Modern browsers don’t really support older versions of Windows anymore, so anyone running Windows XP, 2003, Vista, and even Windows 7 and 8 are losing access to secure and capable browsers. While running those older versions of Windows on production machines isn’t exactly advised, they’re still great fun as retrocomputing platforms and to keep older Windows games accessible using period-correct hardware.
As such, there’s some awesome news: there is now a fully up-to-date variant of Chromium for these older versions of Windows called Supermium. It tracks current Chromium, supports extensions, sandboxing, Aero Glass, Google Sync, and even Widevine on Windows 7 and higher. Micheal MJD just published a video showing Supermium in action in case you’re curious.
You’ll need at least Windows XP SP3 and an Intel Pentium 4 with SSE2 in order to run it, and Windows 2000 support is in the works, too.
Pretty cool. Would be nice if there were a similar project for old Macs.
Like for 32bit machines still on Snow Leopard? Check out Arctic Fox, a Pale Moon fork.
Hm, that is useful! However unfortunately still doesn’t cover old Macs on macOS 10.11 (El Capitan) or newer, which only support 64-bit binaries – and as it happens, this is exactly the situation that my parents are in. Their 2008 iMax would still be perfectly suitable for everything if not for the lack of a modern supported browser (new SSL certificates can be copied over, but it’s a pain, and that’s the tip of the iceberg. A real shame that these not-especially-old computers already essentially have to be replaced or the OS swapped out for Linux, just to be able to use the modern web.
meant iMac of course… and of course it should be mentioned, this is at least half Apple’s fault (planned obsolescence) for not providing up-to-date SSL certificates or allowing 32-bit applications on El Capitan.
PS I would consider a downgrade to macOS 10.10, except that some applications they need are already on the verge of being unsupported by the current OS version.
OK addendum: I checked Pale Moon and it fits the bill perfectly for 64-bit Macs. Don’t know why I didn’t find this out earlier! Just looked at Firefox and saw only an ancient version is supported.
Great! Wasteful to throw away a perfectly working setup.
> macOS 10.11 (El Capitan) or newer, which only support 64-bit binaries
This is incorrect.
macOS 10.15 Catalina & later only support 64-bit binaries.
*All* older versions support 32-bit.
Firefox ESR still runs on High Sierra & gets updates.
Sorry, I was mixing up versions! Yes, you’re right, their computer does still support 32 bit after all. However, they are stuck on El Capitan or Sierra (not sure which one atm), so no current Firefox for them.
You know what that thing is missing? AI!
Given what I do day to day, I’m absolutely gobsmacked I didn’t already know about this project.
Windows strength was always backwards compatibility with legacy applications, nice to see some backporting too!
Question is how safe is it to browse the open internet from these Windows XP and Windows 7 machines?
Or only in a virtual environment?
Very much not sercure… mainly because there are p2p botnets still out there running on XP machines that infect other XP machines… as long as that is the case its not secure at all. It might take a day or a few minutes but XP has virtually no defense against them.
cb88,
It doesn’t automatically get infected. You still need an open channel between an attacker and a vulnerable component in the OS.
XP RTM before the service packs had that channel open by default that is how Sasser and Blaster pread, they used the netsend utility.
NaGERST,
What about the final version of windows xp? I suspect that’s the version retro users would be using behind a NAT router without inbound ports mapped.
Is there evidence this will be automatically hacked from the internet even if the users are running secure up to date software? If so, I’d be interested in reading up on it.
Isn’t that why Superium requires XP SP3?
If you have an XP machine “directly” on the Internet, I have no doubt that it would be compromised in a few minutes. However, that is not how desktop systems are used. In reality, there will be at least one router or gateway in between that has a firewall or equivalent running on it. You can use an up-to-date XP machine on such a network without a lot of concern as long as you do not try to run server software on it. For web browsing, the key protection will be an up-to-date browser which is what this is.
Supermium is really great news for ReactOS if nothing else. They are still targeting 32 bit Windows Server 2003 ( Windows XP ). I think they report as SP3. The versions of Firefox or Chrome that you can run on ReactOS are massively out of date.
The reason that Firefox abandoned XP is because ICU ( Unicode ) abandoned XP. I am curious as to how Supermium deals with that.
tanishaj,
I’ve programmed unicode on windows. which is fine but I wouldn’t rely on windows functions in portable software. I’m not familiar with the project, but it may be that chromium was already using a more portable library/abstraction and not dependent on windows.
Someone may have to dig out the answer from the source code.
zzillezz,
If you are only using a modern browser and inbound connections are blocked (they usually are in a NATed network), then the exploit would have to be initiated through the browser, which helps provide exploit isolation. Most people would probably be ok if they stick to trusted sites. I think unsupported browsers are a bigger problem.
That said, older operating systems are at a much higher risk of local LAN attacks.
https://www.digitaltrends.com/computing/windows-bluekeep-vulnerability/
OS vulnerabilities can technically still be exposed through the browser. For example, there were windows font rendering glitches that could be exploited through innocuous looking code & interfaces: “This prints text, nothing dangerous here”. Browsers do have their own rendering engines these days, although I’m not sure if it’s 100% safe to assume they use them for everything…
https://support.mozilla.org/en-US/questions/1115938#answer-860588
Another example where legacy code could theoretically be exploited is vulnerable video/audio codecs. Some applications bring their own codecs, others come from the OS. I would think most hardware acceleration depends not only on the OS but on the drivers too, which could have their own vulnerabilities.
It should be theoretically possible to build a browser that only uses simple frame buffers with no unsupported external dependencies at all. This would significantly reduce the attack surface (and be safer on modern operating systems too). I’m not familiar with Supermium and whether they do this or not.
If only we could see Chromium on alternative OSs like Illumos, Haiku, ArcaOS, RISC OS, OpenVMS, 9front, AROS, MorphOS, AmigaOS and so on.
For MorphOS, there is Wayfarer which is webkit based and is using the latest release of it or very close to. Pretty amazing work. You can get a bit more info there https://wayfarer.icu/.
Falkon, a QT web browser using Blink (the chromium renderer) is available for Haiku
https://en.wikipedia.org/wiki/Falkon
This is a bit of a drive-by. This is my first comment from the Ladybird browser. It has not been possible to post from osnews until now.