A computer components & hardware forum. HardwareBanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » HardwareBanter forum » General Hardware & Peripherals » Homebuilt PC's
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Security using XP with Firefox no longer updating itself



 
 
Thread Tools Display Modes
  #1  
Old July 6th 18, 06:19 PM posted to alt.comp.hardware.pc-homebuilt
John B. Smith
external usenet poster
 
Posts: 163
Default Security using XP with Firefox no longer updating itself

Firefox tells me they will no longer be updating their XP 32bit
version. Their solution: buy Windows 10 if I want to be secure. My
question to you guys is how much trouble can I get into by ignoring
their 'advice' and proceeding as usual?
  #2  
Old July 6th 18, 08:28 PM posted to alt.comp.hardware.pc-homebuilt
Flasherly[_2_]
external usenet poster
 
Posts: 2,407
Default Security using XP with Firefox no longer updating itself

On Fri, 06 Jul 2018 13:19:59 -0400, John B. Smith
wrote:

Firefox tells me they will no longer be updating their XP 32bit
version. Their solution: buy Windows 10 if I want to be secure. My
question to you guys is how much trouble can I get into by ignoring
their 'advice' and proceeding as usual?


Mozilla's solution now starts with Windows 7. There would also
various Unix implementations. Security has a different meaning
according to interests and procedures involved for employing the
concept. This month Ebay, for instance, raised its security concerns
to a sales base of prior customers, in issuing a similar statement by
curtailing that segment of customers from using their rights, any
longer, to purchase Ebay items.

Does that mean that Amazon, in not taking upon themselves the same
security issues, as Ebay, is less secure and therefore more willing to
do or by effect cause you harm? Or would it mean that Ebay is
relatively dwarfed by Amazon business modeling, a latter and pivotal
controlling factor overall of the WEB, and by continuing to dominate
sales profits, such so-called security is least of all imperative to a
focus of their established, successful, and a domineering presence?

What do you think security actually means to someone already of a
lessor stature, unable to contract and store national defense secrets,
as does Amazon, when they then turn again to look down one farther, to
such as yourself, and tell you that you're in danger not heed to their
appraisal of your present ****ant situation? And why, if not you, do
you suppose so many others then will?
  #3  
Old July 6th 18, 08:36 PM posted to alt.comp.hardware.pc-homebuilt
Paul[_28_]
external usenet poster
 
Posts: 1,467
Default Security using XP with Firefox no longer updating itself

John B. Smith wrote:
Firefox tells me they will no longer be updating their XP 32bit
version. Their solution: buy Windows 10 if I want to be secure. My
question to you guys is how much trouble can I get into by ignoring
their 'advice' and proceeding as usual?


That depends on how much of this was implemented in 52ESR.

https://en.wikipedia.org/wiki/Transp...curity#TLS_1.3

# Addition of the ChaCha20 stream cipher
with the Poly1305 message authentication code
# Addition of the Ed25519 and Ed448 digital signature algorithms
# Addition of the x25519 and x448 key exchange protocols

Some of those are thought to be not-back-doored by the NSA.

The web is going to an all https model.

SSL/TLS is the protocol used for security purposes.

SSL is completely deprecated (cracked six ways from Sunday).

TLS is a continuation of SSL, which presumably is better
than SSL.

Browsers allow the user to set a preference as to what
SSL or TLS versions they will allow the browser to use.
All my SSL is turned off.

TLS 1.3 attempts to protect against the known issues to date.

See the section at the bottom of an article like this,
for the names of known exploits. And this isn't necessary
a complete list of the named ones either.

https://en.wikipedia.org/wiki/Heartbleed

Major vulnerabilities publicly disclosed

* Evercookie (2010)
* iSeeYou (2013)
* Heartbleed (2014) === browser issue
* Shellshock (2014)
* POODLE (2014) === browser issue
* Rootpipe (2014)
* Row hammer (2014)
* JASBUG (2015)
* Stagefright (2015)
* DROWN (2016)
* Badlock (2016)
* Dirty COW (2016)
* Cloudbleed (2017)
* Broadcom Wi-Fi (2017)
* EternalBlue (2017)
* DoublePulsar (2017)
* Silent Bob is Silent (2017)
* KRACK (2017)
* ROCA vulnerability (2017)
* BlueBorne (2017)
* Meltdown (2018) === CPU arch issue
* Spectre (2018) === CPU arch issue
* EFAIL (2018)
* Speculative Store Bypass (2018)
* Lazy FP State Restore (2018)
* TLBleed (2018) === CPU arch issue

*******

Windows 10 gives you some protection against local exploits.
For example, you download an EXE from some website. Then
execute it locally. Windows Defender is one part of the
defenses (but you could use an AV program on another
OS to achieve the same result). But there are also OS
level features to prevent exploitation (some security
features require user interaction, if for example
there is a non-standard directory structure).

https://www.theregister.co.uk/2017/1...re_protection/

On the minus side, Windows 10 requires a lot of resources
to remain responsive. A WinXP era machine may not be up
to it. And considering how the browsers that run in Windows 10
work, a processor with four cores is a good match for that
OS choice.

