Antimalware, firewall, and other security programs for Windows XP working in 2023 and hopefully beyond

[Multibooter]

3 hours ago, AstroSkipper said:

@Multibooter Here are the hardware requirements for eSan Anti-Virus 11: 

This information can be found in their user guide which is no longer available. However, I found a link via the Wayback Machine: https://web.archive.org/web/20160801015535/http://download1.mwti.net/marketing/New_Artworks/eScan11/UserGuide/PDF/eScan_AV_User_Guide.zip  As you can see, a Pentium II 200 MHz is the minimum hardware requirement, and this one has no SSE2 instruction set but MMX only, at least as far as I know.  That means eSan Anti-Virus 11 should actually run on your old system. 

My Inspiron 7500 laptop has a Pentium III, 650MHz and 2.54GB free space on the WinXP partition. I have used the Inspiron 7500 for testing the SSE-only compatibility of many programs. Programs installed on the Inspiron 7500 also work on another Pentium III 800MHz desktop, which has slots for both PCI and ISA cards and on which I may eventually get to work my Microsolutions CP/M co-processor card.

The requirements listed in the .pdf are NOT for the build downloaded, even if p.2 lists "v11.x.x" . 1Aug2015 is the pdf creation date of eScan_AV_User_Guide_010815.pdf. As I stated in my brief test, "mwav.exe is NOT digitally signed, the most recent file contained in mwav.exe has the file modification date 26Apr2023" . mwav.exe can be extracted with 7-Zip.

Under SSE-only the installation of this version of mwav.exe fails.

archive.org has not captured any application .exes of eScan http://web.archive.org:/*/http://update1.mwti.net/download/tools/* I have briefly checked escanrd.zip listed there, it seems to contain a bootable Chinese+Korean .iso, which I didn't try/burn.

If you look into the darker parts, maybe some torrents listed by www.btdig.com, when searching for "escan virus" [no quotation marks], are still working and contain an older build of eScan working under SSE-only, but I doubt it. Searching for "escan" or "escanav" inside eMule, which has a much better retention rate, results in no program listings.

The system requirements also list "Additional Drives: CD‐ROM drive", so the SSE-only version probably came on a CD, but the CD is not listed at https://archive.org/search?query=(escan virus)

Maybe the CD will be uploaded to archive.org in the future. Until then the build of eScan compatible with SSE-only, referred to in the .pdf, may be a rare file, gone forever. But no idea whether the scan engine of this elusive build, compatible with SSE-only, can be updated with a current signature.

Next on my list is Panda, maybe there is a build which works under SSE-only.

Edited July 6 by Multibooter

[AstroSkipper]

I also checked eScanAV Anti-Virus Toolkit (MWAV) 22.0.60 on an old machine with an Athlon XP 3200+ SSE-only CPU. It failed and therefore, an SSE2 CPU at least is unfortunately necessary.  Accordingly, I edited my main article in terms of hardware requirements.

[AstroSkipper]

Furthermore, I checked RogueKiller Anti-Malware. This programme also requires a CPU with at least SSE2 instruction set. Accordingly, I will edit my main article in terms of hardware requirements. 

[AstroSkipper]

On Fri Jul 05 2024 (GMT+0000) at 12:39 AM, AstroSkipper said:

Update notification! 

RogueKiller Anti-Malware has been updated to version 15.17.4 on 26.06.2024. It is still listed to be compatible with Windows XP. Accordingly, I will update my article as soon as I can confirm its XP-compatibility.

Cheers, AstroSkipper 

Confirmed. My article and the list from the second post have been updated. 

Edited July 7 by AstroSkipper

[AstroSkipper]

2 hours ago, Multibooter said:

Next on my list is Panda, maybe there is a build which works under SSE-only.

Don't forget that Panda is cloud-based and not a real offline scanner! The main definitions and the scan engine are located in the cloud. Therefore, it actually needs an internet connection to work as designed. 

Edited July 6 by AstroSkipper

[Multibooter]

On 7/6/2024 at 12:20 PM, Multibooter said:

In my next test I will check my "My personal in the Wild" with Kaspersky Anti-Virus v6.0.3.837, signatures of 1Apr2014, under WINDOWS 98.  The purpose of this test is to find out how relevant current virus signatures (20 million signatures vs 7 million signatures) and a little more recent scanning engine are

 

I have checked "My personal in the Wild" with Kaspersky Anti-Virus v6.0.3.837, signatures of 1Apr2014 [i.e. 10 years old], under Window 98. Only 12 of 100 items were flagged by Kaspersky AV with a 10-year-old signature, in the sample of 100 items flagged by my ancient version of Kaspersky with a near-current signature of early May2024.

This shows that a current or near-current signature is essential for virus-detection. Version differences of the scanning engine seem to be only of secondary importance since the dates of the scanning engines of Kaspersky Anti-Virus v6.0.3.837 and that of my ancient version of Kaspersky are not eons apart.

