Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


spacequakes

Which Antiviruses are Known for a Fact to be Working on XP SP3 as of 2019?

Recommended Posts

On 7/1/2019 at 6:32 PM, Usher said:

I tried to use similar changes for Windows Defender in XP (using only AS signatures) and added:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WIndows Defender\Signature Updates]
"ASSignatureDue"=dword:0000016d

…but it didn't work.

Then I have changed another value:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Signature Updates]
"ASSignatureApplied"=hex:d0,b7,16,db,25,30,d5,01

…which contains LDAP timestamp - and it works! So for Windows Defender it's enough to set current LDAP timestamp there and update it when needed.

I had to restart Windows XP with both registry entries added and Windows Defender displayed yellow "!" again. So I updated ASSignatureApplied value, opened Defender GUI and it worked once again. Now I remove ASSignatureDue value and try to keep this PC without restart for longer time…

Share this post


Link to post
Share on other sites

Posted (edited)
On 7/12/2019 at 11:56 PM, dencorso said:

Well, now that the poor dead horse has been beaten to a pulp, minced and ground, on top of it, what should we do?
Horse-hamburgers or horse-nuggets? Or maybe spaghetti al sugo with horse-meatballs? :unsure:

I have installed the Malwarebytes and the MSE with latest known old virus definitions, should i stay like this and i´m good, or better unnistall MSE and stay only with malwarebytes free?

Edited by Queroexperimentar

Share this post


Link to post
Share on other sites

I think you're good! There's no harm in leaving MSE installed along with Malwarebytes (especially considering what a pain it is to remove). Just remember with Malwarebytes free, you have to set aside some time for it to scan your system each day. Perhaps at the end of the day you can start a scan, then see the (hopefully all clean) results the next day.

  • Like 1

Share this post


Link to post
Share on other sites
On 7/19/2019 at 2:22 PM, Mathwiz said:

I think you're good! There's no harm in leaving MSE installed along with Malwarebytes (especially considering what a pain it is to remove). Just remember with Malwarebytes free, you have to set aside some time for it to scan your system each day. Perhaps at the end of the day you can start a scan, then see the (hopefully all clean) results the next day.

I have already uninstalled it without problems, then i installed it again.

The scan with malwarebytes its very fast, its faster than MSE, lots faster i say...

Share this post


Link to post
Share on other sites

I installed this to replace MSE:

https://www.softpedia.com/get/Antivirus/Kaspersky-Free.shtml

The one you want is "External mirror 1 - 2018". The 2019 version doesn't support Windows XP.

It comes with Kaspersky Secure Connection, which is a VPN. I disabled that since I don't need it, but left it installed because it could come in handy once in a while.

I like the fact that I'm not forced to run Kaspersky Free Antivirus all the time, since I prefer to use it as an on-demand scanner.

 

Phil

 

Share this post


Link to post
Share on other sites
Posted (edited)
5 hours ago, pcalvert said:

The 2019 version doesn't support Windows XP.

... Maybe not officially, but it has already been reported as running fine there:

KFA2019 = v19.0.0.1088

As pointed out already, both KFA2018 & KFA2019 require .NET FW 4.0 on XP...

FWIW, there isn't going to be a KFA2020 version, the free product has been rebranded as "Kaspersky Security Cloud - Free" recently:

https://www.kaspersky.com/free-cloud-antivirus
https://www.kaspersky.com/downloads/thank-you/try-free-cloud-antivirus

It also doesn't support XP officially; any brave person here with a curiosity to test it on XP? ;)

Edited by VistaLover
  • Like 2

Share this post


Link to post
Share on other sites

@VistaLover

I can confirm (tested myself) that both KFA 2020 (20.0.14.1085) and SAAS (Kaspersky Security Cloud - Free) don't work on Windows XP SP3 and Windows XP x64 SP2. Official system requirements is Windows 7 and later, can't test on Vista though. In any case, KFA cannot be an adequate substitute for Microsoft Security Essentials because KFA requires Internet connection for installing, activating, updating etc. And KFA is designed for home use only.

  • Like 2

Share this post


Link to post
Share on other sites
4 hours ago, Bersaglio said:

I can confirm (tested myself)

Many thanks for testing! :wub: (... but sorry for the negative result on XP :( ; would it even install at all?)

