Antimalware, firewall, and other security programs for Windows XP working in 2023 and hopefully beyond

[Multibooter]

1 hour ago, AstroSkipper said:

But one thing is clear. The air for systems with an SSE only CPU is now very thin, especially when it comes to antimalware programmes that still receive the latest virus definitions. 

With my ancient version of Kaspersky being the only choice?  I defintely will check out eScan.

Edited July 4 by Multibooter

[Dixel]

3 hours ago, Multibooter said:

With my ancient version of Kaspersky being the only choice? I defintely will check out eScan.

Kaspersky was developed in Russia/USSR, it can't be "ancient" by the very definition.  It's not Rome.

Will you finally tell us the version? It looks really impolite.

Edit.

We aren't going to hack into your notebook. I promise you.

Edited July 4 by Dixel

[Multibooter]

1 hour ago, Dixel said:

Kaspersky was developed in Russia/USSR, it can't be "ancient" by the very definition.  It's not Rome.

Will you finally tell us the version? It's looks really impolite.

@Dixel I just looked up "ancient" in my old New Webster International of 1926, the last revision of the first edition of the current dictionary series started in 1909, where "ancient" is defined in the initial definition as "of many years", "of long standing", with examples like "our ancient bickerings".

I would refer to CP/M 2.2 as "my old CP/M", but would call the specific instance of Kaspersky AV as "my ancient version x.x.x.x of Kaspersky", so "old" may be older than "ancient"...

Telling you the version/build number wouldn't help you, you wouldn't be able to get it, it's just not around anymore, except for the server version.

Edited July 4 by Multibooter

[AstroSkipper]

1 hour ago, Multibooter said:

Avast Antivirus 2015 does seem to work offline, it has about 10 million signatures vs about 20 million by Kaspersky.

The signatures of Avast Antivirus 2015 are of 10Oct2023, both after updating online and after updating from vpsupd.exe. When vpsupd.exe is downloaded with FlashGet, vpsupd.exe also has the file modification date [= server upload date] 10Oct2023. Maybe no more signature updates for Avast Antivirus 2015, maybe a final EOL update sometime in the future. The fact that Avast still has the special SSE-only files on their server may indicate that Avast Antivirus 2015 is not quite yet EOL.

Avast Antivirus 2015 has been definitely EOS for many years and EOL since November of 2023. Sorry for the bad news!
Here are some official links:
https://forum.avast.com/index.php?topic=324295.0
https://blog.avast.com/virus-definition-updates-eol
And here are my posts about EOL of Avast Antivirus 2015:
https://msfn.org/board/topic/184730-antimalware-firewall-and-other-security-programs-for-windows-xp-working-in-2023-and-hopefully-beyond/?do=findComment&comment=1252230
https://msfn.org/board/topic/184730-antimalware-firewall-and-other-security-programs-for-windows-xp-working-in-2023-and-hopefully-beyond/?do=findComment&comment=1256268

Edited July 4 by AstroSkipper

[AstroSkipper]

2 hours ago, Multibooter said:

Avast Antivirus 2015 does seem to work offline, it has about 10 million signatures vs about 20 million by Kaspersky.

Of course, Avast Antivirus 2015 is able to work offline, But that's not the point. It was never intended to work offline only. Apart from that, the number of signatures is not a measure of the quality of an antimalware programme. Who knows what Kaspersky classifies as malicious? And to be honest, it doesn't really matter. Because one can't trust a spyware programme anyway.

Edited July 4 by AstroSkipper

[Dixel]

4 hours ago, Multibooter said:

@Dixel I just looked up "ancient" in my old New Webster International of 1926, the last revision of the first edition of the current dictionary series started in 1909, where "ancient" is defined in the initial definition as "of many years", "of long standing", with examples like "our ancient bickerings".

I would refer to CP/M 2.2 as "my old CP/M", but would call the specific instance of Kaspersky AV as "my ancient version x.x.x.x of Kaspersky", so "old" may be older than "ancient"...

Telling you the version/build number wouldn't help you, you wouldn't be able to get it, it's just not around anymore, except for the server version.

Sorry, not convincing,

 

3 hours ago, AstroSkipper said:

Who knows what Kaspersky classifies as malicious?

VPN, for example!

"It (Kaspersky) blocks VPNs as well unless you use their own VPN."

https://forum.kaspersky.com/topic/prevent-blocking-of-vpn-21565/

 

 

[AstroSkipper]

Update notification! 

Malware Hunter has been updated on 17.06.2024 and is now available in version 1.185.0.807. It is still listed to be compatible with Windows XP. Accordingly, I will update my article as soon as I can confirm its XP-compatibility.

Cheers, AstroSkipper 

[Dixel]

7 hours ago, Multibooter said:

my ancient version of Kaspersky

I suggest a replacement for the odd name. Undisclosed version.

[AstroSkipper]

Update notification! 

