...I just thought it would be cool to continue updating it, but I know that some, like Vistaar, think this is pointless.
That has indeed become my strongly-held viewpoint in the present decade. I rarely post at this forum anymore, but your nostalgia for Vista has got me feeling a little nostalgic today.
It is quite true that updates for Server 2008 SP2 were also applicable to Vista SP2, and there was certainly a good reason to install those patches on Vista during the period 2017-2020: online security. But that is precisely what a vast collection of old patches cannot give you in 2025! If you wish to install them anyway, I believe that Greenhillmaniac of MSFN created a repository of Server 2008 updates for post-EOL Vista at Mega. If it still exists, I’m sure you could find a link to it in the old MSFN thread that Imacri already provided a link to. At an early stage after Vista’s EOL, pioneer
@Jody Thornton recommended skipping the patch(es) for the Meltdown and Spectre vulnerabilities because that would negatively affect system performance. There may have been other performance killers later on.
If you had asked 5 or 6 years ago when I was still running Vista, I would’ve urged you to patch against the BlueKeep vulnerability (the big security scare of 2019) as advised by Microsoft, whereas Imacri would’ve advised against it because it would’ve changed your Windows build from 6.0.6002 to 6003 with some potential to break software. (There was definitely an issue with Avast for a while.) But since you have already added SHA-2 support for the sake of MSE definitions, you should already be running build 6003. Forum member wither 3 has been running 6003 since 2019.
I was also once enthusiastic about adding support for TLS 1.2 to IE9; but if I did a new installation of Vista today, I wouldn’t even bother to install IE9, much less try to improve it. There might be very rare cases of software that could work on Vista if you had systemwide support for TLS 1.2, but I can’t think of any at the moment.
Whereas Vista’s lack of browser support has actually improved recently through the efforts of developers, the lack of antivirus support has only gone from bad to worse. I used MSE on Vista for a couple of years from 2015-2017 and was very happy with it, but I never liked this idea of downgrading to version 4.4.304.0 because it dates back to 2013 (MSE wasn’t even very effective until 2015), and because it can only be obtained from third-party websites. Of course even the “latest” version 4.10.209.0 for Windows 7 dates back to 2016, so the age difference might not seem very significant in 2025. If I were you, I would visit the AMTSO website to test if MSE real-time protection even works. If it does, you will see a green system tray notification and the EICAR test file will go to quarantine instead of your usual download location. Not that I have any good alternatives in mind in case MSE fails testing. The last thing I used on Vista was Avast 18.8, and I was happy with it at the time. But Avast
announced a few months ago that their definitions would no longer be tested on Windows XP. They neglected to even mention Vista, but XP has about 20 times as many users as Vista and it would be foolish to assume that companies are still testing anything on Vista. An XP diehard and Avast user at MSFN has reported problems this month. If anyone in the world is currently using Avast on Vista, they are unknown to me. I sort of wonder what wither 3 is using now, since neither Norton nor Malwarebytes will provide him with definitions in exchange for his money anymore? Even if MSE 4.4 can pass tests at AMTSO, Microsoft will sooner or later discontinue definitions for it. About 5 years ago, Microsoft posted that MSE signature updates would be provided “until 2023.” That policy was obviously relaxed, but MSE users have no way of knowing how much time remains.
My apologies for straying into subject areas that you did not specifically ask about. My main point is that Microsoft didn’t try to improve Vista after 2011, virtually all applicable updates were just security patches, but installing oodles of them won’t make Vista a secure OS in 2025, so why bother? You seem to realize this, since your stated intention is to keep Vista offline. But if you think of patches the way collectors think of baseball cards or postage stamps, then you certainly expand your collection if you want.
