Where To Go From Here On Vista 32bit SP2 +

[Vistaar]

When I was running Vista, I would occasionally use an antivirus rescue disk as a “third opinion” scanner. (Malwarebytes Free was my second opinion scanner, and of course I always had a good first opinion antivirus with real-time protection.) I was thinking of recommending my former favorite to wither 3 in his present predicament, but unfortunately it appears that ESET SysRescue Live was terminated on September 29, 2023. That’s too bad because it supported operating systems as far back as Windows 2000. I believe Bitdefender’s rescue disk was also discontinued years ago. I also believe you would have to install Avast to get their rescue disk. I never used theirs even when I had Avast installed because I wanted my third opinion to come from a different company than my first opinion.

Your comment on MSE is also a factor in not messing with Vista anymore. I guess I had some fun with it, but it's time to let it go.

Oh no: Have I become an overzealous Microsoft Security Essentials naysayer? I will always remember using MSE on Vista during 2015-2017 as the good old days: so much more relaxing than using third-party antivirus products that often created more problems than they solved. In defense of the idea of using MSE 4.4.304.0 on Vista, it has been argued that it doesn’t matter how old the MSE client is as long as Microsoft updates the engine because it is the engine that does the actual work. That is a good argument, assuming that the latest engine actually works in an old client running on an old OS. That is why I really wish you had visited AMTSO Security Features Check Tools - AMTSO to test MSE 4.4. Sorry for not posting a link when I first mentioned this idea: It was actually harder to find than I expected. My favorite test was for drive-by downloads. MSE does not have anti-phishing so don’t be discouraged by that test. If you see a green system tray notification from MSE and the test file goes to quarantine, then the engine is working. We could then say that MSE meets or exceeds the latest “better than nothing” security standard for Vista gurus. But if the engine cannot prevent the test file from being downloaded, then MSE is no better than no real-time protection at all.

MSE hasn’t been an option for Windows XP for several years. You might think this is only because there is no SHA-2 update for XP, but actually the first thing to go was the engine: Microsoft’s engine updates became incompatible with XP long before they were signed with SHA-2 exclusively. Are they still compatible with Vista? I dunno, you tell me!

 

[wither 3]

I do have a system image from macrium reflect stored on a secondary hard drive. When I think about it, I should probably make a new one.

 

[mdiemer]

When I was running Vista, I would occasionally use an antivirus rescue disk as a “third opinion” scanner. (Malwarebytes Free was my second opinion scanner, and of course I always had a good first opinion antivirus with real-time protection.) I was thinking of recommending my former favorite to wither 3 in his present predicament, but unfortunately it appears that ESET SysRescue Live was terminated on September 29, 2023. That’s too bad because it supported operating systems as far back as Windows 2000. I believe Bitdefender’s rescue disk was also discontinued years ago. I also believe you would have to install Avast to get their rescue disk. I never used theirs even when I had Avast installed because I wanted my third opinion to come from a different company than my first opinion.


Oh no: Have I become an overzealous Microsoft Security Essentials naysayer? I will always remember using MSE on Vista during 2015-2017 as the good old days: so much more relaxing than using third-party antivirus products that often created more problems than they solved. In defense of the idea of using MSE 4.4.304.0 on Vista, it has been argued that it doesn’t matter how old the MSE client is as long as Microsoft updates the engine because it is the engine that does the actual work. That is a good argument, assuming that the latest engine actually works in an old client running on an old OS. That is why I really wish you had visited AMTSO Security Features Check Tools - AMTSO to test MSE 4.4. Sorry for not posting a link when I first mentioned this idea: It was actually harder to find than I expected. My favorite test was for drive-by downloads. MSE does not have anti-phishing so don’t be discouraged by that test. If you see a green system tray notification from MSE and the test file goes to quarantine, then the engine is working. We could then say that MSE meets or exceeds the latest “better than nothing” security standard for Vista gurus. But if the engine cannot prevent the test file from being downloaded, then MSE is no better than no real-time protection at all.

MSE hasn’t been an option for Windows XP for several years. You might think this is only because there is no SHA-2 update for XP, but actually the first thing to go was the engine: Microsoft’s engine updates became incompatible with XP long before they were signed with SHA-2 exclusively. Are they still compatible with Vista? I dunno, you tell me!

I was not able to do the test because, before I got around to it, my Vista install got borked with a BSOD, then went into a startup/shutdown loop.

The SSDs I ordered arrived today. I'll be attempting new, clean installs on both. I am aware of some hacks that may allow me to bypass the need to first install Vista, then W7 as an upgrade. I may then try Vista again. If I do, I will try the test.

