[Steven W]

Sorry to report this guys:

http://www.avast.com...t-security#tab2

[Steven W]

I asked over at the Avast forum, and was told it would definately be dead sometime in 2010. A user there recommended Norman, it's a pay product and will supposedly die in 2011. (Please note I CAN NOT vouch for it, although I did Google and they seem to have a good rep in corporate circles.):

http://www.norman.com/home/all_products/an..._single_user/en

Can anyone recommend anything else?

[rainyd]

You know, Firefox 3.6/3.5/3 require at least Windows 2000 (many other programs too).
But through KernelEx we can use them (of course not all).

On the other hand, what you expected (Win98 SE was released more than decade ago)?

This post has been edited by rainyd: 13 February 2010 - 06:58 PM

[Steven W]

Not expecting much now days for 9x/ME. I was disappointed to see Avast go, but hardly surprised. I have started using XP/a Linux distro here at home only maintaining 98 for one friend now, there were three or four just a year ago. Kind of depressing.

[aru]

ClamWin continues to work on Win98SE:

http://www.clamwin.com/

And now there is also Clam Sentinel: a system tray application that detects file system changes and scans the files modified using ClamWin.

Clam Sentinel has been developed by me just because Avast will drop the support for Win98, the program is freeware and open source.

Clam Sentinel works on Win98SE, ME, 2000, XP, Vista, Win7 and is available from here:

http://clamsentinel.sourceforge.net/

For Win98/ME I have developed a vxd driver (builded with MSVC6 + Win98DDK) that detects filesystem changes (similar to the famous program FileMon).

bye,
aru

This post has been edited by aru: 15 February 2010 - 02:58 AM

[herbalist]

Does Clam Sentinel use polling or does it detect changes in real time?

[aru]

herbalist, on Feb 15 2010, 12:25 PM, said:

Does Clam Sentinel use polling or does it detect changes in real time?

On Win98SE/ME the vxd detects changes in real-time and adds these on a list, then ClamSentinel polling every 0,5 seconds for to extract the list and to start the scanning.
The scanning starts immediatly for the first 10 files and when this scan is terminated continues to consume the list of 10 files at once.
If a virus is found, for default, is moved to quarantine.

But attention Clam Sentinel only detects filesystem changes and then scan these files with ClamWin, but is unable to block the execution of malware or virus.

bye,
aru

This post has been edited by aru: 15 February 2010 - 06:46 AM

[herbalist]

Malware doesn't have to target Win98 directly to function. A large percentage of it targets applications, many of which still run on 98. I have several trojans given to me by other members that are quite recent, some of which behave very much like a rootkit does on an NT system. A fair amount of trojans run on both 9X and NT systems. 9X isn't targeted as much as it used to be, but don't believe for a minute that it's unaffected by todays malware.

There's also the possibility that the additional functions added by projects like KernelEX could allow more than just user software to function on 9X systems. By "modernizing" Win98, we may make it vulnerable to more of the modern threats in the process. This is completely unexplored territory.

Regardless of whether it's a 9X system, XP, or Win-7, the overall effectiveness of AVs has been declining, not just in detections but in their ability to remove malware when it's discovered. There's better ways to secure Windows than AVs, including virtual systems, sandboxing, and default-deny security policies.

[Steven W]

aru, thanks this is something Clam A/V has needed for a while. Have you ever had any discussions with them about integrating the two programs?

[aru]

Steven W, on 16 February 2010 - 07:41 AM, said:

aru, thanks this is something Clam A/V has needed for a while. Have you ever had any discussions with them about integrating the two programs?

I have contacts with GuitarBob that works with the ClamWin team.
The ClamWin team is working on an official real-time scanner but that will not work on Win98SE/Me.

Regarding the integration of Clam Sentinel into the ClamWin package seems that since this is not an official project do not want to do.

No contacts with the Clam A/V team.

bye,
aru

This post has been edited by aru: 16 February 2010 - 09:31 AM

[herbalist]

Quote

For buffer-overrun or heap-spray exploits (exploits that don't require user intervention or "help" to install themselves on a system) I would argue that yes, you do need to code the exploit to match the OS.

Malicious sites don't just drop 1 or 2 files on the user anymore. A lot of them use scripting to detect the specific OS, the browser being used, even the currentness of the patching before deciding which payload the user will get. Some have been found to use as many as 40 different exploits and payloads. Leaving one in the collection that works on 9X would be a simple matter. It wasn't that long ago that a zero day vulnerability in Adobe Reader worked as well on 9X as it did on XP. The demo just used the mail handler to launch the calculator. It could have just as easily added startup entries to the registry. In spite of all their differences, 9X and NT systems do have a lot in common that can be and is targeted. We've got malicious code that can tell when it's in a sandbox or virtual environment and will change its behavior. Detecting the OS it's installing on would be easy in comparison.

Quote

And how many of those can be implimented on a 9x system?

