Oh Duncan, I am well aware that Win7 is not an option. :) It does, however, does bring up an interesting (if obvious) point--it's going to be tougher and tougher to maintain a secure system if you're running XP as time progresses. Beyond bullet-point features like Kernel Patch Protection, UAC, ASLR, etc., there's a growing chasm in terms of more basic capabilities as well. For example, Microsoft has chosen not to implement updated secure hashing (SHA-2, as in SHA256, SHA384, SHA512, etc.) for some scenarios (basically anything not SSL/TLS) in XP while its predecessor, SHA-1, continues to show weakness. Further, Windows XP's SChannel implementation does not support TLS 1.1 or 1.2, which is important given the recently discovered BEAST attack on all SSL and TLS 1.0 implementations using block ciphers (including 3DES and AES, but it is not an attack on AES itself--it is only impacted as it is a block cipher).
Somewhat amusingly, unless changed in very recent versions, neither Chrome nor FireFox support TLS 1.1 or higher on any version of Windows--only IE and Opera do, and then only on Win7. To be honest, TLS1.1 and higher support is not that common on the web either, and most sites have chosen to remediate against BEAST by making an older, well-supported stream cipher, like RC4, preferred or required. Back to the issue at hand--unless you plan on committing yourself to IE's complete removal, downgrading to IE6 most definitely reduces your security posture, even if you never use it. > -----Original Message----- > From: [email protected] [mailto:hardware- > [email protected]] On Behalf Of DSinc > Sent: Saturday, January 14, 2012 1:24 PM > To: HWG > Subject: [H] Did it! > > Question: I suspect that Secunia 2.0 does not do XP w/IE6.0. WTF? > > OK. The Collective shames me to remove IE8 from my XPpro machines. Fine. > Yes, I do install FF901 as a 'replacement.' Again, fine. I am getting > used to > FF901's new rules/windows............... :) > > So I pick a client. Not my test client, but my really grumpy, slowest, > oldest, > perhaps just barely running XPpro! Works for me! What? This is a test > after all. > After all, this is a hobby now! > > IE8 gracefully removed itself as best I could read/watch. But, it also > mentiones 3 MS KBs > that it needs to re-install before it completes its' demise. OK. Do it! > IE8 goes away. > Client now has IE6 again; and, runs just fine........(sort > of)................. :) > > Secunia 2.0 is blowing a gasket! It tells me that both the IE Browser AND > XPpro need to be upgraded post haste. OK. Diddle into Secunia 2.0 and > find that > I need to get/install the VERY same 3 MS KBs that have already been > installed previously. > Yes. > Client re-booted a number of times. Secunia 2.0 still grumbles and gives a > 93% rating. LOL! ATM, I accept the 93% rating as the best Secunia 2.0 > can do. > > Yes, I am confused via Secunia 2.0 behavior. No, Greg. W7 is still not > an option! LOL! > (besides, this old client, I fear, was capable of even trying W7 on its' > best day!) > > I perceive I have found a Secunia 2.0 wall. > Opinions welcome. This client does have some hdw limitations that I just > deal with. > This is just too much fun now! > Duncan
