDud (2015-01-07 15:41:51)

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

I would not add this Reg Hacks.
The first one from ryanvm i had them a long time ago from another website and i did run into some problems with the Windows File Sharing don't remember what it exactly and 'harkaz' has also not include them in his WinXP SP4.
And the second one is also already included in most of the UpdatePacks and i think this should not be forced unto usesrs because with this patch people won't be able to connect to outdated HTTPS servers.

Last edited by Outbreaker (2015-01-07 16:27:04)

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

harkaz wrote:

"@GH0st Thanks for the new security enhacements you posted I will add a note at the first page and add this as an optional download."
     http://www.ryanvm.net/forum/viewtopic.p … 614#138614

harkaz has noted them on his front page.  http://www.ryanvm.net/forum/viewtopic.php?t=10321
  What i should do is to add a link to his Unofficial SP4 Project in the Changelog-Notes.
That one i will remove for certain.  Also, there are no "undo" reg files.  That cannot be good.


Outbreaker wrote:

... "this should not be forced unto users" ...

  I agree, and that is why those reg files are zipped and optional.  Note that undo files are included.

Outbreaker wrote:

... "the second one is also already included in most of the UpdatePacks" ...

  Reference:  http://www.ryanvm.net/forum/viewtopic.p … 414#138414
I don't see it in user_hidden's update packs, nor OnePiece's or even harkaz's Unofficial XP-SP4.

Note that 5eraph's specific SA3009008 solution appears incomplete at best, and perhaps even erroneous.
Look at the last two lines of that post, where TLS 1.0 is "enabled" with a 0x01.  That is apparently incorrect.

Microsoft wrote:

"To allow this cipher algorithm, change the DWORD value data of the Enabled value to 0xffffffff. Or, change the DWORD data to 0x0. If you do not configure the Enabled value, the default is enabled."
     http://support.microsoft.com/kb/245030   see also:  http://support.microsoft.com/kb/187498 & http://support.microsoft.com/kb/811833

Is this not also true for protocols?

Hermann Wolf wrote:

"I also added the key SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56 with Enabled=1 and rebooted again bit the SSLScan.exe output is always the same"
     http://forums.iis.net/t/1187790.aspx

What of the value ""DisabledByDefault"=dword:00000001"?  I don't know which takes precedence.  RC4 128/128 disabling/undo should be included.  Win2k & 2k3 solutions are also missing thusfar.  Can AES work on XP?

  It does highlight the dire need for confirmation via testing.
There is a program that will test supported ciphers (except TLS 1.1 & 1.2).
  http://code.google.com/p/sslscan-win/
Here is some sample output, thanks to Wayne Zimmerman --> http://www.waynezim.com/2011/03/how-to- … rs-in-iis/

  Are there any UpdatePacks that include the full set of solutions?  I haven't seen any so far.  Correct me if i am wrong, please.

Outbreaker wrote:

... "people won't be able to connect to outdated HTTPS servers."

That is apparently actively being encouraged for servers.

Robert Love wrote:

"I advocate disabling SSLv3 support, which breaks Internet Explorer 6 on Windows XP, but prevents a downgrade attack for everyone else. If we're willing to drop support for all versions of Internet Explorer on Windows XP (Which likely just means the addition of IE 7 and 8), we can accomplish two other goals:
     http://blog.rlove.org/2014/04/the-end-o … p-and.html

  Also see:  http://blog.rlove.org/2013/12/strong-ssl-crypto.html


It's a bit of a sticky wicket, and it seems better to include it here as optional, as nobody other than 5eraph seems to have included any solution for NT5.
  I like to be able to confirm that the NULL cipher cannot be used with TLS 1.0 for instance, in my humble opinion.
  SSLScan seems to make that verification a little easier too.

Last edited by TechDud (2015-01-07 20:55:00)

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

I'm using now your SSL fix in my UpdatePack. smile
And i think this SSL fix would be a better fit in the Utility Pack. wink

Last edited by Outbreaker (2015-01-12 05:13:14)

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

@OverFlow -Am thinking that is the only reasonable use of IE8 in an NT5 context might be for Windows Update, though that has me thinking that there should be via paid support on DriverPacks as most valid licensees are corporate consumers.

@Outbreaker - please let 5eraph in on this.  It would be cool if he could use whatever he likes.  I look forward to eventually joining that community, but not at this time.  We need some good members of both communities to help weave a greater community.

  I'd love to know what assorted driver/hardware-specific KB updates karkaz has left on his "cutting-room floor", for instance.

I look forward to conversing about testing and verifying network security configurations.

Last edited by TechDud (2015-01-19 22:29:45)

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

for DriverPacks folder:
·DP_LAN_wnt5_x86-32_1501221.7z - 12.92 MB   4556F99B566D5BB3E60ED15E50265715AA89B312

for 3rd party DriverPacks folder (or side-by side for SAD3 installation):
·DP_LAN-Utils_wnt5_x86-32_1501191.7z - 41.89 MB   0C18E64976D4543D4BADC4CD3CC722A067416591

for post-Windows Setup utilizing SAD3:
·DP_LAN_USB_wnt5_x86-32_1501141.7z -  MB   AE10F4C6CA8625421EF71CAEA668B8C6676DD4BF

PE driver integration sorted out for lan.  Logs are now clean.  big_smile

Gh0st's reg tweaks have been removed.
For the  NT5 KB245030-3009008 IIS SSL registry tweaks, etc. see  http://forum.driverpacks.net/viewtopic.php?id=10947

Last edited by TechDud (2015-01-25 09:47:11)

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

Hello why the Gh0st's reg tweaks(Harden_XP_TCPIP_Stack_by_GH0st.reg) have been removed from latest lan and wlan driverpacks?

Last edited by symbios24 (2015-03-07 20:56:24)

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

It's better to only include drivers in the DriverPacks. Everything else can be added with an UpdatePack or manually.

Last edited by Outbreaker (2015-03-10 18:17:19)

Re: [Nightlies] DP_LAN_wnt5_x86-32_1303-1501 - Public

what exactly does this tweak? "Harden_XP_TCPIP_Stack_by_GH0st.reg"

and is it good to apply it?