XP and the .NET Framework

Windows XP runs up to the maximum of .NET framework 4.0. My question is is Microsoft planning to cut off XP users from updates to the various versionsof the overall framework when support ends for SP3 next April?

Since the .NET framework comes from the same place as SP3 did (MS), I think MS should rethink their stance if they are planning to deny XP users .NET updates...

:major

 

I am referring to updates that would apply to the .NET framework up to and including version 4.0...

 

Don't the .NET Framework updates pertain to several versions of Windows including Windows 7? I think since this is the case, .NET Framework updates will still be available from the Microsoft Update site using IE 8 and Custom Install. I believe it's the updates specifically for Win XP that will no longer be available, but not the other Microsoft products — especially the redistributables.

 

Thanks for the information mdonah...Yes they do apply to Vista and 7

Interesting rolleyes. I don't know the answer to this one, but I hope you are right! That would mean to me that as long as MS is supporting .NET 4.0 and earlier, they would still be in one sense supporting Windows XP. It would be nice to know if they will be using the updates client for this and so on, so I will be on the lookout for more info...

 

I guess we'll find out for sure on patch Tuesday next April. I'm running XP Pro and .NET Framework 2.0, 3.5 and 4.0 (full, not just the Client Profile) also. But, I've been experimenting with the different versions of Vista (I guess I'm one of the few that actually like Vista — except for the audio, it configures ALL of my devices very well and I won't have to go on a wild goose chase looking for device drivers.).

 

Yes, I agree about Vista. I am more and more interested in MS' golden flop. Maybe it has matured into a solid citizen with a bad record :-D.

One thing, Vista is compatible with .NET 4.5, which I have a hunch will be important. Currently, I'm like you with all the .NET framework up to 4.0 in XP Pro. I find the PC seems to run better with it there as a general rule. As for drivers, the PC I have is notoriously run of the mill when it comes to drivers for all versions of Windows. They're easy to come by...DC7700 small form factor.

I like this old crate with XP (gonna keep it armed with XP as long as the PC will start) and would like to add one like it with another OS...Still think I might give Vista a go rather than moving to 7 (based on what I have seen from Vista). It's looking good. Either way it will be on a different PC.

Hope to get a look at some of the versions soon as you are doing...

Thanks for your insights...

 

mdonah...if you get a chance, is .NET 4 extended the version I should be looking to add to client profile? I don't have an actual .NET 4.0 listing in Add/Remove...just client profile and extended and their associated updates...

 

The reason why Microsoft will not provide .NET updates is because after support ends, the OS is a risk to users. 0-day exploits will no longer be patched, as there will be no further updates. Providing software after that point is giving XP users a false sense of security, when they are actually in a precarious situation.


That said, as a .NET developer, I think .NET 4 should last you quite some time yet. Many developers still use Visual Studio 2010 or lower, which doesn't even support .NET 4.5.

.NET 4.5 provides Windows 8 support, which you don't need, and requires Visual Studio 2012.

.NET 4.5.5 provides 8.1 support, which again you don't need, and requires Visual Studio 2013.

 

Have you read a statement from Microsoft on this issue or is this a guess?

Users can't get security for their PC somewhere else?

Hmmm...I don't believe in MS' security patches as much as you must

 

It isn't a guess, it is a fact. You can look at prios OSes as an example.

No,users cannot get their security updates elsewhere because Windows is a closed source OS. You don't have to trust in the patches, but there is no denying that MS does close 0-day exploit holes all the time (have you ever seen a 0-day patch that didn't patch said exploit?). Imagine if they just...stopped. That is the fate of XP.

The cost of getting out of support 0-day fixes from MS is astronomical. All but fortune 500 companies will be able to continue that way for long.

 

So you are saying that MS can guarantee that no zero day exploits will find their way to Windows based PC which is being updated with security updates from Microsoft?

Nothing personal, but this is a language play. "All the time" doesn't make sense in the context of this type of discussion. It implies that MS patches are some sort of guarantee. "Frequently" they provide extra security against zero day exploits would be fine.

What about a-v programs? a-v developers aren't able to combat zero day exploits, when it is their business to so and when it is their livelihood on the line? I disagree if you believe that losing MS security updates means losing protection from zero day exploits. If anyone tries to go without a-v, OK, I would say that individual is at risk. Otherwise, I haven't seen any proof that MS security patches stop zero day exploits as well or better the a-v programs do. a-v providers update their programs frequently enough for me to believe they can do the job...

 

Nope, you said that and tried to put words in my mouth. I said they patch exploits all the time, not that every exploit is patched in the OS. They patch them as they are found. To put words in my mouth is crass and it hinders intelligent discussion.

Antivirus does not patch anything. It is a first line of defense, but is not reliable to be the only one, but there is no such thing as a fail-safe AV, and not all exploits come from malware or viruses...

