Jump to content

Windows XP SP2


Recommended Posts

Hi - you may laugh, but I have a machine that is still running Windows XP SP2, and the OS must not be touched (long story to do with tool certification).

I found mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.exe, many thanks for making that available, but it requires SP3. So at present the only version of Malwarebytes that I can run is mbam-setup-2.1.6.1022.exe, from mid-2015.

So my question is: please could you provide a link to download whatever was the latest version of mbam / mb3 that worked on XP SP2?

Just hoping.

Thanks.

Link to post
Share on other sites

David has a point.
https://en.wikipedia.org/wiki/Windows_XP#Service_Pack_3

The only thing you'd lose by upgrading to Service Pack 3 is an address bar on the taskbar. At least, feature-wise. Compatibility-wise, you shouldn't lose anything, but you did mention something about Tool Certification, @UltraDyne? Could you elaborate even a little?

Link to post
Share on other sites

I'm guessing there's some form of proprietary hardware and/or software being used with the machine that requires a specific OS and service pack level which prohibits installing any major updates/making any significant changes (such as installing SP3).  Unfortunately I don't know what the last version to support SP2 was, however the older a version is, the worse protection and detection capabilities it will provide so I really wouldn't advise relying on it to protect your devices or even to detect most modern threats and/or PUPs as the vast majority of signatures currently in use, including those which are included in the databases/signatures that would be downloaded by any older build like 2.x etc., would be exclusively version 3.x compatible as the scan and protection engines have been designed to disregard/skip (i.e. not use in any way) any threat signatures that use new/unknown syntax which has been added to later engine versions to avoid bugs and false positives (since the older builds would not know how to properly interpret them and therefore the behavior would be unpredictable if it tried to use a new type of syntax/signature that it did not recognize/wasn't coded for).  This is because as new detection methods/syntax are developed, the Researchers start using those more frequently than the older methods as they tend to be more powerful, more efficient and better at covering a greater number of threats (through the use of heuristics, which is what makes up most of the signatures used in Malwarebytes; very few are static/hash type signatures as most other more traditional AV/AM applications might use).

Obviously it's still better than nothing, but it is definitely less than ideal so I'd strongly advise only using it as a second opinion/auxiliary tool if at all possible, especially on an older OS like XP SP2.

That said, assuming it is compatible, the Anti-Exploit component could be very useful in helping to mitigate the risks inherent in using such an outdated operating system, however I do not know if there ever was a version of Malwarebytes with the Anti-Exploit component that worked with SP2 or if the standalone version of Malwarebytes Anti-Exploit ever supported SP2 but you can check in the standalone Malwarebytes Anti-Exploit Beta forums located here and a member of the team should respond to let you know.

Link to post
Share on other sites

Thanks all for comments. So far, no answer to my (more in hope than expectation) request for "a link to download whatever was the latest version of mbam / mb3 that worked on XP SP2".

As to why not just move to SP3: exile360 is spot-on, "proprietary hardware and/or software being used with the machine that requires a specific OS and service pack level which prohibits installing any major updates/making any significant changes (such as installing SP3)".

So, I'm running two threads in parallel: (a) talking to the powers that be about the costs/risks/timescales for moving to SP3 and recertifying the toolset, whilst also (b) asking Malwarebytes folks for acess to an obsoleted version. If the answer to (b) is "get lost", or we time out, then (a) becomes the only viable option. But (b) buys me time.

Link to post
Share on other sites

I don't know specifically what the last version of Malwarebytes to support SP2 is/was so at the moment all I can do is suggest that you try each one, starting with the most recent and work your way back one by one as far as you can until you (hopefully) find one that works.  Obviously you know where to get the latest, and the legacy version for XP/Vista can be found here and beyond that, you can find the final 2.x version on MajorGeeks and there are several older 3.x builds available on FileHippo, but beyond that I don't know of too many trusted sources that archive older builds (there are a few FileHippo clone sites out there that I've come across but I can't speak to their legitimacy/safety so I really can't recommend them even if they do have any additional builds, but if you have no other option, you should always be able to check any legit Malwarebytes installer to at least verify the file contents using InnoUnp which is an extractor tool for Inno Setup installer files which is the format used for all official Malwarebytes builds and it's also included in tools like UniExtract).

Link to post
Share on other sites

I have a quick update with news.  A member of Support just posted this link to the last version of Malwarebytes to support XP SP2 in another thread so that's the version you should install.

Just keep in mind that the other info we gave you still applies; there are a LARGE number of threats it will not be capable of detecting due to all of the more modern signatures in use by the Malwarebytes Research team as they generally tend to abandon older/less efficient/less effective detection methods once provided with newer/better optimized/more advanced tools for detecting and killing malware, but obviously it will still be much better than nothing at all.

Link to post
Share on other sites

Ah, the power of synchronicity :-)

So exile360's link https://malwarebytes.box.com/s/4usptr0ghcqoer1z07o1br2yk9g2cbtd

and MajorGeeks https://www.majorgeeks.com/mg/getmirror/malwarebytes_anti_malware_2,1.html

both point to mbam-setup-2.2.1.1043.exe, both copies are binary-identical and I find an MD5 of 52F4695C53B02ADA7D648F95F2E2F8B4.

It runs on my crusty old XP SP2 machine, great, and even greater, it gives me a green light. So that's sufficient confidence to continue using this machine for its purpose while I discuss upgrade options with the toolset vendor.

Thanks everyone, this has been a great forum, and from my pov at least, the thread can close.
 

Link to post
Share on other sites

It may run but, will have a reduced efficacy as many signature and heuristics are v3.x dependent.

Installing v2.x will give you a false sense of security.

 

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar
Link to post
Share on other sites

24 minutes ago, Amaroq_Starwind said:

Actually, @UltraDyne maybe you can give WehnTrust a try.

It doesn't appear to include anything not already provided by the Exploit Protection component in Malwarebytes.  In fact, it appears far more limited only providing ASLR and buffer overflow protection.  Malwarebytes provides those protections and a whole lot more.

Link to post
Share on other sites

8 hours ago, Amaroq_Starwind said:

Actually, @UltraDyne maybe you can give WehnTrust a try. Also, if the latest version of Firefox or Tor Browser still runs on Windows XP, then you can also use the Malwarebytes browser extension.

A PC running an old unsupported OS that is a "standalone system!" where "...proprietary hardware and/or software being used with the machine that requires a specific OS and service pack level which prohibits installing any major updates/making any significant changes (such as installing SP3) " as indicated by the OP should not even be used for Internet Browsing. Tor is used for privacy, not INFOSEC/COMSEC.  When such a platform is not used in such a fashion, it becomes an Appliance and the role it takes in its environment precludes such activity.  However such a PC is still vulnerable to Internet Worms and TCP/IP exploitation, the Insider Threat and other activities that are heightened by the age of the OS and the lack of manufacturer support in an aggressive hacktivisim and exploit environment that we face Today.

Such an Appliance needs isolation and protection.  For example, if it must be connected to the LAN then maybe there should be an external Firewall and/or Proxy node placed between the platform and and the LAN.  Blocking all but the required communication the Appliance is used for.

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.