Security using XP with Firefox no longer updating itself
Firefox tells me they will no longer be updating their XP 32bit
version. Their solution: buy Windows 10 if I want to be secure. My question to you guys is how much trouble can I get into by ignoring their 'advice' and proceeding as usual? |
Security using XP with Firefox no longer updating itself
On Fri, 06 Jul 2018 13:19:59 -0400, John B. Smith
wrote: Firefox tells me they will no longer be updating their XP 32bit version. Their solution: buy Windows 10 if I want to be secure. My question to you guys is how much trouble can I get into by ignoring their 'advice' and proceeding as usual? Mozilla's solution now starts with Windows 7. There would also various Unix implementations. Security has a different meaning according to interests and procedures involved for employing the concept. This month Ebay, for instance, raised its security concerns to a sales base of prior customers, in issuing a similar statement by curtailing that segment of customers from using their rights, any longer, to purchase Ebay items. Does that mean that Amazon, in not taking upon themselves the same security issues, as Ebay, is less secure and therefore more willing to do or by effect cause you harm? Or would it mean that Ebay is relatively dwarfed by Amazon business modeling, a latter and pivotal controlling factor overall of the WEB, and by continuing to dominate sales profits, such so-called security is least of all imperative to a focus of their established, successful, and a domineering presence? What do you think security actually means to someone already of a lessor stature, unable to contract and store national defense secrets, as does Amazon, when they then turn again to look down one farther, to such as yourself, and tell you that you're in danger not heed to their appraisal of your present ****ant situation? And why, if not you, do you suppose so many others then will? |
Security using XP with Firefox no longer updating itself
John B. Smith wrote:
Firefox tells me they will no longer be updating their XP 32bit version. Their solution: buy Windows 10 if I want to be secure. My question to you guys is how much trouble can I get into by ignoring their 'advice' and proceeding as usual? That depends on how much of this was implemented in 52ESR. https://en.wikipedia.org/wiki/Transp...curity#TLS_1.3 # Addition of the ChaCha20 stream cipher with the Poly1305 message authentication code # Addition of the Ed25519 and Ed448 digital signature algorithms # Addition of the x25519 and x448 key exchange protocols Some of those are thought to be not-back-doored by the NSA. The web is going to an all https model. SSL/TLS is the protocol used for security purposes. SSL is completely deprecated (cracked six ways from Sunday). TLS is a continuation of SSL, which presumably is better than SSL. Browsers allow the user to set a preference as to what SSL or TLS versions they will allow the browser to use. All my SSL is turned off. TLS 1.3 attempts to protect against the known issues to date. See the section at the bottom of an article like this, for the names of known exploits. And this isn't necessary a complete list of the named ones either. https://en.wikipedia.org/wiki/Heartbleed Major vulnerabilities publicly disclosed * Evercookie (2010) * iSeeYou (2013) * Heartbleed (2014) === browser issue * Shellshock (2014) * POODLE (2014) === browser issue * Rootpipe (2014) * Row hammer (2014) * JASBUG (2015) * Stagefright (2015) * DROWN (2016) * Badlock (2016) * Dirty COW (2016) * Cloudbleed (2017) * Broadcom Wi-Fi (2017) * EternalBlue (2017) * DoublePulsar (2017) * Silent Bob is Silent (2017) * KRACK (2017) * ROCA vulnerability (2017) * BlueBorne (2017) * Meltdown (2018) === CPU arch issue * Spectre (2018) === CPU arch issue * EFAIL (2018) * Speculative Store Bypass (2018) * Lazy FP State Restore (2018) * TLBleed (2018) === CPU arch issue ******* Windows 10 gives you some protection against local exploits. For example, you download an EXE from some website. Then execute it locally. Windows Defender is one part of the defenses (but you could use an AV program on another OS to achieve the same result). But there are also OS level features to prevent exploitation (some security features require user interaction, if for example there is a non-standard directory structure). https://www.theregister.co.uk/2017/1...re_protection/ On the minus side, Windows 10 requires a lot of resources to remain responsive. A WinXP era machine may not be up to it. And considering how the browsers that run in Windows 10 work, a processor with four cores is a good match for that OS choice. To give an example, my laptop has a single CPU core. If the Windows 10 network cable is unplugged, the OS is good enough at power saving, that the fan stops running. However, if you then plug in the network cable "it goes nuts". And now the power dissipation of the laptop is higher than Windows 7. That means in any practical situation, the background maintenance activity in Windows 10, chews away at battery life, and (at least with a single core CPU), makes browsing pretty damn difficult. For Windows 10, a quad core CPU and an SSD for a boot storage device, would be helpful. And the video card should really have a Windows 10 driver (which rules out older stuff like your FX5200 AGP). HTH, Paul [who is not a security person, and just reads the newspaper] |
Security using XP with Firefox no longer updating itself
Paul wrote:
The web is going to an all https model. Even for sites that have nothing to do with securing the data during transmission (i.e., public information). They still want to prove you connected where you thought you were going. SSL/TLS is the protocol used for security purposes. SSL is completely deprecated (cracked six ways from Sunday). TLS is a continuation of SSL, which presumably is better than SSL. Be careful about TLS: verion 1.0 is just SSL 3.0 renamed. TLS 1.0 was based on SSL 3.0; however, the handshaking was changed sufficiently to prevent interoperability (TLS 1.0 is not more secure than SSL 3.0 but your client needs to support whichever the site uses). Your client (and the site) should use TLS 1.2, or higher. |
Security using XP with Firefox no longer updating itself
John B. Smith wrote:
Firefox tells me they will no longer be updating their XP 32bit version. Their solution: buy Windows 10 if I want to be secure. My question to you guys is how much trouble can I get into by ignoring their 'advice' and proceeding as usual? The web browser is the highest vulnerable infection vector into a host. E-mail is probably the next highest. http://home.bt.com/tech-gadgets/inte...11364034422157 Looks like Opera is your last choice should you stick with Windows XP (which also no longer gets any updates, so it becomes more vulnerable). I have no experience with Lunascape (never heard of it but there are tons of variants that I've not heard about). The Epic web browser (a Chromium variant) says it works on Windows XP; however, I couldn't find anything at their web site noting system requirements or continued support for Windows XP. It's last update (according to Wikipedia) was back on Nov 27, 2017 which seems old for a supported web browser. Of course, you're still using an old an unsupported OS that will become more vulnerable over time although it gets specifically targeted less due to its waning number of deployments (any OS with low use volume will be a lower desirable target). While there are tricks to still getting security updates for Windows XP, you only have under a year left of those; see: http://www.expertreviews.co.uk/softw...-registry-hack So you'll be trying to find a web browser that continues to support Windows XP but the OS itself will cease to get security updates. How secure can a web browser be atop of an insecure OS? Web browsers are not written in instruction code nor ran insulated from the OS. |
All times are GMT +1. The time now is 07:35 AM. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
HardwareBanter.com