Leaderboard

After Symantec bought Peter Norton's brand (late 1990), they've never lived up to his quality standards... I regret to disagree, but Norton Antivirus is a powerful resource hog and a very good generator of crappy false-positives, nothing more.

What Eve Wang (MSFT CSG) wrote, is (blatantly) incorrect AND the article she linked to contains NO detail whatsoever about the possibility to redistribute a PE (let alone differentiating between commercial and non-commercial purposes). In the same thread Tripredacus replied, stating correctly the situation: in simpler words, a PE has NEVER been redistributable, but it was available for a few years in a "special" redistribution agreement (for a fee) intended to allow selected Commercial software firms to redistribute it as part of their install/recovery/whatever software. Since several years this special redistribution agreement program is over. Provided that the MS' EULA is an actually enforceable and legally valid document (which is something I personally doubt, BTW) it is the document that regulates the license of the software, and the EULA explicitly states how ONLY the "samples" in the ADK are redistributable. But I will make anyway an example of how I personally read the reply by Eve Wang (MSFT CSG) : Q: Do elephants fly? A; Yes, but only on wednesdays, if there is a full moon, and here is a nice poem about elephants: https://www.poemhunter.com/poems/elephant/page-2/36807454/ jaclaz

As all of you Vista users surely know, IE9 is the last version of the MS supplied browser that can be installed on that OS. It has several prerequisites, notably KB948465 (SP2 for Vista SP1), KB971512 (Windows Graphics, Imaging, and XPS Library) and KB2117917 (Platform update supplement for Windows Vista); you can read more here. MS had continued patching security vulnerabilities in IE9 on Vista SP2 via "Cumulative Security Updates for Internet Explorer 9 on Windows Vista SP2" up until Vista's EOL on April 11th of this year (update KB4014661). MS will continue patching IE9 on Windows Server 2008 SP2 (as, again, it's the last version installable there, too) until that product reaches its (Extended Support) EOL in 2020. If you have been following our Server 2008 Updates on Windows Vista thread, then you should have already installed follow-ups KB4018271 (May 2017), KB4021558 (June 2017) and KB4025252 (July 2017). For the rest of this post I'll assume your Vista SP2 OS (ergo IE9 copy) is fully updated even with post EOL updates intended for WS2008SP2; e.g. on my setup (Vista SP2 Home Premium 32bit), "About Internet Explorer" looks like: For those of you out there with an intention to using IE9 as your main browser on Vista, sadly, you'd have come to the conclusion it's only half-usable currently, at best; this is a result of: 1. Most modern sites have removed support for IE9 completely, via UA string sniffing: Somes sites (like Youtube) offer a workaround, for others it may be necessary to spoof the actual UA string as one from a later OS+IE version (e.g. via the "Set UA String" IE addon). 2. Many sites have moved to recent web design, so they don't render correctly (if at all) in IE9, even in "Compatibility View" (well, actually, this is to be expected; CV means the site was optimised for IE8-); FWIW, even MS pages don't display correctly now in IE9 . 3. A third scenario I find quite irritating is that many sites fail to load at all in IE9 if they use the HTTPS protocol; with the recent move of many major sites to the more secure, encrypted, HTTPS, "allegedly" to increase user privacy and security, I found the list of "secure" sites not opening in IE9 growing at a high rate; of course there's always Firefox, but it's IE9 we're discussing here... Upon investigation, I discovered this is due to IE9 on Vista only supporting TLS protocol v1.0; this is considered by today's standards no longer secure enough, so many sites using HTTPS have moved to the more secure versions 1.1, 1.2, even to 1.3! Fortunately, a recent MS update (intended for the WS2008SP2 OS) can be applied on Vista SP2 that will implement TLS 1.1/1.2 support on Vista's IE9, too! ; I have spoken about this important update here. 1. Install then KB4019276 2. Reboot the Vista machine 3. After restart, launch the Registry Editor (regedit), preferably as Administrator. 4. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1 5. Delete the "OSVersion"="3.6.1.0.0" subkey; BTW, I don't know which WinOS that string refers to (Win6.1=Win7) 6. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2 7. Again, delete the "OSVersion"="3.6.1.0.0" subkey. Exit Registry Editor. 8. Launch IE9; Tools -> Internet Options -> Advanced tab -> Scroll all the way down to "Security": Prior to KB4019276 and registry manipulations, only "Use TLS 1.0" had been available on Vista; you should have already unchecked the older "Use SSL 2.0/3.0" options, to avoid being targeted by "POODLE" attacks; uncheck "Use TLS 1.0" (optionally also "Use TLS 1.1") and check "Use TLS 1.2". 9. Click Apply, OK, then exit IE9. 10. Upon restarting IE9, you'll find you can now visit all those sites that previously would not load due to unsupported TLS protocols: 10. You can verify further that indeed 1.2 is being used during server-client negotiations via specialised sites or via IE9's native GUI: I honestly hope you'll find my post to be of value; enjoy your more secure (than ever before?) Vista OS!

