eyespy Posted August 31, 2015 Report Share Posted August 31, 2015 Greetings! This is going to be my first post & I am not sure if I am in the right forum for my questions but if it is not can some kind individual relocate if I am in the wrong area please & give advice if that's okay? I have managed to get hold of a copy of XP-Home which has no Hot-fixes added, I think they call it a "Gold" or "Vanilla" version, it does not have a product key so I will be using my own "Home version Cd key" to validate it. I have always dreamed of having a copy of XP-home that has NO service packs but has all the needed critical security hot-fixes added only no SP's, lean and secure if you like. To undertake this task I will need to go right back to the beginning to obtain the very first hot-fixes which I think started with "Q" reference, remove or leave out the previous superseded ones by later hot-fixes then move onto the next grouping and so forth up to the last of them. The other optional hot-fixes can be added as and when needed. Can you tell me are all the hot-fixes needed to undertake this task on this site and with a compass can someone point me in the right direction to make a start in obtaining them please from first hot-fix to last? Incidently my XP-Home is for English UK version. Kind regards, eyespy Quote Link to comment Share on other sites More sharing options...
cgthamm Posted September 3, 2015 Report Share Posted September 3, 2015 A few thoughts... First, XP RTM (Release To Manufacturing -- no service packs) has no firewall. Windows Firewall was only added in one of the Service Packs. Having no firewall virtually guarantees you'll have problems. Second, XP RTM is insecure simply because many security updates require SP2 or higher. Finally, as Microsoft is no longer publicly releasing security updates for Windows XP, there is NO version of XP that can be considered secure. Bottom line -- a Windows XP that is "lean and secure" simply does not exist. Having said that, if you'd like to try to complete your project in whatever meaningful way remains (i.e. "as secure as possible" up until XP End of Support), I suggest you install all CRITICAL Windows Updates exhaustively. This will install SP1, SP2, AND SP3, IE8, .NET Framework 3.5.1, and all security updates related to these components. If you also require .NET Framework 4.0 functionality, you can install it from the Optional Updates section and subsequently install its security updates from the Critical Updates section. Quote Link to comment Share on other sites More sharing options...
eyespy Posted September 4, 2015 Author Report Share Posted September 4, 2015 (edited) Hi cgthamm, Many thanks for your replies and considerations, just to address your replies in order below: 1) "First, XP RTM (Release To Manufacturing -- no service packs) has no firewall. Windows Firewall was only added in one of the Service Packs. Having no firewall virtually guarantees you'll have problems" Yes but I intend to use a 3rd party firewall instead the version that comes with XP is not very secure and cannot be relied upon anyway even if I was to retain it. 2) "Second, XP RTM is insecure simply because many security updates require SP2 or higher." I would apply the Sp0-Sp1 hot-fixes then apply the SP1-SP2 hot-fixes then after that apply the SP2-SP3 Hot-fixes and finally all the remaining from SP3 to the last hot-fix issued by M$. 3) "Finally, as Microsoft is no longer publicly releasing security updates for Windows XP, there is NO version of XP that can be considered secure. Bottom line -- a Windows XP that is "lean and secure" simply does not exist." Yes you are right, my wrong choice of words should have said as secure as it can be it bit like the leaky XP firewall? however there exists a pos-ready registry patch that allows further hot-fixes for XP until 2019, how long these will be available for and are they considered safe is another question, only experimentation will weed out any anomalies? 4) "Having said that, if you'd like to try to complete your project in whatever meaningful way remains (i.e. "as secure as possible" up until XP End of Support), I suggest you install all CRITICAL Windows Updates exhaustively. This will install SP1, SP2, AND SP3, IE8, .NET Framework 3.5.1, and all security updates related to these components. If you also require .NET Framework 4.0 functionality, you can install it from the Optional Updates section and subsequently install its security updates from the Critical Updates section." The other rumour I have heard since I have posted this request is that the Hot-fixes within SP3 have superseded all SP0 SP1 & SP2 hot-fixes therefore the task maybe a little easier if this is the case. I will only need to apply them and not the SP0-SP1, & SP1-SP2, I would just need the SP2 to SP3 hot-fixes and the ones there-after. I am firstly looking for the hotfixes (the very first hot-fixes) which I think started with "Q" reference can you point me in the right direction [sP0-SP1] to start this quest. Once I have compiled the list I will be able to administer the hot-fixes with Nlite? Lastly I can take this opportunity to thank you for your well structured reply! Kind regards eyespy Edited September 4, 2015 by eyespy Quote Link to comment Share on other sites More sharing options...
