Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

Does Win9x need Antivirus anymore?

- - - - -

  • Please log in to reply
26 replies to this topic

#1
LostInSpace2012

LostInSpace2012

    Senior Member

  • Member
  • PipPipPipPip
  • 589 posts
  • Joined 20-August 12
  • OS:ME
  • Country: Country Flag

Donator

I'm willing to keep using F-Prot 3.16f for DOS which was released in 2009... (see the DOS Programs thread)

but is there any need to keep an up-to-date, bloated Anti-virus program on Win9x?

Clamwin is about as small and light as you can get, but I've been using ClamWin for like 4 years and it's never once detected a single virus...

So, I'm thinking either ClamWin is worthless, or else Win9x is just too old for viruses to infect?

I stopped having problems when I stopped using peer-2-peer file sharing networks and Internet Explorer. And that was like back in the days of Kazaa and IE 5. Since then, nothing. No more homepage getting hijacked to porn websites, no more blue screens of death, or freezes. In fact, as soon as I started using Netscape 9 I never had another problem. I've gone from using Netscape 9 to K-Meleon and Seamonkey and Opera. Never had any problems.

Does anybody get viruses anymore while using Win9x? What kind of virus was it? How did you get it? etc.

Which types of viruses are more able to infect Win9x in 2013?

-master boot record viruses
-exe/com file infectors
-trojans / malware
-worms
-macro viruses ?

Links to articles or websites, pro or con regarding the relevance of Win9x viruses, and the need (?) for Anti-Virus would be appreciated... and anybody's opinion or experiences.

Basically, is there any point at all to bother using Anti-Virus on Win9x systems? Would it be like worrying about viruses on Windows 3.1 at this point? All of the viruses for Windows 3.1 are basically "not in the wild" anymore. Only way you'd get them, is by finding an old floppy disk that's twenty years old and was never scanned.

I'm at the point where I believe there is 99% NO reason to scan for viruses anymore on Win9x. The only possibility I can think of is you might stumble upon an old floppy disk that might have an infected word document or DOS game that was infected.... possibly a floppy disk might also have an old MBR infector virus. That's it.

Most programs don't run on Win9x nowadays, so I don't think the chance of virues being spread around are anything to worry about. You can't open new "word" documents anymore either, so there's little sense of worrying about that either.

Am I missing anything here?

Is there any possibility of getting virues from USB flash drives? My windows ME computer is incapable of booting from USB anyway... seems to be a feature of newer computers.

Edited by LostInSpace2012, 22 February 2013 - 01:13 AM.



How to remove advertisement from MSFN

#2
LostInSpace2012

LostInSpace2012

    Senior Member

  • Member
  • PipPipPipPip
  • 589 posts
  • Joined 20-August 12
  • OS:ME
  • Country: Country Flag

Donator

http://www.washingto...6063001587.html

Washington Post article published in 2006 which says,

Johannes Ullrich, chief technology officer for the SANS Internet Storm Center, which monitors hacking trends, said Windows 98 and ME users already have a measure of security through obscurity, because most malicious code created today will not run properly on those systems.


So, if that was said 7 years ago, then we're in the clear, right?

Edited by LostInSpace2012, 21 February 2013 - 06:51 PM.


#3
CharlotteTheHarlot

CharlotteTheHarlot

    MSFN Master

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,054 posts
  • Joined 24-September 07
  • OS:none specified
  • Country: Country Flag
Win9x is such an easy system to manage with such a tiny footprint that I cannot imagine a need to lock it down using realtime CPU-killing AV when you can simply clone the whole thing periodically to another HDD, stick it on the shelf and grab it as a replacement if a virus should ever strike. Replacing a HDD only takes a moment so you can be right back online very quickly. This way, you can run your system bare naked ( behind a router of course ) with the full CPU and I/O power available and unimpacted by realtime AV.

Alternatively, even without cloning, if you have a separate offline computer available, it is really simple to take out an infected system HDD and install it as D: and clean it that way. It is really easy to clean a virus or malware from Win9x and FAT32 ( easier than NT under NTFS ). There are so few places for it to hide and fewer startup vectors.

