Mathwiz

Personally, I think Wikipedia is over-reacting a bit. Certainly, 3DES isn't as secure as AES, but AFAIK cracking it still requires guessing about 108 random bits. (A 3DES key is 168 bits, but around 60 of those bits can be figured out without having to guess them.) AES requires guessing at least 128 bits, so cracking it is at least a million times harder, but even with today's more powerful hardware, 108 bits is plenty of security. Edit: Come to think of it, the problem with 3DES may not be the key size, but rather the fact that it only encrypts 64 bits at a time. With enough data, this could allow an attacker to exploit the "birthday paradox" to find accidental collisions (different 64-bit blocks that happen to encrypt to the same value), and work backwards to reduce the number of key bits that need to be guessed. With AES, 128 bits are encrypted at once, so the odds of such a collision leaking info about the key are extremely remote. So maybe Wikipedia is being prudent after all. In any case, there's probably not much point in using IE8 anyway, unless you're browsing sites that use IE-specific tech like ActiveX (I still run into a few of those on occasion). But if you're determined to do so, you can use ProxHTTPSProxy with IE8 to provide modern, more secure ciphers. With ProxHTTPSProxy, Wikipedia comes up fine in IE8 with no security warning. (He can correct me if I'm wrong, but I believe @Heinoganda has updated ProxHTTPSProxy with a newer OpenSSL version that closes even more security holes.) Edit 2: BTW, from their warning about security flaws, I can see that Wikipedia doesn't know about the POSReady hack for Windows XP

Those are nice, but how about explaining what each one actually does? That way we could choose the ones we want, or re-tweak them to better fit our own systems.

Under normal circumstances, the user-agent string is more or less fixed: it only changes when your browser gets updated. So it doesn't leak a lot of info to the Web pages you visit; basically just your browser and OS. So, to stay "under the radar" as much as possible, I'd say you want to choose a common user-agent string rather than a rare one. You want to look just like millions of other folks browsing the Web. Also, for maximum compatibility, you probably shouldn't misidentify your browser too much. Web sites use the user-agent string to figure out what Javascript code, e.g., to send to your browser. So given the above, I'd probably lie about my OS (e.g., say it's Windows 10 or at least 7 instead of XP). The only place that would likely matter is microsoft.com. But I'd mostly tell the truth about my browser, unless it's a rare one. I might tell Opera to pretend it's Chrome or Seamonkey to pretend it's Firefox, for instance; and probably report the latest version of those browsers, since most users would be running the latest version. The only pitfall would be if a Web site sent code intended for the latest version, that doesn't run correctly on the actual browser version I'm running. But even if I reported my correct browser version, I suspect most of those Web sites wouldn't send compatible code anyway - they'd probably just tell me to upgrade my browser!

I guess the only problem with that string is that it'd stick out like a sore thumb to Web sites that "fingerprint" their visitors (the better to track them). But hopefully it'll be pretty compatible. Let us know if you run into any problems with specific Web sites using it. One of the things I liked about Opera (at least Opera 12; I haven't tried this with the newer Chromium-based versions) is that you could set your user agent string on a site-by-site basis to report as Opera, Firefox, or IE, so you could work around sites that insist on IE or Firefox because they never heard of Opera. Come to think, I wouldn't be surprised if there's a Firefox or Chrome add-in that does something similar (although I haven't looked).

Hi! Yes, I saw your post about spoofing the user-agent string. A useful technique! But even if I bypass the stupid sites that blindly block browsers they consider too old, I still run into other problems if my browser really is too old.

I think the Web is the primary driver of planned obsolescence in today's computers. Try surfing with an old Web browser; say, Opera 12. You'll run into all sorts of major sites (e.g., Facebook) that just don't quite work right, even if they worked fine a year or two ago. So if you surf the Web, you need to use a reasonably up-to-date browser. Doesn't have to be absolutely the latest, but it can't be too old. And so, you need an OS that will run reasonably up-to-date browsers. Right now, in the Windows line, XP is about as far back as one can easily surf the Web with. Maybe 2000, with some difficulty; but 98 or ME will be really tough slogs. There just isn't a new enough browser that will run on those OSes. P.S. I like the classic theme too.

I did see that it was a QFE, so I guess it's not ready for general distribution yet. I'm still surprised they didn't sign it, though. I can't see why MS would own up to releasing an update that makes your network vulnerable! Hopefully they only mean it hasn't been fully tested yet, so they can't yet say with reasonable confidence that it won't make your network vulnerable. I agree - no need to rush to install this one. Presumably, once it's fully tested, it'll be rolled into the next cumulative IE8 update anyway.

Apparently available only from the MS Update catalog; not (yet) via AU, WU, or MU. (But come hell or high water, we get those time zone updates!) Also the downloaded file appears to be unsigned? Very unusual for MS....

Hmm... don't know then. It looks like you're running a 64-bit OS, but if it's the 32-bit version of Opera 12.18 (build 1872), it should still work. The only other difference I see is that I let the Flash installer install the latest versions, so my Flash ended up at C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll (yours would end up at C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll) instead of in C:\Program Files (x86)\Opera\program\plugins. The advantage is, it can be shared by Opera and Firefox. Can't imagine why installing it in the Opera folder might cause a crash though.

Isn't 26.0.0.133 beta? Try the released version, 26.0.0.131, and see if it works OK.

