Windows XP unofficial support
Windows XP unofficial support
This thread is to post links to non-commercial sites offering free unofficial support for Windows XP, which is no longer supported by Microsoft. Sites hosting downloads of service packs, in particular SP3, updates from the last few years (since SP3 became available), special fixes, 3rd party firewalls, 3rd party anti-malware, 3rd party antivirus which still support Windows XP. Microsoft has given MSE (Microsoft Security Essentials) another 15 months of official support, provided that MSE was installed prior to April 8, 2014. MSE can no longer be fresh installed.
Re: Windows XP unofficial support
You can still get the MSE installer for XP from Filehippo.nubc wrote:This thread is to post links to non-commercial sites offering free unofficial support for Windows XP, which is no longer supported by Microsoft. Sites hosting downloads of service packs, in particular SP3, updates from the last few years (since SP3 became available), special fixes, 3rd party firewalls, 3rd party anti-malware, 3rd party antivirus which still support Windows XP. Microsoft has given MSE (Microsoft Security Essentials) another 15 months of official support, provided that MSE was installed prior to April 8, 2014. MSE can no longer be fresh installed.
http://www.filehippo.com/download_secur ... ntials_xp/
Download Security Essentials 4.4.304 XP Security Essentials 4.4.304 XP By Microsoft Corporation in Freeware
Best antivirus tool there is plus handy to help slipstream SP3 if needed
http://www.nliteos.com/
more manual info on slipstreaming.
http://www.vorck.com/windows/xpsp4.html
I do have a 2000 hotfix source but its companion XP one seems to have gone for now...any updates on that I will post.
mike
http://www.nliteos.com/
more manual info on slipstreaming.
http://www.vorck.com/windows/xpsp4.html
I do have a 2000 hotfix source but its companion XP one seems to have gone for now...any updates on that I will post.
mike
Check out Windows Updates Downloader.
http://www.windowsupdatesdownloader.com/
http://www.windowsupdatesdownloader.com/
WUD allows you to download all of the current Windows Updates using a simple interface. All of the updates are contained in Update Lists (ULs) which allows you to choose which updates you want for which version of Windows. Once WUD has complete it's downloads, you simply integrate them into your Windows source using one of the many popular tools such as nLite.
That's why I generally use Avast......Dewbie wrote:A closer look at MSE...
Tutorial: What you should do to keep using Windows XP after April 2014, posted by PuppyLinuxWorld
https://www.youtube.com/watch?v=kr7ajYZD8CA
https://www.youtube.com/watch?v=kr7ajYZD8CA
Playing with one of my nlited XP installs on an old P3 and Chrome just popped up a warning that it will stop being supported on anything older than a P4.
https://support.google.com/chrome/answer/95411
Chrome system requirements
https://support.google.com/chrome/answer/95411
Chrome system requirements
Should still be supported on older hardware under Linux.Google Chrome is available for Windows, Mac, and Linux. For optimal performance, we recommend the following system requirements:
Windows requirements............. Linux requirements Windows XP Service Pack 2+
Windows Vista
Windows 7
Windows 8 ............................... Ubuntu 12.04+
Debian 7++
OpenSuSE 12.2++
Fedora Linux 17
Processor Intel Pentium 4 or later.................... Intel Intel Pentium 3 / Athlon 64 or later
Free disk space 100 MB
RAM 128 MB
- Attachments
-
- Chrome.JPG
- (63.21 KiB) Downloaded 249 times
I recently spotted this microsoft security freebie ...
"Enhanced Mitigation Experience Toolkit (EMET)" ... http://technet.microsoft.com/en-us/security/jj653751
[ billed as compatible with "Windows XP Service Pack 3" ]
It's an exercise in "Attack Surface Reduction".
"Enhanced Mitigation Experience Toolkit (EMET)" ... http://technet.microsoft.com/en-us/security/jj653751
[ billed as compatible with "Windows XP Service Pack 3" ]
It's an exercise in "Attack Surface Reduction".
-
Dewbie
Barkin wrote:
Requires .NET 4 framework.I recently spotted this microsoft security freebie ...
"Enhanced Mitigation Experience Toolkit (EMET)" http://technet.microsoft.com/en-us/security/jj653751
Last edited by Dewbie on Tue 29 Apr 2014, 04:29, edited 1 time in total.
Speaking personally, I'm unconcerned by the official end of support for XP.
I have Win2K Pro, XP, and Win7 here (and Win 2003 Server, but that box is almost never turned on.)
