Windows 9x/Me Security Thread

[loblo 23]

AVZ Antiviral Toolkit 4.35 is well worth having I guess:

http://www.softpedia.com/get/Antivirus/AVZ-Antiviral-Toolkit.shtml

[dencorso 489]

How come you forgot to include our very own Unofficial ClamWin patch for Win98SE by aru?

I'm begining to think the best way to get something totally unnoticed is to stickify it!

That said, thanks for your hard work! You rock!

[Multibooter 0]

Just yesterday I updated under Win98 Kaspersky Anti-virus v6.0.2.261 from their server, Signatures published: 5/8/11, 5371038 signatures.Great scanner and works fine under Win98. The only difficulty is where to purchase a valid key for this old version. Kaspersky will probably provide updates for v6 for another year. In any case I bought me a spare key for v6, with which I should be fine until March 2013, if Kaspersky Lab should decide to extend the updates for v6.

In any case, after each signature update I make a backup of the Update Folder (in a rar file of currently 170MB) which can be used in the years to come to update a fresh installation of Kaspersky 6. In this way I will be able in 2015, for example, to install Kaspersky 6 under Win98 and update it to a close-to-the-last signature database, e.g. April xx, 2012, from the Update folder, instead of their server. A license key file with the date of validity beyond the date of the last signature update should allow Kaspersky to run indefinitely, with the close-to-the-last signature database.

BTW, the Kaspersky license key file is not the same as the registration code. A registration code is useless if the Kaspersky server doesn't give you a license key file for it. This happened to me a few years back when Kaspersky Lab dropped support for Kaspersky Internet Security v6, and I couldn't update from the server anymore, even if I had a valid license/registration code.

Edited May 10, 2011 by Multibooter

[loblo 23]

Loblo, I just used AVZ and had no viruses! I guess ClamWin was doing it's job!

I guess you didn't find anything with Clamwin either or am I wrong?

[M()zart 3]

What about Spybot Search & Destroy? http://www.safer-networking.org/

I think, it is worth mentioning here.

Personally I don't use any security software neither on my Windows 98 PC, which I connect to the Internet very rarely through dial-up, nor on my main Windows 7 PC. I just use its Windows firewall, and very carefully run any suspicious executables. I tried Kaspersky, and my PC worked very slowly with it. Then I tried NOD - works well, but slows down my torrent downloads greatly. When I tried Outpost - it just crashed occasionally into BSOD couple of times a week. After all I uninstalled all the security software. Three years with Windows firewall and no AV. Infected three times only. Every time detected and cleaned infection myself without system reinstalling. Spent less brain cells then with this irritating security software. Each time before running suspicious executables I test them on VirusTotal and sometimes on virtual machines. Sometimes check my PC with Cure-it.

[TmEE 0]

I install Norton 2005 and update it form time to time, so I can get virus signatures to be used in its DOS component NAVDX. Works wonders and has saved me lot of headache in past.

I usually run no protection measures whatsoever, only scan the HDD few times a year. AVG is something I strongly advise against using... I'd rather have viruses than AVG... in both cases you lose performance, and AVG is probably even more annoying than viruses are..... lot of bad experience with it that still carries on at my work where I see virus ridden machines running AVG...

[Guest wsxedcrfv]

What a waste of hard drive space and cpu cycles.

I run no AV software on my win-98 systems. After years of running Norton Antivirus 2002 (and updating it every year with Symantec intelligent updater) it has never detected any malware (at least none that I didn't intentionally download for examination). Any apps I download from the net I can fire off to virustotal.com and get it scanned by 42 AV programs. So I stand firmly by my claim that if you have even 2 functioning brain cells enough to not click on executable files or scripts that pop up on your web browser or e-mail, then your win-98 system does not need an AV package in the year 2011 and hasn't needed one for at least the past 5 years.

Firewall? Again, useless for win-98. More useless than AV software. If you connect to the internet using a NAT router, then a software firewall is doing nothing for you. Many people don't understand that.

During the years 2000 through the end of 2005, our office had a 64-IP address subnet connection to the internet. NO nat-router. Each computer had a direct, routable IP address. Some of our NT and win-2K computers occasionally became infected that way (mostly network worms). Our dozen win-98 computers ->GOT NOTHING<-. The most vulnerable years for win-98 to be running without a firewall or NAT router, and we got nothing. Case closed for software firewalls on win-98.

And take this home for consideration: Most virii or trojans that infect windows systems know how to disable your AV and firewall software - but again you won't find anything in current circulation that knows how to target a win-98 system anymore. For the service-heavy XP, naturally I wouldn't run an XP system without it's firewalls turned on. XP is so much more vulnerable than win-98.

So how do I keep malware off my win-98 system? For starters, I simply don't think the infection avenues exist anymore that enable malware to get onto win-98 systems. Look at Secunia.org for security issues affecting win-98 during the years 2000 through 2006. Very few, and basically none of them allowed for unattended exposure to malware, in contrast to dozens for XP, and many hundreds of other vulnerabilities during those years and beyond.

So use a HOSTS file. Mainly to stop advertizing and other pop-up screens that can appear when you visit questionable websites. Also, have your browser NOT automatically render pdf files - although I have yet to see a pdf exploit that functions correctly on win-98 using acrobat 6.