Yes, apparently the viewers use some of the same .dll's as the full Office 2010 install - I guess the same way the 2007 compatibility pack uses some of the same .dll's as the full Office 2007. So if they update any of those .dll's used by the viewer, I get the Office 2010 update through Micro$oft update - and it does make the scan go to 99% CPU. I have to let it run overnight.

No such luck for me - I have the PowerPoint Viewer installed, which is based on Office 2010. So I'm screwed for the duration

Wow, what is it with the updates this week? Regular Patch Tuesday updates, Firefox ESR 52.2, Office 2003, not one but two Flash updates, Shockwave for Director, Silverlight - I haven't had this many updates during a single week in years!

Yes, it downloads that relatively small file, which in turn is supposed to download the rest. That 2-stage download has always worked on XP before, but this month, it worked on my Win 7 system but not on my XP system. And I know I had plenty of space, because I had no problems downloading the offline (full) installers and running them. Don't know if anyone else had problems with the online Flash installers though. May have just been some kind of fluke on my system this month.

Bersaglio listed the updates just released yesterday. Most of the updates in Microsoft's tables have been available for some time. KB958644 & KB2347290 were made available back when XP was still supported. KB4012598 and KB4012583 were made available to POSReady '09 systems in March. KB4012598 was made available to "plain" XP after the WannaCry[pt] attack, and KB4012583 was just recently made available to plain XP users. KB4018466 & KB4019204 were made available to POSReady '09 in May. KB4022747, KB4025218, KB4024402 & KB4022343 were part of yesterday's updates. That leaves KB3197835, which is the only one I don't have. It's a new update this month, but I think it only applies if you're running Microsoft's IIS Web server.

I installed 11.00.20. It seems to work, but I've done no significant testing, "extensive" or otherwise.

I just wanted to remark that the "online" installers (that download if you go to https://get.adobe.com/flashplayer/) no longer seem to work on my XP system. I get bogus errors about my C: drive being full. The "offline" installers Bersaglio gives above work just fine, however.

To the best of my knowledge, all you need to do is: Install MSI 4.5 (KB942288) Add the registry key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady] "Installed"=dword:00000001 And that's it! You should then get PosReady '09 updates. Be aware that if you have any M$ Office products installed, the update scan process will be extremely slow and will take up most of your CPU.

V2 of the fix is working fine for me. But then, I'm not sure the original KB4018556 was causing problems. I did have some trouble shutting down and starting back up once or twice after installing it, but after that it seemed to work OK. My understanding is, EsteemAudit requires access to the RDP port (TCP port 3389) of your system, so if that's blocked by your router or firewall you're probably OK even if you haven't disabled Smart Card authentication. The other way EsteemAudit could be used is if one system in your network became infected some other way, then used EsteemAudit to spread to the XP systems in your network. But that's probably not much risk to home or small office users. Edit: Also, if niko32 is right (and he probably is) you'd have to do some extra work just to enable the vulnerability on a non-domain-connected machine. So you probably don't need to do anything, although it wouldn't hurt to disable Smart Cards anyway. Businesses running XP or (real) POSReady '09 domain-connected systems are probably the ones most vulnerable. Edit 2: We may be the ten or so XP users who know how to keep their systems updated.

Good! Downloaded & installed. Now if M$ would just fix the EsteemAudit vulnerability (since it affects XP and Server 2003, it's a good bet it affects POSReady '09 too)....

I don't know if it helps, but here's what M$ has to say about KB982316 (along with download links for XP, Server 2003, Vista, and Server 2008): https://support.microsoft.com/en-us/help/982316/an-update-is-available-for-the-windows-telephony-application-programming-interface-tapi That probably explains why it isn't being pushed via Windows Update: it doesn't patch a specific, known vulnerability; instead it adds some extra protection to an uncommonly used Windows feature: On 32-bit XP, the only file replaced is tapicust.dll. I've read through the linked page, and AFAICS this isn't related to any of the recently-exposed NSA exploits. I don't think it hurts anything to install it, but don't expect it to do a lot to protect your PC from malware. I have no clue why they re-released it now, especially with no changes. It might have been re-released by accident, and that sounds to me like as good a guess as any.

Not so fast. That's an old patch from 2010. M$ just re-released it; that's all. Also, it doesn't appear related to the RDP vulnerability ostensibly closed by the 3rd-party patch. M$ has updated the MSRT, though: https://www.askwoody.com/2017/the-new-xp-patch-kb-982316-is-a-dud-but-the-new-msrt-is-for-real/

Hmm.... I was willing to take a chance, but the web page for the download wouldn't work with Firefox 52.1.2, or IE 8. Had to use IE 11 on a Win 7 machine just to get the Web page to work. I guess if you really are running XP or 2003 you're screwed (unless the page works with Chrome 49). Then they ask for first & last name, COMPANY name, JOB TITLE, BUSINESS email, phone number, country, and (if you select US) state. Seems it's not available to individual XP users! Yet the Terms & Conditions state you get a "personal" license to use the patch. Still trying to decide whether to take the plunge on this one.

Go ahead. I don't know of any reason not to update Windows Installer to v4.5.

So, how do you check your version of the Malware Protection Engine? Here's how: Open MSE Near the upper-right corner of the window, click the down-arrow to the right of "Help." A menu will drop down Click "About" in the menu In the About dialog, the "Engine version" should be 1.1.13704.0 (or later)