Thread: Security using XP with Firefox no longer updating itself
View Single Post
  #3  
Old July 6th 18, 08:36 PM posted to alt.comp.hardware.pc-homebuilt
Paul[_28_]
external usenet poster
  
Posts: 1,467
Default Security using XP with Firefox no longer updating itself
John B. Smith wrote:
Firefox tells me they will no longer be updating their XP 32bit
version. Their solution: buy Windows 10 if I want to be secure. My
question to you guys is how much trouble can I get into by ignoring
their 'advice' and proceeding as usual?

That depends on how much of this was implemented in 52ESR.

https://en.wikipedia.org/wiki/Transp...curity#TLS_1.3

# Addition of the ChaCha20 stream cipher
with the Poly1305 message authentication code
# Addition of the Ed25519 and Ed448 digital signature algorithms
# Addition of the x25519 and x448 key exchange protocols

Some of those are thought to be not-back-doored by the NSA.

The web is going to an all https model.

SSL/TLS is the protocol used for security purposes.

SSL is completely deprecated (cracked six ways from Sunday).

TLS is a continuation of SSL, which presumably is better
than SSL.

Browsers allow the user to set a preference as to what
SSL or TLS versions they will allow the browser to use.
All my SSL is turned off.

TLS 1.3 attempts to protect against the known issues to date.

See the section at the bottom of an article like this,
for the names of known exploits. And this isn't necessary
a complete list of the named ones either.

https://en.wikipedia.org/wiki/Heartbleed

Major vulnerabilities publicly disclosed

* Evercookie (2010)
* iSeeYou (2013)
* Heartbleed (2014) === browser issue
* Shellshock (2014)
* POODLE (2014) === browser issue
* Rootpipe (2014)
* Row hammer (2014)
* JASBUG (2015)
* Stagefright (2015)
* DROWN (2016)
* Badlock (2016)
* Dirty COW (2016)
* Cloudbleed (2017)
* Broadcom Wi-Fi (2017)
* EternalBlue (2017)
* DoublePulsar (2017)
* Silent Bob is Silent (2017)
* KRACK (2017)
* ROCA vulnerability (2017)
* BlueBorne (2017)
* Meltdown (2018) === CPU arch issue
* Spectre (2018) === CPU arch issue
* EFAIL (2018)
* Speculative Store Bypass (2018)
* Lazy FP State Restore (2018)
* TLBleed (2018) === CPU arch issue

*******

Windows 10 gives you some protection against local exploits.
For example, you download an EXE from some website. Then
execute it locally. Windows Defender is one part of the
defenses (but you could use an AV program on another
OS to achieve the same result). But there are also OS
level features to prevent exploitation (some security
features require user interaction, if for example
there is a non-standard directory structure).

https://www.theregister.co.uk/2017/1...re_protection/

On the minus side, Windows 10 requires a lot of resources
to remain responsive. A WinXP era machine may not be up
to it. And considering how the browsers that run in Windows 10
work, a processor with four cores is a good match for that
OS choice.

To give an example, my laptop has a single CPU core. If the
Windows 10 network cable is unplugged, the OS is good enough
at power saving, that the fan stops running. However, if
you then plug in the network cable "it goes nuts". And now
the power dissipation of the laptop is higher than Windows 7.
That means in any practical situation, the background
maintenance activity in Windows 10, chews away at battery
life, and (at least with a single core CPU), makes browsing
pretty damn difficult.

For Windows 10, a quad core CPU and an SSD for a boot storage
device, would be helpful. And the video card should really
have a Windows 10 driver (which rules out older stuff like
your FX5200 AGP).

HTH,
Paul [who is not a security person, and just reads the newspaper]