This is just my opinion, but why punish yourself with realtime AV intercepting all traffic and peeking in every folder and flashdrive? Definitely get behind a router first though.

... Let him who hath understanding reckon the Number Of The Beast ...


#4
LostInSpace2012

LostInSpace2012

    Senior Member

  • Member
  • PipPipPipPip
  • 589 posts
  • Joined 20-August 12
  • OS:ME
  • Country: Country Flag

Donator

thanks for the reply, Charlotte.

well, I'm on dialup... do I need a router for that? Dial-up is never really mentioned when it comes to security, like it's forgotten or something. What should I do in my case?

Right now, I just have Tiny Firewall installed. It's the only firewall that doesn't slow down my already slow internet.

I just deleted ClamWin because to me it' s nothing more than a drain on resources.

Good suggestion. I do have a second Windows ME computer, and a Windows 2000 computer (no modem, so I don't go online with it) that I hardly use. Swapping hard drives wouldn't be hard. But still, I haven't had any problems before with any of my 3 computers.

#5
Nomen

Nomen

    Member

  • Member
  • PipPip
  • 238 posts
  • Joined 07-July 12
  • OS:98SE
  • Country: Country Flag
Back during the time-frame July 2000 through Dec 2005, we had about a dozen win-98 machines (and about 6 other machines running NT4 and 2K) in a small organization sharing an ISDN connection to the internet. We had a net-block of 64 static IP addresses, and each of our PC's was assigned on of those addresses. No firewall running on any of the PC's (at least not the win-98 PC's) and no NAT router.

All of the PC's ran some version of Norton Antivirus, and it caught most viral email attachments as incoming mail was spooled on our NT4 mail server.

Over that time frame, none of the win-98 machines got infected by anything. Our 2 NT4 servers were discovered to be hosting someone's private FTP site (or at least they were trying, but our slow connection was a problem I suppose). Our Win-2k machines were periodically hit with network worms and other stuff. I would argue that those years (2000 - 2005) were the prime years for win-9x to be targets, and we had a completely open network topology that would have facilitated it, but in the end our win-98 machines sailed through those years cleanly. In the years since then, our PC's shared a DSL connection behind a nat-router, and although I maintained NAV 2002 on about 6 machines until about 2008, they continued to be devoid of malware, trojans, virii, etc.

So for the past 5 or so years I've abandoned any AV protection on these win-98 machines.

On the other hand, I'm quite aggressive at adding entries to my hosts file, which is based on the MVPS hosts file. I examine my router's out-going logs periodically to see what domains or hosts are being accessed, and any that don't look right are added to my hosts file. There is a lot of web-metrics, click-tracking, ad-serving and god-knows-what servers out there that are hooked into the web-surfing experience that have no place being there, and I'll be damned if I'm going to expose my PC's to that crap. Especially when it's those servers that are likely to be hacked and serve up malware.

But it all comes down to this: Win-9x, either by design or dumb luck, is simply not vulnerable to even a fraction of the exploit vectors that have existed for the NT-based line of Windows.

The website Secunia.org lists all the known security issues for many many hardware and software products. As of July 2006 (when win-98 went EOL) Secunia was listing 33 advisories for Windows 98. That's for the entire life-span of the product. They were listing well over 200 advisories for Win 2k/XP at the same time. And as of Dec 2012, they were listing 408 advisories for Win-XP pro (44 of which were un-patched).

So that should put things into perspective.

#6
CharlotteTheHarlot

CharlotteTheHarlot

    MSFN Master

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,054 posts
  • Joined 24-September 07
  • OS:none specified
  • Country: Country Flag

well, I'm on dialup... do I need a router for that? Dial-up is never really mentioned when it comes to security, like it's forgotten or something. What should I do in my case?

Are you dial-up on POTS ( plain telephone wire )? I've actually never seen anything except that situation so my knowledge is limited here. If it is POTS, including ISDN, your computer is using a modem to create/decipher the actual analog "phone" signals which speak to the telephone company and they talk with the Internet from up there. I can't see a way that a router can be placed in between you and the Internet because that actual gateway is remote.

