Jump to content

Life after Avast 4.8

frogman

By frogman
in Malware Prevention and Security

 Share

Recommended Posts

frogman

frogman

Posted
Posted (edited)

I use Avast free 4.8 1296 at the moment on my 98 S.E computer, but I see that Avast will more than likely drop support sooner or later, does anyone have any ideas of any free AV protection program that still operates for basic AV protection apart from Avast for 98 S.E

Edited by frogman

Zathras

Zathras

Posted
Posted (edited)
///but I see that Avast will more than likely drop support sooner or later, does anyone have any ideas of any free AV protection program that still operates for basic AV protection apart from Avast for 98 S.E

To the best of my knowledge, Avast! is the last FREE real-time/full-time AV which supports W9x/ME.

As stated on their "system requirements" page, Avast! is ending support for W9x/ME at the end of 2009: http://www.avast.com/eng/system-requirements-avast-home.html

Along with the previously mentioned Clamwin, other on-demand AV products for Win98/ME include:

BitDefender 10 Free Edition:

http://www.bitdefender.com/bd/site/products.php?p_id=24

"Dr. Web CureIT!", and the Dr. Web "LinkChecker" (scan files before downloading):

http://new-download.drweb.com/ (On the lower left of the page, under "Free utilities".)

McAfee Avert Stinger:

http://vil.nai.com/vil/stinger/

Edited by Zathras
oc_dt

oc_dt

Posted
Posted

Currently, I'm with AVG 7.5 on 98SE. It is still keeping itself updated everyday, though AVG claimed to stop 98 support already.

Knowing that Avast is dropping 98, I'm sort of uneasy. Are we reaching the end of 98? I don't quite like the idea of going to XP. Seems that the situation is forcing us to...

I should have a CD of XP shelved somewhere, I'm feeling reluctant searching it during the holidays.

Ah, have a Merry X'mas, mates!

frogman

frogman

Posted
  • Author
Posted
Currently, I'm with AVG 7.5 on 98SE. It is still keeping itself updated everyday, though AVG claimed to stop 98 support already.

Knowing that Avast is dropping 98, I'm sort of uneasy. Are we reaching the end of 98? I don't quite like the idea of going to XP. Seems that the situation is forcing us to...

I should have a CD of XP shelved somewhere, I'm feeling reluctant searching it during the holidays.

Ah, have a Merry X'mas, mates!

Sorry to be the bearer of bad news, but check this link re AVG 7.5 Free Edition.

http://freeforum.avg.com/read.php?2,136697,backpage=,sv=

herbalist

herbalist

Posted
Posted

I also stopped using resident AVs nearly 3 years ago on all versions of Windows. There's more efficient ways of securing Windows that don't cost anything and don't have impact performance nearly as much as an AV.

Rick

oc_dt

oc_dt

Posted
Posted
I also stopped using resident AVs nearly 3 years ago on all versions of Windows. There's more efficient ways of securing Windows that don't cost anything and don't have impact performance nearly as much as an AV.

Rick

May you explain it further on the ways for securing it please? The 'no-cost' idea is tempting! :rolleyes:

herbalist

herbalist

Posted
Posted
I also stopped using resident AVs nearly 3 years ago on all versions of Windows. There's more efficient ways of securing Windows that don't cost anything and don't have impact performance nearly as much as an AV.

Rick

May you explain it further on the ways for securing it please? The 'no-cost' idea is tempting! :rolleyes:

The primary reason that Windows is so vulnerable to malware, exploit code, etc is the operational policy it's designed around to start with, default-permit. In its simplest terms, it translates:

Anything not specifically blocked is permitted. This applies to the users, installed software, and the operating system itself. It includes running processes/applications, interprocess activity, network/internet access, and active content.

AVs are an extension of this default-permit policy, comparing accessed files and processes against a database identifying about half a million bits of malicious code (blacklist). Anything that matches is blocked, quarantined, deleted, whatever the AVs behavior is set to. Any code the AV doesn't recognize is allowed. Heuristics added behavior checking to the equation. The behavior or activity of the code or process checked for actions considered to be malicious or questionable. Like signature based detection, it's effectiveness is limited.

