Leaderboard

Media keep rumouring about how unsafe XP is, but I'm keeping an eye on media news, and no rumour about massive and/or sophisticated attacks targeting XP are present. Most attacks targeting "home users" are still starting with phishing or compromised website. First you can fight against simply being careful and learning some best practices, plus using e-mail vendor who filters spam well second you can fight back using updated browser and maybe trying some isolation. Most attacks on home users are still ransomware or fake payments. First you defend yourself by making regular backup, second by using 2FA and being invulnerable for phishing. No big security hole was found since WannaCry/eternal Blue, so if you have POSReady2009 updates, you shall be secure enough. So, from home users perspective, sane XP user is still more secure of dumb clicker using whatever up-to-date system. If you really want to be aware of your outadted systems, you should start with your router, Android devices and iOT, which often contains simples tsecurity flaws "by design" and never get updated. Really, hat makes me wonder is why people whinning about outdated XP systems don't rush against Android devices being constantly far behind what google updates on daily basis, not even mention totally loosing support after few months

Well, just for completeness, I've just added it to @mixit's 1st post in the Primetime thread, so as to keep things as together as possible.

The situation with Serpent 55 and 52 resembles the situation with SeaMonkey and BNav. Of each pair, the former browsers are generally better, but are no longer actively maintained by their original creators. With Serpent 55 (and a few other browsers in the same situation, such as FF 45 ESR), @roytam1 does what he can, importing fixes from ArcticFox and other sources to keep them as up-to-date as practical. But there are no weekly updates coming from "upstream;" that's why updates to these browsers occur irregularly. I too happen to prefer Serpent 55; for me the main difference is slightly better support of WebExtension-style add-ons, particularly the Multi-Account Containers add-on. I don't mind getting less frequent updates in exchange.

maybe a "one-shot" build can be done, if I can finish migrating my main workstation to new rig and I got some more free time, likely in october. (but please don't hold your breath for it)

Exactly! Just to confuse things further, Google have done some re-versioning to their WV CDM and what were to be versions "1.4.10.xxxx" are now versions "4.10.xxxx.xx", 10 being the interface currently supported. Interface 9 CDMs were revoked, as announced, on Aug 13th 2019 (14th, if - like me - you're in Europe) and thus official Basilisk/Serpent 52.9.0, with internal support for only WV CDM v1.4.9.1088, was broken by Google Widevine license servers (they won't serve decryption keys any longer to revoked versions of the CDM); unlike e.g. NPAPI Adobe Flash Player, you can't just upgrade the CDM and expect things to continue to work, especially when only newer "interfaces" of the CDM are current; the "guts" of the browser have also to be updated accordingly, to support the newer Widevine CDMs. EME and WidevineCDM support in UXP (in practice, in Basilisk only) is being tracked in https://github.com/MoonchildProductions/UXP/issues/962 Their "media" (and Linux) dev, @trav90, appears to be having some serious issues in real life, which keep him still away from contributing code in the project; despite Moonchild's plans, he had to release Basilisk 52.9.2019.09.03 without fixing its broken Widevine implementation; for Netflix and Adobe Prime, Basilisk/Serpent users will have to use SSUAOs to fake older Firefox versions and then install/use the Silverlight NPAPI plugin (more in the official forums); of course, other DRM services without a Silverlight fallback provision will be simply BROKEN! Before Aug 13th, @roytam1's Serpent 52.9.0 (with WV v1.4.9.1088) and 360 Extreme Explorer (with WV v4.10.1196.0 manually installed) were, AFAICT, the only two working implementations of Widevine under the Vista SP2 OS; both these two WV versions have been now deprecated/revoked/blacklisted, the one current and whitelisted by WV lic servers is v4.10.1440.19; most sadly, the corresponding widevinecdm.dll file has been compiled by Google with optimizations targeting the Win7+ kernel only, so it won't work under Vista (this is easily verifiable via dependency walker in Vista); since the WV source code is a tightly kept secret, no-one can recompile it and make it again Vista compatible; so, WidevineCDM is henceforth a DEAD technology under Vista