2K Pro is on an ancient notebook that also has Puppy and Ubuntu installed. 2K actually runs more or less acceptably on it. XP doesn't, which is why I installed 2K. I installed 2K Pro and all extant patches, then turned off the Windows Update service, because it wouldn't be getting any (and saved 10MB RAM doing so.) I don't have MS Office on that machine.
XP Pro is on a desktop, and XP Home is on a netbook. Both have MS Office 2007 and the various .NET frameworks, so Update stays enabled because those are still likely to get patches, even if XP itself won't.
Win7 is on the SOs laptop, has Update on and continues to get patches She gets bemused over the number of updates she gets. I just say "You're running Windows. What do you expect? At least you're getting security patches." "Well, yeah, but geez!"
I'm contrary about stuff like this. What's notable on XP here is what I don't do. I don't run IE, period. I don't run A/V. I don't run "active" anti-malware.
Exploits are infections. Infections have vectors by which they enter the host body. Ward the vector, and block the infection. A/V and anti-malware tools assume you will be infected and attempt to deal with it when it occurs. I find it simpler not to get infected in the first place.
The primary vector for viruses is malicious email attachments. I use Gmail as my primary email account, and it polls the others, so all my mail appears in my Gmail inbox. While Gmail will let me download mail via POP, I don't. I have no need for a local copy of 99.9% of the mail I get, and prefer the web interface. Gmail also implements viewers for all common attachment types, so I can view them without actually opening them on my system. And Gmail has the best spam filters I've seen. Perhaps one new spam email every two weeks actually reaches my Inbox, and most of the stuff that might carry a nasty payload will get flagged as spam. My mail and any attachments all reside on Google's servers, and never reaches my machine.
I stopped running A/V when the version of Symantec Corporate I had been running reached end-of-life and was no longer updated. It was under a site license and I no longer worked for that employer. I needed to either upgrade on my dime to a newer version, replace it with another product, or drop A/V. The only things Symantec had "caught" since running it were false positives, like a few ancient DOS programs I still had and used that it decided were infected after a signature update. I chose to stop running A/V. I haven't missed it. I warded the vector.
The primary vector for malware is the browser. Most exploits target security holes in Windows and IE, as well as vulnerabilities in Flash. I don't run IE, and haven't for over 15 years. I use Firefox as my production browser, with the NoScript extension that blocks scripting unless the site visited is in a user maintained whitelist. It defaults to blocking JavaScript, but can block Flash, Java, and Silverlight as well.
I have Malware Bytes malware scanner, and run it occasionally. It never finds anything. I warded the vector.
I'm behind a firewall in my router at home, have Windows Firewall enabled, and still run the last freeware version of the old Sygate Personal Firewall (that Symantec bought and killed off) because it doesn't conflict with anything. I use it for outgoing control. And I spent some time locking down my home network so even if someone got into my router, they couldn't get to anything in my network.
I'm fussy about where I go on the Internet, and what I do when I'm there. I download programs only from known good sites, and most of what I get is free and open source.
And most important, I simply don't use IE.
Another thing Windows users can look at is permissions. Windows through XP makes the assumption that the user at the keyboard is also the administrator with full powers to alter the system. Windows Vista/7/8 changed that as a security measure, and by default, the user is not administrator and must take extra steps to get admin rights if those are required. (I think MS should have done that when they released 2K, with the NTFS filesystem that supported that permissions model.)
Most exploits require administrator privileges to work, and bounce off if the user isn't running as Administrator. You can do that in XP by creating a user without Administrator rights. In XP Home, it's a Limited user. In XP Pro, there is a Power User profile. These users are allowed to run installed software, but may may not add or remove apps, or may other changes that affect the system. At a previous employer, users all got Power User profiles and a machine with a standard image including the standard applications. If they needed something non-standard, they submitted a request, and someone like me with Domain Admin rights installed it for them.
I know people who deliberately run as a restricted user in normal circumstances, and log out and back on as Administrator when they need to add/remove programs or do other things that affect the underlying system, precisely as a defense against exploits that need admin rights. As it happens, I don't, but I'm the only one that uses my machines. If they were shared use, I'd set up restricted IDs for other users and password protect the Administrator account.
What I do works for me. I don't recommend it on machines that have more than one user, and I don't recommend it if you do things like get stuff from Usenet binary groups, which are another vector by which viruses are distributed.
But meanwhile, I don't care that XP will no longer get security updates. I haven't been bitten by anything serious since I've been running Windows, and I don't expect that to change because I know how to avoid being bitten.
(And I don't really recommend MS's EMET package. It runs under XP SP3 or greater, but it requires the .NET 4 framework, and it's really intended as a corporate solution to be deployed over many desktops. It takes knowledge and configuration, and you risk breaking existing software because it relies on things EMET won't let it do to function. There are easier ways to protect yourself.)
