back to article Windows XP activation algorithm cracked, keygen now works on Linux

Over 21 years after it first came out, the Microsoft operating system that will not die is receiving another lease of life. It's possible to activate new Windows XP installations, safely and securely, without a crack, offline. A blog post on tinyapps has revealed the hot news that nobody sane has been waiting for: the …

  1. Anonymous Coward
    Anonymous Coward

    DO NOT go on the Internet with XP

    Just don't do it. Forget "don't go to dodgy sites": don't connect AT ALL. There are vulnerabilities in the TCP/IP stack and you are a sitting duck waiting to be attacked. You don't even have to proactively connect to anything to get attacked. If you're very lucky, your router firewall might save you, but it might not.

    If you must run XP to run some ancient piece of software you can't emulate, fine, but do not connect that box to the Internet, ever. If it's a VM, share files with it but don't give it Internet access.

    1. ParlezVousFranglais

      Re: DO NOT go on the Internet with XP

      Look out!

      It's gonna melt your face right off your skull

      And make your iPod only play Jethro Tull

      And tell you knock-knock jokes while trying to sleep

      And make you physically attracted to sheep

      Steal your identity and your credit cards

      Buy you a warehouse full of pink leotards

      Then cause a major rift in time and space

      And leave a bunch of Twinkie wrappers all over the place....

      1. 42656e4d203239 Silver badge
        Pint

        Re: DO NOT go on the Internet with XP

        >>And make your iPod only play Jethro Tull

        And this is a problem?

        Pint because I am too old to rock and roll, my broadsword needs sharpening and covid gave me a cough like Aqualung. I may just take a walk along summerday sands whilst watching my Aeroplane. This evening I can look forward to the minstrel in the gallery playing whilst my heavy horses watch the Weathercock to avoid seeing what exactly I am getting up to on velvet green with the high born hunting girl (she said she was a dancer... though I don't believe her). Though quite what I have heavy horses for any more I don't know because I Left my farm under the freeway

        /me gets my coat whilst whistling Jack-In-The-Green

        1. ParlezVousFranglais
          Pint

          Re: DO NOT go on the Internet with XP

          You sir are definitely deserving of a pint in return...

        2. Zippy´s Sausage Factory
          Coat

          Re: DO NOT go on the Internet with XP

          If it was Jethro Tull the band, this would be fine. However they mean a copy of "The New Horse Hoeing Husbandry", read by a text-to-speech bot with a grating voice, who manages to mispronounce one word in seven.

          1. This post has been deleted by its author

        3. JethroTull

          Re: DO NOT go on the Internet with XP

          No problem, my analog system is based on vinyl and can't be hacked.

          1. Jou (Mxyzptlk) Silver badge

            Re: DO NOT go on the Internet with XP

            Let me get my axe...

      2. heyrick Silver badge

        Re: DO NOT go on the Internet with XP

        There's nothing wrong with "Thick As A Brick".

        Or sheep.

        And good luck with anybody around here knowing what a Twinkie is (and I only know about them thanks to Tallahassee).

        Rift in space and time? No worries, we have a Doctor that is experienced with such matters.

        1. that one in the corner Silver badge

          Re: DO NOT go on the Internet with XP

          > And good luck with anybody around here knowing what a Twinkie is

          All I know is that, according to Family Guy, they will be one of the very few things that survive the nuclear war. Twinkies, cockroaches and something called "Velveeta, the cheese that would not die".

          1. WolfFan

            Re: DO NOT go on the Internet with XP

            Velveeta is not cheese. It is something called ‘cheese food’. Hint: both words have nothing to do with the abomination that is Velveeta. Velveeta is the real reason why a certain Orange-u-tan is the color he is, and even he has sufficient sense to only apply it externally, and to never, ever, ingest the stuff. Velveeta is evil. Velveeta should be banned by the Geneva Convention. Even Pony Boy Putin won’t use Velveeta offensively; he will threaten to have the troops eat some if they won’t attack.

        2. LybsterRoy Silver badge

          Re: DO NOT go on the Internet with XP

          -- knowing what a Twinkie is --

          I know cos I watched Ghostbusters

        3. VicMortimer Silver badge

          Re: DO NOT go on the Internet with XP

          I'm confused. How would people not know about Twinkies? They have them at the local grocery. As a kid, I thought they were pretty tasty.

      3. Wayland

        Re: DO NOT go on the Internet with XP

        I'd risk most of those problems but Jethro Tull as theme music to my life would be too much.

      4. LionelB Silver badge

        Re: DO NOT go on the Internet with XP

        A major omission there:

        Hide prawns in your curtain rails.

    2. jollyboyspecial

      Re: DO NOT go on the Internet with XP

      The article already said that

      1. Anonymous Coward
        Anonymous Coward

        Re: DO NOT go on the Internet with XP

        but then it talked about downloading Opera and other browsers. That will not help.

        1. Happy_Jack

          Re: DO NOT go on the Internet with XP

          Have you never heard of intranets?

          1. that one in the corner Silver badge

            Re: DO NOT go on the Internet with XP

            > Have you never heard of intranets?

            I've only got a LAN with a few servers, will that do instead?

    3. Anonymous Coward
      Anonymous Coward

      Re: DO NOT go on the Internet with XP

      seriously, http://web.archive.org/web/20131028235030/http://blogs.technet.com/b/security/archive/2013/08/15/the-risk-of-running-windows-xp-after-support-ends.aspx

    4. Version 1.0 Silver badge
      Megaphone

      Re: DO NOT go on the Internet with XP

      Fair enough, that's reasonable and you can include a lot of other windows versions too ... but if you think you are safe with Windows 10 and 11 today, how many tens of thousands of hackers are working on screwing you soon these days? I wonder if I should I have said "hundreds" not "tens"?

    5. karlkarl Silver badge

      Re: DO NOT go on the Internet with XP

      This implies that it is a good idea to go online with *any* version of Windows?

