[accrual]

I haven't tried this personally but I'm already a huge fan of it. I build and benchmark various retro PCs and some of them are fast enough to be fully patched, which I do if it's an option.

For XP I really like the unofficial SP4 service pack which rolls up all post-SP3 updates into a single executable, with or without .NET. The later POS-only patches are also available. It makes it really simple to bring an old system "up to date", even if the last update was a couple years ago.

These machines are just for fun of course and I don't do real work on them, and I'm behind NAT and monitor my traffic, so I'm not really worried about these systems.

[ryandrake]

I agree, this is excellent! Honestly, shame on Microsoft that these sorts of things have to be a community-produced and delivered. Not singling Microsoft out, either--most software vendors' support for older products is abysmal. I'm tired of the attitude in the software industry of only maintaining back to some arbitrary time (mere years!), inevitably leaving users of older systems out in the cold. Unpopular opinion, but if you can't be assed to support a product for the duration that it's deployed in the field, you probably shouldn't release it to begin with.

[zinekeller]

> Unpopular opinion, but if you can't be assed to support a product for the duration that it's deployed in the field, you probably shouldn't release it to begin with.

I think that the ball is on everyone still sticking on it - It was clear that Windows XP was supposed to be supported only for 10 years and they relent it and extend it to be 14 years. At that point it's clear that the companies who can't move, especially big ones, are the ones who are reckless.

[IntelMiner]

I made the mistake of talking about retro systems in a large (600~ plus) slack chat at work a while back. There was a new guy to the company who turned out to be a red teamer

He tried to argue that the kinds of ancient malware that XP would be vulnerable to (Blaster, Sasser, ILOVEYOU etc) were somehow still threats to be concerned about in 2022 (nearly 2023!) against modern operating systems because "I literally wrote my thesis on attacking Windows Defender"

Has anyone (aside from Dancoot on youtube) tried to actually threat model this kind of thing? I find it hard to believe that 20-30 year old malware can even function let alone be a threat either to modern machines or modern networks. There's no way my Windows 98 gaming PC is going to breach the security of my Win10 laptop