4 hours ago, Bersaglio said:

that both KFA 2020 (20.0.14.1085) and SAAS (Kaspersky Security Cloud - Free)

? I kind of lost you there :dubbio::huh:

When I visit

https://www.kaspersky.com/free-antivirus

I now get offered the same product as when visiting page:

https://www.kaspersky.com/free-cloud-antivirus

(this wasn't the case some weeks ago...)

Both DOWNLOAD NOW buttons (red in the first URL, green in the second one) offer the same free product, labelled Kaspersky Security Cloud – Free (not KFA 2020, not SAAS), one ends up downloading a stub installer named ks3.020.0.14.1085aen_18801.exe

Some localised Kaspersky sub-sites, e.g. the UK (and Greek) one, haven't yet updated, so on 

https://www.kaspersky.co.uk/free-antivirus

you are still being offered Kaspersky Free (Antivirus), this is KFA2019 (19.0.0.1088aben, includes patches a+b, en-GB GUI), the stub installer downloaded is named just startup_14833.exe

Where have you accessed KFA2020 ?

... and about SAAS; do you mean SaaS (Security as a Service) ? Which other free Kaspersky product is that? :dubbio:

Thanks for any elaboration... :)

5 hours ago, Bersaglio said:

KFA cannot be an adequate substitute for Microsoft Security Essentials because KFA requires Internet connection for installing, activating, updating etc. And KFA is designed for home use only.

In practice, mostly true, with two exceptions:

1. installing: Though hidden by Kaspersky Labs, one might find off-line installers, too (both official and RePacks); e.g. the link for KFA2018 provided by @pcalvert yields an off-line (full) installer.

2. activating: You only need activate (probably) once a year - I can't seem to find literature on off-line activation (was possible with older Kaspersky products, which used key files; might be still possible by using third party tools like KRT Club).

3. updating: See my post here for a way to update KAF2018/KAF2019 off-line ;)

Best regards :)

  • Like 1

Share this post


Link to post
Share on other sites

@VistaLover,

Thank you for letting me know that KFA version 19 runs on Windows XP. I probably won't be installing it, though. I saw a number of complaints (on another forum) that version 19 is missing a bunch of configuration options that are present in version 18.

Phil

 

Share this post


Link to post
Share on other sites
Posted (edited)

@VistaLover

Here in Russia we have both products: KFA and Kaspersky Security Cloud. And we get all releases earlier than the world around. English KFA 20.0.14.1085 version will likely be released later. SAAS is an internal name of the Kaspersky Security Cloud product on Kaspersky servers. Look at this folder: http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/

It contain distribution files for English (UK) version of Kaspersky Security Cloud. Want me to teach you how to build an offline distribution?

Download all these files and put them into a single folder.

http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/common.z
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/coreproduct.z
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/coreproductgdpr.z
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/coreproductnogdpr.z
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/coreproductx64.z
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/eula_en-gb.txt
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/eula_gdpr_en-gb.txt
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ipm.cab
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ksn_antispam_en-gb.txt
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ksn_en-gb.txt
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ksn_ep_en-gb.txt
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ksn_marketing_en-gb.txt
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/product.cab.z
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/product.msi.z
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/rdp_en-gb.txt
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/startup.exe
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/x64.cab.z
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ztuu.z
http://pr-dl.kaspersky-labs.com/bases/kavkis2020/SAAS/corebases.cab
http://pr-dl.kaspersky-labs.com/bases/kavkis2020/SAAS/corebasesx64.cab
http://pr-dl.kaspersky-labs.com/bases/kavkis2020/SAAS/corebasesx86.cab
http://pr-dl.kaspersky-labs.com/bases/kavkis2020/SAAS/instx64.z
http://pr-dl.kaspersky-labs.com/bases/kavkis2020/SAAS/instx86.z
http://pr-dl.kaspersky-labs.com/kleaner/Interactive2020/Global/kleaner.cab

If You also want to use Kaspersky Safe Data Exchange VPN (Kaspersky Secure Connection, different name) add these files too.

http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ksde.cab.z
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ksde.msi.z
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ksde_corebases.cab
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ksde_coreproduct.z
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ksde_coreproductgdpr.z
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ksde_coreproductnogdpr.z
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ksde_eula_en-gb.txt
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ksde_eula_gdpr_en-gb.txt
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ksde_ksn_en-gb.txt
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ksde_ksn_ep_en-gb.txt
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ksde_ksn_marketing_en-gb.txt
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ksde_rdp_en-gb.txt
http://pr-dl.kaspersky-labs.com/en-GB/SAAS/20.0.14.1085/ksde_x64.cab.z

Voila. Run startup.exe and enjoy.