      I think not! Luckily with Windows XP's recently discovered fix to the stupid DRM, offline is now very possible :)

      (I still use Windows 3.1 in DOSBox for Microsoft Office 4.2 exported to PDF via Acrobat Exchange 3.0. With this I might finally update to Windows XP and a modern Office 2003!)

      1. Anonymous Coward
        Anonymous Coward

        Re: DO NOT go on the Internet with XP

        One word:

        Why?

        1. Herby

          Re: DO NOT go on the Internet with XP

          Why??

          A reasonable experiment would be to build a machine with XP and yes, connect it to the internet. Then you time how long it takes for it to get taken over.

          Of course I don't run XP anywhere, but it would still be a valid experiemt.

          p.s. Do this on older piece of hardware, and salt the disk with lots of Loren Ipsum files.

          1. Anonymous Coward
            Anonymous Coward

            Re: DO NOT go on the Internet with XP

            It wasn't "why run everything in DOSBox/other VM", but " why going through all that headache just to run an outdated version with Office"

            1. karlkarl Silver badge

              Re: DO NOT go on the Internet with XP

              Oh right.

              Easy answer. Far less RAM wastage and more efficient UI.

              I am writing words in office documents... not calculating fluid dynamics!

              The question is why are *you* repurchasing the same old functionality every couple of years?

          2. M.V. Lipvig Silver badge

            Re: DO NOT go on the Internet with XP

            But would it be taken over? Are any bad actors still spending any time trying to get into an XP box? I would think that a hacker seeing an XP box would be the equivalent of a car thief opening someone's garage door, ready to steal a car, and seeing a Morris Marina.

            1. doublelayer Silver badge

              Re: DO NOT go on the Internet with XP

              It's perfectly capable of sending on some network traffic as a proxy, DDOS bot, or C&C link. It's likely terrible for cryptomining and may not have access to sensitive data. If it's part of something important, it could be a great thing to attack with ransomware because, if it's not firewalled off, it indicates the user probably isn't backing up anything.

              Probably some types of criminal would turn their nose up at it, but there are still some cases where it's worth attacking.

            2. J__M__M

              Re: DO NOT go on the Internet with XP

              No and no and I agree.

          3. david 12 Silver badge

            Re: DO NOT go on the Internet with XP

            Then you time how long it takes for it to get taken over.

            Forever.

            Windows 2K out-of-the-box, with no particular configuration, using a dial-up modem connected to some random university dial-up service, was compromised in hours on some tests

            But nobody does that anymore, unless it's some bizarre willy-beating exercise. You connect "to the internet" through a router NAT device and a "firewall" application that is allows you to punch holes through the NAT. You can sit behind that forever, or at least until the router is compromised.

            1. Jou (Mxyzptlk) Silver badge

              Re: DO NOT go on the Internet with XP

              Nope, the door is not the OS you hide behind NAT. It is the applications you run through NAT which cannot distinguish between the server you want to connect and the server you are actually connecting to. Still happens today, bur the bar for hackers got raised higher.

        2. Wayland
          Linux

          Re: DO NOT go on the Internet with XP

          I have a customer we've kept on Windows 7 32 bit because they have a DOS program that interfaced to old hardware on the serial port.

          Windows 7 32 bit was the best I could do upgrading from XP.

          I recently regraded them to Windows 10 64 bit and discovered DOSBOX could run the program and interface to the serial port.

          I expect that it's not Windows programs keeping people on XP but DOS programs. Windows programs will generally work on newer versions of the OS.

          However I await the arrival of WINE for Windows so it can run old Windows programs natively.

      2. Martin-73 Silver badge

        Re: DO NOT go on the Internet with XP

        Office 97 Small Business Edition works ok on windows 10 :)

        1. Jou (Mxyzptlk) Silver badge

          Re: DO NOT go on the Internet with XP

          Windows 10 x64 and Windows 11 too. The installer does not work, but you can clone an install over. I did that in 2018, and the c:\Office97 is still on my drive :D.

          But access does not work due to ODBC problems.

          1. WolfFan

            Re: DO NOT go on the Internet with XP

            Access does not work. Period.

            1. Wayland

              Re: DO NOT go on the Internet with XP

              MS Access is excellent although the most sensitive and demanding of all MS Office. I've got most of MS Access 2010 working on Linux and I expect I could get 2019 to work since that's a good one.

              The reason we do this sort of thing is the client is happy with the business app they are using and don't wish to change simply because the computer industry demands they do.

          2. david 12 Silver badge

            Re: DO NOT go on the Internet with XP

            32 bit applications like Office 97 require the 32-bit ODBC framework. That's fairly easy to install.

            The only problem I've had is with MAPI. MS never bothered to provide a generic COM 64:32 interface, or a 64 bit proxy for the 32 bit MAPI COM object, so 64 bit applications are unable to use Outlook97.

            1. Jou (Mxyzptlk) Silver badge

              Re: DO NOT go on the Internet with XP

              > require the 32-bit ODBC framework. That's fairly easy to install.

              Got me a link? My google-fu is broken (or google is broken).

    6. K4PU7Z

      Re: DO NOT go on the Internet with XP

      Wow dangeeeer. They will attack your computer and delete your games! Forever! Noooooooooooooooooo!

      1. Martin-73 Silver badge

        Re: DO NOT go on the Internet with XP

        NOT MINESWEEPER

    7. Roland6 Silver badge

      Re: DO NOT go on the Internet with XP

      Looks like a nice set of features for a honey trap system… just need to add the monitoring and reporting software…

    8. LybsterRoy Silver badge

      Re: DO NOT go on the Internet with XP

      Out of interest, how many of the current attackers of computers would bother with attacking XP? Are there vulnerabilities that are common to XP and later versions of Windows, even if patched in the later versions?

      1. YetAnotherLocksmith Silver badge

        Re: DO NOT go on the Internet with XP

        Oh, it's no bother. It's just a single extra line of script, when the returned data indicates XP.

      2. Wayland

        Re: DO NOT go on the Internet with XP

        The attack code is probably as old as Windows so still contains all the old attacks. It has grown to keep up with the latest Windows but has not had the old attacks removed. Who knows the developers may accidentally open up an old vulnerability on the next release.

