Please advise on bet virus scanner for Win XP Pro SP3 32 bit.

I need to get this laptop working with some protection.

Please provide links.

I have tires some that say they are compatible but will not install
saying not compatible.

Thank you.

On Mon, 24 Oct 2022 11:08:05 -0700, MyName <MyName@NoSpam.com> wrote:

>
>Please advise on bet virus scanner for Win XP Pro SP3 32 bit.
>
>I need to get this laptop working with some protection.
>
>Please provide links.
>
>I have tires some that say they are compatible but will not install
>saying not compatible.
>
>Thank you.

You might install this in the mean time until you get an AV.

I've used this program for years without any AV or other 'security
suite'. The only other security program I use on my XP is Sygate
Firewall to keep stuff from calling home.

https://www.toolwiz.com/lead/toolwiz_time_freeze/

MyName <MyName@NoSpam.com> wrote:

> Please advise on bet virus scanner for Win XP Pro SP3 32 bit.
>
> I need to get this laptop working with some protection.
>
> Please provide links.
>
> I have tires some that say they are compatible but will not install
> saying not compatible.
>
> Thank you.

https://www.google.com/search?client=firefox-b-1-d&q=antivirus+windows+xp

Note: Avast acquired AVG.

Sorry, "some" doesn't say which you tried, so expect duplication of your
efforts to responses here. Typically using the standard download link
points to their latest version, not to one that works on older and
perhaps unsupported versions of the OS, and whose installer will reject
a too-old OS version. You may have to dig into their site to find older
version downloads that are XP compatible. Or you can see if an old
version that supports the old OS is available at oldversion.com.

On 10/24/2022 2:08 PM, MyName wrote:
>
> Please advise on bet virus scanner for Win XP Pro SP3 32 bit.
>
> I need to get this laptop working with some protection.
>
> Please provide links.
>
> I have tires some that say they are compatible but will not install saying not compatible.
>
> Thank you.

This article is three years old, and already you can see
the options are limited. It's possible none of these will
install any more.

https://appuals.com/the-5-best-antivirus-softwares-for-windows-xp/

Part of this is caused by staff getting new Visual Studio setups,
and those may be loading .NET into the executable, that WinXP
does not have. The .NET libraries, are just one of the
ways of "poisoning" programs against WinXP. There can also
be kernel checks, which when they detect WinXP, won't run.
The kernel checks can be in Microsoft code, not in the
application code.

Some products tell you right away, what the odds are.

https://support.eset.com/en/kb7292-microsoft-windows-support-policy-and-eset-products

As a Windows XP user, your ESET Windows home product has reached...

ESET NOD32 Antivirus, ESET Smart Security

Product version 9
End of Life date December 2019
Shutdown date September 28, 2022 [hidden protections like heuristics may stop]

The comments section in this article, tell you the situation is dire.
They probably have not updated the article, by trying to install these.

https://windowsreport.com/antivirus-windows-xp-service-pack-3/

While you can look at items like this, who has used this ???
Is it just ClamAV in disguise ?

https://www.totalav.com/

The free version of that, doesn't have realtime protection. The
free version is just an on-demand scanner. Like a ClamAV would be.

https://www.pcmag.com/reviews/totalav-essential-antivirus

ClamAV is hosted by Cisco Talos group. And is FOSS. The
definitions are things, that other AV companies would include
in their scanner. This would be an on-demand scanner, meaning
you can say "scan my C: drive", but it won't scan that dodgy
email attachment you just double-clicked. It does not provide
automatic real-time scanning of just-clicked EXE files.

https://www.clamav.net/

The cupboard is pretty bare. And the companies that might
support WinXP, may not be doing much more than ClamAV in
a sense. Unless AV-Comparatives makes a point of testing
Windows XP, we won't have a clue how good they are.