P.S. Sadly it will not install on Windows XP. :(

Edited by Bersaglio
typo
  • Like 1
  • Upvote 1

Share this post


Link to post
Share on other sites

A word of caution about Avast: https://textslashplain.com/2019/08/11/spying-on-https/

TL;DR: Avast uses an obscure feature of Chrome and Firefox, an environment variable called SSLKEYLOGFILE, to spy on https: traffic. Using Process Explorer, I confirmed that it also does this on XP with Advanced Chrome and Firefox 52.9.

Note: it does not appear to do this with New Moon or Serpent. It probably looks at the name of the .exe; basilisk.exe is probably too obscure, and it wouldn't surprise me if MCP removed this support from Palemoon.exe (and hence New Moon), since it could obviously be easily abused.

This isn't necessarily a bad thing. The whole idea of AV software is to scan everything coming into your PC for malware, so scanning https: traffic could just be Avast doing its job. However, the article's postscript is cause for concern:

Quote

PS: I’m told that Avast may be monetizing the data they’re decrypting.

:crazy: But if you think about it, what else would you expect? Avast itself is free; they have to make money somehow....

  • Like 2
  • Upvote 1

Share this post


Link to post
Share on other sites

I regret not being an active participant in this thread before now. I regard my friend VistaLover as the leading browser authority among what remains of the Vista community, but he and I may have to fight over who is the biggest security geek running Vista these days. ;) Of course when it comes to support from security software vendors, Vista and XP are on the same sinking ship. :(

On 8/29/2019 at 8:58 AM, Mathwiz said:
Quote

PS: I’m told that Avast may be monetizing the data they’re decrypting.

:crazy: But if you think about it, what else would you expect? Avast itself is free; they have to make money somehow...

This comes as no surprise to me. Well before the company was acquired by Avast, AVG's privacy policy aroused controversy - but at least AVG was honest about the matter. In a similar vein, Mozilla and Moonchild seem convinced that there is something fishy about the legacy versions of NoScript and uBlock Origin that graciously continued to support us for so long. Am I the only one who has been blocked from installing one of those and directed to learn more at Add-on signing in Firefox? (Alternative extensions do exist, but are probably not as good.)

Despite the above, I am currently using Avast 18.8 on Vista. Avast is the largest third-party antivirus vendor, meaning their telemetry regarding current threats is second only to Microsoft's. Perhaps more importantly for those like me who would prefer not to pay for protection, Avast is the only vendor that has regularly submitted their free version for testing by the independent labs, and its protection scores are always only slightly below the world's best paid antivirus products. One might be tempted to assume e.g. that Kaspersky Free is almost as effective as Kaspersky's superb paid products, but I don't recall seeing any independent tests that would actually confirm that. (If anyone has, a link would be appreciated.) Oh, and Avast's nagging to upgrade seems to be confined to its UI these days. In years gone by, system tray "nagifications" were one thing that led me to embrace Microsoft Security Essentials.

Speaking of "the world's best": Windows 10 is obviously OT here, but security geeks might be interested to know that Microsoft's Windows Defender Is Now One of the Best Antivirus Apps in the World. Nevertheless, perhaps the worst idea I've seen in this thread is to keep 6-year-old Security Essentials 4.4 installed even though definition updates are no longer compatible. (I tested MSE 4.4 on Vista in July, but found that its real-time protection could no longer consistently prevent downloading of the EICAR test file from AMTSO. The MSE uninstaller worked perfectly on Vista - but of course I uninstalled MSE before installing Avast.)

Comodo deserves consideration because they still support XP and Vista. (I did test an early 12.x version of CIS on Vista earlier this year.) I am still bitter toward Panda Free because of an incident that occurred more than 4 years ago - but then again, reinstalling Vista was probably a good idea by that time anyway. :unsure:

Malwarebytes rose to prominence by virtue of being the world's best PUP removal tool. I keep Malwarebytes Free 2.2.1 (the final 2.x version) installed for on-demand scanning, but I never upgraded to 3.x because of mediocre reviews and features I did not want, e.g. ransomware protection that does not support Vista or XP. (Granted, Avast Free doesn't have ransomware protection either.) As pointed out earlier in this thread, Malwarebytes Premium 3.5.1 could serve as your only real-time protection. Unfortunately, the above-referenced independent test showing that Windows Defender is great and Avast Free is quite good also shows that Malwarebytes Premium is not particularly good - and it isn't even free. (I also won't be purchasing Webroot for Vista - but they no longer support XP so you guys are safe.) Those who are willing to pay for a good antivirus should consider Norton (if you can still obtain the maintenance mode version) or Kaspersky (if you trust the Russians and are undeterred by the lack of official support for your OS).