By contrast, for broadband users the jumping off/on point that has an IP address is physically in their house at the Cable/DSL/Fiber modem so a router is simply slipped in between there and the computer(s) via ethernet and it becomes a hardware firewall managing incoming and outgoing comm while NAT'ing the IP addresses.

In your Modem-POTS situation, the IP address is actually on a device far upstream, where they perform the Internet communication and then "Modem" it into telephone signals for the trip back to your modem. The security aspect of someone using your ( probably unchangeable ) IP address to probe your ports is primarily in the ISP's hands, and presumably a thoughtful ISP would notice such activity and thwart it upstream. For some added measure of protection a software firewall with inbound and outbound blocking might be useful, if for no other purpose than to popup with a prompt every time something knocks on your door or tries to phone home. But for all practical purposes they must have a router in place upstream that rejects many port probing and flooding attacks, check here.

In theory, slow dial-up is a less than optimal target for a hacker naturally. But realize that malware usually doesn't care what connection you have, particularly if executed locally, it just sees an active TCP/IP connection and does what it was told to do. In other words, if your web browser can successfully connect to webpage addresses that you type in, then any malware can do the same. So there is a threat level present, but careful computing is the primary defense. Executing all manner of dangerous programs locally on your computer is one way to still get into trouble.

Having said that, I never really used a local software firewall or realtime AV on Win9x over dial-up except out of curiosity for testing.

So in your situation, I would simply keep timely backups ( the best is a cloned separate HDD with incremental updates applied periodically ) left on a shelf. Then I would happily run without AV and just be careful. If the worst happens, I just swap in the spare HDD. Note, that spare HDD should NOT be left in all the time as a D: drive ( or whatever ) because that is NOT a reliable backup. In the case of a virus infection, all connected drives, should be considered suspect. So, incremental backup and then remove is the best practice.

If you have a 2nd computer which is normally kept offline, you can always do what I mentioned elsewhere: insert the infected drive and clean it like its a floppy disk. That spare machine would need to have a decent on-demand AV scanner and its definitions would need to be updated from time-to-time.

... Let him who hath understanding reckon the Number Of The Beast ...


#7
LostInSpace2012

LostInSpace2012

    Senior Member

  • Member
  • PipPipPipPip
  • 589 posts
  • Joined 20-August 12
  • OS:ME
  • Country: Country Flag

Donator

Yes, my internet is on "plain telephone wire" I presume. I just plug my computer in the phone jack in the wall. If somebody tries calling, then they get a busy signal :-)

Thank you guys for the great responses.

Charlotte, regarding the GRC "Shields Up" Firewall test.... maybe you can decipher the results for me. After reading what you said, I don't believe my ISP (netzero) does any filtering "down stream" to my computer.

The reason why is because I have run the GRC test multiple times, and the PC Flank test from another website, with and without my firewall activated. When my firewall was acitivated it said my computer was secure and the ports were either closed or stealthed. When I retook the test without my firewall, everything was open and I completely failed the GRC test!

Needless to say, I turned Tiny Firewall back on!

I'm definitely no expert at all about this stuff. I'll just report what I do know:

I use Tiny Personal Firewall. Upon installation it prompts the user whether or not to share NetBIOS access. Every time I've installed it, I always check "NO. Don't share my files."

I then have proceeded to taket the GRC test. Results are always the same: "File Sharing: unable to connetc to NetBIOS on my computer. My computer is well hardened against internet attacks." Or something to that effect.

Next up, I do the simple port scan then the advanced port scan. The results are always the same, "All ports tested are stealthed." A curious thing though is that ports zero and 1 are merely closed, not stealthed. So in that regard my computer is visible, it always fails the "True Stealth" test. Because I have a couple ports that are closed instead of stealthed. No big deal I figure.

Anyways, sometimes, randomly while surfing the web I'll get a pop-up screen telling me that "Somebody at address xxx.x.x.xxx wants to Connect to SeaMonkey using port x.xx...x Permit or Deny." I always choose deny. Sometimes I also get pinged. I've looked at the internet address in my logs to see who pinged me. I then do a google search of that specific IP address and it's always from China.