Paul

MyName used his keyboard to write :
> Please advise on bet virus scanner for Win XP Pro SP3 32 bit.

well, on the last pc I had with windows xp, well after it was
discontinued, I installed Bitdefender
maybe the 32bit version is still available

--
/-\ /\/\ /\/\ /-\ /\/\ /\/\ /-\ T /-\
-=- -=- -=- -=- -=- -=- -=- -=- - -=-
............ [ al lavoro ] ...........

"MyName" <MyName@NoSpam.com> wrote
| | Please advise on bet virus scanner for Win XP Pro SP3 32 bit.
|

https://clamwin.com/

I also have some rootkit hunters and an MS malicious
software tool, but none are recent versions. Personally
I haven't used AV for about 20 years, except occasionally
when I get suspicious about something. So I don't know
about software that you leave running all the time.

So much for that.

I tried to download on two different PC and nothing happened when
clicking on download "Download the latest version here".

Mayayana wrote:
> "MyName" <MyName@NoSpam.com> wrote
> |
> | Please advise on bet virus scanner for Win XP Pro SP3 32 bit.
> |
>
> https://clamwin.com/
>
> I also have some rootkit hunters and an MS malicious
> software tool, but none are recent versions. Personally
> I haven't used AV for about 20 years, except occasionally
> when I get suspicious about something. So I don't know
> about software that you leave running all the time.
>
>

"MyName" <MyName@NoSpam.com> wrote

| So much for that.
| | I tried to download on two different PC and nothing happened when
| clicking on download "Download the latest version here".
|

https://sourceforge.net/settings/mirror_choices?projectname=clamwin&filename=clamwin/0.103.2.1/clamwin-0.103.2.1-setup.exe&selected=cytranet

I don't even allow script and it works for me. I just clicked
the "Problem Downloading?" button where it says my download
has started. Then I clicked the "direct link" link near the top.

Thanks.
Got it at the direct link.

Mayayana wrote:
> "MyName" <MyName@NoSpam.com> wrote
>
> | So much for that.
> |
> | I tried to download on two different PC and nothing happened when
> | clicking on download "Download the latest version here".
> |
>
> https://sourceforge.net/settings/mirror_choices?projectname=clamwin&filename=clamwin/0.103.2.1/clamwin-0.103.2.1-setup.exe&selected=cytranet
>
> I don't even allow script and it works for me. I just clicked
> the "Problem Downloading?" button where it says my download
> has started. Then I clicked the "direct link" link near the top.
>
>

On 26.10.22 1:26, Mayayana wrote:
> "MyName" <MyName@NoSpam.com> wrote
>
> | So much for that.
> |
> | I tried to download on two different PC and nothing happened when
> | clicking on download "Download the latest version here".
> |
>
> https://sourceforge.net/settings/mirror_choices?projectname=clamwin&filename=clamwin/0.103.2.1/clamwin-0.103.2.1-setup.exe&selected=cytranet
>
> I don't even allow script and it works for me. I just clicked
> the "Problem Downloading?" button where it says my download
> has started. Then I clicked the "direct link" link near the top.
>
>
downloaded it .
Thanks.

"MyName" <MyName@NoSpam.com> wrote

| Thanks.
| Got it at the direct link.
|

A caution... I'm trying a run of the latest Clamwin
on XP. I got a warning from my firewall that it was
trying to go online, which was apparently triggered
by an alleged virus discovery. Clamwin never asked
nor informed me that it was going to go online.

The alleged virus is fontsub.dll, with "Win.Keylogger.Metel".
I copied that file, then compared it byte-by-byte to
a copy I took from a SP3 CAB. They're identical. And
this particular XP is on FAT32, so it can't be an ADS file.

This is one reason I avoid AV. I once tried MalwareBytes
and it found 10 bogus problems. One was my bootloader
EXE from BootIt! ...So if you run Clamwin just be careful
not to let it handle any issues by itself. You could end up
with a messed up system.

