Steven W

Avast 5 out, no more 9x support

38 posts in this topic

I asked over at the Avast forum, and was told it would definately be dead sometime in 2010. A user there recommended Norman, it's a pay product and will supposedly die in 2011. (Please note I CAN NOT vouch for it, although I did Google and they seem to have a good rep in corporate circles.):

http://www.norman.com/home/all_products/an..._single_user/en

Can anyone recommend anything else?

0

Share this post


Link to post
Share on other sites

You know, Firefox 3.6/3.5/3 require at least Windows 2000 (many other programs too).

But through KernelEx we can use them (of course not all).

On the other hand, what you expected (Win98 SE was released more than decade ago)?

Edited by rainyd
0

Share this post


Link to post
Share on other sites

Not expecting much now days for 9x/ME. I was disappointed to see Avast go, but hardly surprised. I have started using XP/a Linux distro here at home only maintaining 98 for one friend now, there were three or four just a year ago. Kind of depressing.

0

Share this post


Link to post
Share on other sites

ClamWin continues to work on Win98SE:

http://www.clamwin.com/

And now there is also Clam Sentinel: a system tray application that detects file system changes and scans the files modified using ClamWin.

Clam Sentinel has been developed by me just because Avast will drop the support for Win98, the program is freeware and open source.

Clam Sentinel works on Win98SE, ME, 2000, XP, Vista, Win7 and is available from here:

http://clamsentinel.sourceforge.net/

For Win98/ME I have developed a vxd driver (builded with MSVC6 + Win98DDK) that detects filesystem changes (similar to the famous program FileMon).

bye,

aru

Edited by aru
0

Share this post


Link to post
Share on other sites

Does Clam Sentinel use polling or does it detect changes in real time?

0

Share this post


Link to post
Share on other sites
Does Clam Sentinel use polling or does it detect changes in real time?

On Win98SE/ME the vxd detects changes in real-time and adds these on a list, then ClamSentinel polling every 0,5 seconds for to extract the list and to start the scanning.

The scanning starts immediatly for the first 10 files and when this scan is terminated continues to consume the list of 10 files at once.

If a virus is found, for default, is moved to quarantine.

But attention Clam Sentinel only detects filesystem changes and then scan these files with ClamWin, but is unable to block the execution of malware or virus.

bye,

aru

Edited by aru
0

Share this post


Link to post
Share on other sites

I don't think that anyone can make a good case as to why win-98 systems need anti-virus support these days. I dare anyone to identify any circulating malware that actually runs correctly on a win-98 system.

And I'll tell you something else about malware these days - the new stuff has a very poor detection rating with AV apps. Just yesterday I came across a web-page that gave the fake-av scan and wanted me to download and install a fake AV application. I downloaded the file and submitted it to Virus Total where 41 different AV programs scanned the file. It was ID'd as malicious by ONLY 6 out of 41 programs. In a week or two I garantee you that only 5 more will detect that same file as malicious.

If you want an AV application that still runs on 98 and still has current definition files, go find Norton AntiVirus 2002, and then periodically download the Symantec Intelligent Updater package. But I still say it's a waste of time because 98 simply isin't vulnerable to the really nasty exploits (heap sprays and buffer over-run exploits) and the other stuff that needs your help to download and run is trivial to avoid.

0

Share this post


Link to post
Share on other sites

Malware doesn't have to target Win98 directly to function. A large percentage of it targets applications, many of which still run on 98. I have several trojans given to me by other members that are quite recent, some of which behave very much like a rootkit does on an NT system. A fair amount of trojans run on both 9X and NT systems. 9X isn't targeted as much as it used to be, but don't believe for a minute that it's unaffected by todays malware.

There's also the possibility that the additional functions added by projects like KernelEX could allow more than just user software to function on 9X systems. By "modernizing" Win98, we may make it vulnerable to more of the modern threats in the process. This is completely unexplored territory.

Regardless of whether it's a 9X system, XP, or Win-7, the overall effectiveness of AVs has been declining, not just in detections but in their ability to remove malware when it's discovered. There's better ways to secure Windows than AVs, including virtual systems, sandboxing, and default-deny security policies.

0

Share this post


Link to post
Share on other sites

aru, thanks this is something Clam A/V has needed for a while. Have you ever had any discussions with them about integrating the two programs?

0

Share this post


Link to post
Share on other sites

Malware doesn't have to target Win98 directly to function.

For buffer-overrun or heap-spray exploits (exploits that don't require user intervention or "help" to install themselves on a system) I would argue that yes, you do need to code the exploit to match the OS.