Yes, BNav is a very lightweight browser, even lighter than NM 28; but it's based on the same UXP platform so it will continue to benefit from MCP's and @roytam1's attention. At this very moment, I like SM better, but version 2.49 is at EOL; according to the SeaMonkey Project web site, there will be no 2.49.6. (Unless of course @roytam1 picks it up ). And newer versions won't run on XP. Well, don't feel too bad; @mixit didn't mention that pref in the Primetime thread either. (Probably because, in FF and Serpent, it's there and set to true by default.) BTW; I've been meaning to ask about Widevine. It seems to take considerable work to support a new Widevine version every time Google puts one out. I've heard that MCP is working on making Basilisk work with 1.4.10 but it's been a few months and I've heard nothing. Any news? (Of course, 1.4.9 and up won't run on XP anyway, but I also have Win 7....)

... Please accept my most sincere apologies, both of you In my dirty SM profile, the AP CDM does indeed show up in both about:plugins and about:addons/Plugins; prompted by your reports, I then created a new, clean, SM profile and applied my instructions from here to install the CDM; lo and behold, I, too, couldn't see the CDM installed in either about:plugins nor about:addons/Plugins, though, as you both confirmed, the CDM does appear to be working as intended in "silent" mode! After comparisons between the prefs.js file on the dirty profile and the same file on the new profile, I did manage to find the culprit: My original instructions are missing one additional about:config pref: media.gmp-provider.enabled;true (boolean) I had added that pref in my dirty SM profile many months ago, in an attempt to install and use the WidevineCDM on SM under Vista SP2 (NPAPI Widevine on XP doesn't install/show up/work); SM, like the upstream Fx ESR 52.9.1, only supports version 1.4.8.903, which is now severely outdated and blacklisted by Google Widevine license servers ); this is the reason the mentioned pref was pre-existing (and overlooked ) when I started my Adobe Primetime CDM experiments in SM! The original instructions will be soon edited to remedy this omission... Sorry again!

Let's let sleeping dogs lie, please!

The CSS fix posted by @mixit is indeed needed in FirefoxESR 52.9.1 and Serpent 55.0.0/Moebius, but not needed in the UXP browsers (NM28, Serpent 52.9.0, Bnavigator) and latest SeaMonkey 2.49.5, because this issue is fixed in the respective platforms - don't forget that in NM28 and St52 browsers (at least), SSUAOs are needed for instagram.com (with a Firefox version < 57.0).

Part of why I come to MSFN is to be aware of any discovered security vulnerabilities that might affect Windows XP/XP64 and what to do about them. Also, I get great advice on general security practices hanging out here. Through @Sampei.Nihira I learned about NoVirusThanks' OSArmor and I've been using it ever since on all my machines. I also like running Spybot Search and Destroy primarily for its Immunization tool for browsers, and the ability to route a lot of known malware sites to 0.0.0.0 via the HOSTS file, just in case I ever stumble into a trap. (I haven't yet, but I'd rather have that layer of security just in case.) As far as browsing habits go, I make sure every browser with add-on capabilities has some sort of proactive script-blocking system, such as NoScript for the Firefox-based ones, and uBlock Origin for the Chrome-based ones. I double that up with AdBlockPlus, though mainly I use that to get rid of a lot of the cruft that makes browsing YouTube such an annoyance. (This used to work much more effectively, but YouTube has been redesigned a few times since then.) I think the FUD campaign Microsoft (and tech journalists) conducted as April 2014 approached are largely responsible for the general mentality people have regarding XP. I had made my thoughts known about it back then, but both journos and Microsoft themselves really, really wanted people to believe that the moment Windows XP stopped receiving updates, anyone who didn't upgrade would find their computers a playground for zombie botnets, malware, and all sorts of nastiness. Also, from the gaming side of things, Microsoft already laid the ground for that by denying XP any newer DirectX versions with the release of Vista in 2006. Games slowly stopped providing DirectX 9 support years before, and more and more people started looking down their nose at gamers with XP machines. (Now the process is repeating with Windows 7, as I knew it would. Bleh.) More of a side note than anything, but for almost ten years now I've wanted to try making a router/firewall dedicated PC. I even planned to use the hardware my daily driver desktop, Palouser, had been using until earlier this year when I upgraded her, but her previous setup appears to have a motherboard failure that won't make the parts suitable for 24/7 usage anymore. Haven't really had the need to do so anyway, in recent years I've been renting rooms (apartments are too expensive where I currently work!) and so router management's out of my hands. Still, this is probably a good reminder that when I do eventually move somewhere and I'll have to be responsible for my own network, I should probably give the "Router/firewall in a PC" project a try. I imagine a PC running PFSense or something would be much easier to keep up to date and upgrade/mantain than a commercial router.

