Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

Avast 5 out, no more 9x support

- - - - -

  • Please log in to reply
37 replies to this topic

#1
Steven W

Steven W

    Advanced Member

  • Member
  • PipPipPip
  • 365 posts
  • Joined 02-June 06
Sorry to report this guys:

http://www.avast.com...t-security#tab2


:no:


How to remove advertisement from MSFN

#2
Steven W

Steven W

    Advanced Member

  • Member
  • PipPipPip
  • 365 posts
  • Joined 02-June 06
I asked over at the Avast forum, and was told it would definately be dead sometime in 2010. A user there recommended Norman, it's a pay product and will supposedly die in 2011. (Please note I CAN NOT vouch for it, although I did Google and they seem to have a good rep in corporate circles.):

http://www.norman.co..._single_user/en

Can anyone recommend anything else?

#3
rainyd

rainyd

    Advanced Member

  • Member
  • PipPipPip
  • 407 posts
  • Joined 04-April 05
  • OS:98SE
  • Country: Country Flag
You know, Firefox 3.6/3.5/3 require at least Windows 2000 (many other programs too).
But through KernelEx we can use them (of course not all).

On the other hand, what you expected (Win98 SE was released more than decade ago)?

Edited by rainyd, 13 February 2010 - 06:58 PM.


#4
Steven W

Steven W

    Advanced Member

  • Member
  • PipPipPip
  • 365 posts
  • Joined 02-June 06
Not expecting much now days for 9x/ME. I was disappointed to see Avast go, but hardly surprised. I have started using XP/a Linux distro here at home only maintaining 98 for one friend now, there were three or four just a year ago. Kind of depressing.

#5
aru

aru

    Newbie

  • Member
  • 26 posts
  • Joined 15-February 10
ClamWin continues to work on Win98SE:

http://www.clamwin.com/

And now there is also Clam Sentinel: a system tray application that detects file system changes and scans the files modified using ClamWin.

Clam Sentinel has been developed by me just because Avast will drop the support for Win98, the program is freeware and open source.

Clam Sentinel works on Win98SE, ME, 2000, XP, Vista, Win7 and is available from here:

http://clamsentinel.sourceforge.net/

For Win98/ME I have developed a vxd driver (builded with MSVC6 + Win98DDK) that detects filesystem changes (similar to the famous program FileMon).

bye,
aru

Edited by aru, 15 February 2010 - 02:58 AM.


#6
herbalist

herbalist

    paranoid independent

  • Member
  • PipPipPipPipPip
  • 740 posts
  • Joined 15-December 06
  • OS:98
  • Country: Country Flag
Does Clam Sentinel use polling or does it detect changes in real time?

#7
aru

aru

    Newbie

  • Member
  • 26 posts
  • Joined 15-February 10

Does Clam Sentinel use polling or does it detect changes in real time?


On Win98SE/ME the vxd detects changes in real-time and adds these on a list, then ClamSentinel polling every 0,5 seconds for to extract the list and to start the scanning.
The scanning starts immediatly for the first 10 files and when this scan is terminated continues to consume the list of 10 files at once.
If a virus is found, for default, is moved to quarantine.

But attention Clam Sentinel only detects filesystem changes and then scan these files with ClamWin, but is unable to block the execution of malware or virus.

bye,
aru

Edited by aru, 15 February 2010 - 06:46 AM.


#8
Guest_wsxedcrfv_*

Guest_wsxedcrfv_*
  • Guests
  • Joined --
I don't think that anyone can make a good case as to why win-98 systems need anti-virus support these days. I dare anyone to identify any circulating malware that actually runs correctly on a win-98 system.

And I'll tell you something else about malware these days - the new stuff has a very poor detection rating with AV apps. Just yesterday I came across a web-page that gave the fake-av scan and wanted me to download and install a fake AV application. I downloaded the file and submitted it to Virus Total where 41 different AV programs scanned the file. It was ID'd as malicious by ONLY 6 out of 41 programs. In a week or two I garantee you that only 5 more will detect that same file as malicious.

