Immunet on XP legacy systems: Too buggy to work, don't bother

[Steven Stevenson]

This post is for users with XP legacy systems interested in maybe installing Immunet as a small footprint virus checker. Don't.

For those who don't know, Windows XP reached End Of Life (i.e. Microsoft ceased making new security patches for newly found security holes) way back in 2014.

This post isn't for users still running XP because they refuse to upgrade to a more recent version of Windows (by the way the only still patched version of Windows is now Windows 10, since Windows 7 is past EOL too, unless you buy Microsoft's pay support package). Anyone running XP for 'normal' use, including programs that access the internet such as internet browsers, has a head in the sand security policy and will probably end up getting badly hacked, probably when they least expect it and with probably with no immediate symptoms at all, though they might well end up with an empty online bank account if they were silly enough to do online banking on XP, and their contacts might end up being very displeased at receiving viruses emailed from the XP computer.

With that said: I'm responsible for a number of legacy XP systems, used only for running old non-internet-facing programs that won't run on newer Windows. In recent years, realtime antivirus programs that will run on XP at all have become very hard to find. And the ones that do run, in my experience, are the freeware versions of commercial programs, absolutely packed with nags ("Upgrade! Upgrade!' etc.) of multiple sorts, and which slow XP down a treat.

So I was pleased, this week, to learn of the existence of Immunet, and further pleased when a forums search here told me that v5 would install to XP. So I found a v5 installer (from a reputable source elsewhere), and installed it.

It installed fine, but getting the program to even update its definitions was next to impossible. I eventually managed, but then the program didn't function at all as a realtime virus checker, even though its GUI said that it was providing protection (tested with Eicar). Deeply misleading and giving  a very false sense of security.

And every sort of scan with Immunet v5 failed almost all the time. The screencap here shows a typical error message.

Having spent a number of hours trying to get the program working on XP, I am not interested in spending more time, since the program is clearly very buggy (at least v5 on XP, I have no knowledge of other combinations of program and Windows versions, though I believe the program has had some good reviews). I'm posting this as a warning to anyone in a similar situation to not bother at all trying to make Immunet work on your legacy XP system. Don't waste your valuable time.

I nursed the program along, uninstalled/restarted Windows/reinstalled, tried restarting the service, looked for solutions on this forum (hard when you can't search for 'XP'!!), but nothing helped. I'm a very experienced Windows geek (tens of thousands of hours problem solving, we real geeks never reimage Windows, we edit registries ), XP was definitely free of malware, and I had no other security software installed, so it couldn't conflict with Immunet.

Those responsible for legacy XP systems desperate and for a realtime virus checker could try googling something like: realtime antivirus XP . I use one but I won't say what it is here, also it slows XP down so much I generally have it turned off (I don't use XP much at all anyway and do few installations on it).

All the above testing was done in an Oracle VirtualBox Virtual Machine. I guess it's barely possible that Immunet v5 might work with a non-VM XP installation. But I, for one, wouldn't trust it, or waste my time trying to get it working, now I know better.

 

The executive version: Windows XP with Immunet... Just say NO!

[ritchie58]

Hi Steven,

I could see where some folks might want to still use an old rig with XP installed for the software that wouldn't be compatible with newer platforms. But like you mentioned anyone foolish enough to do ANY on-line activity with XP is, literally, taking a huge gamble even if you have an AV installed or not!

Of course Immunet quit supporting XP years ago. This includes newer & older builds of Immunet including your version 5. Because of this Immunet will not even be able to reliably connect to the Immunet servers for cloud look-ups during scans or pull down new ClamAV malware definitions. The servers won't recognize the in-coming requests as legitimate.

I'm sorry to say you had to find this fact out the hard way Steven. You should have asked first on the forum 'before' spending all that time experimenting!

Here are some AV solutions that might still work with XP & still have some decent efficacy according to a recent AV comparatives test.

BitDefender Internet Security 2014, Kaspersky Lab Internet Security 2014, and Panda Security Cloud Antivirus Free 3.0.
 

If you can find an older installer of Malwarebytes Anti-Exploit that supports XP that would be a great added layer of security for users.

I helped closed alpha & public beta test Anti-Exploit for years when it was a Zero Vulnerability Labs product and then for Malwarebytes after they bought the company. For my efforts I got a free lifetime license for Anti-Exploit Premium (the paid version)! Is that cool or what!

A-E is now part of MB's AV but you can still get new public beta builds to test.   

Regards, Ritchie...