  2. CowHorseFrog Silver badge

    why not write it in javascript ?

    1. Anonymous Coward
      Anonymous Coward

      Why should they write it in JS? Or do you want it to be in-browser?

      I see the whole benefit of this project in getting independent of any service. I do get dependent on another service if I only can use a website, don't I?

  3. Binraider Silver badge

    Handy for a few ancient games that don't behave elsewhere. I can't think of much that I needed to revert to 98SE for that XP couldn't handle.

    1. BinkyTheMagicPaperclip Silver badge

      There are again a limited number of games and drivers that work better in 98 than 2000 or later, but overall an NT based OS will be vastly more stable and easy to keep running.

    2. Grogan Silver badge

      I have a customer that still uses XP, a jewelry store. The old guy wrote his own inventory and accounting systems in basic and XP is the last OS where printing works in his old DOS program. The computer isn't networked at all, it's connected to a parallel port printer, that's it.

      If anything happened to his computer we'd be installing XP on an old junker or something. In which case I'd keep this hack in mind.

      1. WolfFan

        My mother has been going to the same optometrist for nearly 30 years. All billing and payment is handled by an ancient DOS application running on an XP machine. He still has two spare machines sitting in a back room; periodically, someone (guess who) gets to take them out and test them to be sure that they still work. The system does not connect to the Internet. The system does not even know what a credit card is. (Seriously. You pay by check or cash or, in our case, by keeping the computer alive. And none of that pay by phone nonsense, either.)

        The DOS app, and the XP machine, will be retired when the optometrist is. Dinosaurs live forever, so that ain’t happening soon.

        I shall be investing in a few copies of the items in the article, so that I can revive a dead XP box if necessary. The optometrist has all the install disks (actual 5.25” floppies, backed up to 3.5”, and then, by me, to CD) and license keys and what not, in the back room next to the spares. You would not believe what a complete set of WinXP and Office 2003 floppies looks like. I didn’t even know that you could get Office 2003 on floppy… (Yes, the floppy drives, one each 5.25” and 3.5”, still work. The hard drive is a massive 100 MB, 3600 RPM Western Digital thing which I think is still running only due to magic pixie dust.)

        1. Martin-73 Silver badge

          Keep an offsite backup (the CD for preference) in case something happens that destroys all on site stuff but doesn't kill the business, idiotic burglars come to mind

        2. Anonymous Coward
          Anonymous Coward

          > You would not believe what a complete set of WinXP and Office 2003 floppies looks like. I didn’t even know that you could get Office 2003 on floppy…

          I didn't even know you could get *XP* on floppy....!

          According to this StackExchange thread it came on 250 discs. I suppose there must be a few niche cases where someone might want XP on a machine which didn't support installation from CD- that customer obviously did- but they must be very few.

          (And with 250 discs, the risk that even one was bad- and the time you'd have wasted swapping them out- would be high enough that you'd want at least two sets.)

          I can only hope that if the optometrist's machine *does* need reinstalled it can be done from CD, because there's no way in hell that many floppies are all going to be intact after all that time.

          1. Ian 55

            250 discs

            I suspect it was a US government spec that software they buy be available in the format.

        3. Wayland

          It's interesting living history. There is no business case to upgrade unless they intend to upgrade their business practice too. If they took electronic payments then it would pay to have that integrated into the same system but honestly a stand alone card system payment could be entered manually.

          A great deal of what we do as a computer industry is to obsolete working systems and replace them with something we claim is better. We know it's better because 32GB is better than 8GB but then that's only true because we did something that makes 8GB not as capable as it was when it arrived. Now we have 32GB we're at liberty to make any 8GB system unable to keep up. Perhaps not 8GB obsolete yet but 2GB is.

          1. Jou (Mxyzptlk) Silver badge

            > now we have 32GB we're at liberty to make any 8GB system unable to keep up.

            True. I noticed it at work yesterday, and I work in IT. The 8 GB Laptop is with AV, Teams, Outlook, Browser and Citrix at 80% RAM load, after a little while close to 90%. Note how I complain about the programs (marketing speech APPS). I forgot about it and wanted to test something in a virtual machine. Had to give it up after I looked in the task manager. I used one of those left-over ~9 years old Hyper-V clusters which are still running, even though 95% of VMs have been migrated away. Which, in hindsight, I should have done in first place.

            As for Windows 10 itself: 4 GB RAM is enough, it just depends on the applications you run. But don't try with less than 4 GB, neither OS or current applications work well with hacks. Better use Server 2022 for machines with 2 GB RAM or older/other OS.

  4. JimC

    Telephone activation does indeed still work. Used it this year when I reinstalled the XP VM that I use to drive my scanner. (Damned if I'm going to chuck a perfectly good scanner just because there are no current drivers.).

    1. Chloe Cresswell Silver badge

      Can confirm the telephone activation worked last week when a Kaltenbach saw/drill/etc machine blew it's hard drive and the CANbus ISA card won't work in anything other then the industrial PC it runs on...

      1. Prst. V.Jeltz Silver badge

        Would it not have been easier to take a copy of the hard drive , with xp activated , and the software all ready to go ?

        1. Sp1z

          A copy from the blown hard drive? Erm...

          1. BenDwire Silver badge
            Pint

            I think the idea was to image the HD *Before* it went TITSUP, then it's a very simple process to put in a new drive copy back the image. I used Acronis to support mission critical systems when XP was a thing, and it never let me down. Of course now drives are bigger, encryped and TPM'd so it's a different story. But I'm retired, so I don't care anymore.

            Beer, anyone?

            1. simonlb Silver badge
              Pint

              You definitely get a beer from me. At my previous employer one of my daily drivers was a machine running XP, and having an Acronis image of it on an external USB HDD saved me on at least three occasions. Having the image, along with an archive of all critical files/documents/scripts/etc. dumped on there monthly via a robocopy script meant I could be back up and running in less than an hour.

