Thomas S.

Attention! BUG!! There is a bug in the modules of python, which are used for the build of HTTPSProxy, that allow weak and unsafe ciphers. You can test it yourself by open the site https://www.howsmyssl.com/ in IE8, it reports "BAD" because of this weak ciphers. I have released today a update (under the same link, see one post before) for HTTPSProxy, which solve the problem. You can install the update, but it is not really tested (but works, the bad ciphers are locked as is was before the bug. I will test the update today and will give an info about in the late evening (DE time). The new release is OK. I have also updated the help and changelog files, all RootCA files are up to date. New version: The python module / library versions are variables, read out and displayed at runtime. Old version with bug:

What I meant was that I (we?) don't know what's going on. And we don't know if @heinoganda is online or not / on holiday / alive... If he has analysed the sst files (and I think he has) it's easy for him to give a short info as "new files but no change for XP" or so. Of course, it's only his decision... Technical discussion / my opinion: For me it doesn't matter, what are the changes in the files, because it is a simple update without any mystery. You can run each CAupdater (regardless which one) as planned task automatically in a given interval (built in function / with TaskScheduler). In any case, this is the best way to miss any updates. If you run the updater you get new files, install them and and the task is done. There are only small differences in the CAupdaters: the way of download (f.e. any or only newer files), interaction with the users (f.e. confirmation before or after download), writing in registry or not, logging the result...

O no! Otherwise we don't know what's going on. New MS files without analysis - who except you can tell what's going on...

Today my CAupdater run his weekly update-check and found three new MS CAstore files. I don't check the changes, it install all fine.

Hi all, I have created a little suite of HTTPSProxy with a Launcher, that has multiple options and is full portable. The reason was that I was not happy about several standalone solutions to manage the HTTPS connections in WinXP, so I edited an old project (SysTrayIcon) and adapted it to HTTPSProxy. Also HTTPSProxy is as new as possible with little enhancements, see the documentation (changelog.txt) Installation see Installation-Update_EN.txt or Installation-Update_DE.txt, it is very easy (only copy and run...) You can read a detailed LauncherHelp_EN.txt (also in DE) attached, there are all options explained. The programs, certs and tools are up to date! Download link pasword (full copy & paste do not work, type the last number!): rzeYaSFFo8cqVv2 If you have trouble with install or usage please send me a PN. I will help as soon as possible! Information: it is a known issue / limitation, that some AV software detect the suite / some exe files as malicious, but it is not truth. The HTTPSProxy exe is build with Python / pyInstaller and the Launcher exe with Autohotkey. It seems that the "compilers" use code that is similar to some malicious software. Sorry, I can only say: if you don't trust this suite, don't install it... I can't solve this problem. CU TS New version of HTTPSProxy without bug (for information about the fixed bug see the next post). The python module / library versions are variables, read out and displayed at runtime.

Same situation, but solved with "Start button - Shut down" In this dialog is shown that a update is pending. Then the button "Shut down" install the update properly. No manually install needed...

Hello all, as announced I have released a new CAupdater - and here is how it works. Download via CAupdater, password is wU8moSRS1S9vfYc Installation is easy, only extract the 7z file (and see under "/docs"). The benefit is the enhanced error handling. CAupdater will install only NEW MS CAstore (sst) files (always together with files not updated but still actual), regardless if incorrect OLDER files offered on MS servers. CAupdater use the update procedure as offered from MS regardless the version previous installed via WU / MU. Only WGET is used additionally to download the MS CAstore (sst) files, there are no other third party tools for the update of the CAstore. CAupdater himself only manage and launch the update. You can find the full AutoHotkey (AHK) code with comments of CAupdater.exe in the subdirectory "docs", see the file CaUpdater.ahk.txt. This are the steps CAupdater make. Every step, even every single MS CAstore (sst) file install, has a error routine and give a feedback about any error. 1. WGET looks for newer MS CAstore (sst) files on MS server and download them local only if they are newer as local stored. 2. Then compare the actual local stored MS CAstore (sst) file dates with the last installation (the file dates of the previous update are stored in the CAupdate INI file). 3. Then ask for confirmation to update the local client CAstore if one ore more local stored MS CAstore (sst) files are new. 4. If "YES" install ALL local stored MS CAstore (sst) files (ALL - this is the same as the MS CAstore update do). If "NO" CAupdater do nothing - and finish. The five commands to install the MS CAstore (sst) files are: updroots.exe authroots.sst updroots.exe -d delroots.sst updroots.exe -l roots.sst updroots.exe updroots.sst updroots.exe -l -u disallowedcert.sst 5. At last show the status (or errors if some), safe new installed MS CAstore (sst) file dates in CAupdater INI file and finish. If errors occure, only the date and status of the update try is stored in the INI file, so you can look for the problem and try again. With this steps only NEW MS CAstore (sst) files will be installed (always together with files not updated but still actual), regardless if incorrect OLDER files offered on MS servers. When you run CAupdater the first time there are no file dates in CAupdater INI file present. So ALL MS CAstore (sst) files marked as NEW in the confirmation dialog. This is also a way to install all MS CAstore (sst) files again - simply delete all the file date entries under section [CAupdaterLog] in CAupdater INI file and start CAupdater again. If you want to run CAupdater without any confirmation dialog you can set the entry "NoConfirmation=1" in CAupdater INI file. Then only Errors will be shown. With set to 2 only a small information dialog is shown on the end and close after five seconds. For special situations you can use two batch files stored in the subdirectory "UpdRoots". This will install the local stored MS CAstore (sst) files the same way as WU / MU do and set also all registry settings needed. The two batch run only this commands: #RootsUpdate.bat Rundll32.exe advpack.dll,LaunchINFSection rootsupd.inf,DefaultInstall #RevokedRootsUpdate.bat Rundll32.exe advpack.dll,LaunchINFSection rvkroots.inf,DefaultInstall The INF files are modified as shown by heinoganda in the first post of this thread