I have several trojans given to me by other members that are quite recent, some of which behave very much like a rootkit does on an NT system. A fair amount of trojans run on both 9X and NT systems.

A secondary payload that runs on a win-9x system is different than a primary exploit that is able to boot-strap itself into a win-9x system without needing or asking the user to download and run it manually (as a lot of easily-avoidable malware does).

Regardless of whether it's a 9X system, XP, or Win-7, the overall effectiveness of AVs has been declining, not just in detections but in their ability to remove malware when it's discovered.

Yes, that's been true for the past 3 to 4 years at least. Many people (home, soho, orgs and corps) don't want to believe that.

There's better ways to secure Windows than AVs, including virtual systems, sandboxing, and default-deny security policies.

And how many of those can be implimented on a 9x system?

0

Share this post


Link to post
Share on other sites

aru, thanks this is something Clam A/V has needed for a while. Have you ever had any discussions with them about integrating the two programs?

I have contacts with GuitarBob that works with the ClamWin team.

The ClamWin team is working on an official real-time scanner but that will not work on Win98SE/Me.

Regarding the integration of Clam Sentinel into the ClamWin package seems that since this is not an official project do not want to do.

No contacts with the Clam A/V team.

bye,

aru

Edited by aru
0

Share this post


Link to post
Share on other sites
For buffer-overrun or heap-spray exploits (exploits that don't require user intervention or "help" to install themselves on a system) I would argue that yes, you do need to code the exploit to match the OS.

Malicious sites don't just drop 1 or 2 files on the user anymore. A lot of them use scripting to detect the specific OS, the browser being used, even the currentness of the patching before deciding which payload the user will get. Some have been found to use as many as 40 different exploits and payloads. Leaving one in the collection that works on 9X would be a simple matter. It wasn't that long ago that a zero day vulnerability in Adobe Reader worked as well on 9X as it did on XP. The demo just used the mail handler to launch the calculator. It could have just as easily added startup entries to the registry. In spite of all their differences, 9X and NT systems do have a lot in common that can be and is targeted. We've got malicious code that can tell when it's in a sandbox or virtual environment and will change its behavior. Detecting the OS it's installing on would be easy in comparison.

And how many of those can be implimented on a 9x system?

Default-deny can be implemented on any version of Windows. Connectix Vitrual PC (the pre-MS versions) run on 98. The only option that isn't available for 98 as far as I know is sandboxing software. If KernelEX keeps progressing, even that might become possible.

I'll agree that 9X users are safer than they used to be, but that doesn't mean that the web is safe enough for us to go unprotected.

0

Share this post


Link to post
Share on other sites

I am posting this here, rather than starting a new thread---since it has to do with Avast.

First off, this particuliar system is Windows Me---667 mgz---128 mb, with 13GB free space on the HD----so there is no problem with speed or room.

I've had Avast on this machine for some time now, and just the other day the license key ran out. I submitted all the usual info, and was sent a new license key.

I installed the new license key.

When I go to update, the following occurs:

Everything starts to work as usual---one file after another showing that it is being down loaded, until...

a bloody box appears, which reads:

not enough storage space is available to process this command.

What the hell could this be! Not enough storage space..."Where"!!!!

Does any fellow members have any inkling as to what this could be all about?

Avast is still downloading the updates on my 98Se machine---but the key is still valid for another month or so---until I need a new one. I wonder if the same thing will happen:

that yes indeed---they will deliver the key---to something now made useless?

Either I am overly paranoid--or there is a glitch on the Me machine that can be addressed?

Any thoughs?

0

Share this post


Link to post
Share on other sites
not enough storage space is available to process this command.
The error seems to be a nasty one, perhaps it has something to do with installing software in a network/via the internet. Perhaps it's an installer error msg, when Avast tries to install a newer software component which might not work under Win9x anymore, but that's just a wild guess. Ancient Kaspersky Anti-Virus v4.5 died on me during an update with an incompatible component, about a year and a half ago, I had to upgrade to v6.

Maybe this helps:

http://forums.kustompcs.co.uk/showthread.php?t=33805

I use Kaspersky Anti-Virus 6, not Avast, so my comment here may not apply. In the Kaspersky update settings I have de-selected the option "Update application modules", to make sure that Kaspersky doesn't try to install a newer software component which might not be Win98-compatible.

If Kaspersky AV gives me a cryptic error msg, I uninstall it, then re-install it. Since I know how to back up the license key generated during activation, re-installation is risk-free for me. Make sure you don't lose your license key during the fiddling around.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.