The most effective way to secure Windows is to implement the exact opposite of its normal default-permit policy. Block everything by default, then allow only what is necessary for normal operations as exceptions. Instead of having AVs, ATs, anti-spyware, etc trying to keep up with an almost infinite quantity of malicious code pieces and almost as many questionable behaviors, aka a 10MB+ blacklist that's never complete or completely up to date, use a whitelist approach, a much smaller database of the allowed processes, user applications, and system components on your PC.

Another big "as installed" weaknesses in 98 is the lack of separation between user and system administrator. Define a clear line between user and administrator functions and configure the system so that administrative functions are not accessible in user mode. Make all installing, updating, and altering of all settings administrative tasks.

The system policy editor is very useful for both of the above. It's on the 98 install CD but is not installed by default. It can be found at "\tools\reskit\netadmin\poledit" for both 98FE and SE. It can be run from the CD or installed. The policy editor works by changing system settings, most of which are stored in the registry. It can be used to make a whitelist of permitted user apps. Use Poledit.exe to open the registry, then select: 

local user>Windows 98 system>restrictions>only run allowed windows applications

. Click "show", then use the "add" dialog to add the applications you want to allow. Use the actual filenames such as seamonkey.exe, poledit.exe, etc. I strongly suggest that you make a registry backupand make certain that you can boot to DOS and successfully use that restore before starting your whitelist. You can also use TestRun to make a duplicate test registry you can experiment on while protecting your true registry. While you're building the whitelist, make sure to include poledit.exe in it or you'll lock yourself out of your whitelist.

The 98 system policy editor is not as powerful as its NT counterparts. It has weaknesses, starting with not checking the signature of the applications it's allowing or its location in the file system. It can be defeated by renaming an executable with the name of an allowed process. This used to be a common tactic of malware that's not seen much anymore. The newer security apps and operating systems check for this. Even so, the policy editor is still very useful, especially when you consider that the majority of infections are the result of something the user clicked on, opened, etc. If you want a more powerful option that checks the integrity and location of the applications, one that can control the activities of individual applications and system components, an application firewall or HIPS will give you that control. Unfortunately, I only know of one that will run on 98, the free version of System Safety Monitor. It's also the only method/application I know of that enables the user to choose what other apps/executables each application is allowed to launch on a 9X system. That level of control enables the user to apply a default-deny policy to each individual process, allowing each one only the access to other processes/system components that's required for them to function normally, no more.

The Win98 operating system is not targeted as much by malicious code as the newer systems. That said, code that targets the user applications is increasing. Apps other than Internet Explorer are being targeted. The list includes any application, extension, or plugin that opens external and internet content. Code that exploits user apps often makes use of their integration with each other and with the operating system, eg opening media files, PDFs, etc in a browser. When the browser is part of the operating system (Internet Explorer), a vulnerability in a BHO or plugin becomes an OS vulnerability. Configuring the operating system and applications to work separately often prevents code that compromises an individual application from compromising the entire system. The system policy editor and an application firewall can have roles here as well.

Malicious code on the internet can be filtered out, either before it gets to the browser or at it. Applying default-deny here can filter out all additional content, JS, java, activeX, media, ads, etc, then allow it when needed as exceptions. Browser plug-ins such as NoScript and Adblock perform much of this. If you want more control that works for all browsers, look into Proxomitron. The default-deny policy can be applied to internet traffic as well using a firewall. Except for DNS, the 98 operating system itself doesn't need internet access and shouldn't have it.

Most would call this setup overkill. Implementing an effective default-deny policy does take some time. It does require that the user understands their system well enough to know what is and isn't necessary for the way they will be using it. When well implemented, it makes a system almost bulletproof. If default-deny is something you'd like to try, we can cover the details in a separate thread.

Rick

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...