So, if my ISP was protecting me before sending me data, then in theory I shouldn't get random people trying to connect to my ports or ping me, correct?

The only reason I think I never got hacked before I started using Tiny Firewall two years ago, is that Windows ME by default has file sharing turned off... contrary to Windows 98 which is on by default.

I still don't understand what file sharing has to do with having "open" and "closed" ports though, because back then I wasn't using a firewall at all but I still never had any visible signs of computer hijacking or mysterious glitches.

Which is why I think the entire concept of Dial-up security is completely neglected. I did research this issue a couple years ago, and after reading some articles by alleged "computer professionals" I came to the conclusion that I at least should have a "software firewall" installed.... even on dial-up.

Another thing is, if Netzero actually did filter or block or whatever the data going "downstream" to their customers, I wonder why they'd bundle the Norton Antivirus software free with their Netzero software.

Basically, the whole issue of 9x security is one giant foggy no-man's land to me. Who know's what works and what doesn't.

Again, I appreciate the replies.

Edited by LostInSpace2012, 22 February 2013 - 01:26 AM.


#8
TmEE

TmEE

    Mega Drive Modding Master

  • Member
  • PipPipPip
  • 363 posts
  • Joined 17-September 08
  • OS:98SE
  • Country: Country Flag
I have not used any anti-virus programs for about 7 years now, and I have not got any viruses. I do some scan on another computer from time to time but that has not shown anything.
Posted Image Mida sa loed ? Nagunii aru ei saa ;)

#9
CharlotteTheHarlot

CharlotteTheHarlot

    MSFN Master

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,054 posts
  • Joined 24-September 07
  • OS:none specified
  • Country: Country Flag

Yes, my internet is on "plain telephone wire" I presume. I just plug my computer in the phone jack in the wall. If somebody tries calling, then they get a busy signal :-)

So you are on 56K then, not ISDN?


IAfter reading what you said, I don't believe my ISP (netzero) does any filtering "down stream" to my computer.

No data filtering for sure, but there should be some form of router up there providing some rudimentary port defense ( but I suppose they might just be cheap and be using some bare bridge type of device ). Testing with and without firewall should provide an answer. For a comparison, an example of running really bare would be on broadband, where you have the cable modem sitting near the computer, and rather than inserting a router between them you jack the computer NIC straight into the modem ethernet port. This is as bad as it gets since the IP is usually static at the modem and assuming no software firewall on the PC, you should get probed rather quickly and compromised soon thereafter all at Mbits speed ( hence the firewall added in WinXPsp2 ). I guess it is possible that NetZero has developed the same scenario by using something upstream that just mirrors all ports to your system, but they should have learned something by now and at least used routers with some kind of protection against DDoS and the like.


IThe reason why is because I have run the GRC test multiple times, and the PC Flank test from another website, with and without my firewall activated. When my firewall was acitivated it said my computer was secure and the ports were either closed or stealthed. When I retook the test without my firewall, everything was open and I completely failed the GRC test!

Well that is surprising to me. And I guess that is your answer. NetZero apparently provides your system with the ability to use any ports and be attacked via the same. Consequently, a software firewall would seem to be critical now. The one test control I would perform would be to try one or two non-firefox browsers ( Opera and MSIE with no plugins or widgets and no extras like "Sync" or whatever ). Reboot first, and immediately launch the Shields Up page. Don't visit any other sites or pages first to rule out some flash ad or something that might open a port somehow. Get results from all three the same way ( reboot, etc ) with and without firewall for a total of 6 different passes and then we can come to some conclusions about your default security status from NetZero ( but yes, it is not looking good so far ). I'm not sure if you can disable the firewall before reboot, but it is possible that the firewall software itself is using some port even, when disabled, for back-channel communication.


II use Tiny Personal Firewall. Upon installation it prompts the user whether or not to share NetBIOS access. Every time I've installed it, I always check "NO. Don't share my files."

I then have proceeded to taket the GRC test. Results are always the same: "File Sharing: unable to connetc to NetBIOS on my computer. My computer is well hardened against internet attacks." Or something to that effect.