To give an example, my laptop has a single CPU core. If the
Windows 10 network cable is unplugged, the OS is good enough
at power saving, that the fan stops running. However, if
you then plug in the network cable "it goes nuts". And now
the power dissipation of the laptop is higher than Windows 7.
That means in any practical situation, the background
maintenance activity in Windows 10, chews away at battery
life, and (at least with a single core CPU), makes browsing
pretty damn difficult.

For Windows 10, a quad core CPU and an SSD for a boot storage
device, would be helpful. And the video card should really
have a Windows 10 driver (which rules out older stuff like
your FX5200 AGP).

HTH,
Paul [who is not a security person, and just reads the newspaper]


  #4  
Old July 7th 18, 07:28 PM posted to alt.comp.hardware.pc-homebuilt
VanguardLH[_2_]
external usenet poster
 
Posts: 1,453
Default Security using XP with Firefox no longer updating itself

Paul wrote:

The web is going to an all https model.


Even for sites that have nothing to do with securing the data during
transmission (i.e., public information). They still want to prove you
connected where you thought you were going.

SSL/TLS is the protocol used for security purposes. SSL is completely
deprecated (cracked six ways from Sunday). TLS is a continuation of
SSL, which presumably is better than SSL.


Be careful about TLS: verion 1.0 is just SSL 3.0 renamed. TLS 1.0 was
based on SSL 3.0; however, the handshaking was changed sufficiently to
prevent interoperability (TLS 1.0 is not more secure than SSL 3.0 but
your client needs to support whichever the site uses). Your client (and
the site) should use TLS 1.2, or higher.
  #5  
Old July 7th 18, 07:51 PM posted to alt.comp.hardware.pc-homebuilt
VanguardLH[_2_]
external usenet poster
 
Posts: 1,453
Default Security using XP with Firefox no longer updating itself

John B. Smith wrote:

Firefox tells me they will no longer be updating their XP 32bit
version. Their solution: buy Windows 10 if I want to be secure. My
question to you guys is how much trouble can I get into by ignoring
their 'advice' and proceeding as usual?


The web browser is the highest vulnerable infection vector into a host.
E-mail is probably the next highest.

http://home.bt.com/tech-gadgets/inte...11364034422157

Looks like Opera is your last choice should you stick with Windows XP
(which also no longer gets any updates, so it becomes more vulnerable).
I have no experience with Lunascape (never heard of it but there are
tons of variants that I've not heard about).

The Epic web browser (a Chromium variant) says it works on Windows XP;
however, I couldn't find anything at their web site noting system
requirements or continued support for Windows XP. It's last update
(according to Wikipedia) was back on Nov 27, 2017 which seems old for a
supported web browser.

Of course, you're still using an old an unsupported OS that will become
more vulnerable over time although it gets specifically targeted less
due to its waning number of deployments (any OS with low use volume will
be a lower desirable target). While there are tricks to still getting
security updates for Windows XP, you only have under a year left of
those; see:

http://www.expertreviews.co.uk/softw...-registry-hack

So you'll be trying to find a web browser that continues to support
Windows XP but the OS itself will cease to get security updates. How
secure can a web browser be atop of an insecure OS? Web browsers are
not written in instruction code nor ran insulated from the OS.
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
FireFox: Typing Address NAME ONLY In Address Bar No Longer Works Monica Dell Computers 32 August 31st 09 06:25 PM
Firefox found to have more security problems than IE. Steve W. Compaq Computers 1 April 24th 06 03:54 AM
Firefox found to have more security problems Steve W. Dell Computers 0 April 20th 06 06:09 PM
the longer its off the longer it runs nmx Homebuilt PC's 1 September 21st 05 08:10 PM
Firefox [email protected] Dell Computers 30 July 1st 05 03:24 AM


All times are GMT +1. The time now is 04:11 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 HardwareBanter.
The comments are property of their posters.