Antiquities: vintage antivirus and applied digital archeology

Published on August 02, 2018

Antiquities: vintage antivirus and applied digital archeology

    Kaspersky Lab recently turned 21 years old. Evgeny Kaspersky marked this event with a post about technology. I decided, with my iron-vintage bell tower, to look at the history of the company in my own way. In the previous text, I have already touched upon the problem of the sudden disappearance of entire pieces of infrastructure from the Internet. The reluctance of many companies to maintain old versions of sites, to post old versions of software is quite understandable - there is no time and no desire. In the case of security software, it can still be harmful.

    Nevertheless, as IT companies mature, I would like to see more efforts to preserve history. One web archive is not enough here. At first glance, the “Laboratories” have a very good story: the company's office has a museum with boxed versions from new to ancient. There is also a mirror of the company's very first site, which supports, as it says, Internet Explorer 3.0 or Netscape Navigator 3.0 (checked, works!). I went there for the purpose of historical reconstruction of the user experience twenty years ago, but ... everything turned out to be difficult. Today, the story is partly about Kaspersky Anti-Virus for Dos and Windows 95, and partly about the difficulties and joys of digital archeology.

    In search of meaning


    The practical benefits of all my hobbies associated with collecting laptops of the late 90s are rather dubious. With this in mind, at some point I stopped buying new-old computers. I focused on bringing the configuration of the copies I have to the required condition (see one of the previous posts and periodic updates in my telegram channel ). But the iron is not so important. Software, in the context of recreating the environment at that time, is more interesting and more complicated. This is where genuine digital archeology is, and even old iron is not always required for it, emulators are enough (but not always).

    What was the development of sites in 1999? How to play video on the "first stump" in Windows 95? Is it possible to call somewhere by a modem, if the wires are no longer connected to the house? How to play and sort the music? It is possible to spend a lot of time on a thorough study of each of these topics: it will take both the study of “eyewitness accounts” and the knowledge of the outdated materiel (modem AT commands remember everything by heart?) And the hard work of finding the right software versions. But the answer to the question "how to protect data on the old computer from (old?) Viruses" - it is a little more difficult. Security software is the actual software plus regular updates. You can almost guess the version of one or the other - and skip to the old computer some kind of infection, which appeared a little later.

    The likelihood of such an incident is quite high: in a situation when the websites of manufacturers have long been turned off, or the content on them has changed thirty-three times, from which it is not necessary to get the necessary distributions of games and programs. Can they be infected? Yes, any number, and anything. My experience shows that the old malware is best handled by modern security software with old malware, as well as with new ones. Therefore, I conduct network excavations in an isolated virtual machine, and then I will scan the entire catch, to avoid. An ancient antivirus on an ancient system I now have installed for the same reason that WinAMP stands there - there are newer and more comfortable players, but more authentic.

    Excavations


    Actually, the site avp.su from 1997 gives a lot of pleasant reading about the antivirus science of those years, sometimes switching from a fast local copy to an incredibly inhibiting web archive. But there are no files there, or rather there is only the offline edition of the AVP virus encyclopedia . But from there you can get the names of the files, and search for them already. What kind of search frames do we have? For this, I still went to the web archive and dug a tech support site until I found this one.



    Oh no, not that. This:



    Apparently, Kaspersky Anti-Virus 6.0 is the freshest version that will run on my vintage hardware running Windows 98. I do not take Windows XP into account in this experiment - with the third service pack you can install Kaspersky Internet Security on it 2017, which is officially supported so far . Trials of the sixth version are online without any problems: data from fifteen years ago is usually easily searched. Now it’s already more difficult, although the web archive contains a copy of the once famous Tucows site, and there is a 2004 version of Kaspersky Anti-Virus Personal Pro.

    And further? This is where the problems begin. A web archive of early versions of sites usually does not store files, hopes to find something there a little, especially if the site used dynamic links. I was helped by unique file names, creative google by which led me to a couple of FTP servers, which seem to be set up in 1998, and they work that way.



    And what is there with us in the last line? Ay-ay, Semyon Semyonitch, how so ... I will not give the link to FTP, being afraid of a habraeffekt: either will break, or will close, it will be insulting to lose such artifact. Still, in the early Internet was good: all their own, everything was open wide, a few people. Compared to the network of twenty years ago, the Internet today is a collection of fences of varying degrees of height, and in fact on the case! Open FTP in 2018 is certainly not like an open SMTP server, but it seems.

