Avast 5 out, no more 9x support
Posted 13 February 2010 - 06:45 PM
Can anyone recommend anything else?
Posted 13 February 2010 - 06:51 PM
But through KernelEx we can use them (of course not all).
On the other hand, what you expected (Win98 SE was released more than decade ago)?
This post has been edited by rainyd: 13 February 2010 - 06:58 PM
Posted 13 February 2010 - 08:24 PM
Posted 15 February 2010 - 02:56 AM
And now there is also Clam Sentinel: a system tray application that detects file system changes and scans the files modified using ClamWin.
Clam Sentinel has been developed by me just because Avast will drop the support for Win98, the program is freeware and open source.
Clam Sentinel works on Win98SE, ME, 2000, XP, Vista, Win7 and is available from here:
For Win98/ME I have developed a vxd driver (builded with MSVC6 + Win98DDK) that detects filesystem changes (similar to the famous program FileMon).
This post has been edited by aru: 15 February 2010 - 02:58 AM
Posted 15 February 2010 - 06:45 AM
On Win98SE/ME the vxd detects changes in real-time and adds these on a list, then ClamSentinel polling every 0,5 seconds for to extract the list and to start the scanning.
The scanning starts immediatly for the first 10 files and when this scan is terminated continues to consume the list of 10 files at once.
If a virus is found, for default, is moved to quarantine.
But attention Clam Sentinel only detects filesystem changes and then scan these files with ClamWin, but is unable to block the execution of malware or virus.
This post has been edited by aru: 15 February 2010 - 06:46 AM
Posted 15 February 2010 - 09:56 AM
And I'll tell you something else about malware these days - the new stuff has a very poor detection rating with AV apps. Just yesterday I came across a web-page that gave the fake-av scan and wanted me to download and install a fake AV application. I downloaded the file and submitted it to Virus Total where 41 different AV programs scanned the file. It was ID'd as malicious by ONLY 6 out of 41 programs. In a week or two I garantee you that only 5 more will detect that same file as malicious.
If you want an AV application that still runs on 98 and still has current definition files, go find Norton AntiVirus 2002, and then periodically download the Symantec Intelligent Updater package. But I still say it's a waste of time because 98 simply isin't vulnerable to the really nasty exploits (heap sprays and buffer over-run exploits) and the other stuff that needs your help to download and run is trivial to avoid.
Posted 15 February 2010 - 10:18 PM
There's also the possibility that the additional functions added by projects like KernelEX could allow more than just user software to function on 9X systems. By "modernizing" Win98, we may make it vulnerable to more of the modern threats in the process. This is completely unexplored territory.
Regardless of whether it's a 9X system, XP, or Win-7, the overall effectiveness of AVs has been declining, not just in detections but in their ability to remove malware when it's discovered. There's better ways to secure Windows than AVs, including virtual systems, sandboxing, and default-deny security policies.
Posted 16 February 2010 - 08:35 AM
For buffer-overrun or heap-spray exploits (exploits that don't require user intervention or "help" to install themselves on a system) I would argue that yes, you do need to code the exploit to match the OS.
A secondary payload that runs on a win-9x system is different than a primary exploit that is able to boot-strap itself into a win-9x system without needing or asking the user to download and run it manually (as a lot of easily-avoidable malware does).
Yes, that's been true for the past 3 to 4 years at least. Many people (home, soho, orgs and corps) don't want to believe that.
And how many of those can be implimented on a 9x system?
Posted 16 February 2010 - 09:21 AM
I have contacts with GuitarBob that works with the ClamWin team.
The ClamWin team is working on an official real-time scanner but that will not work on Win98SE/Me.
Regarding the integration of Clam Sentinel into the ClamWin package seems that since this is not an official project do not want to do.
No contacts with the Clam A/V team.
This post has been edited by aru: 16 February 2010 - 09:31 AM
Posted 16 February 2010 - 06:21 PM
Malicious sites don't just drop 1 or 2 files on the user anymore. A lot of them use scripting to detect the specific OS, the browser being used, even the currentness of the patching before deciding which payload the user will get. Some have been found to use as many as 40 different exploits and payloads. Leaving one in the collection that works on 9X would be a simple matter. It wasn't that long ago that a zero day vulnerability in Adobe Reader worked as well on 9X as it did on XP. The demo just used the mail handler to launch the calculator. It could have just as easily added startup entries to the registry. In spite of all their differences, 9X and NT systems do have a lot in common that can be and is targeted. We've got malicious code that can tell when it's in a sandbox or virtual environment and will change its behavior. Detecting the OS it's installing on would be easy in comparison.