If you want an AV application that still runs on 98 and still has current definition files, go find Norton AntiVirus 2002, and then periodically download the Symantec Intelligent Updater package. But I still say it's a waste of time because 98 simply isin't vulnerable to the really nasty exploits (heap sprays and buffer over-run exploits) and the other stuff that needs your help to download and run is trivial to avoid.

#9
herbalist

herbalist

    paranoid independent

  • Member
  • PipPipPipPipPip
  • 740 posts
  • Joined 15-December 06
  • OS:98
  • Country: Country Flag
Malware doesn't have to target Win98 directly to function. A large percentage of it targets applications, many of which still run on 98. I have several trojans given to me by other members that are quite recent, some of which behave very much like a rootkit does on an NT system. A fair amount of trojans run on both 9X and NT systems. 9X isn't targeted as much as it used to be, but don't believe for a minute that it's unaffected by todays malware.

There's also the possibility that the additional functions added by projects like KernelEX could allow more than just user software to function on 9X systems. By "modernizing" Win98, we may make it vulnerable to more of the modern threats in the process. This is completely unexplored territory.

Regardless of whether it's a 9X system, XP, or Win-7, the overall effectiveness of AVs has been declining, not just in detections but in their ability to remove malware when it's discovered. There's better ways to secure Windows than AVs, including virtual systems, sandboxing, and default-deny security policies.

#10
Steven W

Steven W

    Advanced Member

  • Member
  • PipPipPip
  • 365 posts
  • Joined 02-June 06
aru, thanks this is something Clam A/V has needed for a while. Have you ever had any discussions with them about integrating the two programs?

#11
Guest_wsxedcrfv_*

Guest_wsxedcrfv_*
  • Guests
  • Joined --

Malware doesn't have to target Win98 directly to function.

For buffer-overrun or heap-spray exploits (exploits that don't require user intervention or "help" to install themselves on a system) I would argue that yes, you do need to code the exploit to match the OS.

I have several trojans given to me by other members that are quite recent, some of which behave very much like a rootkit does on an NT system. A fair amount of trojans run on both 9X and NT systems.

A secondary payload that runs on a win-9x system is different than a primary exploit that is able to boot-strap itself into a win-9x system without needing or asking the user to download and run it manually (as a lot of easily-avoidable malware does).

Regardless of whether it's a 9X system, XP, or Win-7, the overall effectiveness of AVs has been declining, not just in detections but in their ability to remove malware when it's discovered.

Yes, that's been true for the past 3 to 4 years at least. Many people (home, soho, orgs and corps) don't want to believe that.

There's better ways to secure Windows than AVs, including virtual systems, sandboxing, and default-deny security policies.

And how many of those can be implimented on a 9x system?

#12
aru

aru

    Newbie

  • Member
  • 26 posts
  • Joined 15-February 10

aru, thanks this is something Clam A/V has needed for a while. Have you ever had any discussions with them about integrating the two programs?


I have contacts with GuitarBob that works with the ClamWin team.
The ClamWin team is working on an official real-time scanner but that will not work on Win98SE/Me.

Regarding the integration of Clam Sentinel into the ClamWin package seems that since this is not an official project do not want to do.

No contacts with the Clam A/V team.

bye,
aru

Edited by aru, 16 February 2010 - 09:31 AM.


#13
herbalist

herbalist

    paranoid independent

  • Member
  • PipPipPipPipPip
  • 740 posts
  • Joined 15-December 06
  • OS:98
  • Country: Country Flag

For buffer-overrun or heap-spray exploits (exploits that don't require user intervention or "help" to install themselves on a system) I would argue that yes, you do need to code the exploit to match the OS.

