Linked by Thom Holwerda on Fri 23rd Mar 2012 22:49 UTC
Mozilla & Gecko clones Still holding on to Windows 2000, XP RTM or XP SP1? No more Firefox for you, my friend - Mozilla has just upped its minimum supported Windows version to Windows XP SP2. In addition, support for Firefox 3.6 will end April 24. Asa Dotzler presents Opera as an alternative for you crazy people still on Windows 2000, XP RTM or XP SP1.
Thread beginning with comment 511682
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Firefox 10 ESR
by Lennie on Sat 24th Mar 2012 00:51 UTC in reply to "RE[2]: Firefox 10 ESR"
Lennie
Member since:
2007-09-22

That is the whole point, you can't get any security updates anymore for the old Windows 2000, XP without SP3.

And this has been true for a while now (2000 and XP SP2 ended in 2010, Vista SP1 in 2011).

Reply Parent Score: 4

RE[4]: Firefox 10 ESR
by izomiac on Sat 24th Mar 2012 05:47 in reply to "RE[3]: Firefox 10 ESR"
izomiac Member since:
2006-07-26

Putting Win2K/XP on the open internet would be foolish, but appropriately firewalled the lack of OS security updates is essentially a moot point. Furthermore, you can really trim down 2000 & XP, down to ~6 processes and no inbound open ports in the case of the former, which reduces the attack profile to virtually nothing. Except for the now out-of-date web browser, of course.

Reply Parent Score: 2

RE[5]: Firefox 10 ESR
by tanishaj on Sat 24th Mar 2012 05:56 in reply to "RE[4]: Firefox 10 ESR"
tanishaj Member since:
2010-12-22

Putting Win2K/XP on the open internet would be foolish, but appropriately firewalled the lack of OS security updates is essentially a moot point.


Who said that Microsoft has stopped releasing security updates for XP? It will be supported for two more years.

Reply Parent Score: 2

RE[5]: Firefox 10 ESR
by Lennie on Sat 24th Mar 2012 08:35 in reply to "RE[4]: Firefox 10 ESR"
Lennie Member since:
2007-09-22

Putting any Windows on the public Internet is risk, I would never do it.

The problem isn't so much with the browser, it is with the plugins.

For example you don't get any updates for Flash, Acrobat Reader and possibly Java.

If the browser would disable/blacklist all old versions of plugins by default that would be a start. But they don't.

Edit: I should add, I also have some Windows 2000 machines still running. So I understand the "pain".

My solution is: Linux or VM with readonly imagefile (everytime you boot, it will use the files every time).

And if I'm gonna run a VM on an other machine/server, might as well replace the old computer with a Raspberry Pi.

When I get one, it is what I'll try to do.

Edited 2012-03-24 08:42 UTC

Reply Parent Score: 2

RE[5]: Firefox 10 ESR
by bert64 on Mon 26th Mar 2012 09:43 in reply to "RE[4]: Firefox 10 ESR"
bert64 Member since:
2007-04-23

Because this "legacy os" is abandoned by its creator, and will never receive any security updates ever again... It's also closed source and proprietary so noone else can provide fixes for it instead.
As such, using it on the Internet is wholly irresponsible.

You may feel that by turning off unused services means you are safe, but then this is something you should have done in the first place and should also be doing with any modern os. Turning off services only reduces the risk.
Why would a workstation have any inbound ports at all? Surely the most common use case of a workstation is that you only make outbound connections.

Also, making outbound connections also carries risk, you may be running an up to date browser, but that browser also has to interact with the rest of the OS, and this too can introduce risks. There have been several security vulnerabilities in windows which can be attacked through third party browsers, and if any more are found in these old versions they will never be fixed.

Also, just because firefox doesn't officially support these old systems, doesn't mean you can't compile your own binaries for it. The source is available, so if there is any demand then someone will make it available. Debian and NetBSD make firefox available for all manner of niche hardware platforms, just this week i installed firefox on an ia64 box.

Reply Parent Score: 2

RE[4]: Firefox 10 ESR
by freebsd on Sat 24th Mar 2012 11:21 in reply to "RE[3]: Firefox 10 ESR"
freebsd Member since:
2010-08-26

If you use your machine just for surfing web/video chatting and all those daily chores, access your bank, order some thing from ebay or pizza hut.......nothing wrong...Win2k and XP by that time will have very low user base that attackers will care worth attacking for...run it with a restricted user and you are good to go...use old browsers (FF and chrome) till the versions they keep releasing I mean

Reply Parent Score: 1