              1. Chloe Cresswell Silver badge

                I really wouldn't want to make an image of a 60GB drive, with 25Gb of data, over usb 1.1 Which is all this machine has.

                That's why we have backups. Reinstall windows, restore backup, activate windows, machine back in production.

                1. doublelayer Silver badge

                  The USB path wouldn't be fast, but it would take several hours (ideally about 4.5, but I'm willing to double that). That could be completed overnight. I wonder whether installing and activating Windows by phone is really a shorter process. Also, if you want to go faster, does that machine have an ethernet connection? That is probably faster.

                  1. Chloe Cresswell Silver badge

                    Installing XP took an hour. XP working gives 100mbps ethernet, the backup is 8.25Gb compressed, and restores in about an hour. Activating takes 5 mins. Machine was back in operation before the end of the day.

                    Plus, even if you imaged it via ethernet, you'd still hitting the issue of finding a replacement 2.5inch PATA drive that the system can use. Anything over 100GB won't be recognised. Most imaging software I have access too won't image onto a drive smaller then the original.

                    1. J. Cook Silver badge

                      There are CF to PATA adapters out there...

                  2. Martin-73 Silver badge

                    Data point from one year past, telephone activation worked in the uk just fine, took about 15 mins... activating XP on a VM to run my games an...err for research purposes.

                2. Roland6 Silver badge

                  Does the PC support a second HDD?

                  For slow systems using an external IDE/SATA drive connected to a motherboard connector, provides a much quicker duplication of a hard drive.

                  1. phuzz Silver badge

                    Or for that matter, I guess PATA disk duplicators are probably pretty cheap if you can find them. Of course, you still need to find enough IDE drives which are still good enough to use as replacements. Hmmm, PATA->SATA adaptors maybe, or you can go PATA>CompactFlash

                    1. Chloe Cresswell Silver badge

                      PATA to SATA won't fit on the drive sled. There's only 5mm of movement for the drive between the connector and the drive due to the mounting slots. I'm currently running it from a 2.5inch to SD card converted which is cable tied to the sled, and if you put the cable ties on the wrong way, it won't fit into the slot. https://files.mastodonapp.uk/media_attachments/files/110/395/126/943/634/549/original/d2986915192e0e8d.jpg the metal plate in the middle of shot is the actual drive sled.

                  2. Chloe Cresswell Silver badge

                    https://files.mastodonapp.uk/media_attachments/files/110/395/126/943/634/549/original/d2986915192e0e8d.jpg Want to put a 2nd HD in here? The metal plate is the drive sled. https://files.mastodonapp.uk/media_attachments/files/110/394/785/312/986/970/original/27f8e8955d3e8cbf.jpg This is the IDE connector. This is the only IDE connector, the motherboard's circuity is wired to that PCI style connector. And you still need a HD to image too that the machine can use. anything over 100GB won't be recognised. Well, I lie. it will be recognised, as 30GB. To duplicate it, you need a 60 to 100GB HD. The last of which will be over 15 years old now.

                    1. C R Mudgeon Bronze badge

                      "The last of which will be over 15 years old now."

                      That's the part of your situation that would be keeping me up at night -- continued availability, or not, of suitable drives. My sympathies!

                      1. Chloe Cresswell Silver badge

                        I'm currently using an SD to 2.5 inch IDE converter card, which is thin enough to fit in the slot when cabled tied to the sled (in the right way, put the cable ties with the lock section in the wrong place and they don't fit), so wearing out 64gb microSD cards. A decent Sandisk lasts about 3 years, which was better then the last 2.5 inch HD, which only lasted 2!

          2. Anonymous Coward
            Anonymous Coward

            A copy from the blown hard drive? Erm...

            Fail to plan ahead = plan to fail

            The time to image the drive is when the data it holds would take longer to recreate from scratch than by restoring the image to a new drive, not after it has blown. Amazing this has to be pointed out

            1. Chloe Cresswell Silver badge

              Re: A copy from the blown hard drive? Erm...

              We have backups. Imaging I find to be a pain when the machine only has USB1.1, and getting a replacement drive of the right size is an issue.

              Easier to install XP, and restore the backup, which doesn't care if the new drive is smaller then the old one.

        2. Chloe Cresswell Silver badge

          Take a copy of the HD that had failed? No, it was easier to install XP, restore the backup, then activate XP.

          1. The Oncoming Scorn Silver badge
            Pint

            Back When I Was Younger*

            I've used Ghost to clone a failing\failed drive in the past**.

            *Now I have Stiff Little Fingers:At The Edge as earworm - So pint!.

            *Worst case after sticking it in a sealable sandwich & packets of silica gel, then leaving in the freezer, then emptying the contents of a can of component freezer on it when it warmed up too much

            1. Chloe Cresswell Silver badge

              Re: Back When I Was Younger*

              That's nice. In this case the drive was working, but half the windows folder was missing, and the actual software folder for the control software wasn't accessible.

              I don't know why you'd bother trying to clone a bad drive, when you have a backup ready to restore to a new install.

              1. Korev Silver badge
                Boffin

                Re: Back When I Was Younger*

                As someone who has supported specialised lab equipment in the past, your approach seems pretty sensible

                1. Chloe Cresswell Silver badge

                  Re: Back When I Was Younger*

                  It's also based off the previous times this machine has killed a drive! There's nothing like "this is how we fixed it last time" to keep you backing the system up.

                  1. NorthIowan

                    Re: previous times this machine has killed a drive

                    I had one of those. An off brand PC that killed 3 hard drives. I decided it was time for that PC to go after the third drive failed.

                    1. patashnik

                      Re: previous times this machine has killed a drive

                      I might ask just how off-brand that machine was (one of those many Chinese companies with interchangeable, nonsensical names? or the similarly foreboding brand known only as Generic*?)

                      I might also ask what led you to buy prebuilt, if not for an employer/client, let alone from a dubious vendor.

                      What I must ask is how a machine could leave three drives borked consecutively - shoddy PSU perhaps barely capable of safely powering the system as sold? or the staggering luck of receiving three drives in that special category of 'not DOA but will be dead within the month'?

