loblolly986 wrote on 2025-12-19, 02:26:

I have no idea where on earth this belief originated that NT somehow requires browsers/applications to use the OS's cryptography […]
Show full quote

I have no idea where on earth this belief originated that NT somehow requires browsers/applications to use the OS's cryptography support and not their own, but see below:

https://github.com/rn10950/RetroZilla/releases

http://o.rthost.win/gpc/files1.rt/K-Meleon1.5 … 4en-US.tls13.7z (among others from https://rtfreesoft.blogspot.com/2024/06/weekl … s-20240601.html, see bottom of post)

The main problem with web browsing on NT 4.0, 9x, etc., is that the mainstream browsers dropped support quite a number of years ago, and most websites have [d]evolved to rely heavily on new HTML5/CSS/JavaScript features that those old rendering engines don't support. Even with the backported support for modern HTTPS encryption in these forks of old versions, you still are quite limited in what you can do on the modern web. I don't see why a cross-platform modern browser like Firefox or Chromium couldn't theoretically be ported to NT 4.0, but it would be a herculean task because of the extent the existing Windows-specific code relies on APIs available in newer versions, not to mention the build system's reliance on legacy-unfriendly compilers like modern M$VC or mingw-w64, and there just aren't enough people who have both sufficient programming skills/knowledge and interest in doing such things. Those who do tend to target the more popular likes of XP, Vista, 7, or 2000 in their backporting efforts.

Hmm. You're right. TLS 1.2 is introduced with RetroZilla 2.2, and the RetroZilla 2.2 README.TXT explicitly mentions NT4 with no caveats. So NT4 does have Gecko 1.7 with decent TLS. Thank you! 😀

I still think there is a stone worth turning over and I bolded the part of your post that my whole idea pivots on.

The most sophisticated and expensive cyber weapon publicly known (Stuxnet, 2010) relied entirely on what were contemporary Windows APIs of its time. Technically, Stuxnet could have included the full stack of nefarious code it relied on, but it didn't. Even thousands of man hours resulted in a cyber weapon that depended on Microsoft OS vulnerable code waiting for it. Here's the test: If Stuxnet is deployed onto Windows for Workgroups 3.11, then it dies on Windows for Workgroups 3.11 - not because Win3.11 is secure but because Microsoft's ~2010 vulnerable code doesn't exist there. The economic reality is that even the world's most powerful state-backed cyber weapon is dependent on a narrow threat surface.

Example of security through obscurity: Thief steals your house keys. Thief arrives at your house. Thief is stuck on the porch because they can't find the keyhole that you installed under the welcome mat. That's not secure - that's obscure.

Example of security through engineering: Thief steals your tethered house keys. Your smart door handle demands your hand print, and thief obliges. The your smart door spy-hole demands your eyeball, and thief obliges. Your smart door hinge demands your foot, and thief obliges. When your security breaks you are broken, and there's an audit trail for the police to investigate.

Example of security through obsolescence: Thief steals your house keys. Thief never gets to your porch because thief gave up lugging your huge iron key that requires two persons to turn it. That's not insecure - that's economically unaffordable. And, that's what NT4 presents a profit-seeking attacker in 2025.

Using NT4 might be more like a deterrence strategy, or making your home exhaustively expensive so the thief actually wants to ignore you because you present a very bad return on investment.