Actual I am working on a little AutoHotkey script that will be able to download new MS CertStore SST files an install them right. The procedere: 1. look only for newer files on MS server and download them only if they are newer. 2. compare the actual stored file dates with the last installation (file dates are stored in a INI file). 3. ask for confirmation 4. install all SST files 5. show the status (errors if some), safe dates in INI file and finish. So only new files wiill be installed, regardless files on MS servers. In a few days I will be ready... Dialogs of first debug tests:

I have had trouble with kb4458318, offered again and again. The installer run through and don't want a new start - but after a few seconds the yellow shield come up again and offered the update again! Workaround was: after new start i have run the yellow installer twice - then shut down via START - SHUT DOWN - there come up the info "install 1 update...." before shut down the pc. After new start the offer was gone. Sometimes the mechanism to install the update in the background don't work with the rights neccessary (and / or the right way). Hiding a update is only a way when you know absolutely that it is not right for your system or it has problems. Another workaround is to install it by hand with admin account.

Why do you think I think this? Never. I use HTTPSProxy (my own version, but doesn't matter ) My remark should show that there is no definitive security. You can do whatever you want, there is always a way to get your data when you go into the internet (via a browser) - and catch malware. And if you can go to internet and do banking with a browser the door is open - nothing helps, no firewall or router. The only question is how difficult the way is for the malware, but there is a way... Conclusion: do not think you are safe, regardless OS and patches!

But HTTPSProxy opens a door for MITM attacks, because the traffic is not encrypted on port localhost:xxxxx between front and rear server. If it is possible, use a better SW that can do banking without any browser, and connect direct with the banking server. I only use HBCI with a secur ID card and a card reader with an build in display and keypad for the pin. Until today there is NO WAY to hack this banking transactions... I use HTTPSProxy only for enabling XP and Outlook (Office) 2010 loading pictures and other stuff from TLS1.1/1.2 servers with higher cipher suites. Also not so secure, but with a backup dosn't matter...

The right way of installing a new version of Java in WinXP 32 by hand is finally to correct all strings in the registry. Here is my example to switch from 171 to 181 (take a look at the right subversion, here it is 181-b13). This are all entries of Java 181-b13 (only for reference, not all to edit): Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment] "CurrentVersion"="1.8" [HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.8] "RuntimeLib"="C:\\Programme\\Java\\bin\\client\\jvm.dll" "JavaHome"="C:\\Programme\\Java" "MicroVersion"="0" delete old key [-HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.8.0_171] write new key [HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.8.0_181] "JavaHome"="C:\\Programme\\Java" "MicroVersion"="0" "RuntimeLib"="C:\\Programme\\Java\\bin\\client\\jvm.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.8.0_181\MSI] "INSTALLDIR"="C:\\Programme\\Java\\" "JU"="" "OEMUPDATE"="" "FROMVERSION"="NA" "FROMVERSIONFULL"="" "PRODUCTVERSION"="8.0.1810.13" "EULA"="" "JAVAUPDATE"="1" "AUTOUPDATECHECK"="1" "AUTOUPDATEDELAY"="" "FullVersion"="1.8.0_181-b13" [HKEY_LOCAL_MACHINE\SOFTWARE\JreMetrics] "SP4Cnt"=dword:00000001 "MachineCount"=dword:00000001 "JreVersion"="1.8.0_181-b13" "UpdateCount"=dword:00000021 "SP14Cnt"=dword:00000001 "SP12Cnt"=dword:00000003 "RegDeployStatus"="0" "SP60Cnt"=dword:00000001 string for Software information [HKEY_CLASSES_ROOT\Installer\Products\4EA42A62D9304AC4784BF2238110150F] "ProductName"="Java 8 Update 181-b13" "PackageCode"="07BB7C762394CC74D9068D561DF173F8" "Language"=dword:00000409 "Version"=dword:080005e6 "Transforms"=hex(2):3a,00,31,00,30,00,33,00,31,00,00,00 "Assignment"=dword:00000001 "AdvertiseFlags"=dword:00000184 "ProductIcon"="C:\\Programme\\Java\\\\bin\\javaws.exe" "InstanceType"=dword:00000000 "AuthorizedLUAApp"=dword:00000000 "DeploymentFlags"=dword:00000003 "Clients"=hex(7):3a,00,00,00,00,00 [HKEY_CLASSES_ROOT\Installer\Products\4EA42A62D9304AC4784BF2238110150F\SourceList] "PackageName"="jre1.8.0_181.msi" "LastUsedSource"=hex(2):6e,00,3b,00,31,00,3b,00,43,00,3a,00,5c,00,44,00,6f,00,\ 6b,00,75,00,6d,00,65,00,6e,00,74,00,65,00,20,00,75,00,6e,00,64,00,20,00,45,\ 00,69,00,6e,00,73,00,74,00,65,00,6c,00,6c,00,75,00,6e,00,67,00,65,00,6e,00,\ 5c,00,54,00,68,00,6f,00,6d,00,61,00,73,00,5c,00,41,00,6e,00,77,00,65,00,6e,\ 00,64,00,75,00,6e,00,67,00,73,00,64,00,61,00,74,00,65,00,6e,00,5c,00,4f,00,\ 72,00,61,00,63,00,6c,00,65,00,5c,00,4a,00,61,00,76,00,61,00,5c,00,6a,00,72,\ 00,65,00,31,00,2e,00,38,00,2e,00,30,00,5f,00,31,00,35,00,31,00,5c,00,00,00 This all I have in a single reg file. If there is a new version I edit this file, change all old values of version to the new values and load the file in the registry. Do not copy this file to your system! Better export the keys of your registry in your own reg file and edit the version values.

