[dencorso]

Probably.

[loblo]

Cyberguy, on 24 April 2013 - 09:31 AM, said:

Would the KernelEx patch that allows running more modern software on Win98 also allow more viruses, worms, malware etc to run under Win98 ?

Most unlikely as KernelEx offers no low level compatibility with NT systems.

[dencorso]

Truth is, whatever we may say, the thread's title question is intrinsecally unanswerable. And Cyberguy's question about KernelEx is intrinsecally unanswerable, too.
It would be necessary to set up two identical machines, one with state-of-art 98SE or ME and the other with, say, Windows 7 updated as per MS's recommendations and put them under attack by a *representative* sample of current malware, for a given time interval, and then count the infections... But: what is a *representative* sample of current malware, and for how long? As I understand such an experiment to be unfeasible, to me, those questions are unanswerable.

[Fredledingue]

As Dencorso said, we need a more scientific aproach to answer this question. yet it's safe to say that by our common experience, W98 has a very low risk of infection.

We have never seen anyone in the last 5 years, posting here to ask how to get rid of a virus.
IMO antivirus and firewalls are totaly useless on w98.

Now saying that we will never be infected should we open obviousely dangerous websites with IE6 and leave the machine 24/7 on line for weeks... is a little bit presumtuous.

I neve had an antivirus installed in the last 5 years at least, and before that, never had a virus since 1999.
(and that virus came from a floppy!)

yet I'm positive that I would not catch viruses easily with W7 the way I use my computer.

As the saying goes, infection risk depends more on your behavior than on your OS. Poeple who are careful and know how to avoid viruses will almost never catch one and can safely go naked everywhere and do everything without any protection.

The problem with new OSes thought, is not so much viruses, it's bloatwares/garbagewares/uselsesswares. It seems that all Vista/7 machine get a new bloatware installed, God-knows-how once every 6 months on average and you have no idea what this software is doing and wether or not you can remove it.
On a w98 that sort of joke would be cut short very swiftly.

[LostInSpace2012]

I think it wouldn't hurt to have a couple on-demand scanners for Win9x. But anything that scans real-time would probably be completely pointless.

Clamwin, F-Prot for DOS, older version of AVG and Antivir. You can find them on Oldapps or Filehippo.com

I won't be downloading any versions of Clamwin byeond 0.97.6.

The brand new ClamWin is like 20 Mb bigger than the last. Huge jump in file size, and probably the memory footprint and the time it takes to scan as well.

so, my computer has virus protection from the ancient DOS viruses (using F-prot) all they way up to newer viruses thanks to ClamWin. But I won't be upgrading them anymore because they never find anything anyway.

[CharlotteTheHarlot]

LostInSpace2012, on 01 May 2013 - 02:49 AM, said:

I think it wouldn't hurt to have a couple on-demand scanners for Win9x. But anything that scans real-time would probably be completely pointless.

Agreed.

McAfee v6 still working on Win9x using current DAT files.

See here.

[Nomen]

I was testing a malware link recently on my win-98 system (with Kex) with Firefox 2.0.0.20, Adobe reader 6.0.2, and Java 1.6.0_43. This is what happened:

The link ends up causing my system to load the Java engine and process some java code, which in turn tries to invoke acrord32.exe and render some sort of pdf file. Java and Acrord32 displayed these error messages:
------
Application Error
General Exception (!)
java.lang.NullPointerException

(ok) (Details)
-------

And this:

-------
Acrobat plug-in
! This operation is not allowed
(ok)
-------

Looking at the Details for the Java error:

-------
java.lang.NullPointerException
at sun.net.www.ParseUtil.encodePath(Unknown Source)
at sun.misc.URLClassPath$Loader.getResource(Unknown Source)
at sun.misc.URLClassPath.getResource(Unknown Source)
at sun.applet.AppletClassLoader.getResourceAsResource(Unknown Source)
at sun.applet.AppletPanel$7.run(Unknown Source)
at sun.applet.AppletPanel$7.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.applet.AppletPanel.createSerialApplet(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
-------

Before I dismiss these error messages, I do a search for all recently-created files. I find these in windows/temp:

Acr6392.TMP
Acr6390.TMP
Acr639C.TMP

Small, useless PDF files. I can't find anywhere on the web to verify this, but I believe that Adobe reader must create these temp files during it's normal operation, so these are harmless. AV scan on them turns up nothing.

I find this file in windows/application data/sun/java/deployment/cache/6.0/host: 31ba0019-40d9db35.hst It's a text file that contains this: 184.82.108.82

I have this file in my firefox cache directory: 10D13CC8d01. It contained comma separated decimal representations of ASCII characters for the <applet>some stuff</applet> container. Also contained period separated values represent the ASCII characters for JavaScript for downloading of the malicious PDF, Java jar, and Shockwave flash object. The malicious PDF contained stream object (111) which is a compressed obfuscated JavaScript which works on yet another blob which is the PDF heapspray/exploit code which also has two shellcode variables. The shellcodes had URLs that were not encrypted.

VirusTotal identified that file as containing: JS/Exploit-Blacole.ld - but only 2 out of 46 AV programs flagged the file as malicious.

I dismiss the java error, and then the adobe error. Immediately another Acrord error pops up (same as the first). I dismiss it. Firefox then comes back to life and displays this page:

www.google.com/search?q=404%20error

And at this point we seem to be done, with no lasting effects. This lame attempt at a browser/java/pdf exploit just bounced off my win-98 system.

I have yet to find a pdf exploit that can work correctly on the combination of win-98/Acrobat Reader 6. And the heap/spray exploits seem not to work correctly on win-98 systems as well. And many of the malware files that I seek out (as a result of following recent spam links) turn out to have a very low rate of being identified by antivirus programs - at least during their first day of circulation.