I have not used W2kRP before, cause of its installer bug( It created huge comdlg32.dll and crashed it LOL). :3 At first I will check its advantage functions. # it seems not to be patched browseui.dll. Perhaps Extendede kernel v30 blocks it

I regret not being an active participant in this thread before now. I regard my friend VistaLover as the leading browser authority among what remains of the Vista community, but he and I may have to fight over who is the biggest security geek running Vista these days. Of course when it comes to support from security software vendors, Vista and XP are on the same sinking ship. But if you think about it, what else would you expect? Avast itself is free; they have to make money somehow... This comes as no surprise to me. Well before the company was acquired by Avast, AVG's privacy policy aroused controversy - but at least AVG was honest about the matter. In a similar vein, Mozilla and Moonchild seem convinced that there is something fishy about the legacy versions of NoScript and uBlock Origin that graciously continued to support us for so long. Am I the only one who has been blocked from installing one of those and directed to learn more at Add-on signing in Firefox? (Alternative extensions do exist, but are probably not as good.) Despite the above, I am currently using Avast 18.8 on Vista. Avast is the largest third-party antivirus vendor, meaning their telemetry regarding current threats is second only to Microsoft's. Perhaps more importantly for those like me who would prefer not to pay for protection, Avast is the only vendor that has regularly submitted their free version for testing by the independent labs, and its protection scores are always only slightly below the world's best paid antivirus products. One might be tempted to assume e.g. that Kaspersky Free is almost as effective as Kaspersky's superb paid products, but I don't recall seeing any independent tests that would actually confirm that. (If anyone has, a link would be appreciated.) Oh, and Avast's nagging to upgrade seems to be confined to its UI these days. In years gone by, system tray "nagifications" were one thing that led me to embrace Microsoft Security Essentials. Speaking of "the world's best": Windows 10 is obviously OT here, but security geeks might be interested to know that Microsoft's Windows Defender Is Now One of the Best Antivirus Apps in the World. Nevertheless, perhaps the worst idea I've seen in this thread is to keep 6-year-old Security Essentials 4.4 installed even though definition updates are no longer compatible. (I tested MSE 4.4 on Vista in July, but found that its real-time protection could no longer consistently prevent downloading of the EICAR test file from AMTSO. The MSE uninstaller worked perfectly on Vista - but of course I uninstalled MSE before installing Avast.) Comodo deserves consideration because they still support XP and Vista. (I did test an early 12.x version of CIS on Vista earlier this year.) I am still bitter toward Panda Free because of an incident that occurred more than 4 years ago - but then again, reinstalling Vista was probably a good idea by that time anyway. Malwarebytes rose to prominence by virtue of being the world's best PUP removal tool. I keep Malwarebytes Free 2.2.1 (the final 2.x version) installed for on-demand scanning, but I never upgraded to 3.x because of mediocre reviews and features I did not want, e.g. ransomware protection that does not support Vista or XP. (Granted, Avast Free doesn't have ransomware protection either.) As pointed out earlier in this thread, Malwarebytes Premium 3.5.1 could serve as your only real-time protection. Unfortunately, the above-referenced independent test showing that Windows Defender is great and Avast Free is quite good also shows that Malwarebytes Premium is not particularly good - and it isn't even free. (I also won't be purchasing Webroot for Vista - but they no longer support XP so you guys are safe.) Those who are willing to pay for a good antivirus should consider Norton (if you can still obtain the maintenance mode version) or Kaspersky (if you trust the Russians and are undeterred by the lack of official support for your OS). Not exactly an antivirus, but I wonder if anyone here is using Sandboxie 5.22 (the last version to support XP)? I just recently installed it on Vista (see this post). Somewhat surprisingly, it appears to play nicely with Avast Free. (However I took the following precautions: (1) disabled Avast shields during installation of Sandboxie, (2) created an exclusion for Sandboxie's program files folder, and (3) clicked OK when presented with the Sandboxie pop-up shown in my screenshot.) I am writing this post using a venerable Firefox 52.9.0 browser that is both sandboxed and protected by Avast - a virtually unsinkable battleship?