Default-deny can be implemented on any version of Windows. Connectix Vitrual PC (the pre-MS versions) run on 98. The only option that isn't available for 98 as far as I know is sandboxing software. If KernelEX keeps progressing, even that might become possible.
I'll agree that 9X users are safer than they used to be, but that doesn't mean that the web is safe enough for us to go unprotected.
Posted 21 February 2010 - 12:38 PM
First off, this particuliar system is Windows Me---667 mgz---128 mb, with 13GB free space on the HD----so there is no problem with speed or room.
I've had Avast on this machine for some time now, and just the other day the license key ran out. I submitted all the usual info, and was sent a new license key.
I installed the new license key.
When I go to update, the following occurs:
Everything starts to work as usual---one file after another showing that it is being down loaded, until...
a bloody box appears, which reads:
not enough storage space is available to process this command.
What the hell could this be! Not enough storage space..."Where"!!!!
Does any fellow members have any inkling as to what this could be all about?
Avast is still downloading the updates on my 98Se machine---but the key is still valid for another month or so---until I need a new one. I wonder if the same thing will happen:
that yes indeed---they will deliver the key---to something now made useless?
Either I am overly paranoid--or there is a glitch on the Me machine that can be addressed?
Posted 21 February 2010 - 06:17 PM
Maybe this helps:
I use Kaspersky Anti-Virus 6, not Avast, so my comment here may not apply. In the Kaspersky update settings I have de-selected the option "Update application modules", to make sure that Kaspersky doesn't try to install a newer software component which might not be Win98-compatible.
If Kaspersky AV gives me a cryptic error msg, I uninstall it, then re-install it. Since I know how to back up the license key generated during activation, re-installation is risk-free for me. Make sure you don't lose your license key during the fiddling around.
Posted 21 February 2010 - 08:00 PM
Nevertheless it's re-assuring to know that I could run a virus checker under Win98.
The infection rate of eMule software downloads has jumped from about 20% to currently about 60-70% over the last 6 months. 6 months ago the largest eMule server had links to about 25 million files, today it links to 83 million different files. This sudden jump by about 60 million files corresponds to the jump in the infection rate. Perhaps some organization has been trying to poison the eMule network by pumping 60 million different infected files into it.
Posted 22 February 2010 - 09:00 AM
Any executables I download on my systems I generally submit to VirusTotal. Why run a dedicated AV app on your system when you have virtual access to 40 apps at the same time?
I have access to several good/trusted XP machines with several AV apps installed on them. When I feel like running a virus scan on any system (XP, NT4, win-98, etc) I remove the drive from the system and attach it as a slave to the trusted system and scan it. Much more reliable than a system scanning itself while it's running. Doing that is like trying to repair your car while you're driving it. Doesn't make sense - too much malware these days knows how to hide itself during a scan - or even sabotage the scan such that it's not really running but you think it is. The only way to scan a drive correctly is when it's slaved to a second machine.
Do people post comments when they discover that a download is viral?
On a side-track, I'm curious about people that use ED2K vs bittorrent, or more specifically if people fall into two catagories (those that do ED2K and those that do bittorrent) and if so - along what lines do they differ? (geography, content, age, computing platform, etc). And what's the correct term to use when you're running an ED2K client? Are you "mule-ing" (as opposed to torrenting) ?
Posted 22 February 2010 - 09:57 AM
I will endeavor to use the info you gave me to see if I can get things working.
I think your idea of slaving the win 9x hard drive, to an XP machine,
so that it can be checked for viruses---is an excellent idea,
but tedious to have to do.
I will try it out using one of my 9x machines.
It would not work well for "heavy handed" people though, being that taking hard drives from one pc to another always risk the chance of breaking a pin---or putting extra stress and wear on the pins.
Perhaps someone from this very forum, will one day solve our problems by coming up with their own AV just for 9x----! ....along with that special IPV6 patch too!
Not as unlikely or improbable as many might think!!
Posted 22 February 2010 - 02:44 PM
The old VirusTotal Uploader 1.0 runs on 98SE if you can still find a download site offering that version. It allows the user to submit the file for analysis by right clicking and selecting Send To from the context menu. It will then open the users default browser on the VirusTotal website with the scanned results.
I saved a copy of this early version when V.2.0 was released as that does not run on 98SE. No doubt if one trawls through Google search results V.1.0 will still be offered by someone.