 

[Vistaar]

I do have a system image from macrium reflect stored on a secondary hard drive. When I think about it, I should probably make a new one.

If you have an image that was created back in the days when your Norton was still getting definitions, and preferably before you ever installed a certain Chinese browser, then that might be worth hanging on to if you are really too stubborn to stop running Vista. Frankly, such an old image is much less likely to contain malware than a new one that you might create now!

Do you own a smartphone wither 3? I’m actually on an iPhone right now. I know you don’t want to buy a Windows 11 PC, but you don’t particularly need to if you have a smartphone for web browsing. I don’t intend to spend very much time advising someone who never takes advice, so good luck wither 3.

 

[wither 3]

I've taken plenty of advice from you and others in this forum and the Win 7 forum. You guys/girls are much more knowledgeable of computers and software than I am.

I do have smartphones but I primarily use them to make long distance phone calls and to take pictures. I don't frequently go on the internet on them except for the apps I download (I prefer viewing the internet on a 24" monitor). You'll never see me in a restaurant, bar, anyplace with a smartphone in my hand rather than talking with people.

Note that Vista is also installed on my secondary hard drive. I've said before that, if need be, I'd buy a new computer with Win 11.

 

[Vistaar]

The SSDs I ordered arrived today....I may then try Vista again. If I do, I will try the test.

I don’t think any of us still here ever ran Vista on an SSD, but I recall threads about that at MSFN. This one includes replies from expert users who I had much respect for: SSD for Vista

 

[mdiemer]

I don’t think any of us still here ever ran Vista on an SSD, but I recall threads about that at MSFN. This one includes replies from expert users who I had much respect for: SSD for Vista

I have already installed Windows 7 on one of them, activated it, and installed and activated Office also. So I have no need to install Vista in order to install W7. If I do install it, I know I will get hooked on it again, so I'm leaning on not doing that.

Previously, however, I did install Vista on a San Disk SSD, and that seemed to be fine. I overwrote it with Linux, but it worked well up to that point. I was not aware of the potential issues raised on the MSFN forum, but will keep them in mind if I ever do decide to try it again. you never know how bored you might get...

 

[mdiemer]

On a whim, I tried repairing my Vista drive, which had gotten borked recently and would not boot. I threw in my ancient Vista 32 bit OEM installation disk, chose the repair option, then last known good...and voila, Vista came back.

So I finally tried the test Vistaar suggested. MSE 4.4.304 passed the first two tests, manually downloaded malware, and drive by malware. A window appeared at the lower right, saying MSE was cleaning the files. Did not pass the rest (phishing, zipped files and cloud-something. Said my AV might not be configured properly).

 

[Vistaar]

So I finally tried the test Vistaar suggested. MSE 4.4.304 passed the first two tests, manually downloaded malware, and drive by malware. A window appeared at the lower right, saying MSE was cleaning the files. Did not pass the rest (phishing, zipped files and cloud-something. Said my AV might not be configured properly).

Bravo! Thank You for testing Microsoft Security Essentials 4.4.304.0 at AMTSO Security Features Check Tools - AMTSO! It necessarily follows that the engine version you tested with is still compatible with Windows 6.0.6003! MSE is not cloud-based and has no anti-phishing. As for compressed malware, I would suggest scanning after unzipping. This is perhaps the only security solution I would be inclined to try these days if I were still running Vista.

About installing SHA-2 support: Did you install the servicing stack update KB4493730 (April 2019) before installing KB4474419? It might not be essential, but if there is any intention of patching to the EOL of Server 2008, then I would install the SSU.

 

[mdiemer]

Bravo! Thank You for testing Microsoft Security Essentials 4.4.304.0 at AMTSO Security Features Check Tools - AMTSO! It necessarily follows that the engine version you tested with is still compatible with Windows 6.0.6003! MSE is not cloud-based and has no anti-phishing. As for compressed malware, I would suggest scanning after unzipping. This is perhaps the only security solution I would be inclined to try these days if I were still running Vista.

About installing SHA-2 support: Did you install the servicing stack update KB4493730 (April 2019) before installing KB4474419? It might not be essential, but if there is any intention of patching to the EOL of Server 2008, then I would install the SSU.

Looking over my notes, I installed KB4056564, KB4090450 and then 4474419. After that, MSE 4.4.304 self-updated. Since then however, I have had to manually download updates. I can't see that I installed KB4493730, but I'll check on that later when I fire up that computer.

I also tried installing the MS fixit download, which makes Windows 7 be able to self-update, but got the message that it wasn't for my system. Not surprising, as it's intended for W7 SP1, and MSE 4.10.

Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows - Microsoft Support

Describes an update that adds TLS 1.1 and TLS 1.2 to default security protocols in Windows Server 2012, Windows 7 SP1, and Windows Server 2008 R2 SP1.

support.microsoft.com

Re: the 2008 server: Before hitting on the solution of the afore-mentioned three updates which fixed the definitions problem in MSE 4.4.304, I did fool around with the WSUS updater, in an attempt to get the sever updates installed, but I'm not sure how far I got. Far enough I guess to get the platform update, but not to get Vista "fully updated."

Later: I checked and I did install KB4493730, the Servicing Stack Update.

 

[Vistaar]

Looking over my notes, I installed KB4056564, KB4090450 and then 4474419. After that, MSE 4.4.304 self-updated. Since then however, I have had to manually download updates. I can't see that I installed KB4493730, but I'll check on that later when I fire up that computer.

KB4056564 was an update adding support for TLS 1.1 and 1.2, which was a favorite topic of mine near the end of the previous decade. (It superseded the earlier KB4019276 mentioned in VistaLover’s July 2017 post Enabling TLS 1.1/1.2 support in Vista's Internet Explorer 9.) In order to enable support for TLS 1.1 and and 1.2 in IE9 on Vista x86, it was also necessary to make two simple registry changes (four registry changes in the case of Vista x64). I don’t believe this update had anything to do with your ability to manually install MSE updates signed with SHA-2, and I doubt that KB4090450 (April 2018) was really helpful either. KB4474419 should be the only update needed for SHA-2 support, but Microsoft had recommended installing an SSU by that time.

I believe the necessity to manually download the latest security intelligence update is due to some discrimination at Microsoft’s end. It seems like someone running Vista x64 with extended kernel (and perhaps spoofing Windows 7) once claimed to be able to update MSE from within the app, but the extended kernel fad has faded away now and was never an option for Vista x86.

...I did fool around with the WSUS updater, in an attempt to get the sever updates installed, but I'm not sure how far I got. Far enough I guess to get the platform update, but not to get Vista "fully updated."

Later: I checked and I did install KB4493730, the Servicing Stack Update.

In case it isn’t clear to you, the Platform Update for Server 2008 SP2 was identical to that for Vista SP2. If you used a custom ISO that included all Vista SP2 updates up to EOL in April 2017, then you presumably have the Platform Update. I never used WSUS and can’t offer any advice on that.

 

[mdiemer]

KB4056564 was an update adding support for TLS 1.1 and 1.2, which was a favorite topic of mine near the end of the previous decade. (It superseded the earlier KB4019276 mentioned in VistaLover’s July 2017 post Enabling TLS 1.1/1.2 support in Vista's Internet Explorer 9.) In order to enable support for TLS 1.1 and and 1.2 in IE9 on Vista x86, it was also necessary to make two simple registry changes (four registry changes in the case of Vista x64). I don’t believe this update had anything to do with your ability to manually install MSE updates signed with SHA-2, and I doubt that KB4090450 (April 2018) was really helpful either. KB4474419 should be the only update needed for SHA-2 support, but Microsoft had recommended installing an SSU by that time.

I believe the necessity to manually download the latest security intelligence update is due to some discrimination at Microsoft’s end. It seems like someone running Vista x64 with extended kernel (and perhaps spoofing Windows 7) once claimed to be able to update MSE from within the app, but the extended kernel fad has faded away now and was never an option for Vista x86.


In case it isn’t clear to you, the Platform Update for Server 2008 SP2 was identical to that for Vista SP2. If you used a custom ISO that included all Vista SP2 updates up to EOL in April 2017, then you presumably have the Platform Update. I never used WSUS and can’t offer any advice on that.

Thanks Vistaar. I didn't know that about Vista SP2. I installed SIW2's x86 Vista iso from Mega, which did have all updates to EOL.

What is weird is that twice now, MSE 4.4.304 did update from within the app when I tried. The first time was after I had installed the three updates I mentioned above. But after doing it once, I have had to manually download them. The second time was last night. I had deleted over 100GB of stuff from my Vista install, in order to be able to shrink the drive, so as to put it on a SSD. I think I restarted, and why it worked then I have no idea, but again, after working once, it now is necessary to manually install. But it shows that at least it's possible to do it. I just don't know what made it work those two times.

Addendum: All those deleted files and programs were not enough to get the C drive under 240GB, thanks to Windows' insisting on putting files all over the drive. Why did I have all those files on my Vista install? Including Cakewalk sonar and a bunch of projects I made? For the life of me, I don't know how they got on there. The only thing I can think of is that when I repaired Vista, and went back to last known good config, it somehow found them from a previous Windows 7 installation, and dragged them into Vista. Or maybe I copied my entire Home folder to Vista, but I don't recall doing that. Other than that, Gremlins?