RogueKiller Anti-Malware has been updated to version 15.17.4 on 26.06.2024. It is still listed to be compatible with Windows XP. Accordingly, I will update my article as soon as I can confirm its XP-compatibility.

Cheers, AstroSkipper 

Edited July 4 by AstroSkipper

[Multibooter]

On 7/3/2024 at 2:13 PM, AstroSkipper said:

You should use a real offline scanner as, for example, eScanAV Anti-Virus Toolkit (MWAV) if it works on systems with an SSE only CPU.

Here is a quick review of 2 versions of eScanAV under WinXP SP3 SSE-only:
1) Product Version 11.0.1139.1077
- download and description page:
  https://www.escanav.com/en/mwav-tools/download-free-antivirus-toolkit.asp
- download link: https://update1.mwti.net/download/tools/mwav.exe
- mwav.exe is NOT digitally signed, the most recent file contained in mwav.exe has the file modification date 26Apr2023
  a virus-check of mwav.exe with my ancient version of Kaspersky did not flag anything suspicious
- eScanAV seems to be a repackaged version of Bitdefender:
  eupdate.ini, installed by mwav.exe into \Temp\ contains the text "Bitdefender 2015",
- under WinXP with SSE-only: double-clicking on mwav.exe extracts a huge amount of stuff into the Temp folder, the program seems to run from stuff in the Temp folder, then a msg window comes up "eScan Toolkit (22.0.60): Please Wait"
- then: err msg: "MWAV - eSanAV AntiVirus Toolkit. Internal Error!!!. This could be because of incorrect system date setting or missing signature files or corrupt files. Please send MWAV.LOG file to support@escanav.com"
- i.e. this version of eScan does not run under WinXP SP3 SSE-only

2) v11.0.1400.2281 (4May2020)
- is a 30-day trial
- download link: https://update1.mwti.net/download/escan/escan11/awn4k3ek.exe
- the installer awn4k3ek.exe is NOT digitally signed
  a virus-check of awn4k3ek.exe with my ancient version of Kaspersky did flag PASSWORD-PROTECTED stuff inside awn4k3ek. I normally move pw-protected software to flagged stuff (malware, adware etc), except when I fully trust the source, e.g. Beyond Compare
  the file modification date of many extracted files is 4May2020
- under WinXP SP3 SSE-only: the program installs + updated the signatures OK to the current date 4Jul2024 + seems to run
  BUT when virus-checking a test-sample of infected stuff: NOTHING is flagged
  a check of the eScan logfile indicates: "Internal Error!!!. This could be because of incorrect system date setting ... ERROR!!! Unable to load AV!"
  i.e. the installer and the holding program run under SSE-only, but NOT the scan engine inside. The program does NOT notify the user under SSE-only that nothing gets virus-checked.
- i.e. this version of eScan does not work under WinXP SP3 SSE-only

The screenshot below was deleted on 11Sep2024. The posting with the screenshot was archived at

http://web.archive.org/web/20240911231925/https://msfn.org/board/topic/184730-antimalware-firewall-and-other-security-programs-for-windows-xp-working-in-2023-and-hopefully-beyond/page/70/

Edited September 11 by Multibooter

[Multibooter]

20 hours ago, Dixel said:

I suggest a replacement for the odd name. Undisclosed version.

I do like calling it "my ancient version of Kaspersky", "ancient" connotes respect for its quality .

Maybe I will post the version or a screenshot, for the record, when there will be no more signature updates for it.

Edited July 5 by Multibooter

[AstroSkipper]

23 hours ago, Multibooter said:

Here is a quick review of 2 versions of eScanAV under WinXP SP3 SSE-only:
1) Product Version 11.0.1139.1077
- download and description page:
  https://www.escanav.com/en/mwav-tools/download-free-antivirus-toolkit.asp
- download link: https://update1.mwti.net/download/tools/mwav.exe
- mwav.exe is NOT digitally signed, the most recent file contained in mwav.exe has the file modification date 26Apr2023
  a virus-check of mwav.exe with my ancient version of Kaspersky did not flag anything suspicious
- eScanAV seems to be a repackaged version of Bitdefender:
  eupdate.ini, installed by mwav.exe into \Temp\ contains the text "Bitdefender 2015",
- under WinXP with SSE-only: double-clicking on mwav.exe extracts a huge amount of stuff into the Temp folder, the program seems to run from stuff in the Temp folder, then a msg window comes up "eScan Toolkit (22.0.60): Please Wait"
- then: err msg: "MWAV - eSanAV AntiVirus Toolkit. Internal Error!!!. This could be because of incorrect system date setting or missing signature files or corrupt files. Please send MWAV.LOG file to support@escanav.com"
- i.e. this version of eScan does not run under WinXP SP3 SSE-only