______
Dennis
I have Win2K Pro, XP, and Win7 here (and Win 2003 Server, but that box is almost never turned on.)
2K Pro is on an ancient notebook that also has Puppy and Ubuntu installed. 2K actually runs more or less acceptably on it. XP doesn't, which is why I installed 2K. I installed 2K Pro and all extant patches, then turned off the Windows Update service, because it wouldn't be getting any (and saved 10MB RAM doing so.) I don't have MS Office on that machine.
XP Pro is on a desktop, and XP Home is on a netbook. Both have MS Office 2007 and the various .NET frameworks, so Update stays enabled because those are still likely to get patches, even if XP itself won't.
Win7 is on the SOs laptop, has Update on and continues to get patches She gets bemused over the number of updates she gets. I just say "You're running Windows. What do you expect? At least you're getting security patches." "Well, yeah, but geez!"
I'm contrary about stuff like this. What's notable on XP here is what I don't do. I don't run IE, period. I don't run A/V. I don't run "active" anti-malware.
Exploits are infections. Infections have vectors by which they enter the host body. Ward the vector, and block the infection. A/V and anti-malware tools assume you will be infected and attempt to deal with it when it occurs. I find it simpler not to get infected in the first place.
The primary vector for viruses is malicious email attachments. I use Gmail as my primary email account, and it polls the others, so all my mail appears in my Gmail inbox. While Gmail will let me download mail via POP, I don't. I have no need for a local copy of 99.9% of the mail I get, and prefer the web interface. Gmail also implements viewers for all common attachment types, so I can view them without actually opening them on my system. And Gmail has the best spam filters I've seen. Perhaps one new spam email every two weeks actually reaches my Inbox, and most of the stuff that might carry a nasty payload will get flagged as spam. My mail and any attachments all reside on Google's servers, and never reaches my machine.
I stopped running A/V when the version of Symantec Corporate I had been running reached end-of-life and was no longer updated. It was under a site license and I no longer worked for that employer. I needed to either upgrade on my dime to a newer version, replace it with another product, or drop A/V. The only things Symantec had "caught" since running it were false positives, like a few ancient DOS programs I still had and used that it decided were infected after a signature update. I chose to stop running A/V. I haven't missed it. I warded the vector.
The primary vector for malware is the browser. Most exploits target security holes in Windows and IE, as well as vulnerabilities in Flash. I don't run IE, and haven't for over 15 years. I use Firefox as my production browser, with the NoScript extension that blocks scripting unless the site visited is in a user maintained whitelist. It defaults to blocking JavaScript, but can block Flash, Java, and Silverlight as well.
I have Malware Bytes malware scanner, and run it occasionally. It never finds anything. I warded the vector.
I'm behind a firewall in my router at home, have Windows Firewall enabled, and still run the last freeware version of the old Sygate Personal Firewall (that Symantec bought and killed off) because it doesn't conflict with anything. I use it for outgoing control. And I spent some time locking down my home network so even if someone got into my router, they couldn't get to anything in my network.
I'm fussy about where I go on the Internet, and what I do when I'm there. I download programs only from known good sites, and most of what I get is free and open source.
And most important, I simply don't use IE.
Another thing Windows users can look at is permissions. Windows through XP makes the assumption that the user at the keyboard is also the administrator with full powers to alter the system. Windows Vista/7/8 changed that as a security measure, and by default, the user is not administrator and must take extra steps to get admin rights if those are required. (I think MS should have done that when they released 2K, with the NTFS filesystem that supported that permissions model.)
Most exploits require administrator privileges to work, and bounce off if the user isn't running as Administrator. You can do that in XP by creating a user without Administrator rights. In XP Home, it's a Limited user. In XP Pro, there is a Power User profile. These users are allowed to run installed software, but may may not add or remove apps, or may other changes that affect the system. At a previous employer, users all got Power User profiles and a machine with a standard image including the standard applications. If they needed something non-standard, they submitted a request, and someone like me with Domain Admin rights installed it for them.
I know people who deliberately run as a restricted user in normal circumstances, and log out and back on as Administrator when they need to add/remove programs or do other things that affect the underlying system, precisely as a defense against exploits that need admin rights. As it happens, I don't, but I'm the only one that uses my machines. If they were shared use, I'd set up restricted IDs for other users and password protect the Administrator account.
What I do works for me. I don't recommend it on machines that have more than one user, and I don't recommend it if you do things like get stuff from Usenet binary groups, which are another vector by which viruses are distributed.