Set your browser user-agent to something other than win-98. This will confuse infected or malicous web-servers that use the user-agent to figure out what OS you're running as they try to send you specially-crafted infectors tailored to your OS.

[CharlesF 0]

NO AV for years, but:

* Update every component.

For IE6 and OE6 (even if you don't use them), don't forget Maximus Decim InternetExplorer 6.0sp1 Component Update 3.4

* I use SpywareBlaster 4.4 for years: prevent the installation of spyware and other potentially unwanted software.

* Use a up-to-date Hosts file. For instance Mvps Hosts File

* There is also this old stuff, but it has not been updated for years : BugOff

* I run HijackThis from to time, to see if anything has changed.

* The main threat nowadays is from USB keys (or players, ...) IMO,

and I use to avoid them the excellent Autorun Eater 2.5 beta, with KernelEx. See here: #1067.

HTH

Charles.

[loblo 23]

Timely topic as my system just got hit by a W32.Polipos.A virus which has infected about hundred executables or so.

I have so far cleaned it up to the point it doesn't seem to be spreading anymore but I'll take me another day or two for doing a full cleanup I guess as I have got to reinstall a lot of commercial software packages as well as finding on the net again quite a few freebies freebies that also got infected .

After that one I am kinda considering running again a resident virus scanner.

[loblo 23]

wsxedcrfv, AFAIK (but you'll tell me if I am wrong) a router won't block outgoing traffic so a decent firewall is still necessary IMHO in case one gets hit by an online browser/flash/java exploit downloading and executing code on one's machine.

[loblo 23]

BitDefender 8 still gets updated with the latest virus definitions and there are currently 6.902.664 signatures in the database. The free edition doesn't have a resident shield protection and, if relevant, KernelEx must be disabled on the file BDSS.EXE located in PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER otherwise it won't work or crash.

http://www.filehippo.com/download_bitdefender/577/

Edited May 11, 2011 by loblo

[Multibooter 0]

Timely topic as my system just got hit by a W32.Polipos.A virus which has infected about hundred executables or so.

A year ago my laptop got a .exe infection which infected USB archives and across operating systems. I eventually wiped the whole disk on the infected laptop and restored from backups. Most of the stuff on the infected 1TB USB HDD I have deleted, but I have not yet wiped the HDD. 1 year on there is still some stuff on the infected external HDD, and I have been emptying it slowly, as I have time, with binary compares against a clean older archive HDD, with Beyond Compare v2.9.3. Maybe in a year from now I will have finished deleting the last leftover stuff on the infected 1TB HDD.

I have so far cleaned it up to the point it doesn't seem to be spreading anymore but I'll take me another day or two for doing a full cleanup

If I remember right, my system got re-infected twice.

I guess as I have got to reinstall a lot of commercial software packages as well as finding on the net again quite a few freebies freebies that also got infected .

If this is the case you need to work on your backup strategy. I have the opposite problem: I am swamped with backups.

My problem with the .exe infection last year was that at the time of the infection I was in Europe for several months, while many of my backups were in the US. I still have no clear ideas about how to back up new stuff added during extended travels, maybe on DL DVDs or on Blu-ray disks (write-once), they won't be compromised by .exe infectors.

After that one I am kinda considering running again a resident virus scanner.

I doubt that real-time scanning by my anti-virus software would have protected me from the blazingly fast exe infector Tenga.a. Kaspersky AV a year ago was able to identify etc the malware output, the Tenga-infected .exe files. But apparently Kaspersky AV was not able to identify the original agents causing the infection because I always scan my downloads.

[Steven W 0]

Some might have an aversion to it, but I still use Tiny Personal Firewall (2.0.15A). If I recall correctly, it has some issue with a Norton defrag utility. McAfee's Stinger Tool still works (I don't believe it requires KernelEx).

Edited May 12, 2011 by Steven W

[erpdude8 1]

What about Spybot Search & Destroy? http://www.safer-networking.org/

I think, it is worth mentioning here.

speaking of Spybot S&D, version 2.0 beta has just been released today.

http://www.safer-networking.org/en/news/2011-05-11.html

can you guys check to see if Spybot S&D 2.0 beta works under Win98/ME? I know its help file still mentions Win9x/ME.

[Multibooter 0]

Some might have an aversion to it, but I still use Tiny Personal Firewall (2.0.15A). If I recall correctly, it has some issue with a Norton defrag utility.

I am using Tiny Personal Firewall v2.0.14 under Win98 and Kerio Personal Firewall v2.1.5 under WinXP. The defragger VoptXP v7.22 [this is a misnomer, it runs fine under Win98] has no issues with Tiny or Kerio. Under WinXP I have installed VoptXP v7.22 and Vopt v9.21.

Tiny v2.0.14 has worked fine for me under Win98, but eventually I will replace it with Kerio v2.1.5 under Win98 so that I have the same firewall software on all computers of a mixed Win98/WinXP peer-to-peer network.

Here some old postings of mine regarding Tiny/Kerio:

Regarding Vopt/defragging under Win98:

Edited May 11, 2011 by Multibooter