                      *Credit where due: I have a 'generic' 500 GB drive that's over a decade old and still fully functioning, which may not be unheard of bit remains a source of baffled wonder to me.

        3. Roland6 Silver badge

          With XP there are three files that are needed for activation (6 files for x64 XP). A few years back there were websites and articles that provided the resources necessary to activate XP without contacting Microsoft.

    2. Leopold84

      Isn't it Epson scanner by any chance? If so, its driver might actually work on 32-bit version of Windows 10.

      1. simonlb Silver badge
        Joke

        That really is using a sledgehammer to crack a nut. You'd probably be better off booting the latest Linux Mint Cinnamon off a pen drive and using that as it's almost certain to detect the scanner straight away and would also boot quicker than Windows 10 as well.

        Joke icon as this is more of a sarcastic comment rather than outright trolling.

        1. Far Gone Ice Hole

          Sarcasm?

          ...and here I thought it was a reasonable suggestion

          1. NATTtrash
            Holmes

            Re: Sarcasm?

            Indeed. The list of supported devices on SANE is very impressive. Nothing silly about that...

            http://www.sane-project.org/sane-mfgs.html

            1. John Brown (no body) Silver badge

              Re: Sarcasm?

              Yeah, I got myself a very nice scanner for free many years ago when someone "upgraded" from XP to 7 and "had" to buy a new supported scanner. It worked perfectly with Sane (and still does) :-)

        2. phuzz Silver badge
          Gimp

          I think it might be possible to use WSL (Windows Subsystem for Linux) to run SANE 'natively' in Windows 10 or 11.

          I'm not saying anyone should do that, but it would be a fun hack.

    3. Pan Handle Door Handle With Care

      Where VueScan's going, it doesn't need drivers

      Can recommend VueScan if you ever find you need a more flexible scanning solution than an XP VM.

      It supports thousands of old scanners.

      1. Frank Zuiderduin

        Re: Where VueScan's going, it doesn't need drivers

        Unfortunately, it doesn't support mine (CanoScan 4200F). Don't need XP though. Windows 7 still manages it (10 doesn't - yes, I know it should, officially...).

        1. Pan Handle Door Handle With Care

          Re: Where VueScan's going, it doesn't need drivers

          If you get in touch with Ed Hamrick he'll no doubt add it if he can. Years ago now I asked if he could add support for a Microtek hardware feature, dropped the scanner off at his request and he'd reverse engineered it a week later! Amazing software and an amazing developer. Still keeping the world spinning 20 years on.

          1. Paul Crawford Silver badge

            Re: Where VueScan's going, it doesn't need drivers

            +1 for VueScan - fantastic software!

            However, I no longer need/use a scanner and some years back sold by Nikon 35mm scanner on eBay.

    4. katrinab Silver badge

      64 bit XP drivers do quite often work in Windows 10. You may need to extract the actual driver files from the temp directory that the installer creates while installing, and install them manually.

      1. Pan Handle Door Handle With Care
        Boffin

        Similarly, if you need to get an HP Photosmart 5520 printer working in Windows 2000, a small edit to the WinXP driver inf will do it ;-)

    5. keithpeter Silver badge
      Coat

      VueScan no good?

      Icon: actually a rucksack with my Canon LiDe 20 scanner which works perfectly with xsane on Linux but which the missus could not use on Windows 10)

      Edit: apparently VueScan is no good.

      xsane for the win

      1. Korev Silver badge
        Thumb Up

        I used to have one of these, it gave many years of dutiful service until and international move somehow killed it (despite the travel lock being enabled)

    6. This post has been deleted by its author

  5. Yorick Hunt Silver badge

    Really?

    If you want to see a TRULY insecure OS, look no further than Windows 10/11.

    At least with XP you KNEW that it was insecure by design and could take precautions. With Mickey$oft's "latest and greatest," they go to extreme lengths to tell you "trust us," while innumerable vulnerabilities are added with every forced update.

    1. Prst. V.Jeltz Silver badge

      Re: Really?

      ooh look , its one one of those rabid anti Microsofters from 2003

    2. Captain Scarlet
      Facepalm

      Re: Really?

      I am just going to look at you and sigh.

      Windows 95-ME where all you need to do to bypass someones logon is click cancel on the logon screen.

      1. Chloe Cresswell Silver badge

        Re: Really?

        Yeah, but 9x windows never claimed to be secure?

      2. David Lawton

        Re: Really?

        In 95/98/ME that was more of a profile selector screen and/or a place to put your network credentials for accessing services on your LAN. Hence you could press esc on the Network login box (has the 2 computer image on the left hand side) and a second login box would pop up with a picture of a key instead which was to select the local profile to login as incase they had different passwords.

        1. Far Gone Ice Hole
          Trollface

          Re: Really?

          Millenium Edition, around so long most never knew it was there!

      3. Zack Mollusc

        Re: Really?

        if you are clicking cancel on the login screen you have physical access.

        1. This post has been deleted by its author

    3. BPontius

      Re: Really?

      There is no such thing as a truly secure O/S. You should consider any O/S insecure, even Linux.

      While I agree with you that Microsoft's treadmill of updates and upgrades only introduces more vulnerabilities. I disagree that Windows 11 is any less secure than any other version of Windows, all Windows versions have had their share of vulnerabilities. Granted Microsoft is years late in starting to secure Windows and it is inherently insecure by it's design, hardening Windows is a must now days. If you think installing Linux and running it in it's out of the box configuration is secure, then consider that there are hacking groups that only target Linux machines. As users and admins commonly run Linux in it's out of the box configuration without hardening or adding security.

      1. Arkeo

        Re: Really?

        Care to elaborate on that?

        IE: Why is my Mint as (non) secure as my Win10/11 laptops?

        Thanks...

        1. Far Gone Ice Hole
          Linux

          Re: Really?

          They are not, or they are. It really depends more on the Operator than the Operating System. Stating that no Operating System is secure seems quite accurate. Some have been secured, however time (and administration) will determine if they are indeed secure.