A detection rate of 12 in a 100, as with Kaspersky Anti-Virus v6.0.3, means: don't use it. Not sure yet what a detection rate of 52 in 100, as by Avast 2015 with a 10-month-old signature, would imply.

The screenshot below was deleted on 11Sep2024. The posting with the screenshot was archived at http://web.archive.org/web/20240911230659/https://msfn.org/board/topic/184730-antimalware-firewall-and-other-security-programs-for-windows-xp-working-in-2023-and-hopefully-beyond/page/71/

Edited Wednesday at 11:12 PM by Multibooter

[AstroSkipper]

11 hours ago, Multibooter said:

Not sure yet what a detection rate of 52 in 100, as by Avast 2015 with a 10-month-old signature, would imply.

That's why I listed Avast 2015 as abandoned for months. 

Edited July 7 by AstroSkipper

[AstroSkipper]

On Thu Jul 04 2024 (GMT+0000) at 7:13 PM, AstroSkipper said:

Update notification! 

Malware Hunter has been updated on 17.06.2024 and is now available in version 1.185.0.807. It is still listed to be compatible with Windows XP. Accordingly, I will update my article as soon as I can confirm its XP-compatibility.

Cheers, AstroSkipper 

Confirmed. My article and the list from the second post have been updated.

Edited July 7 by AstroSkipper

[AstroSkipper]

SUPERAntiSpyware Free and Professional X Edition

SuperAntiSpyware analyses Windows systems for malware of all kinds. Both versions, the Free Edition and the Professional X Edition scan the PC for spyware, adware, malware, Trojans, dialers, worms, keyloggers, rootkits and hijackers. According to the developers, the software with an AI-Powered Detection Engine recognizes more than 1 billion malware threats. Unfortunately, real-time protection is only available in the commercial Professional X Edirion. Although it is not listed on the homepage, SUPERAntiSpyware is compatible with Windows XP (and probably with Windows Vista too). Only the more recent installers are no longer compatible with Windows XP, starting with the version 10.0.1256. The definitions database can also be updated offline.

Comparison of features:

Homepage: https://www.superantispyware.com/

More details about the features of each version can be found on their homepages.

Homepage of the Free Edition: https://www.superantispyware.com/free-edition.html

Homepage of the Professional X Edition: https://www.superantispyware.com/professional-x-edition.html

Version number: 10.0.1266

Date of release: 29.04.2024

System requirements: Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11

Version history: https://www.superantispyware.com/producthistory.html?id=SUPERANTISPYWARE

Articles, tests and tutorials:

https://www.computerbild.de/artikel/cb-Tipps-Software-SuperAntiSpyware-Changelog-Tutorial-und-SuperAntiSpyware-vs.-Malwarebytes-33203535.html

https://www.computerbild.de/download/SuperAntiSpyware-Free-Edition-4219359.html

(German websites, please use an online translator!)

https://www.clevguard.com/spyware-remover/superantispyware-review/

https://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/SUPERAntiSpyware.shtml

Download links:

Free Edition (last installer compatible with Windows XP): https://download.filepuma.com/files/spyware-removers/superantispyware/SuperAntiSpyware_v10.0.1254.exe

Free Edition (latest installer only compatible with Windows 7 and above): https://secure.superantispyware.com/SUPERAntiSpyware.exe

Professional X Edition (last installer compatible with Windows XP): https://download.filepuma.com/files/spyware-removers/superantispyware/SuperAntiSpyware_v10.0.1254.exe

Professional X Edition (latest installer only compatible with Windows 7 and above): https://secure.superantispyware.com/SUPERAntiSpywarePro.exe

Definitions Database Updater:  https://secure.superantispyware.com/SASDEFINITIONS.EXE

Definitions Database Information: https://www.superantispyware.com/definitions.html

Installation instructions:

After installing the version 10.0.1254, you simply have to execute the internal updater to get the most recent version installed. Here is a screenshot of the Free Edition after executing the internal updater under Windows XP:



The installer of the Free Edition can also be used to install the Professional X Edition if the user owns a genuine licence code.

Screenshots:

I have been using SUPERAntiSpyware since 2007, starting with version 3. The last compatible version with Windows 98 and ME was 4.24.1004. Since 2011, I have been in possession of a lifetime licence and have been using it in the Professional Edition ever since. SUPERAntiSpyware Professional has been XP-compatible for many years and actually runs without problems. Only a short period the XP compatibility was broken when it came to the version 10.0.1252 but then immediately restored again. However, the more recent installers are unfortunately no longer compatible with Windows XP, starting with the version 10.0.1256. This means that the actual SUPERAntiSpyware programme runs perfectly under Windows XP , but unfortunately the current programme installers do not.  Besides the scanning features, the tab System Tools is very interesting and helpful for repairing PC damages caused by malware. The Free Edition is definitely worth a look and simply costs nothing. So, you can't lose anything.

Cheers, AstroSkipper

Edited July 11 by AstroSkipper
Update of content

[Multibooter]

On 7/4/2024 at 3:40 PM, AstroSkipper said:

the number of signatures is not a measure of the quality of an antimalware programme. Who knows what Kaspersky classifies as malicious?