cgthamm Posted September 4, 2015 Report Share Posted September 4, 2015 (edited) One additional note: If memory serves me correctly, when your starting point is XP with no service packs, you must install SP1a and then SP2 before installing SP3 for everything to work as expected. Problems occur if you try to skip any Service Packs. On the other hand, when your starting point is an XP install that has SP2 integrated, then you may proceed directly to SP3. (i.e. The goal is to have the most recent Service Pack as your base.) Once you're on SP3, I recommend you install at the very least IE8 and the .NET Framework 3.5 SP1. From that point, you may install just the security updates if you wish. I recommend you install all the post-SP3 hotfixes as well. The .NET Framework 4.0 is optional on Windows XP unless you specifically need it for a particular application to run. Edited September 4, 2015 by cgthamm Quote Link to comment Share on other sites More sharing options...
eyespy Posted September 5, 2015 Author Report Share Posted September 5, 2015 Hi cgthamm , You are correct SP3 cannot be installed onto SP1/1a however this is what I am trying to avoid - the installation of any SP's. whatsoever. What I hope to do, (as per my first post) is not install any service packs but install only critical hot-fixes from SP0 or gold/Vanilla to the last hot-fix that M$ have issued. This will avoid all of the service packs and only install critical patches so in fact SP's are not really relevant except for reference to a group of hot-fixes really that is what I am trying to say. Now if the critical hot-fixes within the SP3 grouping (that is SP2-Sp3 critical hot-fixes) have superseded the critical hot-fixes say in Sp1/1a-SP2 then all I need to do is find all the critical hot-fixes from SP2 going forwards to current date, assuming that the critical patches have been over-written by the later hot-fixes, however I do not know enough about hot-fixes to substantiate that idea it's just guess work. All the rest of the optional hot-fixes and other programs can be cherry picked & added as and when needed? Do you know if the hot-fixes going forward up to SP2 have been superseded within SP3? If so fingers crossed where can I obtain the critical hot-fixes from SP2 onwards or if they are not superseded where can I obtain the original critical hot-fixes from SP0? Best Regards, eyespy Quote Link to comment Share on other sites More sharing options...
cgthamm Posted September 10, 2015 Report Share Posted September 10, 2015 As you pursue your project, you will discover that there are hotfixes that cannot be installed unless you have SP3 installed. That's why I said that a Service Pack is a new "base" -- a new "known quantity", on which you can develop and install additional hotfixes. In the case of hotfixes that apply to either SP2 or SP3, you will discover that, even if you apply the hotfix to XP with SP2, you will have to re-apply it after installing SP3. Bottom line, having the most recent Service Pack (in the case of XP, SP3) is good thing. In my experience, if you want the most stable and reliable XP possible, get yourself to SP3 to start. Then install IE8, and .NET Framework 3.5.1. Then exhaustively install all critical Windows Updates, and use that as a base to install whatever hotfixes you want. Quote Link to comment Share on other sites More sharing options...
eyespy Posted September 13, 2015 Author Report Share Posted September 13, 2015 Hi cgthamm , Sorry for not getting back to you sooner but I have been away for a week on a short vacation. My next comments may appear patronising or condescending but they are not intended in that way but I value your comments, observations and input into my intended objectives and to a large degree you are right but call me stubborn, I want to try out this theory I have and try it out for just the sake of it and also too see if a lot of the bloat of service pack 3 can be reduced. Judging by what you are saying SP3 has superseded the previous service packs SP2 Sp1 or 1a so all I need to collect is all the critical hot-fixes from SP3 & those thereafter to avoid the SP's. Do you know of a list of "Critical" hot-fixes that are contained within SP3 to undertake this task? I will search on hot-fixes to find them? If not no worries I will trawl the net & see if a list exists & select the hot-fixes from Hotfix.net Best Regards, eyespy Quote Link to comment Share on other sites More sharing options...
