Collective,
Let us close this thread! Greg, I promise to stop pricking you about
W7! I know that your thoughts are in the proper place. Actually, I did
not get your focus until my 3d read. Then the weak bulb blinked on!
I see your crisp focus. Yes, I live my life with those 'magic' objects
under the hood of my browser choices; because I'm told they live there.
I assume that they do. Yes, 'banking' business lives in the SSL/TLS realm.
Yes, I do tweaks/adds/modifies/whatever to my browsers per suggestions
from the Collective. Got it!
Firefox is currently 901 w/NoScript current. I am now looking at
AdBlock Plus. IE8 will remain a tool on the client that MS will control
until they shut me down.........no more XP updates! The client discussed
only does browsing on 'Patch Tuesday.' But, I accept that each time it
is on, it is doing some 'phoning-home.'
Re-installed IE8 to my very old Brontosaurus! Secunica 2.0 now rates
this old XPpro kit at 100% again.
Learned a bunch. Thank you Collective!
Duncan
On 01/14/2012 22:53, Greg Sevart wrote:
Oh Duncan, I am well aware that Win7 is not an option. :)
It does, however, does bring up an interesting (if obvious) point--it's
going to be tougher and tougher to maintain a secure system if you're
running XP as time progresses. Beyond bullet-point features like Kernel
Patch Protection, UAC, ASLR, etc., there's a growing chasm in terms of more
basic capabilities as well. For example, Microsoft has chosen not to
implement updated secure hashing (SHA-2, as in SHA256, SHA384, SHA512, etc.)
for some scenarios (basically anything not SSL/TLS) in XP while its
predecessor, SHA-1, continues to show weakness. Further, Windows XP's
SChannel implementation does not support TLS 1.1 or 1.2, which is important
given the recently discovered BEAST attack on all SSL and TLS 1.0
implementations using block ciphers (including 3DES and AES, but it is not
an attack on AES itself--it is only impacted as it is a block cipher).
Somewhat amusingly, unless changed in very recent versions, neither Chrome
nor FireFox support TLS 1.1 or higher on any version of Windows--only IE and
Opera do, and then only on Win7. To be honest, TLS1.1 and higher support is
not that common on the web either, and most sites have chosen to remediate
against BEAST by making an older, well-supported stream cipher, like RC4,
preferred or required.
Back to the issue at hand--unless you plan on committing yourself to IE's
complete removal, downgrading to IE6 most definitely reduces your security
posture, even if you never use it.
-----Original Message-----
From: [email protected] [mailto:hardware-
[email protected]] On Behalf Of DSinc
Sent: Saturday, January 14, 2012 1:24 PM
To: HWG
Subject: [H] Did it!
Question: I suspect that Secunia 2.0 does not do XP w/IE6.0. WTF?
OK. The Collective shames me to remove IE8 from my XPpro machines. Fine.
Yes, I do install FF901 as a 'replacement.' Again, fine. I am getting
used to
FF901's new rules/windows............... :)
So I pick a client. Not my test client, but my really grumpy, slowest,
oldest,
perhaps just barely running XPpro! Works for me! What? This is a test
after all.
After all, this is a hobby now!
IE8 gracefully removed itself as best I could read/watch. But, it also
mentiones 3 MS KBs
that it needs to re-install before it completes its' demise. OK. Do it!
IE8 goes away.
Client now has IE6 again; and, runs just fine........(sort
of)................. :)
Secunia 2.0 is blowing a gasket! It tells me that both the IE Browser AND
XPpro need to be upgraded post haste. OK. Diddle into Secunia 2.0 and
find that
I need to get/install the VERY same 3 MS KBs that have already been
installed previously.
Yes.
Client re-booted a number of times. Secunia 2.0 still grumbles and gives a
93% rating. LOL! ATM, I accept the 93% rating as the best Secunia 2.0
can do.
Yes, I am confused via Secunia 2.0 behavior. No, Greg. W7 is still not
an option! LOL!
(besides, this old client, I fear, was capable of even trying W7 on its'
best day!)
I perceive I have found a Secunia 2.0 wall.
Opinions welcome. This client does have some hdw limitations that I just
deal with.
This is just too much fun now!
Duncan