That is the correct message, no NetBIOS. I can't think of a good reason for it ( maybe that photo sharing option that comes with every camera or webcam? ) and it dates back to DOS, maybe even before Netware. Windows has it for backward compatibility I guess, and this is fine as long as it can easily be disabled. I think in Win9x it is a service so that registry needs to be deleted if I remember correctly. Also, I believe it comes back from time to time piggybacking on some INF file that gets launched when you Add/Remove a network adapter or use that "Windows Setup" tab in Add/Remove ( the one that reinstalls everything "checked", instead of only the things you "just" checked at that moment ). But yes, it should be disabled. Your status is correct.


Next up, I do the simple port scan then the advanced port scan. The results are always the same, "All ports tested are stealthed." A curious thing though is that ports zero and 1 are merely closed, not stealthed. So in that regard my computer is visible, it always fails the "True Stealth" test. Because I have a couple ports that are closed instead of stealthed. No big deal I figure.

Like I said above, if possible do a more controlled test with 3 browsers and firewall on and off. A quick Google finds this thread with users of Comodo firewall, and one possible reason is that ICS ( Internet Connection Sharing ) changes those ports to "closed" when ICS is disabled. If ICS isn't present in WinME, then perhaps something similar is doing the same. From what I read, it is most likely not a problem, but since we cannot rule out something in Sea Monkey yet ( hence the multiple browser experiment ), it is still too soon to know why they are not "Stealth".


Anyways, sometimes, randomly while surfing the web I'll get a pop-up screen telling me that "Somebody at address xxx.x.x.xxx wants to Connect to SeaMonkey using port x.xx...x Permit or Deny." I always choose deny. Sometimes I also get pinged. I've looked at the internet address in my logs to see who pinged me. I then do a google search of that specific IP address and it's always from China.

So, if my ISP was protecting me before sending me data, then in theory I shouldn't get random people trying to connect to my ports or ping me, correct?

Yes, it is starting to look like NetZero is not blocking any ports. If your software firewall is catching pings they certainly are not preventing anything from swimming downstream to you. For all practical purposes there is no hardware firewall present. Does your software firewall show attempts on any port or just those not in "Stealth"? I'm not sure what is an appropriate or unusual level of pinging for you. I believe it directly correlates to the bank of IP addresses your ISP and you reside in. The bad guys will go for the low hanging fruit and they would know where that fruit is. It could be that NetZero IP's gets more or less than say another ISP so it simply comes with the territory. Or, there might be more war dialing port scanners in operation this week rather than last. Who knows.


The only reason I think I never got hacked before I started using Tiny Firewall two years ago, is that Windows ME by default has file sharing turned off... contrary to Windows 98 which is on by default.

Yep, that makes sense.


I still don't understand what file sharing has to do with having "open" and "closed" ports though, because back then I wasn't using a firewall at all but I still never had any visible signs of computer hijacking or mysterious glitches.

Open ports are a prerequisite for file sharing. When you have a router or software firewall you will almost always need to edit the configuration temporarily to use something like a torrent. As far as not getting hijacked, that is the result most people on dial-up report, including myself when I used it. The biggest security risk was never from remote invaders, but actually from executing an infected file or malware installer locally. The payload may be present already and is easily installed or it simply phones home knowing your exact defenses and comes back through whatever ports are open, with a payload ready to go.


Another thing is, if Netzero actually did filter or block or whatever the data going "downstream" to their customers, I wonder why they'd bundle the Norton Antivirus software free with their Netzero software.

I think we are now understanding why they bundle AV in there, their customers have the ( low speed ) equivalent of a naked broadband router modem and without some protection they will get compromised. A better question is why not include a firewall instead or in addition to it ( note, you said they include NAV not NIS ). Realtime AV, as I often state, is completely optional as long as the computer user is careful because IMHO the bad outweighs the good, but YMMV. Without a proper router though, a software firewall is clearly essential.

EDIT: modem, not router

Edited by CharlotteTheHarlot, 22 February 2013 - 05:23 AM.

... Let him who hath understanding reckon the Number Of The Beast ...


