Post by Auric__Post by 98 GuyNo real need for an AV program for win-98. You will practically
never encounter malware these days that runs on win-98 systems.
If it's a Win32 virus, chances are it'll run under 98, regardless
of whether or not it's designed for NT.
As long as the computer is connected to the internet, it really
should have *some* a/v installed.
The real value in AV software is being able to detect an exploit that
worked it's way onto a system without requiring the user to do anything
(like open the front door and let it in).
Exploits like that (usually the result of a heap spray or buffer
overflow) really aren't cross-platform operational. If they do anything
to a win-98 system, it will probably be to crash the vulnerable app
(probably IE or acrobat reader, flash player, etc).
The win32 malware (like the recent rash of fake AV scanners or the
Fedex/DHL or facebook email scams) can easily be countered by simply not
falling for the trick of saying "yes" when the user is prompted to
download and install them.
But even more to the point - is that malware like that is detectible by
maybe 5 to 10% of the AV/AM software for about the first week or two of
circulation, and maybe 50% by the end of the first month.
Every time I come across a fake AV file served up by a hijacked
web-server or via e-mail, I send it off to VirusTotal and usually it's
detected by only 5 out of 40 AV/AM packages. I've got a "virus"
directory on my PC with hundreds of viral files (.exe, .pdf, .swf,
etc). I know how effective AV software *really* is.
In other words, when your AV/AM software tells you that it's detected
some malware, what that means is that the malware got onto your system
about a month ago and your AV software is just now capable of detecting
some components of it. More likely that the malware will de-activate
your AV/AM software in a way that you won't notice.
Once upon a time, AV software was seen as a "must-have" system component
by a lot of people. The truth is that the effectiveness or usefulness
of AV software fell into the toilet about 3 years ago with the emergence
of polymorphic and fast-flux techniques. Many corporations know that
and employ other appliances on their networks to keep that bad shit off
their machines. But many home and soho users aren't clued in enough to
understand that.
You know what's more effective?
1) get a third-party hosts file and update it every once in a while.
Look at MVPS.org.
2) uninstall ALL old versions of Java runtime engine and install only
the last version for win-98 (version 5, update 22 I think).
3) change the file associations in your browser such that any .pdf's
require a decision from you to either download or open the file.
4) turn off java-script rendering in your pdf viewer.
5) If your broad-band router does not do NAT, then put a NAT-router
between your modem and your PC.
6) Install and periodically run Spybot Search and Destroy.
If you download executable code from the net, and think you need to have
an AV program to scan it to tell you that it's safe, then you can do
better by simply submitting the file to VirusTotal.com where it will be
tested by 40-odd AV application programs simultaneously.
If you absolutely must have an AV program on your win-98 system, a
little-known fact is that NAV 2002 works great, and is still supported
by simply downloading the latest Symantec Intelligent Updater package.
NAV 2002 was the last version of NAV that can be easily re-installed
once a year without paying for it.
If someone wants it, I can put it up on a torrent if it's not there
already.