          1. Arkeo

            Re: Really?

            I guess you're right: neither me or any of my customers had any virus, and it was during the IE6 Maximum Infestation Era. All it took was installing Firefox and the then brand new M$ own Anti Virus Tool (or whatever it was called back then). Of course, Firefox was pretty much shoved down their throats, but that's what being a BOFH is all about, ain't it? ;)

        2. Anonymous Coward
          Anonymous Coward

          Re: Really?

          All operating systems have undiscovered flaws. This is why you use a zero trust model and secure everything you can. Where Linux scores is that it has a more secure configuration by default, but you should still take action to secure it further. even then, do not believe that it is invulnerable.

          The Windows configuration can be significantly tightened. A good place to start is the Essential 8 published by ACSC. Implementing as much of this as possible will dramatically improve your security posture, even on Windows.

  6. CynicalOptimist

    there is a fun video on youtube which reverse engineers the algorithm that checks if a Win 95 product key is valid. It's titled "Why 111-1111111 is a valid Windows 95 key".

  7. Anonymous Coward
    Anonymous Coward

    Nothing to see?

    This would be more useful if the article- or even the blog it linked to- made clearer where the utility that supposedly does this can be safely downloaded.

    Google turns up mention of "xp_activate32.exe"- mentioned elsewhere in similar repeats of this news at other sites- but no actual link, and the subreddit linked to in turn references another utility that supposedly "updates your certificates" and allows online activation again, but not the entirely offline activation utility mentioned here.

    1. Martin Summers

      Re: Nothing to see?

      Because legal reasons? I don't recall Microsoft saying anyone could have a free for all on XP.

    2. DuncanLarge Silver badge

      Re: Nothing to see?

      It's shared on someones g-drive in a post in that subreddit

    3. Liam Proven (Written by Reg staff) Silver badge

      Re: Nothing to see?

      [Author here]

      As others have already pointed out, I didn't link directly to the tool itself because we do not wish to get accused of condoning or aiding and abetting software piracy.

      It is right there in the Reddit thread.

    4. Jason Bloomberg Silver badge

      Re: Nothing to see?

      I was surprised anyone was even interested in cracking activation. I thought everyone just used a mate's XP install CD and one of the keys written on it, which used to be all over the net. Perhaps they have bit-rotted away or there was something special about those keys or install CD. I don't recall anyone I have known having been troubled by 'actual activation'.

      The challenge I found, and this was a few years ago, was finding hardware which plays nicely with XP and its drivers, having to remember whatever needs to be done to make modern PCs work with XP. I can only imagine it's got harder.

      When my XP system finally gave up the ghost last year I simply moved my chair sideways, continued with a Windows 10 system which was already set-up.

  8. mark l 2 Silver badge

    OEM royalty SLP activation has been a work around for activating XP inside a VM for a long while. The XP VM i have on my laptop is activated exactly using this method.

    The XP installer basically looks for certain certificates in the BIOS which says it was a OEM installation. And you can add those into your VM config files and then Windows believes it was being installed on a real Dell, Lenovo, HP or whichever code you input.

    You do need to install from an OEM ISO (the ones that shipped with their PCs) for it to work, it won't work with VLM or retail copies, although I believe there are way of copying the install files from one of those and making a new ISO file which can work.

    That method would also work on most PC if you used a util to add a HP cert to the BIOS it would then activate using a HP XP reinstall CD.

    There is a discussion on this website from 2013 about using this method so its definitely something thats worked for 10 years + https://superuser.com/questions/539714/windows-all-oem-activation

    Oh and it also works for Vista and Windows 7 using a similar method.

    1. Roland6 Silver badge

      There was a website that had the OEM additions, so you could take any OEM install CD and convert it to another OEM. I used this to reinstall, a bunch of HP desktops using a Dell OEM CD. Obviously, the fun and games is sourcing the stuff that was on the OEM drivers disk…

    2. carl0s

      Yea and that's also how Daz's loader works on physical machines - it patches the firmware at runtime from the bootloader to have the SLP ACPI tables.

      Also has been possible to re-instate those tables on Dells that were bought without an OS via the asset.exe /PW:1234 tool.

      I do think it's a great achievement that somebody is generating confirmation codes though. Wonder if the tool is compatible with Office ? I had to call up for an Office 2019 activation the other month after reinstalling someone's computer, and the phone lines weren't working and nor were the dodgy websites that link to some MS API. After half an hour of trying, one of the phone numbers started working again.

  9. Alistair
    Windows

    Xrays.

    Since the actual hardware was run by an ancient sun hardware machine, the *scans* are marshalled by an ancient winxp box. Dead hardware.

    Overall *replacement* of the xray system would be in the 7 figure range.

    Brand new system, 2 vms. Two addon cards for the connectors, (Serial and Centronix). Spend 2 days getting the pass-throughs set-up to the vms and boom. Cost? less than 4K

    Yes, both talk to the interwebs, but the base install of linux firewall is (block everything) and whitelist things they have to talk to, and the inbound/outbound connection upstream is a proxy host, that has even more fire-walling and limitations.

    The images for the OSes are backed up weekly. The data never lives in the vms, its pushed up to a central repository.

    Believe me when I say this, this arrangement is far more common than *anyone* would like.

    1. Jou (Mxyzptlk) Silver badge

      Re: Xrays.

      But you talk about relatively new machines! I know others which still use the Windows 3.1 program which I tricked to run on Windows 98. And others running DOS, though that one cannot be VM-ed. Too many serial ports.

    2. Jyve

      Re: Xrays.

      Aye, had an XP VM for... a couple of decades now I think it is with a bunch of, funnily enough, x-ray stuff too. Only got the .exes for the vital stuff, or I'd have moved them to something/anything else a decade+ ago, something the boss continues to bug me about whenever he's bored, but yeah, this is NOT an unknown setup. A few 'grizzled old timers' still have a few of these floating around because they're useful. (too useful sometimes, that it boots up in a couple of seconds vs most other VM's and only needs a couple of gb assigned ram to feel fast also helps.).