I have system backups for a year back Never need system restore, don't work at all situations. Backup is the only way to be a bit safer, regardless what happens with your system... ATI is great, I use it too.

Another info: If there will be a earlier fix it is recommended that the latest faulty update will be reinstalled (if is was uninstalled or not installed) before the fix will be installed, because the fix do not have all new updated files.

Yes. It works. (Not looking at all the certs, of course). But do you think it is a good way? May be it dosn't matter and is safe, but for me the direct origin way is the best and recommended for such sensitive stuff. And think about the users that don't understand the way it is working...

@heinoganda I'm scripting a new launcher for httpsproxy with some automated functions. One is that at a certain interval (1-x days) cacert.pem is downloaded every time the launcher is started. Also possible would be an automated update of the certificates of Win XP. But this would require a version of CertUpdater, which goes through without confirmation. And (better, but no requirement) returns the success by ERRORLEVEL). Would such a tool be possible? It should not be too complicated, but automatically wouldn't be bad. BTW I use wget from https://eternallybored.org/misc/wget/ to get cacert.pem from curl.

It is AlfBanco V6 There was a latest update to V6.4.6 - but I don't find it online. May be it is available online via auto update. I use the "Profi" variant, you can set this at program start. Don't look to deep - make no sense.

Microsoft: Office 2011 can no longer be enabled for the Mac Is this the future also for XP / older Office suites for Windows? Microsoft: Office 2011 can no longer be enabled for the Mac (in DEU)

Thank you very much for this advice (sorry for my tone)! Please note that I remain factual as long as the matter is factual. Some users ignore the most important hints (e.g. Java), blindly install everything that exists - without needing it - and then wonder about new bugs or security problems. In such cases, I basically change the tone and I become very clear sometimes! But I am human and made mistakes myself, so let us end this dispute - make no sense...

To HELP - right word! Because it is not relevant to this problem!?! Didn't you say that yourself??? And what is the 'right' link? Which version and language?!!? I don't know, must look for it like everyone else here and do not have the motivation to do THIS work for others. Be glad I ever gave a clue to the newer version! Are these enough reasons? No? More relevant: I give the right hint to solve the problem. For me this is enough help. I don't need more questions about 'not working' admin tools from people not knowing what they are doing and for what this tools are... To use the admin snap ins / tools you need a training. And this is not possible here!! Otherwise you have created more problems than help. I was more than 20 years admin and user advisor - I know where I have to be quiet...

I report an error with the latest MS update of .NET Framework 2 (ndp20sp2-kb4338615 xxx). An Application from 2015 will not run if this update is installed. I must uninstall the update. The reason (error displayed by the app) was a ActiveX that couldn't registered at runtime...

The link was not given to solve the discussed problem. It is only a example how to use Inet... If you don't know what it is - let it be. It's the second advice, but most ignored. So many problems without a reason - sorry, but... Info: there is a newer version of this adminpack (WindowsServer2003-KB340178-SP2) from ~ 2007. So be careful with this very old stuff...

Sometimes I am wondering about other people. They are in Inet, but don't know how to use it... So here is the only most useful advice to use Inet: Mark the content You search for / need info about - copy - paste to GOOOOOOOOOOOOOOOOOOOOOOOOOGLE - and search. In this case the FIRST (1. / 2. / ... !!) result is what you need... Ready to surf link here [deleted]

Nice to hear!

Hm, never seen this error message. Look here, may be it is the solution: https://support.microsoft.com/en-us/help/2328240/event-id-4107-or-event-id-11-is-logged-in-the-application-log-in-windo