But meanwhile, I don't care that XP will no longer get security updates. I haven't been bitten by anything serious since I've been running Windows, and I don't expect that to change because I know how to avoid being bitten.
(And I don't really recommend MS's EMET package. It runs under XP SP3 or greater, but it requires the .NET 4 framework, and it's really intended as a corporate solution to be deployed over many desktops. It takes knowledge and configuration, and you risk breaking existing software because it relies on things EMET won't let it do to function. There are easier ways to protect yourself.)
______
Dennis
Well dennis thats a much longer version of my approach...and its worked for 10 years to keep out viruses and keep a system that works smoothly.
Glad I am not the only one after all
I do use methods to remove IE and outlook etc but to be honest thats more for peace of mind and avoid someone accidentally using the virus gateways. Adds to stability I find too but thats was more with 98 than NT.
It also removes the mechanisms that viruses use if they happened to get in ...yes did that a couple of times using gnutella
but they did no damage as IE was gone....the gateways work both ways.
Also note sticking a web address into windows explorer will start up the browser in xp and 2000... my full removal avoids that. though win7 is ok in that respect.
Interesting...this deintegration came to court in 1999...its effect and so on was well known about, yet 15 years later its still there...does not seem like microsoft are REALLY concerned about security and are just using it as a marketing tool.
mike
Glad I am not the only one after all
I do use methods to remove IE and outlook etc but to be honest thats more for peace of mind and avoid someone accidentally using the virus gateways. Adds to stability I find too but thats was more with 98 than NT.
It also removes the mechanisms that viruses use if they happened to get in ...yes did that a couple of times using gnutella
but they did no damage as IE was gone....the gateways work both ways.Also note sticking a web address into windows explorer will start up the browser in xp and 2000... my full removal avoids that. though win7 is ok in that respect.
Interesting...this deintegration came to court in 1999...its effect and so on was well known about, yet 15 years later its still there...does not seem like microsoft are REALLY concerned about security and are just using it as a marketing tool.
mike
Note that there appears to be a very simple mitigation for the IE Zero Day exploit, that works for XP and everything else.
The exploit requires Active-X, Shockwave Flash and JavaScript, to trigger a subtle flaw in the deprecated VML interpreter library. the simple fix is to use regserver to unregister the DLL that provides the library.
See the blog post from Spinrite author Steve Gibson of Gibson Research:
http://steve.grc.com/
______
Dennis
The exploit requires Active-X, Shockwave Flash and JavaScript, to trigger a subtle flaw in the deprecated VML interpreter library. the simple fix is to use regserver to unregister the DLL that provides the library.
See the blog post from Spinrite author Steve Gibson of Gibson Research:
http://steve.grc.com/
______
Dennis
Since my practices fly in the face of commonly accepted wisdom, I go on a bit to explain why I do what I do.mikeb wrote:Well dennis thats a much longer version of my approach...and its worked for 10 years to keep out viruses and keep a system that works smoothly.
Glad I am not the only one after all
But no, you aren't the only one.
I don't bother removing IE or Outlook. Outlook is easily uninstalled. IE requires major surgery, and totally removing it breaks other things. While it can be done, you need to understand the implications.I do use methods to remove IE and outlook etc but to be honest thats more for peace of mind and avoid someone accidentally using the virus gateways. Adds to stability I find too but thats was more with 98 than NT
98 got progressively more unstable the longer it was used, and that to some extent was inherent in the nature of the product. Towards the end, I was rebooting four and five times a day, and I know how to maintain a clean system. I was delighted to move to 2K as soon as that became feasible. 2K just ran, and I rebooted only if a software install required it or I needed to fiddle with hardware. Other than that, it was up 24/7.
XP was a reasonable upgrade to 2K, especially after service packs were applied. Vista I avoided like he plague. Win7 is on the SO's laptop and is usable once you get used the the changes. I have no plans to go to Win8.
I don't use things like Gnutella, reasons why.It also removes the mechanisms that viruses use if they happened to get in ...yes did that a couple of times using gnutella
Since I'm the only user of my machines, I don't care. I'm not in a position where someone else might go someplace they shouldn't on my machine and infect it.but they did no damage as IE was gone....the gateways work both ways.
Also note sticking a web address into windows explorer will start up the browser in xp and 2000... my full removal avoids that. though win7 is ok in that respect.
If your machine(s) are used by others besides you, the simple solution is to implement restricted IDs and don't let other uses run as Administrator.
Microsoft is quite concerned about security, but you have to remember who their customers are. As far as MS is concerned, you and I aren't the customer. The customers are the people who pay them directly for Windows and Office: the OEMs who sell desktops, laptops, and Notebooks with Windows and/or Office pre-installed, and the corporate users who pay for site licenses and support.Interesting...this deintegration came to court in 1999...its effect and so on was well known about, yet 15 years later its still there...does not seem like microsoft are REALLY concerned about security and are just using it as a marketing tool.
