Windows 2000 Up to Date AntiVirus

[EarthwormJim]

I work at a power supply lab, and some of the oscilloscopes that we use, are Windows 2000 embedded based computers (Techtronix TDS5104B).

There does not appear to be a way to update the OS to something modern. The software to run the oscilloscope portion of the computer, won't install on anything except for the custom Windows install supplied with the scope.

So barring the usually suggestion, stop using Windows 2000, does anyone know of any anti virus software that is still updated and maintained that works for Windows 2000? I don't care if it is a paid-for anti-virus, these are expensive machines anyway.

We need these scopes on our local network for remote control purposes, so we can't really isolate them. They do not need an internet connection, but they're still vulnerable to other computers being on the same local network. Flash drives are regularly plugged into them too, for data retrieval. We've had lots of issues in the past with them getting infected.

 

[Elixer]

Well, you will have an extremely hard time trying to find any AV software that is still useful for that OS.
You sure you can install programs on those, can you actually log into the device or anything of that nature? With a embedded OS device, I would also assume that running anything at intrusive as a AV scanner would slow the unit down, and could cause more issues.

About the best you can do is wall them off as best you can, and that would mean to virtualize access to them. In other words, you would have a specific machine that is plugged into these, and basically let it act like a firewall & AV scanner and so on for that device.

You can even have a linux box hooked up to these, with the only job being to read the data that equipment supplies, and then tape off the USB ports on that device, and force people to use the other machine to access the data.
If you don't want to use linux, you could use windows, then add firewalls & scanning software on that machine, but again, that machine would be the one that would copy all data off the device.

Heck, if you are really paranoid, you can introduce a VM here, and every night, you wipe out the VM, and install a known clean image, and work like that.

 

[EarthwormJim]

Well, you will have an extremely hard time trying to find any AV software that is still useful for that OS.
You sure you can install programs on those, can you actually log into the device or anything of that nature? With a embedded OS device, I would also assume that running anything at intrusive as a AV scanner would slow the unit down, and could cause more issues.

About the best you can do is wall them off as best you can, and that would mean to virtualize access to them. In other words, you would have a specific machine that is plugged into these, and basically let it act like a firewall & AV scanner and so on for that device.

You can even have a linux box hooked up to these, with the only job being to read the data that equipment supplies, and then tape off the USB ports on that device, and force people to use the other machine to access the data.
If you don't want to use linux, you could use windows, then add firewalls & scanning software on that machine, but again, that machine would be the one that would copy all data off the device.

Heck, if you are really paranoid, you can introduce a VM here, and every night, you wipe out the VM, and install a known clean image, and work like that.

These are Windows 2000 Embedded, but they're really fully functioning Windows 2000 installs (SP4), with some Tektronix drivers preloaded and a different splash screen on bootup.

The computers are Pentium 4's, Northwoods with dual channel DDR, so they are ancient, but they're actually pretty responsive for what they're meant to be used for.

 

[lxskllr]

You could use ClamWin and ClamSentinel for realtime scanning. I question using av at all though. Presumably, these thumb drives/network requests are coming from machines with av installed, and it didn't work for them.

 

[EarthwormJim]

You could use ClamWin and ClamSentinel for realtime scanning. I question using av at all though. Presumably, these thumb drives/network requests are coming from machines with av installed, and it didn't work for them.

The problem, is that some of these scopes may be sent to our factory in China.

I don't really have control over the flash drives there, and good IT practices are foreign to some of my counter parts in China. So I wouldn't put it past them, to use flash drives from unprotected computers.

I was hoping to just install something, anything really, so that something as ancient as Conficker doesn't affect the computers, which has happened in the past.

I was checking Eset's website, it looks like an older version of Nod32 would work, paired with new virus definitions.

I'll look into Clamwin too.

 

[EarthwormJim]

Wow cool, Clamwin looks like a winner, thanks lxskllr.

Anything should be better than nothing.

These computers are left running 24/7, so a scan every night should be fine.

 

[lxskllr]

ClamWin is scan on demand only. ClamSentinel that I linked adds realtime scanning(using the ClamWin engine, which also needs to be installed) but I've never used that portion. Wikipedia also mentioned something called WinPooch, which uses ClamWin, and it may be worth investigating.

