Antimalware, firewall, and other security programs for Windows XP working in 2023 and hopefully beyond

[genieautravail]

8 hours ago, AstroSkipper said:

Not necessarily. The Comodo Firewall 8.4.0.5165 was indeed reported as the last error-free version when it comes to the pure firewall. The version 12.0.0.6818 was reported as the last error-free, XP-compatible release of Comodo Antivirus,

I confirm, only the firewall edition.

About the Antivirus, I don't know.

[FranceBB]

Hey guys, yesterday I was sitting at home, spending time on my PC before tuning to itv to watch a certain sporting event I don't wanna comment on / wanna forget really quickly. Anyway, I have Avast Premier 18.8.2356 from November 15th 2018, the last XP compatible version. I've been a long time Avast user as most people probably know and I'm totally happy with it as it's still receiving up-to-date virus definitions via normal updates and streaming updates.

Anyway, the reason why I'm mentioning this is that I was pretty surprised to see a very unusual entry in the firewall that Avast reported as "Blocked":

I really suck at networking, but seeing it like this it looks like someone or something tried to RDP into my XP! O_O Well, let's first say that I'm not dumb, so RDP is indeed disabled on my XP, so it wouldn't have led to anything anyway (probably), but this is pretty worrying. What's worse is that I can't see anything in the "Remote address", nor "Remote Port" or "Local address", so if it actually was an attacker, I don't even know who tried that. To make matters worse, I wasn't using a Public Wi-Fi or anything, I was sitting on my chair, at home, connected to my router. How is this possible? Is this a false alarm and the entry is a red herring? Or... perhaps... did someone actually try to RDP into my system? I'm confused.

Edited July 15 by FranceBB

[AstroSkipper]

51 minutes ago, FranceBB said:

Hey guys, yesterday I was sitting at home, spending time on my PC before tuning to itv to watch a certain sporting event I don't wanna comment on / wanna forget really quickly. Anyway, I have Avast Premier 18.8.2356 from November 15th 2018, the last XP compatible version. I've been a long time Avast user as most people probably know and I'm totally happy with it as it's still receiving up-to-date virus definitions via normal updates and streaming updates.

Anyway, the reason why I'm mentioning this is that I was pretty surprised to see a very unusual entry in the firewall that Avast reported as "Blocked":

I really suck at networking, but seeing it like this it looks like someone or something tried to RDP into my XP! O_O Well, let's first say that I'm not dumb, so RDP is indeed disabled on my XP, so it wouldn't have led to anything anyway (probably), but this is pretty worrying. What's worse is that I can't see anything in the "Remote address", nor "Remote Port" or "Local address", so if it actually was an attacker, I don't even know who tried that. To make matters worse, I wasn't using a Public Wi-Fi or anything, I was sitting on my chair, at home, connected to my router. How is this possible? Is this a false alarm and the entry is a red herring? Or... perhaps... did someone actually try to RDP into my system? I'm confused.

Any special setting in your hosts file? Local address 0.0.0.0 usually leads to nowhere. BTW, my condolences on the outcome of the sporting event. 

Edited July 15 by AstroSkipper
Update of content

[FranceBB]

I looked at C:\WINDOWS\system32\drivers\etc and I found a file called hosts, but it's completely empty (0 KB), so... I guess no?

 

[AstroSkipper]

6 hours ago, genieautravail said:

I confirm, only the firewall edition.

About the Antivirus, I don't know.

Thanks for your confirmation in terms of the firewall! About Comodo Antivirus, we will see what other users report here. 

[AstroSkipper]

1 hour ago, FranceBB said:

I looked at C:\WINDOWS\system32\drivers\etc and I found a file called hosts, but it's completely empty (0 KB), so... I guess no?

 

Ok. In any case, it was an incoming connection at the local port 3389 and blocked by Avast. The corresponding service was disabled by you anyways. And Avast did its job. So, nothing bad could happen.  Personally, I always disable all remote features from the very first.  To use a properly working firewall which reports all blocked incoming and outgoing connections is mandatory and as we can see necessary and meaningful. 

Edited July 15 by AstroSkipper
Update of content

[AstroSkipper]

1 hour ago, FranceBB said:

To make matters worse, I wasn't using a Public Wi-Fi or anything, I was sitting on my chair, at home, connected to my router. How is this possible? Is this a false alarm and the entry is a red herring? Or... perhaps... did someone actually try to RDP into my system? I'm confused.