  10. Arthur the cat Silver badge

    Someone, somewhere …

    is shouting "It's alive!!!! Alive, I tell you!!!" and laughing maniacally.

    1. 897241021271418289475167044396734464892349863592355648549963125148587659264921474689457046465304467

      Re: Someone, somewhere …

      It's alive!!!! Alive, I tell you!!! HAHAHAHAHAHAHAHAHAHAHAHAH!!!!!!!

      1. David 132 Silver badge
        Happy

        Re: Someone, somewhere …

        You forgot the obligatory “They said I was mad! Mad!! But I’ll show them! I’ll show them all!!1!1!”

  11. 897241021271418289475167044396734464892349863592355648549963125148587659264921474689457046465304467

    Thanks @Liam Proven for another interesting article - I still run XP for sound hardware which won't run on anything else, using two old Core2Quad 9400 PCs, which also connect to the internet... firewalled and port blocked to hell, and increasingly rarely as new web standards surpass 32-bit Firefox ESR's ability to render websites. It also runs as you know, on my newly upgraded Sony VAIO P (external DAC), which I also use for sound creation, as part of a XP Pro/Windows 7 Pro/MX Linux tri-boot setup. Have you upgraded your VAIO P with an SSD yet? It's the only sensible choice, makes the damn things more usable and useful. I now have 6 screens on my desk. :eek:

    One soundcard with awesome hardware DSP reverb only works on Windows 2000 and Windows 98... :( A PII 266 hosts that one.

  12. Boolian

    Too late the hero

    Don't ever connect?

    I discovered at least one XP machine in the extended family running last week. To date, it hasn't been compromised by anything, or at least anything immediately apparent.

    It may well be a lovely node on a botnet, but no ransomware encryption nasties have infected it, and the operators have not had entire lifesavings sucked out their banks, or online accounts hijacked.

    Bizarre, but true. You'll be asking "May be part of a botnet? Don't you know - haven't you nuked it from orbit!?" Well, I haven't bothered to look at it any further than a brief perusal out of morbid curiosity. A day, or a week is going to make not a blind bit of difference at this juncture, whether I take it out the back and shoot it, or not - besides I'm meant to be retired from all that nonsense.

    Security is hard, and you'll never patch all the holes in anything. My time in IT gave me PTSD, and the understanding that the advice is: 'never connect anything to the internet' - never mind WinXP. It's naive to think 'Hey I'm all patched up today - no vulns for me"

    Hell, even an airgapped machine will get royally screwed the minute a grunt gets a hold of it - there is absolutely, unequivocally, zero defence against stupidity.

    Best you can ever do is have backups, and go home for a pint. Some survive the battle for a while, in the same way a dandelion survives the mower - dumb chance. You can swerve around all you want, heroically running from the treeline every day, if you feel it helps. 'He killed 15 zero-days single handed...30, if you like'

    Yeah, that XP machine has to die, of course it does, though some twisted part of me wants to leave it operational, and to snoop the bejeezus out it, just to see what myriad nasties are operating in there - and if there are none - how in the seven hells there aren't.

    1. Roland6 Silver badge

      Re: Too late the hero

      Your domestic XP machine, if behind a standard NAT router/firewall is only really vulnerable when it has an active internet connection. So if all you use it for is reading El reg and the BBC say, the likelihood of catching any malware is very low.

      Interestingly, recently been using a Windows system that has Avast installed, along with the Avast “secure” browser which by default uses Bing for search. I have found the experience educational; Bing will return more results in the first pages that are either dubious or will result in the AV blocking as “source of malware” if you try and visit than Chrome…

  13. Tron Silver badge

    Plan B.

    A simple web translation layer should be able to alter any web page to be used on any system. From the most basic option of turning it into an image file to acting as a 'translator' between specific user-side behaviours and more modern web page scripts and options. It would be a good way to test cut-down web interfaces on limited systems and would allow safe/secure surfing on all systems, not just retro, by filtering out all malign capability. You'd think there would be enough coders with enough spare time on the planet, to knock one out. The user could configure the range of options their system could or wished to deal with, and the software would intervene between the net connection and the browser.

    1. doublelayer Silver badge

      Re: Plan B.

      Yes, you can do that. The most common reason why sites don't load anymore is to do with encrypted connections, which are very common. Old browsers may lack support for the later TLS versions, may have outdated certificate management, or both. That's pretty easy to intercept and handle transparently.

      The reason that we don't go farther than that is that there's relatively little in it. It would allow you to browse on nearly any hardware, but only by getting some other hardware and manually configuring it. In many cases where that would work, it's often easier just to use the new hardware for the internet and either replace the old hardware or just use it for whatever purpose has caused you to keep it around.

      It also doesn't cause completely safe browsing. It would put an extra firewall on any exploits that use a script to try to interfere with the host, but the browser sandbox, while flawed, is frequently tested and patched in that respect anyway. You could accomplish the same thing by refusing to run any scripts, and your proxy will have similar problems; either a malicious script will be unable to affect the system, or it will be able to affect your proxy from which it can do the same things it could do on the local device. The more common security risks while browsing are either something a human typically filters, such as whether this site is the kind of place you want to enter sensitive information, or privacy-related, such as whether you're sending a copy of everything to an advertiser. A proxy can't deal with those any more than a local program can.

  14. PRR Silver badge

    Welp, back to Windows 3.0.

    (Yes, I did have a 3.0 machine, not just the VM, running this decade.)

  15. The Dogs Meevonks Silver badge

    Used to run XP for older games

    Some of my fave games required me to still use XP... But those have now been made available thanks to work by companies like GOG or even people over at the X-Wing Alliance Upgrade project who have not only updated the game to make it look amazing now. But have made their patches work with those versions of the games available from places like GOG.

    So I admit... I bought them again because trying to get my original CD's working, patched and updated to the new versions... was a huge pain in the butt.