#10
LostInSpace2012

LostInSpace2012

    Senior Member

  • Member
  • PipPipPipPip
  • 589 posts
  • Joined 20-August 12
  • OS:ME
  • Country: Country Flag

Donator

Thanks, Charlotte. You've helped me better understand all this router stuff. And you've confirmed what I've suspected about my ISP.

Yes my connection is 56k.

I tried running the "GRC ShieldsUp" test using Opera and K-Meleon, the results were the same. Same ports were closed and everything.

As far as when I get attacked, it's never to the visibly closed ports (#0 and #1), but instead to port 1050 or some high number like that. Whenever I'm alerted to it, I immediately disconnect.

I used to get pinged more often, like once a day, but I created a preset rule in the firewall to automatically ignore them.

Tried other firewalls that are Win9x compatible (Sygate 5.x, Zone Alarm 3.7, Outpost 1.0), and while they completely 100% stealthed my system, they also slowed my internet down. The bigger the program, the slower my internet was.

Now getting back to the viruses.... I keep the final version of F-Prot for DOS around, just in case I need to scan a possible "payload" as you put it. It's old, but I figure whatever Win9x malware is out there, that program will detect it.

I might put ClamWin back on my machine... my paranoia may get the better of me.... I never bothered with the real-time ClamSentinel though. Don't have the RAM for that.

#11
CharlotteTheHarlot

CharlotteTheHarlot

    MSFN Master

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,054 posts
  • Joined 24-September 07
  • OS:none specified
  • Country: Country Flag

As far as when I get attacked, it's never to the visibly closed ports (#0 and #1), but instead to port 1050 or some high number like that. Whenever I'm alerted to it, I immediately disconnect.

Most likely these are not something to bother disconnecting for ( more links ). You say all the ports except 1-2 are "stealth" right? So on those higher ports the packets should just be harmlessly rejected anyway. If you have a rule to handle them, set it to just log it for future reference with no prompt and be done with it. I just double-checked what Gibson had to say about those definitions ... and with "closed" the best a real intruder can do is know that your computer port exists, but go no further. I suppose if he was really evil and intent on penetrating your 56K system ( probably 5 KB/s, not a lot of value for them ), he could ping it mercilessly 24/7/365 until that moment your firewall is off and, well, still do nothing :lol: Don't sweat it. Even if you were on broadband I wouldn't sweat it ( It kinda takes the fun out of it ).

But it is worth checking the port status periodically to make sure something doesn't get opened up behind your back and stay open. If you run all kinds of expert uber-utilities or dangerous programs they might change something.

I still would suggest just cloning the C: drive to a separate spare HDD on a shelf, and also keep a backup computer around for scanning and cleaning the C: drive if possible. With those two fallback plans in place nothing can really hurt you.

... Let him who hath understanding reckon the Number Of The Beast ...


#12
LostInSpace2012

LostInSpace2012

    Senior Member

  • Member
  • PipPipPipPip
  • 589 posts
  • Joined 20-August 12
  • OS:ME
  • Country: Country Flag

Donator

Thanks for the help.

I got my backups on flash drives and CD-R's.

No "expert uber-utilities" either, LOL.

Just some old DOS games :-)

#13
MiKl

MiKl

    Member

  • Member
  • PipPip
  • 121 posts
  • Joined 01-December 11
  • OS:98SE
  • Country: Country Flag

I stopped having problems when I stopped using peer-2-peer file sharing networks and Internet Explorer. And that was like back in the days of Kazaa and IE 5. Since then, nothing. No more homepage getting hijacked to porn websites, no more blue screens of death, or freezes. In fact, as soon as I started using Netscape 9 I never had another problem. I've gone from using Netscape 9 to K-Meleon and Seamonkey and Opera. Never had any problems.


I would strongly suggest using NoScript !! And for stuff that you can't get rid off with NoScript - also AdBlockPlus !!
I am a movie buff and the German database OFDB is plagued with advertising, pop-ups, etc. but not with these two apps :thumbup

#14
AnX

AnX

    ...

  • Member
  • PipPip
  • 171 posts
  • Joined 20-June 12
  • OS:Windows 7 x64
  • Country: Country Flag
So, in conclusion, we only need Firewall and AdBlock on a Windows 98 machine? AV is really not necessary?

