Mathwiz

It does install in (official) Basilisk, so I'm guessing probably Web Extension format. I'll try it in @roytam1's Serpent tomorrow; it'll probably work there as well. No documentation though; no idea how to set it up or use it.

Or this (ignore the references to Skype, and you can skip step 4 & 5 since you already installed KB4019276): BTW I recommend leaving TLS 1.0 enabled in step 11 for older Web sites that still need it; but it's your choice.

Well, try as I might, I can't get past 11.0.02. Every version newer than that one just locks up solid as soon as the Reader window opens. I'm sure it has something to do with the "Internet bar" they added in 11.0.03, because that's the one obvious change between .02 and .03. But I can't figure it out.

Just a quick explanation of SNI (Server Name Indication): It was added to (I think) TLS 1.2 to allow one server to host multiple secure web sites. The browser sends the server name in the TLS "ClientHello" message that initiates a secure connection, so the server knows which site's certificate to send back. I'm not actually sure if the recent TLS 1.1/1.2 updates for XP and IE8 included SNI support, but even if they didn't, it's supported by FF 52 ESR and its forks, including Pale Moon and Basilisk, all of which have XP-compatible versions. A recent criticism of SNI is that the server name is sent in plain text, which lets nosey ISPs see which web sites you're visiting. (With the demise of Net Neutrality in the US, your ISP could even block a specific web site or slow it down to uselessness.) So ESNI (Encrypted SNI) has been proposed to prevent this information leakage. ESNI is still very new, however, and it remains to be seen how widely it will eventually be adopted. At present, it's only available in nightly builds of the FireFox browser, which doesn't run on XP; and the Pale Moon team (so far) has no interest in it, so it won't be finding its way into @roytam1's XP-compatible versions of these browsers unless MC changes his mind. So, bottom line: at present XP does support TLS versions up through 1.3 and SNI (with third-party browsers) but does not support ESNI.

At this point it's premature to do anything more than preliminary research anyhow. The ESNI spec isn't even finalized yet. My hope is, if Mozilla adopts the changes, Google will follow; if that happens it'll be a lot tougher for MC to resist. But that's probably years down the road; by that time we'll be fighting to keep even Win 7 alive.

Yet another Office 2010 update: I don't even have Excel 2010 (only have PowerPoint Viewer) but I was offered the update anyway.

To enable TLS 1.2 in XP (for IE8, Chrome, Skype, and anything else that uses XP's native TLS support) follow the instructions here: For a tool to list all the updates you have, try NirSoft WinUpdatesList.

Strictly speaking, these are missing from IE8, not XP itself. If you use a modern Web browser (e.g., FF 52 ESR or one of its XP-compatible forks) instead of IE8, you'll have those features. ESNI, however, is unsupported (and will likely remain so, as discussed on the other thread).

Thank you for that excellent step-by-step guide. One note: there are still a few web servers around that don't yet support TLS 1.2. So in the last step (11), one may opt to leave TLS 1.0 checked (particularly if they use Chrome 49 or Advanced Chrome web browsers, which also use XP's Internet settings). That way their connection will use TLS 1.2 if it's available but fall back to TLS 1.0 if not. (No real reason to enable TLS 1.1 though; I've never seen a site that supports TLS 1.1 but not 1.2.) I wouldn't say TLS 1.0 is insecure by itself, but it does support several insecure cipher suites, so you may want to disable all cipher suites except AES (and perhaps 3DES; it's security was weakened by the "Sweet 32" attack, but as with TLS 1.2, there are still a few web sites that don't yet support AES, so you may need to leave it enabled for those). I've attached a .reg file to disable the old RC2 and RC4 cipher and MD5 hash algorithms: Disable insecure algorithms.reg

Personally, I'd like to see it, albeit as an "opt-in" option where I could select my own DNS servers rather than Mozilla or whoever selecting them for me. The idea is to try to get ESNI and DoH/DoT as common as HTTPS has become. But it's pretty clear from the two threads linked above that MC isn't interested. My only hope is that @roytam1 can merge the relevant commits directly from Mozilla's code.

Correct. There's a specific POSReady update to support AES, which robotbirds.co.uk supports as well. That should solve your cipher mismatch issue. There are other, more recent POSReady updates to support TLS 1.2, now required by several web sites. Can't remember the KB numbers but should be searchable at the POSReady thread. Note: some POSReady updates require an SSE2 processor. Not sure about these specific ones, but I don't think they do.

Of course, it could just be my aging ears too....