  16. Anonymous Coward
    Anonymous Coward

    "As a result it's possible to generate valid activation codes for Windows XP, without an internet connection, on a modern computer or virtual machine host, even though Microsoft has turned off all the activation servers."

    The activation servers are still online, Win XP doesn't support the certificates to access them, Legacy Update adds support. I activated Wix XP over the internet yesterday after running Legacy update https://legacyupdate.net

    "This is a community-run resource to help you fix access to the internet and the Windows Update service on earlier versions of Windows.[ supports updating on Win 98 to 8.1]

    Since Windows XP was discontinued in 2014, followed by Windows 7 in 2020, Microsoft’s support for their earlier OSes has significantly dwindled. As XP and earlier don’t officially support modern security improvements, such as the SHA256 hash algorithm required by modern SSL and Authenticode certificates as of 2019, much of the internet has become inaccessible to these devices. Adding insult to injury, Microsoft actively removed many downloads for XP and earlier versions in 2020. In effect, working with these OSes is now incredibly difficult.

    Windows Update provides many optional and recommended updates, in addition to drivers for your system, but Windows XP and 2000 can only install critical security updates through the built-in Automatic Updates feature. Legacy Update revives the original Windows Update website - the only way to see and install every update available for your system."

    1. Arkeo

      Dude, do you run HTTPS Everywhere? I get half a dozen "continue to insecure HTTP" msgs everyday from reliable commercial websites which I won't mention, partly because after clicking OK the URL appears to be secure anyway, but I'm not a network guy so maybe I'm missing something.

      Anyway, I'd give XP a try just for fun. But I'd never access my Credit Card or Online Bank on it, that's for sure!

  17. spuck

    Is it really needed?

    I'm trying to dust off the memory banks to remember exactly what didn't work in Windows XP if it never was activated...

    I know the newer server builds will shut themselves down after some hours, but wouldn't the desktop versions basically just display scary pop-ups explaining why it was important to activate and maybe turn the desktop wallpaper black?

    1. Roland6 Silver badge

      Re: Is it really needed?

      Depends, but basically you got 30 days before it started plying up.

    2. Jou (Mxyzptlk) Silver badge

      Re: Is it really needed?

      Nope, you were locked out of your machine until reactivation. You describe what Microsoft does since Vista.

      1. Anonymous Coward
        Anonymous Coward

        Re: Is it really needed?

        Sounds like ransomware

  18. Sanguma

    Microsoft should leap at the opportunity to expand on its side of the story. And officially "pardon" so to speak, the release of the WinXP and Win2K source tree a few years back, and treat it and this as part of the "playing with tech" community bundles they got started releasing about a couple of decades ago.

  19. Blackjack Silver badge

    Even going to the Internet with freaking DOS is safer that doing so with XP!

    By that way ever heard of Freedos?

    https://freedos.org/

    And the Web Browser Aracne?

    https://www.glennmcc.org/

    And....

    https://itsfoss.com/install-freedos/

    Have fun!

  20. jlturriff

    Not only legacy hardware, but software also.

    You mention old hardware that won't run more modern Windows than XP, but there are also instances of software that won't run on more modern Windows. The ones I've heard of are industrial control applications that are effectively 'abandonware,' but still necessary to operate industrial equipment (boilers, plywood manufacturing, etc.).

  21. RobDog

    XP great for me

    Because I still play and very much enjoy Microsoft Combat Flight Simulator, using a game-port connected Microsoft Force Feedback joystick. None of those is supported by anything later than XP and I have a couple of Asus M5A7L PCs to keep me flying. Of course I have used a NLite to create a slim image and ghosted it, but every so often I rebuild using my genuine copies of XP. So really I don’t need this tool at all. I was just telling you what I do. Cheers.

    1. Jou (Mxyzptlk) Silver badge

      Re: XP great for me

      Do you mean: "Microsoft Combat Flight Simulator: WWII Europe Series" from 1998?

      If yes: You made me curious, so I tried it on Windows 11. It works, even the setup works. Though I had to select an 8.3 path on C: to install, but once installed you can copy it somewhere else. Even works in 4k, though with some graphical glitches. 2048x1536 is the highest resolution without glitches. Setting a frame limiter via GFX-card control panel recommended. DGVoodoo: Not tried (yet). xbox360 controller works too.

  22. Anonymous Coward
    Anonymous Coward

    I don’t understand. What is the difference between this new form of XP activation and just using the “windows XP CD key generator” from back in the day? I always remember the “windows XP cd key generator” crack to work successfully. Am I missing something?

  23. RAMChYLD

    How about this then?

    https://github.com/richardg867/WaybackProxy

    I see a lot of people using a Raspberry Pi with one of these to act as a proxy for older machines. Heck, the provided screenshot shows Windows 98 and the original it was forked from shows Mac OS 9.2.2!

  24. DuncanIrvine

    XP?

    I have (expensive) hardware that runs DOS. That I want to keep going.

  25. david 12 Silver badge

    legacyupdate.net

    Legacy Update doesn't work for me -- on XP I only get a SOAP error "failed to parse SOAP' when it tries to do whatever it is trying to do.

  26. joe_mann784

    It's not about the internet

    Everyone always panics when I say "Windows XP." Guys.. NO ONE in this day and age will run XP with an internet connection. Why? Because NOTHING modern runs on XP (not even Firefox). *No* non-technical person would use XP, because using XP in 2024 is really, really difficult.

    I use XP to play 90's video games. It's on an 11" Atom netbook from 2007. All internet components have been uninstalled, all networking devices switched off.

    Here's the problem: One day when I think "Hey, let's try disabling hyperthreading and smartstep to see if this one game will run better." The moment I boot into XP, the slap to the face arrives: "Your hardware has changed. Please reactivate XP." Reboot into BIOS, re-enable those features, boot back into XP: "Your hardware has changed. Please reactivate XP." This is why reactivation mechanisms are still important. Old games simply don't run on modern systems without emulators, and emulators need INSANE single core performance. I just want an 11" netbook with 5 hours battery life that I can use in place of handheld console.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like