Got some time to update the repository and also organize it: Replaced Monthly Rollup with the new KB4512476 (located on the root directory of the repository) Added Security Only Update, KB4517301 (located in the folder "/Security Only (Post August 2018)") Replaced Internet Explorer Cumulative Update with KB4511872 (located in the folder "/Security Only (Post August 2018)") NEW Added instructions on how to install .NET Framework 4.7.2 on the "/Extras" folder NEW Added a Reg file to enable TLS 1.1 and 1.2 after installing KB4019276 located on the "/Extras" folder NEW Reorganized the old 2017-2018 individual security updates so they're easier to manage, removing every superseded update and putting them all in one folder. Check them out for yourself! https://mega.nz/#F!txxRyLzC!1vBMGzMHiL864f3bl1Rj1w This was a slow month for updates (makes my job a lot easier). Hope the repository has been helping everyone

@bphlpt Good , and do you believe that a Windows 10 PE [1] is actually redistributable? I mean, all these years spent with Bart's PEBuilder and Winbuilder, were them totally wasted? Now would you tend to trust more Eve Wang (MSFT CSG)[2] or - say - Tripredacus?: https://social.technet.microsoft.com/Forums/Lync/en-US/050e7a61-4ca6-42eb-865d-7eaddff90ddb/is-windows-pe-for-windows-10-redistributable?forum=winserversetup Of course the moment the EULA for the ADK (or a separate one for PE) will have something to the effect of "You are free to re-distribute any of the binaries included" or a REDIST.TXT with a full list of the files, things will change, right now the relevant part is: https://forum.acronis.com/sites/default/files/comment_attachments/2016/11/397321-134896.pdf jaclaz [1] or - for that matters - *any* Microsoft binary not expressely released as redistributable [2] you will find many similar questions on social.msdn.microsoft.com invariably replied to with non-answers or answers by clueless people (RCSAKIT PHART), I pointed you to one answered by someone we can trust

Banned per user request (not to mention Rules # 2.a, 7.a and 7.b, of course).

The older version of Malwarebytes (v2) is for malware only. That's why I use Avast Free Antivirus and MBAM v2.2.1.1043.

@mo832 A sensible solution because of MSE does not exist! That's why I would not kill my OS. I've been working for a very long time with Avast Free Antivirus (only certain modules installed) and MBAM. Small note: Would never come up with the idea to install another virus solution at the same time in an existing virus solution, that can quickly go wrong, especially in the worst case to assume the two virus solutions fight each other.

Of course, but why carry on using an obsolete security program when there are other free security programs available which are still compatible and still receiving definition updates?

forget about MSE since you can't update it so it's useless, what's the point for keeping it??

Yes; M$ sort of added insult to injury. They weren't satisfied with just disabling future updates, thus rendering MSE useless; they also gave us a non-working uninstaller so we couldn't even get rid of the $#@$^ thing! Oh; forgot to mention that even after disabling the anti-malware service and killing the msseces.exe process, I still had to use Unlocker to completely delete the directories. I guess you wouldn't want it to be too easy for malware to do a rogue uninstall, so maybe this makes sense - but that's all the more reason the official uninstaller should work! Oh, well; at first blush I'm quite impressed with Avast. It did falsely trigger on ProxHTTPSProxyMII, but that's understandable; that is a MITM after all! I'm glad I'm one of the lucky ones Avast seems to run OK on. Probably should've ditched MSE for it years ago.

Nope ; the correct official avast forum topic with links to both off-line/on-line installers is: https://forum.avast.com/index.php?topic=220639.0