Malicious sites don't just drop 1 or 2 files on the user anymore. A lot of them use scripting to detect the specific OS, the browser being used, even the currentness of the patching before deciding which payload the user will get. Some have been found to use as many as 40 different exploits and payloads. Leaving one in the collection that works on 9X would be a simple matter. It wasn't that long ago that a zero day vulnerability in Adobe Reader worked as well on 9X as it did on XP. The demo just used the mail handler to launch the calculator. It could have just as easily added startup entries to the registry. In spite of all their differences, 9X and NT systems do have a lot in common that can be and is targeted. We've got malicious code that can tell when it's in a sandbox or virtual environment and will change its behavior. Detecting the OS it's installing on would be easy in comparison.

And how many of those can be implimented on a 9x system?

Default-deny can be implemented on any version of Windows. Connectix Vitrual PC (the pre-MS versions) run on 98. The only option that isn't available for 98 as far as I know is sandboxing software. If KernelEX keeps progressing, even that might become possible.

I'll agree that 9X users are safer than they used to be, but that doesn't mean that the web is safe enough for us to go unprotected.

#14
cyberformer

cyberformer

    Member

  • Member
  • PipPip
  • 140 posts
  • Joined 16-September 05
I am posting this here, rather than starting a new thread---since it has to do with Avast.

First off, this particuliar system is Windows Me---667 mgz---128 mb, with 13GB free space on the HD----so there is no problem with speed or room.

I've had Avast on this machine for some time now, and just the other day the license key ran out. I submitted all the usual info, and was sent a new license key.
I installed the new license key.
When I go to update, the following occurs:
Everything starts to work as usual---one file after another showing that it is being down loaded, until...
a bloody box appears, which reads:
not enough storage space is available to process this command.

What the hell could this be! Not enough storage space..."Where"!!!!
Does any fellow members have any inkling as to what this could be all about?
Avast is still downloading the updates on my 98Se machine---but the key is still valid for another month or so---until I need a new one. I wonder if the same thing will happen:
that yes indeed---they will deliver the key---to something now made useless?
Either I am overly paranoid--or there is a glitch on the Me machine that can be addressed?

Any thoughs?

#15
Multibooter

Multibooter

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 896 posts
  • Joined 21-March 08
  • OS:98SE
  • Country: Country Flag

not enough storage space is available to process this command.

The error seems to be a nasty one, perhaps it has something to do with installing software in a network/via the internet. Perhaps it's an installer error msg, when Avast tries to install a newer software component which might not work under Win9x anymore, but that's just a wild guess. Ancient Kaspersky Anti-Virus v4.5 died on me during an update with an incompatible component, about a year and a half ago, I had to upgrade to v6.

Maybe this helps:
http://www.msfn.org/...s-this-command/
http://forums.kustom...ead.php?t=33805

I use Kaspersky Anti-Virus 6, not Avast, so my comment here may not apply. In the Kaspersky update settings I have de-selected the option "Update application modules", to make sure that Kaspersky doesn't try to install a newer software component which might not be Win98-compatible.

If Kaspersky AV gives me a cryptic error msg, I uninstall it, then re-install it. Since I know how to back up the license key generated during activation, re-installation is risk-free for me. Make sure you don't lose your license key during the fiddling around.

#16
Multibooter

Multibooter

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 896 posts
  • Joined 21-March 08
  • OS:98SE
  • Country: Country Flag

I don't think that anyone can make a good case as to why win-98 systems need anti-virus support these days.

I only use an anti-virus for checking stuff downloaded with eMule under Win98. I have a dedicated eMule computer, running continuously (current uptime: 4 days, 15 hrs). The incoming downloads are processed on another computer, so the virus-check could indeed be done there under WinXP. Running a virus-check under Win9x may eventually become just as unnecessary as running a virus-check under DOS. I haven't run a complete virus-check under Win98 for about a year, with no ill effects.

Nevertheless it's re-assuring to know that I could run a virus checker under Win98.

the new stuff has a very poor detection rating with AV apps.

Kaspersky currently detects in 100 software files downloaded with eMule about 60 infected files. When Kaspersky is run a month later again, on the ??clean?? 40 files, it will detect another 5-10 infected files which it didn't detect a month earlier. Anti-virus software is indeed far behind in their detection of new malware.

