Most recent AVG & Grisoft cruelty to AVG free 7.5 users on Windows 98

[noreply]

After no updates for a long time there was an update which required a
reboot. A faint dream that Grisoft might have relented and decided to
throw a bone to old users, but that was not to be!

It again said to again update the database to bring it up to date, and
it required another reboot. Two updates and two reboots later and what
does one find?

All that all that had been accomplished is that Grisoft had installed
another add-on to AVG 7.5 to tell you finally that there will be no more
virus data base updates, and you MUST update to AVG free 8.5.

Certainly a link was provided, but we all know what happens when you get
there with Windows 98, only you don't find out quickly if you didn't
already know. Only curmudgeons still run an old operating system.

Tough luck old man, you shouldn't be running an obsolete system that
Microsoft no longer supports, so we don't either!

 

[VanguardLH]

After no updates for a long time there was an update which required a
reboot. A faint dream that Grisoft might have relented and decided to
throw a bone to old users, but that was not to be!

It again said to again update the database to bring it up to date, and
it required another reboot. Two updates and two reboots later and what
does one find?

All that all that had been accomplished is that Grisoft had installed
another add-on to AVG 7.5 to tell you finally that there will be no more
virus data base updates, and you MUST update to AVG free 8.5.

Certainly a link was provided, but we all know what happens when you get
there with Windows 98, only you don't find out quickly if you didn't
already know. Only curmudgeons still run an old operating system.

Tough luck old man, you shouldn't be running an obsolete system that
Microsoft no longer supports, so we don't either!

You are actually surprised that a software vendor discontinues or never
supports a long unsupported operating system? Gee, why aren't you
complaining that AVG doesn't support CPM, AmigaDOS, TRS-DOS, OS/2 Warp,
or NeXT? I'm sure if you wanted to throw $5M at Grisoft that they'd get
together a group of devs to make an interim Win98 version update.

 

[FromTheRafters]

After no updates for a long time there was an update which required a
reboot. A faint dream that Grisoft might have relented and decided
to
throw a bone to old users, but that was not to be!

It again said to again update the database to bring it up to date,
and
it required another reboot. Two updates and two reboots later and
what
does one find?

All that all that had been accomplished is that Grisoft had installed
another add-on to AVG 7.5 to tell you finally that there will be no
more
virus data base updates, and you MUST update to AVG free 8.5.

Certainly a link was provided, but we all know what happens when you
get
there with Windows 98, only you don't find out quickly if you didn't
already know. Only curmudgeons still run an old operating system.

Tough luck old man, you shouldn't be running an obsolete system that
Microsoft no longer supports, so we don't either!

Get in that newfangled horseless-carriage thing and go to the big city
and look into upgrading your system.

 

[Virus Guy]

If you're still using Windows 98 (which is more secure than any NT-based
OS as far as the internet is concerned) then if you must use an AV
program, then why the hell don't you download Norton System Works 2002
or NAV 2002 from a torrent and then download the Symantec Intelligent
Updater package?

That will give you as good an AV detection capability as you can get for
any OS.

But I still say that you don't really need an AV program for win-98
because no current exploits even function correctly when exposed to
win-98, and many (or most, or all) of the recent bot-net trojan software
will also not function on a win-9x platform.

None of the recent pdf exploits function correctly on the combination of
Win-98/Acrobat 6.x.

Just get yourself a decent hosts file, update your Java JRE version (or
don't install it period), and lock your browsers down with Spybot SD.

Then sit back and relax and watch everyone using XP or Vista continue to
get nailed by internet malware.

 

[Frazer Jolly Goodfellow]

If you're still using Windows 98 (which is more secure than any NT-based
OS as far as the internet is concerned) ... ....

But I still say that you don't really need an AV program for win-98
because no current exploits even function correctly when exposed to
win-98, and many (or most, or all) of the recent bot-net trojan software
will also not function on a win-9x platform.

None of the recent pdf exploits function correctly on the combination of
Win-98/Acrobat 6.x.

Just get yourself a decent hosts file, update your Java JRE version (or
don't install it period), and lock your browsers down with Spybot SD.

Then sit back and relax and watch everyone using XP or Vista continue to
get nailed by internet malware.

From what you say, it appears that it isn't the case that Windows 98 is
more secure, but that it isn't 'supported' by most current malware writers'
efforts. Much like Unix and Linux platforms then, security through
obscurity.

 

[FromTheRafters]

[...]

But I still say that you don't really need an AV program for win-98
because no current exploits even function correctly when exposed to
win-98, and many (or most, or all) of the recent bot-net trojan
software
will also not function on a win-9x platform.

http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?vname=TROJ_VIRUX.A

 

[Virus Guy]

From what you say, it appears that it isn't the case that Windows 98
is more secure,

Because I recommend the use of a hosts file or browser innoculation?

Those features have more utility than just malware blocking.

And while it's true that most or all exploit and trojan code won't run
on win-98 anyways, their exposure to a win-98 system may cause system
instability (at worst) and it's still worth while to prevent a win-98
system from being exposed to them anyways.

but that it isn't 'supported' by most current malware writers'
efforts. Much like Unix and Linux platforms then, security through
obscurity.

Even when win-9x was not "obscure", it had few, or perhaps no
vulnerabilities beyond social engineering methods to gain access and
control it through web or network-based means. For example, Win-9x was
never vulnerable to network worms as a way to gain control and install
backdoor and control code, while NT-based OS's have been vulnerable to 5
or 6 different forms of network-based exploits.