#15
CharlotteTheHarlot

CharlotteTheHarlot

    MSFN Master

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,054 posts
  • Joined 24-September 07
  • OS:none specified
  • Country: Country Flag

So, in conclusion, we only need Firewall and AdBlock on a Windows 98 machine? AV is really not necessary?

No two people are the same, so it cannot be stated as simply as you did. I'm using no AV on WinXP, always on Admin, been doing that for years. The three main ingredients IMHO are ...

Use a Router. A hardware firewall has no equal. The built-in Windows software firewall is actually also running on mine but is pretty much obsolete in my case.

Don't use MSIE. Change the default browser to something else, I like Opera myself, so that any program that opens the system web browser does not get the expected MSIE with it's well-known holes and exploits and myriad settings visible in the registry.

Be Smart. The obvious stuff like not running stuff in attachments, not using those stupid software downloader stubs, not installing toolbars and other freebies packed in distributions, extracting EXE's and examining the contents before running them, using local on-demand or online scanners for risky files, etc. Above all, don't execute possible malware locally, if you do you will regret it.

Running on Win9x is pretty much running as Administrator and it only takes a microsecond for something executed locally to plant itself in deep. Even though there are less autorun locations than on WinXP+, there are still very many places for malware to attach itself to in order to be a persistent pain. At least it is much much easier to clean up a malware mess.

Of course, the most important thing that should be said and is something that needs to be repeated for many threads here ... don't experiment on your one and only computer. Win9x is so simple to back up that it is criminal not to have a fallback. Having a second computer is another way. If the second computer is kept clean and offline, then whatever happens on the first computer will never be a big deal because you can just pop out the system disk drive and place it in the second one and clean it in isolation. Having this kind of fallback in place, and believe me this is something I do, means that I can afford to live somewhat dangerously. Anyone who cannot be troubled to take these precautions should not even be entertaining these thoughts.

... Let him who hath understanding reckon the Number Of The Beast ...


#16
Hoko

Hoko

    Member

  • Member
  • PipPip
  • 107 posts
  • Joined 04-April 13
  • OS:95
  • Country: Country Flag

Donator

That's music to my ears :lol:
Gateway eMachine eTower 466is - Windows 95c v2.5
Processor Intel Celeron 466mhz - RAM 256mb
HDD 120gb - Graphics Card Nvidia GeForce FX5200 256mb pci
Sound Card Sound Blaster 16 isa

Dell Optiplex GX150 Small Desktop - Windows 98SE
Processor Pentium 3 1GHz - RAM 512mb
HDD 120gb - Graphics Card Nvidia GeForce FX5200 256mb pci

IBM ThinkCentre - Windows XP Home Edition
ID# 814815U - Processor Pentium 4 2.8GHz - HDD 250gb
RAM 2.5gb - Graphics Card Nvidia GeForce 6200 512mb pci

#17
AnX

AnX

    ...

  • Member
  • PipPip
  • 171 posts
  • Joined 20-June 12
  • OS:Windows 7 x64
  • Country: Country Flag
I'd still use an AV, since I have the habit of it, and updating backups is too much work for a secondary PC.
I use Spybot Search& Destroy as an AntiSpyware for Windows 98, and with Firefox 10, I can have AdBlock Plus.
I'm thinking an on-demand scanner is good, so I'll just get one of those.

Edited by AnX, 17 April 2013 - 07:20 PM.


#18
Tommy

Tommy

    Brooke's Tommy honey <3

  • Member
  • PipPipPipPip
  • 506 posts
  • Joined 19-February 10
  • OS:98SE
  • Country: Country Flag

and with Firefox 10, I can have AdBlock Plus.


Adblock Plus for Firefox works as far back as the late 3.6 versions which I still use myself as I don't like the newer versions so much. It seems to be trying to imitate Chrome a little bit too much for my liking that it just isn't as good to me and the fact that it seems anything too new doesn't work 100% on 98.

Edited by Tommy, 21 April 2013 - 04:01 PM.