Yes.

I have successfully updated the signatures of my ancient version of Kaspersky on my Inspiron 7500 laptop under WinXP SP3, SSE-only
The number of signatures was reduced to 18 million, from 20 million in my previous signature update in early May 2024.

I tested the new, fewer 18 million signatures with "My personal in the Wild", containing 100 infected downloads. The same number (141) of infected files was detected in the 100 files as with the previous signatures of early May 2024, with 20 million signatures.

The number of infected files "141" is larger than the files in "My personal in the Wild" download sample (100) because many files contained in "My personal in the Wild" contain several different viruses, trojans etc.

The screenshot with the Duration of 11hrs is with my SSE-only Inspiron laptop (updated signatures of 7Jul2024), the screenshot with the Duration of 1hr is with my SSE2 Core 2 Duo desktop (old signatures of early May 2024). The improvement made by the new signatures is negligeable, the new signatures checked only 17 more  component files (171,610 vs 171,593).

The screenshots also show that an SSE-only computer is OK for checking a few smaller files, but is definitely too slow for checking "My personal in the wild" (100 infected files, largest file 140MB, total size 3.84GB).

BTW, my ancient version of Kaspersky has a detection rate of only 99/100 because it missed the detection of 1 flagged file. The missed flagged file was contained in a multi-part .rar file, contained in a multi-part .zip file, contained in a .rar file. When this file in "My personal in the Wild" was extracted manually, my ancient version of Kaspersky did flag the file.

 

Edited July 8 by Multibooter

[NotHereToPlayGames]

My interpretation - there were 2 million FALSE POSITIVE signatures!

I say that in complete seriousness!

I speak solely from a corporate perspective.  I have NEVER witnessed a non-false positive, I have witnessed HUNDREDS of FALSE POSITIVES.

Heck, we had one even here at MSFN on the Supermium thread a short while back.

[Multibooter]

2 hours ago, NotHereToPlayGames said:

My interpretation - there were 2 million FALSE POSITIVE signatures!

I say that in complete seriousness!

I speak solely from a corporate perspective.  I have NEVER witnessed a non-false positive, I have witnessed HUNDREDS of FALSE POSITIVES.

This drop in the number of signatures is indeed amazing, that was actually my main reason for the posting.

I always archive the update folder created by the update (an update of my ancient version of Kaspersky is possible only 1 time after the initial installation). The size of the 2 .rar files of the update distribution folder, which contain my updates of early May 2024 (689,027KB) and of 7Jul2024 (703,501KB) is interesting. Kaspersky Lab increased  the size of their updates, but decreased the number of signatures. No idea what they did.

Regarding false positives: I do NOT delete most stuff flagged in my downloads, I just archive it separately onto a different HDD. There is just too much good stuff among the flagged stuff. My feeling is that Kaspersky issues fewer false flags than other anti-virus programs. But I have only compared the stuff flagged by my ancient version of Kaspersky vs Avast 2015. Avast 2015 falsely flags about 25% more stuff than my ancient version of Kaspersky. Eventually I will have to run all the programs contained in "My personal in the Wild" in a sandbox, to identify which ones are falsely flagged, but this is currently too time-consuming.

BTW, I have added another small screenshot + more text to my preceding posting.

Edited July 8 by Multibooter

[AstroSkipper]

4 hours ago, Multibooter said:

On 7/4/2024 at 4:40 PM, AstroSkipper said:

the number of signatures is not a measure of the quality of an antimalware programme. Who knows what Kaspersky classifies as malicious?

Yes.

I have successfully updated the signatures of my ancient version of Kaspersky on my Inspiron 7500 laptop under WinXP SP3, SSE-only
The number of signatures was reduced to 18 million, from 20 million in my previous signature update in early May 2024.

Regarding SUPERAntiSpyware this is what the developers stated on their homepage:

Quote

AI-Powered Detection Engine

Protect your computer from 1+ billion malware threats with the best antispyware using our Professional X Edition: spyware, adware, trojans, ransomware, hijackers, PUPs, and more.

So much for the number of signatures (or malware threats which the programme protected from) provided by manufacturers. 

Edited July 8 by AstroSkipper

[AstroSkipper]

4 hours ago, Multibooter said:

The missed flagged file was contained in a multi-part .rar file, contained in a multi-part .zip file, contained in a .rar file.

Most antimalware scanners have problems with multi-packed archives. Personally, I never scan archives. It takes far too long on my old computer. I only scan archives when I unpack them and really need the files they contain.  Regarding multi-packed archives I don't like them and usually avoid downloading such files. The method of multiple packaging has always been a strategy for hiding and foisting malware on the user of such files.  Download sources that use this strategy are generally dubious. 

Edited July 8 by AstroSkipper
Update of content

[NotHereToPlayGames]

1 hour ago, AstroSkipper said:

Download sources that use this strategy are generally dubious. 

.rar files in general used to be considered suspicious just for being .rar