And when it comes to the execution of specially-designed meta-code (ie
heap or buffer overflows that result in code execution during the
processing of various file types - java, pdf, ani, etc) again I'm not
aware that any such code execution worked properly on win-9x systems to
the extent that they functioned as planned to enable the system to be
remotely controlled or to otherwise become a member of a botnet.

 

[Virus Guy]

http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?vname=TROJ_VIRUX.A

I reject out-of-hand any list where win-98 is listed as a vulnerable OS
unless the document in question describes the underlying code of the
exploit and clearly identifies that the code checks for and impliments
code specifically when it finds itself residing on a win-98 system.

Win-98 is erroneously listed in many descriptions of viruses and
trojans, even when such documents provide a detailed code analysis that
clearly indicate the necessity of NT-based files and memory structures
for it's operation. Conficker is one recent example.

In the example you mention, this threat has been named as TROJ_VIRUX.A
by trend micro, and I can find no information about it from anyone else
but trend micro.

The details that trend shows is laughable. It does not even describe
the exploit mechanism at work (no CVE number for example). So we have
no idea what specific vulnerability this exploit is leveraging based on
the poor information given by trend.

Only after following several links, it appears that Trend is asserting
that TROJ_VIRUX.A is leveraging the vulnerability known as MS07-042
(Vulnerability in Microsoft XML Core Services) which is also known as
CVE-2007-2223.

I'm not able to find anything that specifically states that MS07-042 /
CVE-2007-2223 was applicable to Windows 98.

 

[FromTheRafters]

Because I recommend the use of a hosts file or browser innoculation?

Those features have more utility than just malware blocking.

And while it's true that most or all exploit and trojan code won't run
on win-98 anyways, their exposure to a win-98 system may cause system
instability (at worst) and it's still worth while to prevent a win-98
system from being exposed to them anyways.


Even when win-9x was not "obscure", it had few, or perhaps no
vulnerabilities beyond social engineering methods to gain access and
control it through web or network-based means. For example, Win-9x
was
never vulnerable to network worms as a way to gain control and install
backdoor and control code, while NT-based OS's have been vulnerable to
5
or 6 different forms of network-based exploits.

And when it comes to the execution of specially-designed meta-code (ie
heap or buffer overflows that result in code execution during the
processing of various file types - java, pdf, ani, etc) again I'm not
aware that any such code execution worked properly on win-9x systems
to
the extent that they functioned as planned to enable the system to be
remotely controlled or to otherwise become a member of a botnet.

You couldn't *steal* processing time from 98 because it gave it away for
free.

I disagree with practically everything you said, but I guess this comes
as no surprise.

 

[FromTheRafters]

I reject out-of-hand any list where win-98 is listed as a vulnerable
OS
unless the document in question describes the underlying code of the
exploit and clearly identifies that the code checks for and impliments
code specifically when it finds itself residing on a win-98 system.

This is about a portable executable that was virally infected arriving
as a trojan.

Win-98 is erroneously listed in many descriptions of viruses and
trojans, even when such documents provide a detailed code analysis
that
clearly indicate the necessity of NT-based files and memory structures
for it's operation. Conficker is one recent example.

Fair enough, I've noticed some of this too. However, I believe a PE
virus will still work in Win98 even if there are worm functions that
need an NT environment to work properly.

In the example you mention, this threat has been named as TROJ_VIRUX.A
by trend micro, and I can find no information about it from anyone
else
but trend micro.

It's just one phase of its lifecycle. Virux/Virut whatever...

http://www.symantec.com/security_response/writeup.jsp?docid=2009-020411-2802-99

....I suppose you'll dismiss this as well

 

[Frazer Jolly Goodfellow]

Because I recommend the use of a hosts file or browser innoculation?

No, because you stated:
"But I still say that you don't really need an AV program for win-98
because no current exploits even function correctly when exposed to
win-98, and many (or most, or all) of the recent bot-net trojan software
will also not function on a win-9x platform."
....

Even when win-9x was not "obscure", it had few, or perhaps no
vulnerabilities beyond social engineering methods to gain access and
control it through web or network-based means.

....
You are in a small minority, possibly even unique, in holding that opinion.

 

[Virus Guy]

I disagree with practically everything you said, but I guess
this comes as no surprise.

No, it doesn't.

You're probably a Microsoft appologist or sycophant.

 

[Virus Guy]

You are in a small minority, possibly even unique, in holding
that opinion.

You could prove me wrong by posting evidence that any given buffer or
heap overflow exploit was confirmed to execute as intended on win-98.

 

[Virus Guy]

It's just one phase of its lifecycle. Virux/Virut whatever...

http://www.symantec.com/security_response/writeup.jsp?docid=2009-020411-2802-99

...I suppose you'll dismiss this as well

Like how you dismissed my statement that TROJ_VIRUX.A exploits MS07-042
and how that vulnerability does not appear to affect win-98?

Your reference to W32.Virut.CF (authored by Symantec) does not explain
how W32.Virut.CF gets onto a system and is launched. It only explains
what happens after it's launched.

There is insufficient code explanation for W32.Virut.CF on that page to
tell me that W32.Virut.CF does check to see what OS it's operating on
(9x vs NT) and to take that into consideration as it performs it's
various operations.

 

[FromTheRafters]

Like how you dismissed my statement that TROJ_VIRUX.A exploits
MS07-042
and how that vulnerability does not appear to affect win-98?

Your reference to W32.Virut.CF (authored by Symantec) does not explain
how W32.Virut.CF gets onto a system and is launched. It only explains
what happens after it's launched.

There is insufficient code explanation for W32.Virut.CF on that page
to
tell me that W32.Virut.CF does check to see what OS it's operating on
(9x vs NT) and to take that into consideration as it performs it's
various operations.

....just as I thought...