Those folks are certainly concerned about security, and let MS know they are.
The problem for MS is legacy code. Most exploits are buffer overflow problems, and much of MS's code was originally written in more innocent days when it simply didn't occur to the developers writing the code that someone might deliberately try to overflow a buffer with bad intent.
MS has a focus these days on writing secure code, and pushes out regular patches. I just think they should have realized the extent of the issue and started focusing on security about five years earlier than they did.
In the meantime, I don't worry too hard about things like the most recent Zero Day exploit. They are increasingly convoluted, requiring complicated sets of conditions. The first question I ask is "Is there a vulnerability?". The second is "How likely am I to be bitten by it?"
The usual answers are "Yes there is." and "Not likely at all, because I don't do the sorts of things that can trigger it."
______
Dennis
ah unregistering activex controls ..brings back memories.
Actually removing IE with the free tool from 98lite did help stability...could run for hours after that without a reboot..I went the whole hog and used the windows 95 explorer. XPlite and Nlite do a pretty good extraction job.... the mshtml engine can be left in for convenience... the only things I find that breaks can be replace with 3rd party tools or easy workarounds.
Well MS added all these wonder gadgets via activex and the integration to tantalise corporate customers not to mention the self defeating zone system. After all playing a melody from within a text document is essential for productivity.... unfortunately what was cosy on a corporate lan was an absolute disaster when connected to the internet.
And yes they did take YEARS to address the problems created...thats negligent. Business customers ARE their only pressure... I noticed Outlook no longer uses the mshtml engine but express still does it seems.
Win7 and other 'secure' systems... yes the human factor seems to be mainly left... downloading and running malware by choice.
I have not done any peer to peer stuff for years and never did like torrents...thats just asking for trouble. The suggested approach is running as a user when dealing with less than careful users.
mike
Actually removing IE with the free tool from 98lite did help stability...could run for hours after that without a reboot..I went the whole hog and used the windows 95 explorer. XPlite and Nlite do a pretty good extraction job.... the mshtml engine can be left in for convenience... the only things I find that breaks can be replace with 3rd party tools or easy workarounds.
Well MS added all these wonder gadgets via activex and the integration to tantalise corporate customers not to mention the self defeating zone system. After all playing a melody from within a text document is essential for productivity.... unfortunately what was cosy on a corporate lan was an absolute disaster when connected to the internet.
And yes they did take YEARS to address the problems created...thats negligent. Business customers ARE their only pressure... I noticed Outlook no longer uses the mshtml engine but express still does it seems.
Win7 and other 'secure' systems... yes the human factor seems to be mainly left... downloading and running malware by choice.
I have not done any peer to peer stuff for years and never did like torrents...thats just asking for trouble. The suggested approach is running as a user when dealing with less than careful users.
mike
MSFN.org - good resource for all things Windows
http://www.msfn.org/
http://www.msfn.org/
Serious Internet Explorer Flaw Affects XP, Goes Unpatched
Serious Internet Explorer Flaw Affects XP, Goes Unpatched
http://news.yahoo.com/serious-internet- ... 54956.html
http://news.yahoo.com/serious-internet- ... 54956.html
Internet Explorer 8 allegedly has a serious security flaw that would allow an attacker to remotely take control of a user's computer. And since Windows XP users can't upgrade to a more modern version of the popular browser and won't be receiving any more official security updates, it's XP users who are most at risk.
What's more, Microsoft allegedly knew about this flaw back in October, and did nothing, according to Zero Day Initiative, an HP-sponsored program that rewards security experts for finding software flaws. Since that time, Microsoft has stopped issuing security updates for Windows XP and all programs for that operating system, effectively leaving XP users stuck with a flaw it allegedly had time to fix.
Internet Explorer IS a security flaw that allows attackers to take over a users computer.... something I thought was common knowledge in the linux world but that was a flawed assumption so I keep saying it here
Sure I read somewhere this was actually added as an update for XP in spite of their 'cut off' but don't quote me. but really going anywhere near that browser is a security risk whatever you are running by design (or lack of it). I like that in windows 7 IE can be semi-removed now... ok not the full shee bang but relatively effective.
mike
Sure I read somewhere this was actually added as an update for XP in spite of their 'cut off' but don't quote me. but really going anywhere near that browser is a security risk whatever you are running by design (or lack of it). I like that in windows 7 IE can be semi-removed now... ok not the full shee bang but relatively effective.
mike