https://msfn.org/board/topic/177125-my-build-of-new-moon-temp-name-aka-pale-moon-fork-targetting-xp/?do=findComment&comment=1170340 @VistaLover (above URL) did SOLVE the SM 2.49.5 Browser situation for INSTAGRAM Video (embedded) playback. Okay, SUCCESS here on using your ('VL') instructions for INSTAGRAM Video (embedded) playback with SeaMonkey 2.49.5 Browser under WinXP OS. But ODDLY here, the 'Adobe Primetime CDM' does NOT LIST under (ADD-ONs) the PLUGINS listing. However, INSTAGRAM Video playback seems FINE now for me, so PLEASED on this. THANKS to work out this solution. --- As added feedback (below) --- (1) Should make CLEAR that these are 'about:config' (address bar) entry changes. (2) media.eme.enabled;true (boolean) Did 'instant' create with 'FALSE' value (here). So, I changed it to 'TRUE' value (via TOGGLE). (3) media.gmp.decoder.enabled;true (boolean) Did 'instant' create with 'TRUE' value (here). So, no change needed. (4) Sourced from @mixit ; who provided earlier solutions to this INSTAGRAM Video (embedded) playback situation. 'MIXIT' said "Adobe has removed the (PRIMETIME CDM) package from download, but @sdfox7 has kindly archived a copy (along with a backup link)" --> (a) http://sdfox7.com/xp/sp3/EOL/primetime_gmp_win_x86_gmc_40673.zip (b) https://web.archive.org/web/20170718145441/http://sdfox7.com/xp/sp3/EOL/primetime_gmp_win_x86_gmc_40673.zip --- As added feedback (above) --- The ('VL') instructions are COMPLETELY CLEAR overall. No problem here to make the changes. This seems NOT a difficult 'Tweak' to make it happen, in my view. What this means, is that the SM 2.49.5 Browser can now support INSTAGRAM Video (embedded) and also LANGUAGE PACKS too, under WinXP OS. I plan to stay with the RT BNAV Browser in any event. My OLD LAPTOP hardware and WinXP OS seems to LIKE the RT BNAV Browser (ENGLISH Language ONLY). And also, RT does MAINTAIN his Browsers at a HIGH QUALITY level. NOT so sure as to what will happen with SM 2.49.5 Browser over time (future) --> https://o.rths.cf/boc-uxp/ So, this is all GOOD NEWS as I see it. THANKS again to 'VL' for this TWEAK.

I think XP is still OK for day-to-day use, as long as you have a good AV and an up-to-date Web browser, such as one of @roytam1's builds. If you use browser plug-ins like Flash and/or Java, keep them up-to-date also: For AV recommendations you should check out this thread: ... especially the discussion toward the end of the thread, since XP MSE no longer receives usable updates. If you have Office 2010 installed on XP, make sure it's up to date too, or at least as up-to-date as possible without breaking XP compatibility: So, still plenty of updating to do, even without updates to the OS. One last thing: there was a recent kerfuffle over vulnerabilities in CTF. But you may not need CTF; if not, you can disable it:

What an insufferable craphead. What is his deal?