Well, it won't become less secure ... the risk, as always, is that someone will discover and exploit a vulnerability that was always there. So I'd keep an eye on security fixes for the nearest supported OS (probably Server 2008). Any vulnerabilities discovered in that are probably in XP also. Usually M$ gives an assessment of what it would take for an attacker to successfully exploit a new vulnerability. A lot of times it turns out to require physical access to the PC; most of us needn't worry about those (unless we're using XP machines at work!) If an over-the-network vulnerability is discovered, we could probably just block the affected port with Windows Firewall, unless it's something we really need.

Looks like it will be a while before browsers supporting encrypted SNI come to the XP platform: If it's not even in the release builds of FF yet, I doubt we'll see it ported to Basilisk/Pale Moon (and thence to @roytam1's Serpent/New Moon) anytime soon.

I can't even hear the processor fan on my desktop PC. I can see it spinning if I take the cover off, but it's very quiet. (OTOH, it's just a dual-core AMD processor, so it doesn't take much to get it to 100%.... If you have an I7, it might take a bit more fan than mine ) I can hear the PS fan, but its speed is constant.... As for why browsing uses so much CPU, take a look at the source code to a Facebook or YouTube web page some day It's not just a static page anymore either - they keep pumping in more Javascript as you scroll....

Sounds like you need a new fan You should be able to run at 100% CPU without hearing anything; a bearing may be fixing to go out. At some point the Pale Moon team will probably strip out the multiprocess code entirely, or else I'll stumble across an incompatible add-in that I just can't live without, and I'll be back to square one; but meanwhile, I'll enjoy it while I can.

New version doesn't work for me: MKVMerge seems to be looking for "XPVCRT.dll," whatever that is. Should I rename MSVCRT.dll? Edit: That seemed to fix it. One of my pet peeves: a product drops support for users of an older product like Win XP, but only because they didn't think it looked "cool" enough.

My memory needs aren't as demanding as yours, but for me the big advantage is, much smoother browsing in one tab when another tab is busy auto-refreshing. Apparently dealing with the keyboard/mouse and dealing with HTTP(S) are done in the two separate processes.

AIUI it's supposed to be similar to @Dibya's Extended XP. Unfortunately I think it's illegal: https://reactos.org/forum/viewtopic.php?t=16868 I suppose it would be legal for you to use on your own system if you own licensed copies of all those OSes, but don't post any links here. It would get MSFN in big trouble.

Yes it is. When I hear Quantum I think of a line of Duracell batteries. But Wikipedia lists: Businesses and products Quantum Corporation, a manufacturer of computer data storage products Quantum Sports Cars, a British-built low-volume car manufacturer Volkswagen Quantum Quantum, a line of Maksutov telescopes that were manufactured by Optical Techniques Incorporated (OTI) Quantum, line of small engines made by Briggs and Stratton Quantum-class cruise ship MS Quantum of the Seas Computing QUANTUM, a suite of attack software by the US National Security Agency (NSA) Quantum compression, a file compression format QGIS, an open source GIS program for map-drawing and related functions, formerly called Quantum GIS A time slice in computer pre-emptive multitasking Quantum computing, the study of hypothetical computers based on quantum-mechanical principles Quantum (statistical programming language), a programming language for statistical analysis developed by Quantime Quantum Corporation, a manufacturer of Hard Disk products from 1980 to 2001 Quantum project of Mozilla to improve its Firefox web browser engine I see they mentioned Firefox but not Duracell. At any rate, only one of the above uses, quantum computing, has anything to do with the scientific meaning of the word. Don't even get me started on Spectrum....

I hope not too; and it's probably not the case. (Just about every time I thought I might have malware on my PC, it turned out I didn't.) But if nothing else works, don't rule the possibility out.

Not long ago, someone (who I can't remember) was wanting some application (might have been @heinoganda's certificate updater, but I can't remember that for sure either) modded to run on XP SP1. Anyway, the question came up "why do you want to stay on SP1?" And I replied that AIUI SP2/3 don't support PAE. I was told that was wrong, but didn't really understand it until now. So SP2/3 do support PAE, but limit it to 4 GB (which mostly, but not entirely, defeats the purpose).

@dencorso, I was thinking the same thing. Maybe @Dave-H's PC has some kind of malware that's "securing" it from security software

Well, I just tried it in Basilisk 52. The about:config Boolean preference above doesn't exist by default in either the XP or official build; I had to add it . I didn't expect it to work, but it did! Task manager shows two Basilisk processes, just like the "old days." Guess all my add-ons are multiprocess-compatible. Even more surprising, it also worked on the latest official Basilisk/UXP build (2018.12.18) running on Win 7 Win 7 is where I could really use it; the XP version has always seemed responsive enough, even without multiprocess mode. So evidently the multiprocess code was never removed from either build; the default was just changed at some point.

I'd assume that closes the door on Basilisk 52 (UXP) at least. The e10s code may still be lurking within Basilisk 55 (Moebius) somewhere, I suppose.