Obviously you are 'into it', MEB.
Personally I don't seem to have those problems.
Just an observation, mind you...
Harry.
Post by MEBOkay, cut a bit.. change the direction a bit ...
Post by PCRPost by MEBPost by PCRPost by MEBPost by PCRPost by MEBPost by PCRPost by Jerry MartinThe following is the response I received from ALWIL Software
when I inquired about the end of support for avast! v4.8 and
the end of support for Windows 98/ME. I'm not completely clear
of the statement that support for Windows 98/ME ended at the
end of 2009, but that definition updates will be provide until
the end of 2010. Should I interpret this to mean that the
avast! v4.8 program files will not be updated, but that
definition update file that will work with Windows 98/ME will
be supplied until the end of 2010?
I share your interpretation. Sounds like procrastination in this
matter must end for me by October or so -- & I must scramble then
for protection! What a pity! Can you ask that Vanous whether he's
found new viruses that affect Win98 lately -- or is he just
giving us stuff for XP?
I think that answer will be hard to provide since polymorphic,
encrypted and hidden aspects, and other malicious activities now
dominate any infection, and hence its detection.
You're saying it's hard to tell Win98 viruses apart from XP types?
I'm hoping Vanous might know whether anything new has recently been
detected for Win98 & been put into the avast! definitions.
Ah no I'm not actually "saying" anything. Just observing that with
the application of polymorphic changes to almost everything being
done maliciously, what MAY have the defs and malware activities
associated with Win9X virus and other exploits, at any specific
previous time, may not be now... seems entirely plausible that is
likely occurring. And it really doesn't take much to change an old
hack or virus for Win9X into a new one that could slip by, nor to
just use a 9X system in just a control or distribution capacity;
not much there to stop it or even notice it.
I see -- you mean the virus signature may change & get by old avast!
defs. OK.
Right.
OK.
Post by MEBPost by PCRPost by MEBPost by PCRPost by MEBStill, it would be interesting to know, though taken with a
"grain of salt". so to speak..
Uh-huh. I see Martin hasn't had a chance to pass the query along,
though.
Yep, still waiting..
Me too. And I think signature changes are covered in my question
that I wish to be passed along to Vanous.
Well, its a bit more than that. The engine and its on-access/online
scanning with its heuristics and methods is outdated already. This
what the major issue appears to be now with even the
supported/updated AV, they aren't catching what they should; hacker
methods and exploits are changing faster than they can keep up, way
faster.
I think -- if the question will get to Vanous -- he might put mention of
heuristics in his answer -- if he's really any good. Could be the
heuristics as they relate to Win98 are actually unchanged, i.e., there
is only so much behavior that a thing can do to look like a virus in
Win98 (which is my understanding of what heuristics is).
Okay, maybe we need a bit more here.
A large part of the activity now isn't "virus" activity like most
people think of where it attacks all your files, crashes your system,
you know, that crap -like the old days; its using computers in botnets
for various functions like: to drain big bank accounts; DDoS of large
corporations; taking and use your accounts for other uses; and other
sundry stuff. It doesn't take much from any individual computer since
these rely upon massive amounts already hacked - if you've ever
P2P/tor/whatever for files, music, movies, or stuff, you should
understand the concept of massed computers working together on various
things.
For instance, in just the last two months, 2 massive hacker networks
were taken down, one in China [over 170,000 hackers registered], the
other in Spain [Mariposa botnet - reported as having around 12.7 million
hacked computers under its control INCLUDING many Fortune 500 companies
here in the US].
The "virus" like activity is now NOT static [which defs can be used
against] for the most part because its counter-productive to have these
discovered, instead constantly changing "hacks" [polymorphic] of
whatever THAT computer's function is in the botnet [like just a repeater
for control codes, IP to use in DDoS attacks, whatever] is what is
occurring more often. Since these are constantly changing, it is
extremely hard to detect them, because use of the Internet requires so
many things go on JUST when viewing pages or normal usage. Not even UDP
packets [like DNS, streaming, etc.] are safe from usage by hackers.
You have indicated that there must be some limit to what can be done in
a Win9X computer... whereas its more: WHY would you think there would be
some limit. The ability to install background hacks into the 9X/ME
system was accomplished years ago. IE does allow background hidden
instances, and numerous other, were all proofed. One of the MOST
vulnerable parts of the NTs IS/was the DOS/CMD/backward compatibility -
32bit-16bit coding - the 17 year old vulnerability; that is basically
what Win9X/ME coding is. In those systems, this was used to elevate
privileges and install programs, in 9X/ME there are no privileges to
overcome, no real user account protections even.
CVE-2010-0232
MS10-015
"What is the Windows Virtual DOS Machine (NTVDM) subsystem?
The Windows Virtual DOS Machine (NTVDM) subsystem is a protected
environment subsystem that emulates MS-DOS and 16-bit Windows within
Windows NT-based operating systems. A VDM is created whenever a user
starts an MS-DOS application on a Windows NT-based operating system."
Why is it so hard to put this aspect, this coding vulnerability/this
exploitable aspect, in context with the environments that use it AS the
OS, no emulation required.
There is no protective overlaying OS which has to be hacked to get at
the coding vulnerability, because that IS inherent in and to the OS.
This isn't the only issue which revolves around the
Intel/32bit-16bit/legacy code aspect. Couple this issue with the IE6
exploits, OE exploits, outdated Flash and JAVA, RealPlayer exploits,
FireFox exploits, and, uhh, put some name here and its likely exploitable.
The problem is these aren't the hackers of old, like a pimply faced
teenage kid writing some virus code and sending up with a nifty new
application; these are literally professionals for the most part, they
SELL: exploit code; bots; hack kits; use of their botnets or already
setup botnets; setup entire servers; sell personal information and
account information; and whatever is needed/used/wanted; these have
become businesses - criminal organizations for profit. Do they have
9X/ME worms, trojans, and hacks, ah yeah, they've had them for years.
Are they the same as the defs know, no unless someone attempts to use
one of the old ones; are they the same as might be found by the old
style heuristic methods, not likely, they are much more sophisticated;
its *profitable* to have as many computers hacked, and hacks/exploits as
might be wanted in that consumer market.
Which brings us back to my comment that I couldn't say what was going
on with these things NOW, because I stopped using and testing Win9X for
issues and vulnerabilities about, what, around four months ago. I did
however advise of several things PRIOR to ending this last activity with
Win9X as my primary OS and Internet connection. I *was* using AVAST with
custom settings, and extra protections and applications, and which
didn't stop the malicious activity or keep me from becoming severely
infected. Of course I went looking for this stuff...
Post by PCRAlso, don't forget, avast! has other capabilities that might be worth a
try -- such as customizing the Standard Shield to block opening,
renaming, deleting of files & formatting of drives. I haven't tried it
yet because it may make things awkward to do. Looks like, when a thing
is blocked, a requestor will be put up whether to allow it -- I really
should try!
Yeah I tried several custom settings.. I also had mine set to show ALL
the activity it was doing. Yep, tried a lot of stuff that last couple
years of testing....
Try it out, would useful now.
And that "makes things awkward to do" aspect is what causes a large
percentage of Windows, IE, Flash, and JAVA exploits to work. In the same
light as XP and other users using administrator accounts to access the
Internet because its inconvenient to use a protected/limited account,
and those who won't get the updates because their OS is pirated or they
think Microsoft is "spying on them".
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---