    Finally, the distributions are mined, and you can begin the test. I decided to limit myself to three versions of the antivirus: for DOS, an early version for Windows 95 and the most modern version for Windows 98.



    AntiViral Toolkit Pro by Eugene Kaspersky for DOS Version 3.0


    To work in clean MS-DOS 6.22 and Windows 3.11, I use one of five ThinkPad 600 laptops, which you can read more about here . USB flash drives work in DOS, so it’s easy to rewrite the desired program from a modern computer. And then we see ...


    Next we see that I forgot to install the crack. I extract trouble-free keyrus - it seems to be the program with which I have never, anywhere, had any problems. At least the past 25 years. More information about the program and its author - here .


    So much better, but not working. Let's go back to the vintage site: oh yes, we still need bases with information about the latest viruses. In the absence of a mechanism, and even the infrastructure itself, for online updates, it was necessary to regularly download another archive with anti-virus databases from the site. I suspect that there were other channels, now unknown to us. Bbs? Physical mail?


    I admit honestly, I could not get the AVP archives for DOS downloaded from someone else: the databases did not fit, then something else. In the end, I made another attempt to search the web archive, and found a copy of avp.ch with working links to the files. So I got a guaranteed working bundle from AVP Lite and antivirus databases.

    Antiviral Toolkit Pro by Eugene Kaspersky for Microsoft Windows 95


    This program is a new step in the fight against computer viruses, it is a completely 32-bit application optimized for working in the Microsoft Windows 95 environment and using all the features that this environment provides.


    Ah, this vintage design. AVP for Windows, also known as AVP32, already had familiar functions that now seem standard, like automatic updates.


    However, this is not the automatic update that you imagine.


    Note the number of entries. A copy of the avp.ru website was "frozen" in 1997, when there were a little more than 9,000 entries about malware in the databases of the Laboratory. The version for Windows I found has a database dated January 1999 and contains more than 26 thousand entries. Now as many new malicious programs appear in about two hours.

    Kaspersky Anti-Virus 6.0


    The most “fresh” version working on Windows 98 requires updating the operating system itself - otherwise the .msi format installer simply does not start. And then you also need to install MS Visual C ++ Runtime. If by 2005 you were still using Windows 98 for business (and not like me), then all of these components would already have been with you - otherwise more than half of the current versions of the programs would not work. I also had to install everything from scratch. Life hacking: a more or less modern version of Microsoft Office installs all these things with it.


    This is the same legendary “six”, about which there is a separate story on the modern “Laboratories” website . Everything possible was done in it to “Kaspersky no longer slow down”, with the constant expansion of the functionality. Unlike the 1997 version, Kaspersky Anti-Virus 6.0 is tied to a network and requires communication with an already inoperative infrastructure: both for activation and for regular download of updates. But what a cute umbrella!

    Impressions of old versions of security software non-standard. About a lot of programs we can say that in general it was not necessary to update them, except for compatibility with new versions of the OS: “do not touch”. Judging by AVP32 from 1997-1999, a twenty-year-old antivirus requires a lot of manual control: you really need to "adminit" it. The difference between it and modern Kaspersky Internet Security is huge: you install it, and it just works. And further. Unlike other software, the effectiveness of antivirus is determined not by the speed of developing features, but by the reaction to threats. It is simply impossible to stand still: in the late 90s, it was necessary to invent online update systems when most developers did not even think about it.

    By the way, what about the "viral encyclopedia"? The coolest there are practical demonstrations of the effects that accompanied the work of a number of malicious programs of the ancient era. Below is a small example. You can try the rest yourself, the encyclopedia works under DosBox ( link to the archive ). Only keyrus do not forget to run.


    Good times were warm and lamp times. The reality of today is somewhat tougher, with regard to security, and not only that. It is a pity that era: when a “cyber attack” in the worst case ended with formatting a hard disk. Apparently such progress is inevitable. But if everything gets it, I have a computer with DOS, without a network, but with Dos Navigator and Prince of Persia. For many of my important matters, this set is still sufficient.