I forgot to ask whether your Windows XP computer is part of a network and still other devices are connected to it?  Does your router keep logs of all connections? 

Edited July 15 by AstroSkipper

[FranceBB]

Not really, when I'm at home nothing should be connecting to anything. The only other device in the network is my smartphone and that one is running Android 15. In theory the router shouldn't be exposing ports to the outside world, but at this point I'm beginning to think that it might just be doing that... 

Anyway, once I'm home I'll try to run some scans through the network just to make sure and I'll let you know.

[AstroSkipper]

2 hours ago, FranceBB said:

Anyway, once I'm home I'll try to run some scans through the network just to make sure and I'll let you know.

One thing seems to be clear. It's better to have blocked incoming connections, even if suspicious, than outgoing ones. The latter would mean your computer is compromised by malware or other intruders. 

Edited July 15 by AstroSkipper

[AstroSkipper]

One reason I am using Windows 10 Firewall Control Plus XP is that this firewall not only blocks incoming and outgoing connections from programmes, but also from Microsoft's operating system components. This firewall simply blocks everything that the user wants blocked. I used the Avast Premier 2018 firewall myself for a long time, but it kept letting through connections that I hadn't authorised. This prompted me to disable it completely, i.e. not install it in the first place, and replace it with Windows 10 Firewall Control Plus XP. I really don't know why I had these issues with the Avast Premier 2018 firewall. However, I think that firewalls which come with Internet Security packages are not that powerful as single, specialised ones. And Windows 10 Firewall Control Plus XP is very specialised and mighty, especially when it comes to the creation of own rules and zones. Just my opinion based on my experiences I made in the past. 

Edited July 15 by AstroSkipper
Update of content

[NotHereToPlayGames]

1 hour ago, AstroSkipper said:

One reason I am using Windows 10 Firewall Control Plus XP is that this firewall not only blocks incoming and outgoing connections from programmes, but also from Microsoft's operating system components.

So does the very very old version of Comodo Firewall that I've suggested.

So much so, to me at least, that I am SHOCKED if not ALL firewalls behave in this manner (as your post implies this behavior seems to be "unique" to your referenced W 10 F C P XP).

[AstroSkipper]

1 hour ago, NotHereToPlayGames said:

So does the very very old version of Comodo Firewall that I've suggested.

So much so, to me at least, that I am SHOCKED if not ALL firewalls behave in this manner (as your post implies this behavior seems to be "unique" to your referenced W 10 F C P XP).

If you had read my post carefully, you would have noticed that I didn't say that this behaviour seems to be "unique" to my referenced Windows 10 Firewall Control Plus XP. I also used Comodo Firewall in the past. It was and is certainly still a good firewall but Windows 10 Firewall Control Plus XP did all I needed better in a more comfortable way and very low on consuming resources. It's as simple as that.  BTW, I will write an article about the standalone Comodo Firewall soon. But testing it in these days must be left to others, as I have already explained in one of my last posts. 

Edited July 15 by AstroSkipper
Update of content

[AstroSkipper]

On Mon Jul 15 2024 (GMT+0000) at 9:32 PM, AstroSkipper said:

So does the very very old version of Comodo Firewall that I've suggested.

Unfortunately, the very, very old version Comodo Firewall 2.4 from 2007 does not offer all features in comparison with Windows 10 Firewall Control Plus XP from 2016. For example, it lacks  IP6 support.  This feature was only introduced starting with the version Comodo Firewall 5.3.174622.1216 from 2011. That means Comodo Firewall 2.4 is only an option for those users whose internet provider does not offer or does not use the Internet Protocol Version 6 (IPv6). 

For better overview, I have updated my article about Windows 10 Firewall Control Plus XP in terms of offered features, download links and screenshots. 

Edited July 16 by AstroSkipper
Update of content

[NotHereToPlayGames]

3 hours ago, AstroSkipper said:

is only an option for those users whose internet provider does not offer or does not use the Internet Protocol Version 6 (IPv6)

ie, ME, lol

Technically, my ISP might offer it, but my modem and router do not.  I don't see that as a "loss".

[AstroSkipper]

18 minutes ago, NotHereToPlayGames said:

ie, ME, lol

Technically, my ISP might offer it, but my modem and router do not.  I don't see that as a "loss".

For users of the Internet Protocol Version 6 (IPv6), it would definitely be a loss as the Comodo Firewall 2.4 wouldn't work. In such a case, it would simply become useless and would no longer be an option.