This kind of thing has been documented in VB6 groups, as
well. Karl Peterson, an MS MVP for VB, once wrote an
article about how he triggered virus false positives by
hardcoding an HKLM Registry address into an EXE. I've
had trouble myself with certain compile configurations.
I changed the compile options and cleared the false positive.
I only knew about it because a customer wrote to me. I
then tried to inform the AV company, only to find that there's
no one minding the store. You can report a virus but you
can't actually reach a human.

I think this highlights 3 widespread problems. One is that a false
positive is much better for ther reputation than missing real
malware. Another is a tech-wide problem: It's cheaper and
easier to automate as much as possible and eliminate humans.
And then there's just the simple fact that AV is out of date.
The idea of checking signatures started when signatures were
1 MB and came out once per month. Now they come out several
times per day and go into the 100s of MB.

On 10/27/2022 9:10 AM, Mayayana wrote:
> "MyName" <MyName@NoSpam.com> wrote
>
> | Thanks.
> | Got it at the direct link.
> |
>
> A caution... I'm trying a run of the latest Clamwin
> on XP. I got a warning from my firewall that it was
> trying to go online, which was apparently triggered
> by an alleged virus discovery. Clamwin never asked
> nor informed me that it was going to go online.
>
> The alleged virus is fontsub.dll, with "Win.Keylogger.Metel".
> I copied that file, then compared it byte-by-byte to
> a copy I took from a SP3 CAB. They're identical. And
> this particular XP is on FAT32, so it can't be an ADS file.
>
> This is one reason I avoid AV. I once tried MalwareBytes
> and it found 10 bogus problems. One was my bootloader
> EXE from BootIt! ...So if you run Clamwin just be careful
> not to let it handle any issues by itself. You could end up
> with a messed up system.
>
> This kind of thing has been documented in VB6 groups, as
> well. Karl Peterson, an MS MVP for VB, once wrote an
> article about how he triggered virus false positives by
> hardcoding an HKLM Registry address into an EXE. I've
> had trouble myself with certain compile configurations.
> I changed the compile options and cleared the false positive.
> I only knew about it because a customer wrote to me. I
> then tried to inform the AV company, only to find that there's
> no one minding the store. You can report a virus but you
> can't actually reach a human.
>
> I think this highlights 3 widespread problems. One is that a false
> positive is much better for ther reputation than missing real
> malware. Another is a tech-wide problem: It's cheaper and
> easier to automate as much as possible and eliminate humans.
> And then there's just the simple fact that AV is out of date.
> The idea of checking signatures started when signatures were
> 1 MB and came out once per month. Now they come out several
> times per day and go into the 100s of MB.

You should have run the candidate file through Virustotal.

Using the 7ZIP context menu (the one that computes SHA1
or SHA256 for a file), you can compute one of those and
feed it to the virustotal.com "Search" function. If the file
exists, this takes little time to access the report for the file.

One other thing. When you have a rootkit on board, it can
"show you" an uninfected fontsub.dll , while the real one
is infected. Root kits are not common any more, but
that's just an illustration of how fallible human interaction
with the file system is. You can't trust anything the
computer tells you, when you are really infected.

If you boot a Linux LiveDVD and execute

sha256sum fontsub.dll

that will allow you to analyze the file-at-rest. Then,
from LInux, you can run a virustotal.com thing and enter
the sha256 sum in the search option. If the sha256 sum is
unknown, then you have to upload the file to have it
analyzed. (I avoid their upload, because it's so flaky.
Many times an upload fails, before it finishes.)

Paul

"Paul" <nospam@needed.invalid> wrote

| You should have run the candidate file through Virustotal.
|

I'm not worried. Clamwin also flagged the copy of the file
I made, as well as the CAB and the extracted version from
my stored XP SP3 files.

It appears this particular bug is used to attack banks.
Ironically, it's not easy to find info because "keylooger"
turns up lniks to track your kids and spouse. :)