Daily running Windows 2000 Pro SP4 and Windows 98 Second Edition

2dtzy51.png
stillwin9xmsfnbt0.png


#19
Giant2011

Giant2011

    Member

  • Member
  • PipPip
  • 174 posts
  • Joined 05-June 11
  • OS:98SE
  • Country: Country Flag
I still use Avast and it still updates and I use Jetico Personal Firewall 1.0.1.61 with windows 98 SE

#20
Cyberguy

Cyberguy
  • Member
  • 3 posts
  • Joined 19-May 08
Would the KernelEx patch that allows running more modern software on Win98 also allow more viruses, worms, malware etc to run under Win98 ?

#21
dencorso

dencorso

    Iuvat plus qui nihil obstat

  • Supervisor
  • 6,117 posts
  • Joined 07-April 07
  • OS:98SE
  • Country: Country Flag

Donator

Probably.

#22
loblo

loblo

    Oldbie

  • Member
  • PipPipPipPipPip
  • 766 posts
  • Joined 12-January 10
  • OS:ME
  • Country: Country Flag

Would the KernelEx patch that allows running more modern software on Win98 also allow more viruses, worms, malware etc to run under Win98 ?

Most unlikely as KernelEx offers no low level compatibility with NT systems.

#23
dencorso

dencorso

    Iuvat plus qui nihil obstat

  • Supervisor
  • 6,117 posts
  • Joined 07-April 07
  • OS:98SE
  • Country: Country Flag

Donator

Truth is, whatever we may say, the thread's title question is intrinsecally unanswerable. And Cyberguy's question about KernelEx is intrinsecally unanswerable, too.
It would be necessary to set up two identical machines, one with state-of-art 98SE or ME and the other with, say, Windows 7 updated as per MS's recommendations and put them under attack by a *representative* sample of current malware, for a given time interval, and then count the infections... But: what is a *representative* sample of current malware, and for how long? As I understand such an experiment to be unfeasible, to me, those questions are unanswerable.

#24
Fredledingue

Fredledingue

    MSFN Expert

  • Member
  • PipPipPipPipPipPip
  • 1,267 posts
  • Joined 10-February 05
  • OS:98SE
  • Country: Country Flag
As Dencorso said, we need a more scientific aproach to answer this question. yet it's safe to say that by our common experience, W98 has a very low risk of infection.

We have never seen anyone in the last 5 years, posting here to ask how to get rid of a virus.
IMO antivirus and firewalls are totaly useless on w98.

Now saying that we will never be infected should we open obviousely dangerous websites with IE6 and leave the machine 24/7 on line for weeks... is a little bit presumtuous.

I neve had an antivirus installed in the last 5 years at least, and before that, never had a virus since 1999.
(and that virus came from a floppy!)

yet I'm positive that I would not catch viruses easily with W7 the way I use my computer.

As the saying goes, infection risk depends more on your behavior than on your OS. Poeple who are careful and know how to avoid viruses will almost never catch one and can safely go naked everywhere and do everything without any protection.

The problem with new OSes thought, is not so much viruses, it's bloatwares/garbagewares/uselsesswares. It seems that all Vista/7 machine get a new bloatware installed, God-knows-how once every 6 months on average and you have no idea what this software is doing and wether or not you can remove it.
On a w98 that sort of joke would be cut short very swiftly.

HTASoft.com

superchargedwindows9xig1.png
Still Using W98SE+++ ...Daily.

#25
LostInSpace2012

LostInSpace2012

    Senior Member

  • Member
  • PipPipPipPip
  • 589 posts
  • Joined 20-August 12
  • OS:ME
  • Country: Country Flag

Donator

I think it wouldn't hurt to have a couple on-demand scanners for Win9x. But anything that scans real-time would probably be completely pointless.

Clamwin, F-Prot for DOS, older version of AVG and Antivir. You can find them on Oldapps or Filehippo.com

I won't be downloading any versions of Clamwin byeond 0.97.6.

The brand new ClamWin is like 20 Mb bigger than the last. Huge jump in file size, and probably the memory footprint and the time it takes to scan as well.

so, my computer has virus protection from the ancient DOS viruses (using F-prot) all they way up to newer viruses thanks to ClamWin. But I won't be upgrading them anymore because they never find anything anyway.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users