Not exactly an antivirus, but I wonder if anyone here is using Sandboxie 5.22 (the last version to support XP)? I just recently installed it on Vista (see this post). Somewhat surprisingly, it appears to play nicely with Avast Free. (However I took the following precautions: (1) disabled Avast shields during installation of Sandboxie, (2) created an exclusion for Sandboxie's program files folder, and (3) clicked OK when presented with the Sandboxie pop-up shown in my screenshot.) I am writing this post using a venerable Firefox 52.9.0 browser that is both sandboxed and protected by Avast - a virtually unsinkable battleship? :w00t:

  • Like 1

Share this post


Link to post
Share on other sites

After Symantec bought Peter Norton's brand (late 1990), they've never lived up to his quality standards... I regret to disagree, but Norton Antivirus is a powerful resource hog and a very good generator of crappy false-positives, nothing more. :puke:

  • Like 3
  • Upvote 1

Share this post


Link to post
Share on other sites

Despite the cautionary note I posted above, I still use Avast Free on my XP VM myself. However, my browser of choice is @roytam1's Serpent, which Avast doesn't appear to recognize, so it doesn't set the SSLKEYLOGFILE environment variable.

That would normally leave me without browser protection. Luckily, Avast has another, more transparent way to monitor browser traffic: an add-on, a la uBlock Origin. But since Avast doesn't recognize Serpent, it didn't install its add-on into Serpent either! Luckily, that's easily fixed:

  1. Start Firefox 52
  2. Go to about:profiles or about:support (either will work)
  3. Open your profile folder (you can now close Firefox)
  4. Navigate to the "extensions" subfolder
  5. Start Serpent
  6. Go to about:addons
  7. Find Avast's .xpi file in your Firefox profile's extensions folder from step 4, and drag it onto Serpent's about:addons page
  8. Accept the prompts, and Serpent will copy the Avast add-on into your Serpent profile and install it.

The drawback to the add-on (vs. SSLKEYLOGFILE) is probably speed; Serpent seems to use quite a bit more CPU with the add-on installed - and of course, I'm sure Avast is monetizing the data it collects this way too. So not a perfect solution, but the security vs. privacy trade-off may be acceptable: just remember to disable the add-on if you need to do any truly "private" browsing.

Note: When I installed Avast, it also installed a second add-on into Firefox: a "comparison shopping" add-on. I didn't feel I needed its help, and the privacy implications of that one were obvious, so I removed it, but I kept Avast's main add-on installed.

Share this post


Link to post
Share on other sites

I realize uBlock Origin isn't an antivirus product, but it does support several anti-malware filters, so I think a post on uBO is justified in this thread:

2 hours ago, Vistapocalypse said:

Mozilla and Moonchild seem convinced that there is something fishy about the legacy versions of NoScript and uBlock Origin that graciously continued to support us for so long. Am I the only one who has been blocked from installing one of those and directed to learn more at Add-on signing in Firefox?

It's not just you; Mozilla long ago decided (capriciously, IMO) to remove all "legacy" (by which they mean pre-WebExtensions) add-ons from addon.mozilla.org, and won't sign any new "legacy" .xpi's. They weren't specifically picking on uBO, but that did leave FF stuck with WE version 1.17.4. (Our pal VistaLover detailed a way to get 1.18.4 working on FF 52 in another thread, but it required jumping through several hoops.)

As for MCP, they've gone the opposite direction and removed all support for WebExtension add-ons from their products! This bifurcation is why JustOff supports both a "legacy" and WE version of uBO: the legacy version is for PaleMoon & Basilisk; the WE version for Firefox, Waterfox, etc.

As you discovered, the unsigned legacy versions of uBO will work in FF 52 provided you turn off code-signing enforcement, so FF 52 (and @roytam1's Serpent, which doesn't support code signing but didn't remove WE support) give you the choice of either a legacy or WE version of uBO. As I've posted elsewhere, I personally prefer the legacy version, since a few features are only available on these browsers with that version.

Regardless of which version you choose, uBO comes with four filter lists of malware domains. I enable all four in my browsers.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...