[Steven Stevenson]

Thanks ritchie58, your advice is appreciated.

[Robert G.]

Yeah, what Ritchie said is true. Anyone still using XP and doing any online activity is just asking for it!

[zombunny2]

Thinking about your threat-model... The legacy system is believed to be currently-clean, and not on the internet. This means any threat would have to come from somebody using an infected USB, CD-ROM, or floppy-disk (or network-shares, if it's on a LAN).

This is great as you can potentially avoid wasting your resources on realtime protection on this machine at all. I don't use AV on my emulators and vintage VMs, as (for the same reasons as your XP machines) there's hardly any way they could get infected. For nostalgia's sake I have a copy of Dr Solomon's on a W95 VM, and Datafellows or F-Prot or something on my Windows for Workgroups one. I can't remember the last time I ever scanned anything with them though. I guess it would help if I ever discover a floppy disk in the attic or something.

As the person responsible for these machines, you likely have some degree of authority that you can perhaps wield here: Have you considered mandating that any storage-medium to be connected to this machine must first have a full scan performed on it by whichever computer it came from? Make it part of company IT policy for legacy machines, put a little reminder sign by the legacy machines... Going even more extreme, you can even buy manual locks that plug in to USB ports and floppy drives, to prevent unauthorised usage of such devices. Should anyone wish to use such a device, they'd have to ask you for the key.

I'm not surprised you couldn't get Immunet 5 working. I seem to remember XP-era Immunet was circa version 3 and below. Version 5 was probably compiled against Vista or 7, so probably can't run on XP. Additionally, Version 5 itself is now very outdated. The Immunet infrastructure has changed since then, so cloud lookups would probably fail if you were online. Additionally, the ClamAV engine has received numerous updates since then, so the current ClamAV database will probably fail to load in the old engine.

You may have a moderate degree of luck if you hunt the various vintage-software archives for old versions of behaviour-based protection tools (I'm thinking NoVirusThanks OSArmor and VoodooSoft VoodooShield here). I'm not sure when those tools came into being, but they may have been around early enough. I used to know a number of people who ran Comodo's firewall as their only protection, due to its behaviour-blocking techniques. So one of the more-sophisticated XP-era firewalls might be what you're looking for. Therefore, although it won't provide you with up-to-date static file-detection, a vintage copy of Comodo Firewall or Comodo Internet Security might give your XP machine sufficient protection to stop most of the payloads and hacks that it'd still be capable of running anyway.

Given that fewer and fewer crackers and viruses will be specifically targeting XP due to the dwindling numbers of remaining installations, one of these solutions may just give you enough protection. Your gran's W7 or W10 PC running nothing but Windows Defender, navigating from her webmail to a fake online-banking page, is much lower-hanging fruit for an average cracker than an airgapped legacy machine in a corporate environment. If someone's targeting the latter, your firm is a specific target not an opportunistic one, and you'd be best off hiring a consultant.

If a network share serves these XP legacy machines, you may wish to configure virus-scanning on that share on the server. I guess Windows servers do that automatically with their realtime protection. On Linux, you can configure ClamAV to do on-access scanning of selected paths quite easily via clamd.conf.

As an on-demand scanner on these machines, you could try ClamWin, but it's been abandonware for a number of years, so probably can't load the latest ClamAV databases. You could also try ClamAV for Windows (from the ClamAV web site), but again, this is compiled against newer versions of Windows so XP probably doesn't have the correct DLLs and APIs present for it to run. Another problem you may run into is that a current virus database will probably occupy more RAM when loaded, than a typical XP-era machine has to offer. Therefore I think the problems surrounding having these machines attempt to protect themselves, are far, far greater than the benefit you would gain over having modern machines just scan whatever disks you subsequently feed to these legacy machines.

[zombunny2]

14 hours ago, Robert G. said:

Yeah, what Ritchie said is true. Anyone still using XP and doing any online activity is just asking for it!

^^This! Especially when a significant number of Linux distributions still provide 32-bit x86 binaries (Debian, Devuan, Trisquel, Gentoo) that work faster and better with current software, than XP ever did.
I still have 2 XP-era machines. If I had any "XP-only" software that only ran on XP, they'd be airgapped, for sure. - But most of the time, you can use a modern Linux distribution with Wine, which so far seems to run any XP-era (or earlier) Windows binaries I throw at it, flawlessly. Thanks to Wine, I recently managed to revisit some games I created when I was at school, using Europress Klik n' Play, and Corel Click n' Create! Happy days...