The infection rate of eMule software downloads has jumped from about 20% to currently about 60-70% over the last 6 months. 6 months ago the largest eMule server had links to about 25 million files, today it links to 83 million different files. This sudden jump by about 60 million files corresponds to the jump in the infection rate. Perhaps some organization has been trying to poison the eMule network by pumping 60 million different infected files into it.

#17
Guest_wsxedcrfv_*

Guest_wsxedcrfv_*
  • Guests
  • Joined --

I only use an anti-virus for checking stuff downloaded with eMule under Win98.

Any executables I download on my systems I generally submit to VirusTotal. Why run a dedicated AV app on your system when you have virtual access to 40 apps at the same time?

I haven't run a complete virus-check under Win98 for about a year, with no ill effects.

I have access to several good/trusted XP machines with several AV apps installed on them. When I feel like running a virus scan on any system (XP, NT4, win-98, etc) I remove the drive from the system and attach it as a slave to the trusted system and scan it. Much more reliable than a system scanning itself while it's running. Doing that is like trying to repair your car while you're driving it. Doesn't make sense - too much malware these days knows how to hide itself during a scan - or even sabotage the scan such that it's not really running but you think it is. The only way to scan a drive correctly is when it's slaved to a second machine.

The infection rate of eMule software downloads has jumped from about 20% to currently about 60-70% over the last 6 months.

Do people post comments when they discover that a download is viral?

On a side-track, I'm curious about people that use ED2K vs bittorrent, or more specifically if people fall into two catagories (those that do ED2K and those that do bittorrent) and if so - along what lines do they differ? (geography, content, age, computing platform, etc). And what's the correct term to use when you're running an ED2K client? Are you "mule-ing" (as opposed to torrenting) ?

#18
cyberformer

cyberformer

    Member

  • Member
  • PipPip
  • 140 posts
  • Joined 16-September 05
Thanks for trying to help multibooter!
I will endeavor to use the info you gave me to see if I can get things working.

wsxedcrfv,
I think your idea of slaving the win 9x hard drive, to an XP machine,
so that it can be checked for viruses---is an excellent idea,
but tedious to have to do.
I will try it out using one of my 9x machines.
It would not work well for "heavy handed" people though, being that taking hard drives from one pc to another always risk the chance of breaking a pin---or putting extra stress and wear on the pins.

Perhaps someone from this very forum, will one day solve our problems by coming up with their own AV just for 9x----! ....along with that special IPV6 patch too!
Not as unlikely or improbable as many might think!!

#19
lightning slinger

lightning slinger

    Member

  • Member
  • PipPip
  • 207 posts
  • Joined 18-July 06
  • OS:none specified

Any executables I download on my systems I generally submit to VirusTotal.  Why run a dedicated AV app on your system when you have virtual access to 40 apps at the same time?


The old VirusTotal Uploader 1.0 runs on 98SE if you can still find a download site offering that version. It allows the user to submit the file for analysis by right clicking and selecting Send To from the context menu. It will then open the users default browser on the VirusTotal website with the scanned results.

I saved a copy of this early version when V.2.0 was released as that does not run on 98SE. No doubt if one trawls through Google search results V.1.0 will still be offered by someone.

HTH

#20
Browncoat

Browncoat

    Rebel

  • Member
  • PipPip
  • 113 posts
  • Joined 19-January 10
  • OS:Windows 7 x86
  • Country: Country Flag
Though I'm moving to Linux, any of you guys using Spybot S & D ?
It still supports 9x.

#21
Multibooter

Multibooter

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 896 posts
  • Joined 21-March 08
  • OS:98SE
  • Country: Country Flag

Any executables I download on my systems I generally submit to VirusTotal. Why run a dedicated AV app on your system

It's the volume of downloads. My eMule computer has been up and downloading now for 5 days 14 hours, under Win98, without crashing.

I remove the drive from the system and attach it as a slave

Since I have several operating systems on my computer, I can scan under Win98 the WinXP partition (FAT32), and under WinXP the Win98 partition, which should be just as effective as removing the HDD, but more convenient.