2) v11.0.1400.2281 (4May2020)
- is a 30-day trial
- download link: https://update1.mwti.net/download/escan/escan11/awn4k3ek.exe
- the installer awn4k3ek.exe is NOT digitally signed
  a virus-check of awn4k3ek.exe with my ancient version of Kaspersky did flag PASSWORD-PROTECTED stuff inside awn4k3ek. I normally move pw-protected software to flagged stuff (malware, adware etc), except when I fully trust the source, e.g. Beyond Compare
  the file modification date of many extracted files is 4May2020
- under WinXP SP3 SSE-only: the program installs + updated the signatures OK to the current date 4Jul2024 + seems to run
  BUT when virus-checking a test-sample of infected stuff: NOTHING is flagged
  a check of the eScan logfile indicates: "Internal Error!!!. This could be because of incorrect system date setting ... ERROR!!! Unable to load AV!"
  i.e. the installer and the holding program run under SSE-only, but NOT the scan engine inside. The program does NOT notify the user under SSE-only that nothing gets virus-checked.
- i.e. this version of eScan does not work under WinXP SP3 SSE-only

@AstroSkipper OT: German soccer fan? Suspiros de España tonite? [=sighs of Spain? didn't make it as Spanish national anthem] https://es.wikipedia.org/wiki/Suspiros_de_España,  https://es.wikipedia.org/wiki/Suspiros_de_España_(película) and https://fr.wikipedia.org/wiki/Estrellita_Castro

You seem to have checked older versions of eScanAV. Does it mean that the version eScanAV Anti-Virus Toolkit (MWAV) 22.0.60, which I presented in my article, doesn't work on your SSE-only system? 

Edited July 6 by AstroSkipper

[Multibooter]

On 7/3/2024 at 10:44 PM, Skorpios said:

Folder with 5 infected files

 

 

 

"My personal in the Wild"

I have just created a folder "My personal in the Wild". It contains the 100 smallest files flagged as infected by my ancient version of Kaspersky, in MY downloads of the last 2 months. The downloads were mainly related to WinXP. My guess is that about 5-10 files in "My personal in the Wild" are falsely flagged by Kaspersky (Kaspersky seems to falsely flag substantially fewer files than other anti-virus programs).

The purpose of this "My personal in the Wild" is to help me select a 2nd virus-scanner for a dedicated virus-checking computer with SSE2, useful for checking stuff of my personal interest (i.e. WinXP).

I have virus-checked "My personal in the Wild" with Avast Antivirus 2015 v10.4.2233 (SSE, Free, 17Sep2015), signature of 10Oct2023. The amazing result was that Avast Antivirus 2015 flagged only 52 of the 100 files in the sample, i.e. 48 out of the 100 files in "My personal in the Wild" were NOT flagged.

In my next test I will check my "My personal in the Wild" with Kaspersky Anti-Virus v6.0.3.837, signatures of 1Apr2014, under WINDOWS 98.  The purpose of this test is to find out how relevant current virus signatures (20 million signatures vs 7 million signatures) and a little more recent scanning engine are, for my personal interests, and how useful the heuristic and other analysis methods by Kaspersky of 2014 (10 years ago) are today.

 

Edited July 6 by Multibooter

[Multibooter]

1 hour ago, AstroSkipper said:

You seem to have checked older versions of eScanAV. Does it mean that the version eScanAV Anti-Virus Toolkit (MWAV) 22.0.60, which I presented in my article, doesn't work on your SSE-only system? 

The 1st version referred to in my posting is the version referred to in your article. The version numbering of eScan seems to be inconsistent. The log file generated by eScan indicates "Version 22.0.64". If I remember right, "22.0.60" appears in the small msg window when this version of eScan is run on my SSE-only Inspiron 7500, not the window pictured in your article https://msfn.org/board/topic/184730-antimalware-firewall-and-other-security-programs-for-windows-xp-working-in-2023-and-hopefully-beyond/page/9/#comment-1245109. Yes, the version of eScan in your article does NOT run on my SSE-only computer. I strongly doubt that the program will run on other SSE-only computers.

 

[AstroSkipper]

@Multibooter Here are the hardware requirements for eSan Anti-Virus 11: 

Quote

Minimum Hardware Requirements

• Your computer must meet the following minimum requirements.
• Processor: Pentium II 200 MHz
• RAM: 256 Megabytes (MB) of RAM (recommended 512 MB)
• Hard Disk Space: 700 MB of free hard disk space
• Additional Drives: CD‐ROM drive

This information can be found in their user guide which is no longer available. However, I found a link via the Wayback Machine: https://web.archive.org/web/20160801015535/http://download1.mwti.net/marketing/New_Artworks/eScan11/UserGuide/PDF/eScan_AV_User_Guide.zip  As you can see, a Pentium II 200 MHz is the minimum hardware requirement, and this one has no SSE2 instruction set but MMX only, at least as far as I know.  That means eSan Anti-Virus 11 should actually run on your old system. 

Edited July 6 by AstroSkipper
Update of content