Learn to build secure applications from the mindset of the hacker and avoid being exploited.
Antivirus for Windows 2000 server
Hi
I have a client with a windows 2000 server they can't upgrade. I need to scan it for malware and haven't been able to find a product to do so.
Can anyone recommend one that'll do the job? It doesn't necessarily need to be free.
Thanks
I have a client with a windows 2000 server they can't upgrade. I need to scan it for malware and haven't been able to find a product to do so.
Can anyone recommend one that'll do the job? It doesn't necessarily need to be free.
Thanks
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Recommendation 1:
http://www.oldapps.com/malwarebytes.php?system=Windows_2000
recommendation 2:
try: https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx
or search an old version of it.
Recommendation 3: update them. They really have to move on to the new servers.
That server ran out from of updates for more than 10 years or so.
So I'm pretty sure that is vulnerable to whatever is up there today.
Always people will say that "they can't update it". But we all need to follow the standard procedures and let them know that whatever reason that server is still up... they can lose it with a ransomware or any wanna-cry attack. There is nothing 100% secure...
http://www.oldapps.com/malwarebytes.php?system=Windows_2000
recommendation 2:
try: https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx
or search an old version of it.
Recommendation 3: update them. They really have to move on to the new servers.
That server ran out from of updates for more than 10 years or so.
So I'm pretty sure that is vulnerable to whatever is up there today.
Always people will say that "they can't update it". But we all need to follow the standard procedures and let them know that whatever reason that server is still up... they can lose it with a ransomware or any wanna-cry attack. There is nothing 100% secure...
Is the requirement for a virus scanner, or a malware scanner? The two are not generally interchangeable -- virus scanners often do a poor job of detecting malware, and malware scanners in general don't look for viruses.
You'll get as many different recommendations for an antivirus as the number of experts who comment, and each of us has their own reasons.
I suggest AVG, if it still runs on Windows 2000. You might have to dig up an older installation kit and you'll probably have to disable upgrades (not database updates, but program upgrades).
Stay away from McAfee and Norton / Symantec. I have not yet seen a system with Norton installed that runs correctly and it is a devil to get out of a system once it is installed. Which reminds me ...
Make a full backup of the system before installing any antivirus. All antiviruses tamper with the system to some extent and it is impossible to get all the parts out after installation. If you find you don't like an antivirus, you can go back to the full backup and restore to clean system instead of piling the next antivirus on the previous antivirus remnants on the previous previous antivirus remnants, etc., which soon results in an unstable system.
I suggest AVG, if it still runs on Windows 2000. You might have to dig up an older installation kit and you'll probably have to disable upgrades (not database updates, but program upgrades).
Stay away from McAfee and Norton / Symantec. I have not yet seen a system with Norton installed that runs correctly and it is a devil to get out of a system once it is installed. Which reminds me ...
Make a full backup of the system before installing any antivirus. All antiviruses tamper with the system to some extent and it is impossible to get all the parts out after installation. If you find you don't like an antivirus, you can go back to the full backup and restore to clean system instead of piling the next antivirus on the previous antivirus remnants on the previous previous antivirus remnants, etc., which soon results in an unstable system.
Get that machine off the internet. Get it off the network. Put a firewall in front of it that ONLY allows the ports they need for whatever the application they need is. Get them to upgrade the software on that system.
To scan for malware. Stop the server attach its harddrives to another System or boot from a antivirus CD and scan from there. If an infection is found, try to find out when it happend, than rebuild the machine. CHANGE ALL Passwords that were used on that box since the infection started. If Domain Admin was used during that period you are really in trouble, you need to do an in depth, offline, scan of the entire set of machines that are belonging or accessing this AD domain. And even this cannot ensure there is no backdoor for the attackers left somewhere.
if the server has 1 disk drive, or uses mirror raid -you can hook the drive to a working system, and scan it from there
Can anyone recommend one that'll do the job?No AV will be able to protect it at the OS level. Can you virtualize as is?
These are all great comments and suggestions, the object is to virtualize the machine and get the application off the server. I'm using a Datto backup intending to obtain a virtualized environment, but the virtual machine is booting into a blue screen. Troubleshooting identified an infection.
Nobus, it's a RAID 5, Is there a way to scan that array offline?
Andreas, thanks for your input. I've done comprehensive malware detection on all computers on the network. Still, I'm being cautious. It's possible that I can take the server offline long enough to do an offline startup scan. And I'll attempt that in the next couple of days.
Lee W. Great point. Yes. Off the internet will be possible, but upgrading will not be. Everything is being done to preserve an application serving their oldest client data running on a SQL 2000 Database. Everything is being done to virtualize it to loose the server.
Dr. Klahn, there are full backups that can be leveraged. Thanks.
Nobus, it's a RAID 5, Is there a way to scan that array offline?
Andreas, thanks for your input. I've done comprehensive malware detection on all computers on the network. Still, I'm being cautious. It's possible that I can take the server offline long enough to do an offline startup scan. And I'll attempt that in the next couple of days.
Lee W. Great point. Yes. Off the internet will be possible, but upgrading will not be. Everything is being done to preserve an application serving their oldest client data running on a SQL 2000 Database. Everything is being done to virtualize it to loose the server.
Dr. Klahn, there are full backups that can be leveraged. Thanks.
Once you virtualize it, you should be doing everything you can to upgrade that system. Setup a test system and install newer versions of SQL and see if you can migrate the database. Try various versions of SQL (https://blogs.technet.microsoft.com/mdegre/2012/06/15/migration-sql-server-2000-to-sql-server-2012/) and of course TEST with the apps that use it. Subsequently, you can at least migrate to Server 2003. It's an improvement (if not also out of date and unsupported). But GENERALLY, SQL databases can be moved. ALWAYS test first using test environments and DON'T use snapshots for testing this!
Question: before I execute a boot time scan, will a modern boot time av (ive got an ISO of TrendMicro recovery disk to use) work booting this antiquated server?
Raid 5 can be scanned offline it its controlled via a hardware RAID controller. But in some cases the AV-Boot medium needs to support that very RAID controller board. But its worth a try in any case.
Eset supports server 2000 https://www.eset.com/sg/support/sysrescue/
best contact thenm for the raid compatibility though
best contact thenm for the raid compatibility though
Hi All
I have successfully used the pre-boot scan utility from ESet and then rebooted. I'm still troubleshooting to allow a Datto backup to allow successful local virtualization using guidance from Datto. I will now close the question. thanks to all for your valuable insight.
I have successfully used the pre-boot scan utility from ESet and then rebooted. I'm still troubleshooting to allow a Datto backup to allow successful local virtualization using guidance from Datto. I will now close the question. thanks to all for your valuable insight.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- Jose Ortega (https:#a42277808)
-- Dr. Klahn (https:#a42277896)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- Jose Ortega (https:#a42277808)
-- Dr. Klahn (https:#a42277896)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
Premium Content
You need an Expert Office subscription to comment.Start Free Trial