 

[EarthwormJim]

ClamWin is scan on demand only. ClamSentinel that I linked adds realtime scanning(using the ClamWin engine, which also needs to be installed) but I've never used that portion. Wikipedia also mentioned something called WinPooch, which uses ClamWin, and it may be worth investigating.

Got it, thanks for your help.

 

[sbpromania]

I hope that this will work, at least for scanning. You can try to see if the ESET Online Scanner installs on you IE version: http://www.eset.com/us/online-scanner/#tab-tab-24958

 

[nemesismk2]

i had never heard of ClamWin before but i will look into it further and have already installed it.

 

[mikeymikec]

I'd establish a policy of no browsing on those computers. If there's one website they have to have access to, then it's the exception. If there are still doofuses (sp?) in the office who can't abide by those rules (though a threat with the implication that any trangressions will be answered with some metaphorical nuts roasting over an open fire, usually does the trick), then enforce it with minimal privs, group policy, EMET if possible, etc.

Having anti-virus is not the "one size fits all" solution, it's a good idea to have it as a potential safety net (albeit a flawed and weak one). You've got to stop people from browsing. Does any modern browser work on Win2k? Off the top of my head, no. So the browser security is going to suck as well.

 

[Bradtech519]

You could use an older version of ESET NOD32 that they still offer to customers that buy the AV. I actually have it on a Virtual Machine of 2000 pro I use to play on an older unsupported game. I believe Version 3 and a few after it supported 2000/xp.

 

[EarthwormJim]

I'd establish a policy of no browsing on those computers. If there's one website they have to have access to, then it's the exception. If there are still doofuses (sp?) in the office who can't abide by those rules (though a threat with the implication that any trangressions will be answered with some metaphorical nuts roasting over an open fire, usually does the trick), then enforce it with minimal privs, group policy, EMET if possible, etc.

Having anti-virus is not the "one size fits all" solution, it's a good idea to have it as a potential safety net (albeit a flawed and weak one). You've got to stop people from browsing. Does any modern browser work on Win2k? Off the top of my head, no. So the browser security is going to suck as well.

There's never browsing, it's actually pretty hard to do any web browsing on a Windows 2000 machine. You have to go out of your way to find a browser that works with modern web pages. These machines usually get infected from USB flash drives or possibly from being on the same LAN as other computers.

These are oscilloscopes that happen to have Windows, they're really not used as general purpose computers.

Here's a picture (yes that's a floppy drive):

You could use an older version of ESET NOD32 that they still offer to customers that buy the AV. I actually have it on a Virtual Machine of 2000 pro I use to play on an older unsupported game. I believe Version 3 and a few after it supported 2000/xp.

Would this require a subscription? For the oscilloscopes I have physical access to, NOD32 would be fine. The ones being sent to our factory, I can't maintain a subscription.

So far though, Clamwin seems to be fine. Doesn't seem to negatively affect using the scopes. I did put solid state drives in all of them, so that may be helping.

 

[mikeymikec]

If attacks are coming from other machines on the LAN, just VLAN it (maybe even just giving the Win2k machines a different band of IPs might be enough)? If the attacks are coming from USB, disable autoplay on Win2k?

 

[John Connor]

As to the network side of things, perhaps this could help? https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx

USB side of things I would make sure autoplay is off. I never messed with 2000 all that much, but if it has a gpedit.msc or some other group policy editor there you should be able to find a policy to turn off auto play for all drives. In fact, gpedit.msc is the one true way to stop autoplay. I always turn it off myself when I first install Windows.

 

[EarthwormJim]

That's a good point about autoplay, I'll be sure to turn it off.

Group policy goes back to Windows NT, so I'm pretty sure there's an editor in Windows 2000, I'll check on Monday.

I don't think I can easily setup VLAN. I'm not IT, I'm a power supply engineer, just I happen to take care of our scopes since our IT contractors don't want to touch them. I don't have admin access to our switches and servers.


Autoplay disabled + antivirus with nightly scans should be good enough I'm hoping.