xable Posted September 13, 2015 Report Share Posted September 13, 2015 eyespy, hi, if you want to reduce bloat have a look at nLite. What you propose is impossible because as cgthamm has already said the latest service pack needs to be installed for you to be able to install the latest security updates, note updates not hotfixes, there is a difference that you probably need to understand. Basicly hotfixes don't contain security fixes, they are bug fixes only. There are other differences but I won't go into it now, you can look it up for yourself aswell if you like. Even with the latest service pack and security updates offered by windows update installed XP is not secure and you shouldn't be using it on an internet connected PC. The best AV/Firewall in the world can only do so much, if the underlying OS in insecure your still vulnerable. Also, the hack to get XP Embedded updates to install on XP only gives you a false sense of security, it doesn't guarantee security of the OS and may even make it even more insecure and/or unstable. If you wish to continue on your quest to reduce bloat I would grab nLite, you can use it to first create a disc image that has the latest service pack and all available security updates on it (it'll still be unsecure), then to strip out the bloat. If you only have XP gold (RTM), to avoid problems first slipstream SP2 then SP3. Service packs are cumulative but Gold to SP3 doesn't work as well as SP2 to SP3. You will also need grab all the security updates, a list of which you can get from running windows update on a fresh install of XP with SP3 installed. You can then download them from the microsoft download centre and point nLite at them. At this point you can then strip out the components you don't need. I used to reduce the ISO down to about 110MB. While you cannot get a secure XP you can get a less bloated one by approching it in a different way. TBO though, it's not really worth it, just grab W7 and move on, I put it off right untill XP support ended and while I do miss some aspects of XP I wish I'd switched sooner. W7 has it's shortfalls but a few apps and tweaking is enough to make it usable. 64-bit support was welcome too aswell as all the other small improvements. Anyway I hope that's helped more than hindered. Good luck. Quote Link to comment Share on other sites More sharing options...
eyespy Posted September 15, 2015 Author Report Share Posted September 15, 2015 Hi Xable, Many thanks for dropping in & clarifying some items that I have been a little Sketchy on & your overall tone of encouragement! I must confess I have always liked XP as an OS & I have never really got on with the others that have superseded XP. I have wanted to ditch Windows altogether and try Linux but the lack of support in the realm of drivers is off-putting & the PC I am using is a little dated shall we say. In respect of windows 7 & 8.0 8.1 etc I believe Microsoft are going to gradually over right all the files of the respective OS's back to XP or vista [i forget which] to force everyone to graduate or evolve to Windows 10 (this will be achieved through there update security mechanism a spokes person for M$ has already voiced this intention), I also believe windows 10 is full of M$ spyware and uses your bandwidth like P2P torrents to update PC's all over the Globe. On a separate issue another development which is a little concerning is UEFI which I believe on the hard ware side of things is restrictive and only a few MB manufacturers allow you to switch it off or disable it. And before anyone says its about security it has already been circumvented using a rootkit Virus, I hope in the future there will be a way to ZERO this option, its primarily designed for them to control/restrict what OS you can install on your PC. You buy they control or dictate your options. How do I know this well Linux are taking M$ to court in europe for unfair competition and restrictive practices. Sorry to rant on like this & come over like this as overly paranoid but to me these developments are really concerning. Therefore I view the Agenda of M$ with suspicion and far from XP being unsafe I have my doubts about these new alternatives. Well all said & done I may have to run XP within a VM ultimately. M$ have also stated that there will be no further versions of windows just evolution through their update mechanism so keeping track of their spy-ware is something I wish to limit wherever possible. I have used Nlite in the passed with moderate success & would be interested in your last session.ini file if you still have it archived 110Mb is no mean feat in reduction? I have undertaken some further research and a combination of WUD and UDC and any hotfixes that I miss out on I hopefully can acquire from your website & this strategy may achieve what I hope to achieve, incidentaly will you be updating your hot-fixes/Security updates with the Pos-ready or is is not part of your plan? I believe they will be running until 2019? Anyway all the best & may thanks for your comments and observations they are appreciated & respected. Best Regards, eyespy Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.