Default-deny can be implemented on any version of Windows. Connectix Vitrual PC (the pre-MS versions) run on 98. The only option that isn't available for 98 as far as I know is sandboxing software. If KernelEX keeps progressing, even that might become possible.

I'll agree that 9X users are safer than they used to be, but that doesn't mean that the web is safe enough for us to go unprotected.

[cyberformer]

I am posting this here, rather than starting a new thread---since it has to do with Avast.

First off, this particuliar system is Windows Me---667 mgz---128 mb, with 13GB free space on the HD----so there is no problem with speed or room.

I've had Avast on this machine for some time now, and just the other day the license key ran out. I submitted all the usual info, and was sent a new license key.
I installed the new license key.
When I go to update, the following occurs:
Everything starts to work as usual---one file after another showing that it is being down loaded, until...
a bloody box appears, which reads:
not enough storage space is available to process this command.

What the hell could this be! Not enough storage space..."Where"!!!!
Does any fellow members have any inkling as to what this could be all about?
Avast is still downloading the updates on my 98Se machine---but the key is still valid for another month or so---until I need a new one. I wonder if the same thing will happen:
that yes indeed---they will deliver the key---to something now made useless?
Either I am overly paranoid--or there is a glitch on the Me machine that can be addressed?

Any thoughs?

[Multibooter]

cyberformer, on 21 February 2010 - 12:38 PM, said:

not enough storage space is available to process this command.

The error seems to be a nasty one, perhaps it has something to do with installing software in a network/via the internet. Perhaps it's an installer error msg, when Avast tries to install a newer software component which might not work under Win9x anymore, but that's just a wild guess. Ancient Kaspersky Anti-Virus v4.5 died on me during an update with an incompatible component, about a year and a half ago, I had to upgrade to v6.

Maybe this helps:
http://www.msfn.org/...s-this-command/
http://forums.kustom...ead.php?t=33805

I use Kaspersky Anti-Virus 6, not Avast, so my comment here may not apply. In the Kaspersky update settings I have de-selected the option "Update application modules", to make sure that Kaspersky doesn't try to install a newer software component which might not be Win98-compatible.

If Kaspersky AV gives me a cryptic error msg, I uninstall it, then re-install it. Since I know how to back up the license key generated during activation, re-installation is risk-free for me. Make sure you don't lose your license key during the fiddling around.

[Multibooter]

wsxedcrfv, on 15 February 2010 - 09:56 AM, said:

I don't think that anyone can make a good case as to why win-98 systems need anti-virus support these days.

I only use an anti-virus for checking stuff downloaded with eMule under Win98. I have a dedicated eMule computer, running continuously (current uptime: 4 days, 15 hrs). The incoming downloads are processed on another computer, so the virus-check could indeed be done there under WinXP. Running a virus-check under Win9x may eventually become just as unnecessary as running a virus-check under DOS. I haven't run a complete virus-check under Win98 for about a year, with no ill effects.

Nevertheless it's re-assuring to know that I could run a virus checker under Win98.

Quote

the new stuff has a very poor detection rating with AV apps.

Kaspersky currently detects in 100 software files downloaded with eMule about 60 infected files. When Kaspersky is run a month later again, on the ??clean?? 40 files, it will detect another 5-10 infected files which it didn't detect a month earlier. Anti-virus software is indeed far behind in their detection of new malware.

The infection rate of eMule software downloads has jumped from about 20% to currently about 60-70% over the last 6 months. 6 months ago the largest eMule server had links to about 25 million files, today it links to 83 million different files. This sudden jump by about 60 million files corresponds to the jump in the infection rate. Perhaps some organization has been trying to poison the eMule network by pumping 60 million different infected files into it.

[cyberformer]

Thanks for trying to help multibooter!
I will endeavor to use the info you gave me to see if I can get things working.

wsxedcrfv,
I think your idea of slaving the win 9x hard drive, to an XP machine,
so that it can be checked for viruses---is an excellent idea,
but tedious to have to do.
I will try it out using one of my 9x machines.
It would not work well for "heavy handed" people though, being that taking hard drives from one pc to another always risk the chance of breaking a pin---or putting extra stress and wear on the pins.

Perhaps someone from this very forum, will one day solve our problems by coming up with their own AV just for 9x----! ....along with that special IPV6 patch too!
Not as unlikely or improbable as many might think!!

[lightning slinger]

wsxedcrfv, on 22 February 2010 - 09:00 AM, said:

Any executables I download on my systems I generally submit to VirusTotal.  Why run a dedicated AV app on your system when you have virtual access to 40 apps at the same time?

The old VirusTotal Uploader 1.0 runs on 98SE if you can still find a download site offering that version. It allows the user to submit the file for analysis by right clicking and selecting Send To from the context menu. It will then open the users default browser on the VirusTotal website with the scanned results.

I saved a copy of this early version when V.2.0 was released as that does not run on 98SE. No doubt if one trawls through Google search results V.1.0 will still be offered by someone.

HTH

[Browncoat]

Though I'm moving to Linux, any of you guys using Spybot S & D ?
It still supports 9x.