NotHereToPlayGames
Content Type
Profiles
Forums
Events
Everything posted by NotHereToPlayGames
-
I sure as Hades hope that my system is *NOT* updating them on its own! If I find that it IS, I will put a stop to that immediately! I do not like anything on this computer performing "updates" of any kind, certainly not "automatically and behind my back without me knowing it". My slipstreamed-XP is dated 2018 (I provided the link several posts up). I do not "revoke" certificates so every certificate that existed in 2018 should still be in my "store". I really can't express it any plainer - the "green padlock" system is FLAWED and is nothing more than a false sense of security. I spend zero time on my end trying to make sure that a flawed system is updated. I don't really know how to check my "store" either - but can't really claim to "care to" either. But, for the sake of this "obsession" that MSFN members are having all of a sudden, if anybody needs me to see if I have a specific cert in my "store", give me details on how to find it and I will gladly hunt it down. Otherwise, to the very best of my knowledge, my cert "store" hasn't changed since 2018. I think that 360Chrome has its own "store" in addition to those from 2018 that are part of XP. But like I have stated, several times, it doesn't really concern me. I am VERY thankful that my NoScript, uMatrix, and Stylus are all doing their jobs. Signature lines are axed by Stylus so signature lines aren't "breaking" that green padlock for me - nice to know, but doesn't really concern me.
-
Well, since you asked -- I DON'T ! I install my slipstreamed-through-2018 XP and I'm on my merry way. If those slipstreamed hotfixes update certs, so be it, doesn't concern me. I have my web browser settings set to NOT "check for revocation" - if the OS does external to the browser, so be it, doesn't concern me. "Not for everyone", but I personally don't give a rat's a$s if my web browser shows a green padlock or not! And to all that "disagree", do not "lecture" me on this course of action - this is my computer, not yours, and I have my own methods of knowing what web site is "secure" or not. As I have pointed out before, and linked articles to, even fake and identity-stealing web sites know how to get that "green padlock" to show up on their "secure" web site! It honeslty ASTOUNDS ME on the number of people that are "chasing their tail" over whether a green padlock is being shown in this browser versus that browser, this OS versus that OS. But since it is pretty much the "only" topic (I'm exaggerating - "slightly") of late here at MSFN and that I enjoy the people and content here at MSFN, here I am caught up in all of this hoopla. If I create the atmosphere where I "habitually" look for a green padlock, then I've created a FALSE sense of "security" that is NO LONGER savvy enough to detect fake and identity-stealing web sites that know how to get that "green padlock"!
-
Maybe not in "that" post, but I thought that I did previously discuss that I have never manually installed any certificate that didn't come directly from Microsoft by way of a "KB" hotfix. And since I don't use the POS hack, then that also means I don't have any certificate updates that were never pushed via Windows Update to "real" XP. I'm not familiar with @legacyfan's (?) "cert pack" but it's not my practice to install stuff like that. There might come a day where I will "have" to have something like that, but that day hasn't arrived yet.
-
Nope. I prefer to "slipstream" all of my updates. That way I am fully updated after a 30min install as opposed to spending 30min to install than 4hrs to update.
-
Does SP4 and post-SP4 have anything specifically labeled as related to "certificate updates"? Can you pull those out or unstall just that portion of SP4 and post-SP4? Which makes you feel most "secure" -- a green padlock in your web browser or having POS updates? I work with roughly 120 robots at work that all run XP Embedded. They all have POS updates because Microsoft Updates rolls/rolled those out to XP Embedded without any registry hacks that would have flagged not only local IT, but the IT departments on three different CONTINENTS and would have resulted in a Termination Notice. But NONE of those robots have INTERNET access. Intranet, yes... but no internet access!
-
Update -- as I dig deeper, POS updates are listed in the IE8 Addon starting with 1.5.31. So it turns out that my XP x86 XP3 does have a very small handful of POS updates.
-
Not sure how this progresses the conversation any, but ALL of those sites listed above show as "secure" for me in v13 360Chrome build 2206, Mypal 27.9.4, NM27, NM28, Basilisk, and BNavigator. And show as "secure" on my XP x86 SP3 and my XP x64 SP2. So something in your "SP4" or your "post-SP4" broke something. I have neither of those installed on my XP x86 SP3. My XP x86 XP3 is built from this -- XPSP3_QFE_UpdatePack for Windows XP Post-SP3 20180109 ... and this -- [Addon] Internet Explorer 8 for 32-bit XP 1.5.42 HOWEVER, my install DVD says that I used IE8 1.5.38 and it has since been updated to 1.5.42. The differences being -- Version 1.5.42 2018-09-17 —5eraph Added KB4457426, replaces KB4343205. Version 1.5.41 2018-08-19 —5eraph Added KB4343205, replaces KB4339093. Version 1.5.40 2018-07-15 —5eraph Added KB4339093, replaces KB4230450. Version 1.5.39 2018-06-13 —5eraph Added KB4230450, replaces KB4103768. KB4230450 == POSReady... I do not install POS... https://www.catalog.update.microsoft.com/Search.aspx?q=KB4230450 KB4339093 == POSReady... I do not install POS... https://www.catalog.update.microsoft.com/Search.aspx?q=KB4339093 KB4343205 == POSReady... I do not install POS... https://www.catalog.update.microsoft.com/Search.aspx?q=KB4343205 KB4457426 == POSReady... I do not install POS... https://www.catalog.update.microsoft.com/Search.aspx?q=KB4457426 I strongly suspect, and I'm not trying to start a lengthy debate, but all the facts seem to point to this -- POSReady2009 is what broke your security certificates! I think that's where we need to start next -- to everyone that is seeing MSFN as "insecure" when using Chromium-based browsers on XP x86 SP3, did you install POSReady2009 hotfixes? Again, I am trying to help, so I hope it is coming across that way.
-
I can't help but be curious (and at the risk of opening Pandora's Box but in the spirit of leaving no stone unturned) - 360Chrome was developed, at its core, to backport browser functionality specifically to XP. So I guess I find myself of little-to-no surprise that 360Chrome is showing sites as "secure" when in XP but "mileage may vary" when that browser, designed for XP, is tested in Vista and 10. So why even run 360Chrome in Vista or 10 when there are "non-backport" browsers available on those platforms? Vista I kinda get, it too is an "expired" OS. Please don't misread, I'm asking because I am curious. Is it because XP has a larger following than Vista and nobody out there is "backporting" specificly for the Vista Audience? Forgive the curiosity, I'm just trying to place myself in your shoes - my shoes are XP so I understand the path that I walk in those shoes. edit - although, having asked that question, I should also disclose this -- I run Mypal 27.9.4 on my work computer and it runs Win10 x64, I do that for RAM/CPU purposes and for "lighter" extensions.
-
And your profile says Win10 x64. Ecosia and Discord both show as "secure" for me (XP x64 SP2, v13 360Chrome build 2206). So this really is just another example of where the same exact browser gives different results in different operating systems. Unless I am missing something, that still points to the OPERATING SYSTEM and not the browser. Let's try a different route (I am trying to be of assistance, honestly!, despite my personal conviction that a brower's "padlock" reveals NOTHING about my level of "security", it's a girl in the forest cyring wolf when there is no wolf or crying fire in a movie theater when there is no fire or a car alarm that is set off by a cat sniffing the tire - to each their own, different strokes for different folks). 360Chrome is based on Chrome v86 and this dated October 2020. So what happens for Vista and Win10 for Firefox version 80.0.1 (released September 2020). ie, does a Firefox version release around the same time as Chrome v86 show the same results?
-
Tracked down and reloaded my Vista VM. It's dated 2019 and official Vista support ended in 2017, so it "should" be fully updated - but I am not 100% on this as I use my Win7 VM much more than my Vista VM. At any rate, here are some findings (these are from v13 360Chrome build 2206 when on Vista VM) -- MSFN == insecure connection Wikipedia == insecure connection Google == insecure connection Roytam's rtfreesoft blog == insecure connection Chromium woolyss (source for ungoogled-chromium) == insecure connection browseraudit.com (a recent test site of recent rave) == insecure connection Base Mark 3.0 (another common test site) == insecure connection microsoft.com (I find this one particularly funny) == insecure connection cloudfare.com == insecure connection mozilla.org (equally funny) == insecure connection linkedin.com == insecure connection adobe.com == insecure connection msn.com == insecure connection reuters.com == insecure connection opera.com (browser download, not a fat lady singing) == insecure connection cnn.com == insecure connection bbc.com == insecure connection nytimes.com == insecure connection bloomberg.com == insecure connection washingtonpost.com == insecure connection ALL of the above show as "secure" in v13 360Chrome build 2206 on XP x64 SP2. ALL of the above show as "secure" in Serpent/Basilisk v52.90 (2021-07-30) when on Vista VM - but as insecure in v13 360Chrome build 2206 when on Vista VM (despite being "secure" on XP x64 SP2). Not sure "where" that gets us, but I offer it to the discussion at hand.
-
You site that MSFN shows up as "insecure" but did you comapare to ANY other browser? Did BOTH browsers say "insecure" or did only ONE? I will try to expand on my view of this issue - I am not always the best at communication "skills" but we all have our days, lol. I seem to be in the minority but that does not make me "wrong", please allow me to explain because SSL has become a GIGANTIC topic of late here at MSFN. So your browser is claiming to be "insecure" on MSFN and the solution isn't some form of "I can not log in because I can not trust MSFN" but rather "What modifications can I make to my operating system or browser for MSFN to 'appear' "secure" "? To the point of users creating "cert-packs" and moderators yanking them for MSFN Rule Violations -- seriously, ponder that for a second. Isn't this the EXACT OPPOSITE of "secure" -- to blindly trust an MSFN forum member that created their own "solution" then publicly distrubuted it for others to install onto their computers? My official XP x86 SP3 and my official XP x64 SP2 both show MSFN as "secure". So if another user on a different XP says "insecure", that basically tells me that the user broke something - installed some "cert-pack" that I did not, installed POS updates that I did not, hacked their kernel that I did not, et cetera. They may have had the best of intentions, but the end result was that they broke something when they inteded to try to fix something. But you still cannot deny that my XP says "secure" and the hacked-with-best-of-intentions version of XP says "insecure". Maybe the hack was to get YouTube to show as secure and the hack fixed that - but broke MSFN. So is that hack to be trusted or not (I'm on the not-side). Your profile cites Vista Business x64 -- can you install a brand spanking new VirtualBox VM and see if it shows MSFN as "secure"? That would reveal that something is "broken" in your host Vista. Generally speaking, to me at least, when a web browser says "insecure", it is NOT the web browser that is "insecure", it is the OPERATING SYSTEM. That is, unless I can show a DIFFERENT web browser on the SAME computer to show "secure" - which I'm not 100%, but I don't think I've ever witnessed that scenario. Hope that helps.
-
It's the dog chasing its tail.
-
I do know that the "anti-tracking" feature (which I do not use) is offset by 24hrs and I have fixed this in my release and pointed it out to Humming Owl for his release. Aside from that, my "history" page is off by ONE HOUR but the month/day/year is correct. Had'nt noticed that ONE HOUR difference until just now.
-
We kind of need an example link to go anywhere with this.
-
We do all need to kinda know our own balance. I personally have never in my entire life installed any "certificates" (well, can't really say "never", I used to create my own certificate for a program called Proxomitron). But at the OS level, if it didn't come from an official Microsoft "KB", then it isn't on my computer! Mileage varies on this one, but I do NOT install POS updates. My balance is along the same lines of @Dixel - he did NOT just install a set of certificates, he extracted them, peaked inside, and knew what portion to install and what portion not to install. NOTHING gets "installed" on MY computer without me extracting them, peaking inside, making a few modifications, and creating my own self-extracting archive to copy files and create the registry keys I want and drop the "bundled" registry keys that the "author" tried to sneak past me, et cetera. I haven't "installed" any software on my computers via the developer's "installer" in somewhere between 15 and 20 years. But at the same time, "that" isn't for everyone. Being self-aware enough to control your mouse-clicks - that IS for everyone. Knowing which web sites are respectable and trustworthy and safe to download from - that IS for everyone. Caveat emptor! What I am trying to drive home is this - YOU are responsible for YOUR security, that "green padlock" should not be your warm-and-fuzzy!
-
I'll concede that "meaningless" is not the best way to "word" my POV, so I shall expand a bit. My POV remains - SSL "security" is MEANINGLESS and should NOT be "relied upon" to indicate your level of "secureness". Fake websites know how to "appear" secure -- https://www.semrush.com/blog/https-a-modern-false-sense-of-security/ YOU the USER must learn how to be "net savvy". If you click on a link that says the website needs to "verify your identity" and you do so because you see a "green padlock" - SHAME ON YOU. If you clicked a link from an unknown sender in an email and the link takes you to a "green padlock" that says to click here to "unsubscribe" - SHAME ON YOU. If a web browser popup claims they detected a virus on your computer, click here to run a full scan and you see a "green padlock" - SHAME ON YOU. If you can't spot the difference between your browser's "auto-update" dialog and a web page with a "green padlock" saying your brower needs updated - SHAME ON YOU. Et cetera...
-
For those wanting to test, it took me quite a while to actually find something out there in the wild that does NOT use HTTPS (in fact, I couldn't find anything for sites that I regularly visit, I just never paid any attention to it). So I found this instead -- https://whynohttps.com/
-
ps - regarding HTTPS Everywhere (which again I don't use but nor do I have the need to visit https instead of http, why do I need a "secure" connection to check the weather or read the news?) <excerpt from Wikipedia> Other criticisms are that users may be misled to believe that if HTTPS Everywhere does not switch a site to HTTPS, it is because it does not have an HTTPS version, while it could be that the site manager has not submitted an HTTPS ruleset to the EFF, and that because the extension sends information about the sites the user visits to the SSL Observatory, this could be used to track the user. </excerpt>
-
That's the way the internet is SUPPOSED to work. Unless you use something like "HTTPS Everywhere" extension -- https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp?hl=en To me that kinda seems pointless, but "to each their own".
-
Mypal is giving me the same thing -- Ecosia is fine but browserleaks has a red exclamation mark. I personally feel that cert warnings are MEANINGLESS. UNLESS you see it on your bank account site!
-
Ecosia shows up fine for me but I get the same as you for browserleaks --
-
I should further point out that I see some forums where some ESET (antivirus and firewall product) users have blocked that "connection" and it fully disabled their Vivaldi, Opera, and Chrome from connecting to the internet. As I mentioned above, it is not an "external" connection. I find it a rolling-on-the-floor-in-laughter read on one of the Vivaldi sites. Several people name-calling other folks and tellilng them to put their tinfoil hat back in the closet. Thanks, that was a very hilarious way to spend my lunch break
-
For you Mozilla-based readers, see "Network Detection" section here -- https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections
-
Oh, also found this -- https://bbs.archlinux.org/viewtopic.php?id=246181