I am going to go ahead and bow out of this conversation as well, because again you are ruling your thoughts and words with emotion, and forgoing all logic and technical details.

Good day sir.

 

I didn't put words in your mouth. You chose poor words for your argument...

OK, but I would like to know where they do come from if not from viruses or malware. You say there is no fail safe a-v and that MS isn't fail safe. Then you say a-v is no protection against zero day exploits. What they just don't care about zero day exploits? I'm not going to believe that.

Is this how you respond to every argument you lose? I'm not being emotional...logical my friend...

 

You have yet to speak a word of said 'logic'.


I haven't "lost" any argument. I am bowing out because I am a moderator here, and know when someone is ruled by emotion and the path a thread is taking. Therefore I am taking the higher ground and walking away.


You haven't won a thing. I walked away after an unstoppable force met an unmovable object...


If you want to think you have won some grand debate, feel free to go to bed tonight with a sense of satisfaction in thinking you "won" an argument on the Internet. Doesn't bother me in the least. Now excuse me, I have some coding I need to get done.

 

I don't see how you could claim to believe this and then effectively advise anyone on computer security matters. An exploit is itself either malware or a virus. Where they come from is people...people looking for a way into the wallets of others without their approval...

The whole subject of computer security is about nothing but financial security, and I believe this is something PC users deserve...

 

I'm not certain. I downloaded the full installer for .NET Framework 4 and it installed the Client Profile AND the Extended. I'll have to get back to you in a few minutes as I'm continuing my experimentation with Windows Vista (I'm ruuning it during this reply) and have to switch back to XP (I'm not running dual boot. I have both OSes installed on separate drives and need to switch over to the XP drive.).

 

I have exactly what you have (see attached) so, the extended was what you were looking for.

P.S. This was posted from XP. I'm going to stay in it for a while so I can get my daily dose of downloads from MG's and Freeware Files.com.

 

https://www.owasp.org/index.php/Buffer_Overflow A buffer overflow is neither a virus nor malware, but an exploit. This will be my only post.

 

Thanks mdonah. I went to make sure yesterday after reading your post about 4.0. The download for the extended is identified as simply .NET 4.0 on the MS download site. I ran the installer to see, and it said I already have it and all. That's a little bit confusing I must say. Not that MS would do anything to confuse anyone...:-o

Appreciated the heads up on that. I never noticed it before.

My sister is giving me her computer. It's about 4 years old, so it will probably either have Vista or Windows 7. Looking forward to getting inside either one of them, especially if it's Vista. I have poked around on Windows 7. I see the pluses, but I really like the configurability of the XP UI...

I think she's giving me a laptop too. No idea what it's like. I've always said I wouldn't ever own one, but they do come with some different challenges with the battery considerations and power usage and so on. Guess I'll play around with it and try to pick up a little experience...

The bringer of a stack overflow is malicious code. Malicious code is either malware or a virus. Malware and viruses are what a-v programmers develop their programs to combat. Nothing to say that malware or a virus that launches this type of attack could not also be harboring a virus or other malware, but malicious code is either a virus or malware. Some might include adware, but it's malware in my book.

A buffer overflow is a condition brought on by a malware attack. End of story...

Silly argument.

 

Thanks for mentioning this.


Buffer overflows do not require malicious software to exploit. Just a poorly written application that can have perfectly legit purposes.

Neither anti-malware nor antivirus can reliably detect buffer overflows, because a buffer overflow in itself is not a malicious action. Those who do not have a technical or programming background may not realize this.

Once the buffer overflow attack has worked, the hacker can disable third party defenses, and THEN let loose their volley of malware, trojans, and viruses.

Nobody should ever forgo OS patches thinking that antimalware or av applications can keep you safe. That is the danger of using XP past April. I know not everyone understands OS security here, but there needs to be multiple layers, and third party apps are but one. Third party apps are bypassed ALL THE TIME. SO are OS defenses, but making it even easier for hackers is like reusing a condom with a bunch of pin holes in it.

 

You may end up actually preferring the laptop especially if you've got a wi-fi connection. I dont have any place to keep a desktop in the apartment I live in but my laptop I can sit at the kitchen table and use — and I've been able to expand the capability of the laptop with various USB/Modular Bay add-ons including a Floppy Drive!

Vista is highly configurable too but going about it is quite different from XP which I'm sure you know from having poked around in 7. I tried 7 and it didn't seem to configure my devices as well as Vista. I've also tried 8 and 8.1 and like 8.1 but dislike 8 — go figure.

 

Appreciate the tips. The learning curve is probably going to be fairly long for me whichever OS is on the PCs. Reading a little bit on Vista, I have noticed what you mention about how much different it is than XP. On the subject of the laptop, I am a little bit unnerved by them for some reason. Sitting down at the desktop I know what to expect, but not so much from the laptop...:-o

Anyway, I'm looking forward to having a good time diving in to see what I can learn and accomplish if anything...