Do people post comments when they discover that a download is viral?

Basically no, because most of the stuff is infected anyway

ED2K vs bittorrent - along what lines do they differ?

Different content. Bittorrent has mainly new stuff, the Mule has also a lot of new stuff, but about 100 times more older and rare/hard to find stuff than Bittorrent. The Mule uses ed2k and Kademlia; ed2k accounts for only about 20% of the titles, Kad for about 80%.

BTW, the emule software has been downloaded 500 million times, with the last version 0.49c alone 32 million times http://sourceforge.n...ts/emule/files/ At this very moment there are 1.2 million people connected to the 4 eMule servers in my pruned server list. It may be that the Mule is past its peak, v0.49b had 48 million downloads. http://sourceforge.n...A9-4C7B08C10000

Edited by Multibooter, 22 February 2010 - 07:28 PM.


#22
risk_reversal

risk_reversal

    Junior

  • Member
  • Pip
  • 96 posts
  • Joined 28-July 05
On 98SE, I still run Norton 2003 AV which works well. I know that there was reference to the 2002 version earlier on in this thread.

In respect of malware SuperAntiSpyware works great up to v4.24.1004. The definitions file is getting a bit big now and load times slow down but there is a right click context menu entry to scan individual files.

wsxedcrfv said:

I remove the drive from the system and attach it as a slave to the trusted system and scan it

You could also try one of the following for on-demand scanning.

1. Run the AntiVir AV Rescue boot CD. It's Linux based and will see all the partitions on the HD (hidden partitions also).
The AV definitions are updated regularly.

2. Alternatively, install Linux on a small partition and then you can install and run Avast to scan other partitions.

3. I used to use the ESET (NOD32) on line scanner but although some say that it still works for 98SE, I have found it difficult to access it lately (perhaps my Java is not recent enough).

Good Luck

Edited by risk_reversal, 25 February 2010 - 09:32 AM.


#23
ojn

ojn
  • Member
  • 7 posts
  • Joined 11-April 08

If you want an AV application that still runs on 98 and still has current definition files, go find Norton AntiVirus 2002, and then periodically download the Symantec Intelligent Updater package.


Hello:

As I understand it, Norton Antivirus 2002 is no longer supported with new definition updates. It appears that Norton AV 2003 is the earliest version that is still receiving updates, and it seems that it doesn't support Windows 98/ME. (See: http://www.symantec....ail.jsp?gid=n95 .)

Cheers,
Jerry

#24
bpalone

bpalone

    Member

  • Member
  • PipPip
  • 176 posts
  • Joined 04-March 09
  • OS:Windows 2000 Professional
  • Country: Country Flag

Donator


If you want an AV application that still runs on 98 and still has current definition files, go find Norton AntiVirus 2002, and then periodically download the Symantec Intelligent Updater package.


Hello:

As I understand it, Norton Antivirus 2002 is no longer supported with new definition updates. It appears that Norton AV 2003 is the earliest version that is still receiving updates, and it seems that it doesn't support Windows 98/ME. (See: http://www.symantec....ail.jsp?gid=n95 .)

Cheers,
Jerry


Don't believe everything you read on the internet. It still updates or at least gives the indication that it does. I know it states that it doesn't, but it still does. In fact upon completion of the update it it mentions that if you have older products you still need to use a different updater. Just thought I would pass it on, since it is being discussed.

#25
the xt guy

the xt guy

    Member

  • Member
  • PipPip
  • 102 posts
  • Joined 19-July 06
  • OS:XP Pro x86
  • Country: Country Flag

Donator

Although I haven't used any Norton AV for nearly 4 years, I have a copy of Norton AV 2006. That version needs a minimum of Win 2K, but it came with a copy of Norton AV 2005 on the same CD for 9x systems. Apparently AV 2005 is the last version to run on 9x.

Edited by the xt guy, 01 March 2010 - 02:30 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users