Update VC++ redist to 2010?

It's kind of annoying that we need to keep that old runtime installed for Construct. :( 2010 is more commonly used now and it should be backward compatible with 2005 apps, unless the developer tied the app to a certain version number deliberately, AFAIK.

Or is there a good reason for construct to use 2005?

A great tool for checking the versions of your software for security assessment purposes is Secunia PSI. This is a very good security tool to have in your arsenal in general. It's much more important than any antivirus or firewall.

EDIT: It seems that my concern about MSXML4 was indeed something to do with my system and not Construct. I've edited this post to help avoid any further potential confusion. —@ Sorry for the trouble.

Construct uses the vs2005 runtime because it was compiled with Visual Studio 2005. This does not make it outdated since Microsoft still supports it releasing security fixes and patches for it on a regular basis.

When installing construct the latest version of the vc2005 runtime is installed. This is the version used, which was released 4/11/2011, much newer than MSXML 4.0 SP3 which was released 9/29/2009.

Are you sure that security vulnerability is still current? The date on the page you linked to dates from 2008.

I've tried updating the IDE code from VS2005 before, but couldn't get it working - I think we have a lot of legacy code, as well as the UI library, that depends specifically on VS2005's quirks. This is "fixed" in C2 which is all static linked and written in VS2010 - one of many reasons for a rewrite.

Ah, I see.

I was able to fix my Construct launch error by downloading the vc 2005 redist SP1 from here. It is an older release than what you linked, as it required two security patches after, via Windows Update. Construct then worked fine and the MSXML4 was not reverted to a vulnerable version. I then uninstalled the patches and the vc runtime and reinstalled it from the link you gave--and MSXML4 wasn't reverted to an old version, either. I then reinstalled Construct itself and I've been unable to get MSXML4 to downgrade, either?!

So now I'm kind of clueless! D: I did not test for vulnerabilities exactly before and after installing Construct, so I can't say with certainty that something Construct installed has reverted the file's version. But on the other hand, I have not installed anything else in a long time, and I do run periodic vulnerability scans, so... yeahh.

One way to check would be to ask others what their versions are. The version you want to have is: Msxml4.dll, Msxml4r.dll (4.30.2100.0), found in C:\Windows\System32. Or just run a scan with Secunia PSI as described in the first post. :) You might find other vulnerable software while you're at it. :(

Oh and I doubt the vulnerability would be "outdated" if you have the vulnerable DLL sitting there. The page is old because the vulnerability is old itself.

I checked, and as far as I can see, Classic only uses XML when it loads persist files. Persist files are also parsed with TinyXML, a different XML parser to MSXML. So as far as I can tell Classic doesn't actually use MSXML and therefore should not actually be vulnerable to any MSXML security flaws.

I think your fears are unfounded. I'd be more worried about zero-day browser exploits, personally...

I see. I was more worried about a MSXML4 flaw, which I thought was caused by the Construct installer, making the user vulnerable through software other than Construst, such as Office, IE, etc. In any case, it looks like I was wrong about this so I edited my post. Sorry for the trouble. ):