Sunday, December 31, 2006

Making Windows Defender work with Windows 2000

Back when Microsoft's answer to malware was known as Microsoft AntiSpyware (formerly GIANT AntiSpyware) and it was in Beta status, it was quite compatible with Windows 2000 operating systems.

This was a great boon to the corporate/enterprise environments as it carried a certain clout with the Microsoft title behind it. It was pretty rugged and did a decent job of cleaning and protecting malware from workplace systems.

We installed it on many of the systems in our corporate environment--particularly on those where we had to make "repeat" visits due to user behavior. It was a great compliment to our anti-virus software.

Alas...as is often the risk when one comes to lean on Beta software, when Microsoft finalized it's release as Windows Defender, support for Windows 2000 was dropped and only Windows XP and Windows Server 2003 was offered.

This was quite the bummer for many faithful users as it worked quite well on Windows 2000 systems in its previous incarnation.

So what's a poor sysadmin to do?

Well...turns out if you are willing to do some work...you can hack it and get it to install quite nicely on a Windows 2000 system!

How To (with credits to DosFreak):

  1. Download Orca (Microsoft's MSI editor) and install it.
  2. Download Windows Defender.
  3. Use Orca to open the Windows Defender msi setup file.
  4. Find the "Launch Condition" item.
  5. Find the "VersionNT > 500" value and cut it out.
  6. Save the modified file.
  7. Run the installer.

As before, you must have the GDI+ file from Microsoft installed on your Windows 2000 system for Windows Defender to work.

More basic information on Orca from Macrovision on how to modify MSI packages.

KB255905 - More detailed information on Orca from Microsoft on how to edit Windows Installer files.

The Orca tool is a really neat utility for understanding and exploring MSI packages. Even if you don't need to do the Windows Defender to Windows 2000 compatibility "fix" noted above...it may end up being a tool you'll be glad to have in the future.

Ahh...you ask...Might running a "hacked" anti-malware application on a non-supported operating system cause potential Bad Things (tm) to happen. Well...Yep! But then again, if you are fighting malware on a system, it might be the next best thing before doing a system reinstall anyway!

Nor could I advise an enterprise-wide deployment of such a modified tool; but it might be good for targeted Windows 2000 systems.

You've been warned.

--Claus

No comments: