Where To Go From Here On Vista 32bit SP2 +

[mdiemer]

"Here" means updated to EOL. Also, I fooled enough with WSUS to get SHA-2 installed and MSE 4.4.304 working. (I was restoring an old desktop that came with Vista, and became intrigued when I learned that you can get it updated to present by installing Server 2008 and going from there).

But I don't know where to go from there, as the title says. Install more Server updates? Or something else?

BTW, I used to be member here, never thought I would come back. But working again with Vista has been nostalgic. Also, the Windows Seven drive on that computer doesn't work right, and I can't seem to fix it. But Vista works great.

The plan is to get it fully updated, then keep it offline, using it for Office 2010 as well as the great card games. I only have a 32 bit OEM license, which came with the machine, but I'm happy with that, in light of its planned usage.

Thanks!

 

[lmacri]

Hi mdiemer:

If you're thinking about turbo-charging a "plain vanilla" install of Vista SP2 patched to end of support (11-Apr-2017) with Windows Server 2018 updates or the Windows Vista extended kernel I'd suggest you post in the MSFN Vista board where these Vista modifications were actively discussed.

 

[mdiemer]

Thanks Imacri, I have been researching the subject on that forum, but have not joined.

At least at this time, I'm not interested in the extended kernel, since my system is 32-bit. just wondering how to get it patched as far as it I can, as with Simplix on Windows 7.

 

[lmacri]

Hi mdiemer:

If all you want to do for now is to ensure your Vista SP2 OS is patched to end of support (11-Apr-2017) see my 12-Jan-2025 comments in Vista2025's Error 80072EFE about the Legacy Update tool.

I never installed Windows Server 2008 updates released after 11-Apr-2017 on my Vista SP2 machine so I won't be able to help if you decide to go this route.

 

[mdiemer]

It is updated to EOL, 4/11/17, as I used SIW2's 32 bit iso from Mega to reinstall Vista. I have the original disc that came with the computer. I have to first install Vista, and then use my upgrade W7 disc, if I want to install W7. But I sometimes get hooked on Vista, and, since I pretty much keep even W7 offline on that machine, why not Vista?

I succeeded in getting enough of the Server 2008 to get MSE installed and working. Weirdly, the first time I tried updating it after getting SHA-2 installed, it installed the latest definitions from the update button. Every time after that I had to download them and install them myself.

I guess I could just keep it as it is, and we'll use it for Office and games. If it ends up in the living room, then I'll use it run Linux Mint, which the machine also has, saving me from going down to the basement every morning to set up the radio station from Italy that we listen to. I just thought it would be cool to continue updating it, but I know that some, like Vistaar, think this is pointless.

 

[Vistaar]

...I just thought it would be cool to continue updating it, but I know that some, like Vistaar, think this is pointless.

That has indeed become my strongly-held viewpoint in the present decade. I rarely post at this forum anymore, but your nostalgia for Vista has got me feeling a little nostalgic today.

It is quite true that updates for Server 2008 SP2 were also applicable to Vista SP2, and there was certainly a good reason to install those patches on Vista during the period 2017-2020: online security. But that is precisely what a vast collection of old patches cannot give you in 2025! If you wish to install them anyway, I believe that Greenhillmaniac of MSFN created a repository of Server 2008 updates for post-EOL Vista at Mega. If it still exists, I’m sure you could find a link to it in the old MSFN thread that Imacri already provided a link to. At an early stage after Vista’s EOL, pioneer @Jody Thornton recommended skipping the patch(es) for the Meltdown and Spectre vulnerabilities because that would negatively affect system performance. There may have been other performance killers later on.

If you had asked 5 or 6 years ago when I was still running Vista, I would’ve urged you to patch against the BlueKeep vulnerability (the big security scare of 2019) as advised by Microsoft, whereas Imacri would’ve advised against it because it would’ve changed your Windows build from 6.0.6002 to 6003 with some potential to break software. (There was definitely an issue with Avast for a while.) But since you have already added SHA-2 support for the sake of MSE definitions, you should already be running build 6003. Forum member wither 3 has been running 6003 since 2019.

I was also once enthusiastic about adding support for TLS 1.2 to IE9; but if I did a new installation of Vista today, I wouldn’t even bother to install IE9, much less try to improve it. There might be very rare cases of software that could work on Vista if you had systemwide support for TLS 1.2, but I can’t think of any at the moment.

Whereas Vista’s lack of browser support has actually improved recently through the efforts of developers, the lack of antivirus support has only gone from bad to worse. I used MSE on Vista for a couple of years from 2015-2017 and was very happy with it, but I never liked this idea of downgrading to version 4.4.304.0 because it dates back to 2013 (MSE wasn’t even very effective until 2015), and because it can only be obtained from third-party websites. Of course even the “latest” version 4.10.209.0 for Windows 7 dates back to 2016, so the age difference might not seem very significant in 2025. If I were you, I would visit the AMTSO website to test if MSE real-time protection even works. If it does, you will see a green system tray notification and the EICAR test file will go to quarantine instead of your usual download location. Not that I have any good alternatives in mind in case MSE fails testing. The last thing I used on Vista was Avast 18.8, and I was happy with it at the time. But Avast announced a few months ago that their definitions would no longer be tested on Windows XP. They neglected to even mention Vista, but XP has about 20 times as many users as Vista and it would be foolish to assume that companies are still testing anything on Vista. An XP diehard and Avast user at MSFN has reported problems this month. If anyone in the world is currently using Avast on Vista, they are unknown to me. I sort of wonder what wither 3 is using now, since neither Norton nor Malwarebytes will provide him with definitions in exchange for his money anymore? Even if MSE 4.4 can pass tests at AMTSO, Microsoft will sooner or later discontinue definitions for it. About 5 years ago, Microsoft posted that MSE signature updates would be provided “until 2023.” That policy was obviously relaxed, but MSE users have no way of knowing how much time remains.

My apologies for straying into subject areas that you did not specifically ask about. My main point is that Microsoft didn’t try to improve Vista after 2011, virtually all applicable updates were just security patches, but installing oodles of them won’t make Vista a secure OS in 2025, so why bother? You seem to realize this, since your stated intention is to keep Vista offline. But if you think of patches the way collectors think of baseball cards or postage stamps, then you certainly expand your collection if you want.

 

[mdiemer]

Thanks so much for your detailed reply, Vistaar. I think I will try the AMTSO test you mentioned. Moreso because of Windows 7 than Vista, as that is a more viable OS at this point (although as you point out, MS will eventually ice MSE). And yes, I do have a 6003 system at this point, and it's working well, except occasionally it freezes on the welcome screen.

I did get Avast working by the way, even updating. Also the free version of Panda, but that does not give you RTP. You could upgrade it of course, and that might be the best option for those brave enough to take Vista online on a regular basis. But you have reinforced my feeling that Vista should be enjoyed offline. It will be both fun and useful for the great games, and Office 2010. And I'm sticking with MSE, as long as it still works. Hopefully the test will show that it's still effective.

Redfox is working well as a browser, for the rare times I go online. Which is mostly just to update MSE, although that can be done offline, too. Just a bit of a hassle, downloading on another machine (Linux Mint for me), saving it on thumb drive, etc.

BTW, all your remarks were totally relevant, and much appreciated, so no apology needed. I enjoyed your post.

 

[wither 3]

Please note that Malwarebytes still provides anti-virus and malware definitions in v3.5.1 Premium. I just renewed my two year subscription. You just can't get all the more advanced features that are available in the later versions. Norton ended their Vista support last year. I still use it in Win 7 but I don't pay for the advanced features like LifeLock.

I'm still using Supermium as my primary browser in Vista. I also have r3dfox installed and it seems to run fine.

 

[mdiemer]

Thank you Wither 3. I did try Malwarebytes 3.5.1, but just the free version. That may be why it did not want to update definitions. Maybe I will try it again, now that I have SHA-2 installed. It's good to have all the options on the table, since they are rapidly dwindling.

 

[Vistaar]

Please note that Malwarebytes still provides anti-virus and malware definitions in v3.5.1 Premium.

Hmm, that is contrary to what I heard from reliable sources about 7 months ago. Would you mind checking to see what update package you have in Malwarebytes 3.5.1 on your Vista? My crystal ball says it might be 1.0.39678.

https://forums.malwarebytes.com/top...nitions-again/?do=findComment&comment=1653739

 

[wither 3]

1.032487
3.5.1.2252

 

[Vistaar]

1.032487

Your definition updates evidently became stuck during the first half of 2024, and you never got the last possible version before EOL in August 2024. You should consider your Vista to be utterly insecure. Hopefully there will be no more posts about using Malwarebytes or Norton at this forum from now on.

 

[Vistaar]

I think I will try the AMTSO test you mentioned. Moreso because of Windows 7 than Vista, as that is a more viable OS at this point...

Microsoft almost has to test the definition and engine updates on Windows 7 with MSE 4.10, otherwise they should really be discontinued. But not for one second would I imagine that they are tested on Vista with MSE 4.4! If Microsoft wanted MSE to be an option for a few Vista diehards years after Vista’s EOL, then they shouldn’t have put a time bomb in MSE 4.5 and later versions. I was using MSE 4.10 at the time of Vista’s EOL in April 2017, and my protection was shut down with admirable efficiency. As someone who long used Vista but never used Windows 7, it seems rather unjust that Windows 7 hangers-on have been treated with much greater generosity. My speculation is that Microsoft has been pressured by the U.S. Department of Homeland Security to prevent Windows 7 from becoming a cybersecurity threat. What if Windows 7 users resorted to Kaspersky or some Chinese junkware instead of buying Windows 11 PCs like good cybercitizens? Probably better to just keep on providing MSE definitions!

I did get Avast working by the way, even updating. Also the free version of Panda, but that does not give you RTP. You could upgrade it of course, and that might be the best option for those brave enough to take Vista online on a regular basis.

The problem with Avast is that they no longer test their definitions on Windows XP, which probably means they no longer test on version 18.8 or older. Here’s a recent thread at Avast Forums that makes me glad I’m not still running Vista: Avast18.8 acting oddly.

You mean Panda Free does not have real-time protection these days? That’s news to me. It’s been 10 years since I used Panda Free on Vista. My experience ended rather badly - so badly that I was never inclined to give Panda another try: Panda antivirus software labels itself as malware. That was a very long time ago, but there was a thread at MSFN just a few months ago that makes me hesitant to suggest Panda for Vista: Panda Dome free delays startup to 16+ minutes.

 

[lmacri]

If you had asked 5 or 6 years ago when I was still running Vista, I would’ve urged you to patch against the BlueKeep vulnerability (the big security scare of 2019) as advised by Microsoft, whereas Imacri would’ve advised against it because it would’ve changed your Windows build from 6.0.6002 to 6003 with some potential to break software.

Hi Vistaar:

Just to clarify, my comments about the out-of-band emergency security update KB4499180 released 14-May-2019 that patched the "BlueKeep" remote desktop vulnerability CVE-2019-0708 were mainly directed at Vista SP2 users with a Norton antivirus.

From my 04-Feb-2020 post 10 in stvpls' fujitsu esprimo d9510 vista ultimate x86 interrupts using 50%cpu after like 10 15 mins idle:

One side-effect of this KB44999180 patch is that it will also change a Vista SP2 OS from Build 2 (6.0.6002.xxxxx) to Build 3 (6.0.6003.xxxxx). You mentioned you use a Norton AV, and while I would normally recommend that Vista SP2 users apply this patch, just be aware that it did seem to cause issues with my Norton Security Deluxe v22.15.2.22 (e.g., general system instability, black screens at boot-up that disappeared when Norton was uninstalled) so I eventually uninstalled KB44999180 and then confirmed my remote desktop / port 3389 settings were configured as described <here> to mitigate this BlueKeep remote desktop vulnerability.

Cybertooth reported similar problems on a Vista SP2 desktop with a Norton AV in the 07-Jun-2019 AskWoody topic Are Bluekeep Patches Causing BSODs with Server 2008 SP2 and Vista? that were resolved after uninstalling KB44999180, and at the time I recommended that users capture a full disk image of their system with disk imaging software like Macrium Reflect Free (or at the very least create a new system restore point) before installing KB44999180 just in case it caused a conflict with their Norton AV. NOTE: It might also be relevant that Cybertooth and I had both Norton AVs and NVIDIA graphics cards in our problem machines.

This is all a moot point now since Norton discontinued support for Win XP, Vista on 22-May-2024 per the announcement at End-of-Life announcement for Norton security software on Windows XP, Windows Vista, and Windows 7 (SP0).

 

[Vistaar]

I never installed Windows Server 2008 updates released after 11-Apr-2017 on my Vista SP2 machine so I won't be able to help if you decide to go this route.

Just to clarify, my comments about...security update KB4499180 released 14-May-2019 that patched the "BlueKeep" remote desktop vulnerability CVE-2019-0708 were mainly directed at Vista SP2 users with a Norton antivirus.

From my 04-Feb-2020 post 10 in stvpls' fujitsu esprimo d9510 vista ultimate x86 interrupts using 50%cpu after like 10 15 mins idle:

“...You mentioned you use a Norton AV, and while I would normally recommend that Vista SP2 users apply this patch, just be aware that it did seem to cause issues with my Norton Security Deluxe v22.15.2.22 (e.g., general system instability, black screens at boot-up that disappeared when Norton was uninstalled) so I eventually uninstalled KB44999180...”

This is all a moot point now since Norton discontinued support for Win XP, Vista on 22-May-2024...

Imacri:

Yes, this is about as moot as patching Vista to precisely April 2017, so why bring it up? To “clarify”? Alright then: For the sake of clarity, one or the other of the above quotations must be factually incorrect, and there is no doubt in my mind which one it is. This forum did have a well-known member using Norton on Vista SP2 who installed KB4499180 in 2019: wither 3. He never mentioned any “general system instability” (whatever that was supposed to mean) or “black screens at boot-up.” There was indeed a BSOD issue with Avast/AVG 18.8, but there was evidently no issue with Norton: Just one overzealous naysayer.