Is an up-to-date browser secure on an out-of-date OS? The 2019 Stack Overflow Developer Survey Results Are InWhy should browser security be prioritized?How can I protect my browser from being compromised?How does the Yahoo webmail exploit work?Secure information exchange between web applications using browser redirectionSecure browser storageHow to display friendly notification about no TLS 1.0 support in browserWhy do browsers default to http: and not https: for typed in URLs?Are there any architectures currently out there that use hardware-enforced process isolation? What would it take to add that to x86?Chrome + EMET= How Strong Realistic Protection Against Browser-Based Threats?Is using Gmail App over Web Gmail more safe?Designing a sandbox or how to “perfectly” isolate an app?
Spanish for "widget"
aging parents with no investments
What are the motivations for publishing new editions of an existing textbook, beyond new discoveries in a field?
Inversion Puzzle
I looked up a future colleague on LinkedIn before I started a job. I told my colleague about it and he seemed surprised. Should I apologize?
Are USB sockets on wall outlets live all the time, even when the switch is off?
How to change the limits of integration
How was Skylab's orbit inclination chosen?
What spell level should this homebrew After-Image spell be?
What does "sndry explns" mean in one of the Hitchhiker's guide books?
Lethal sonic weapons
Which Sci-Fi work first showed weapon of galactic-scale mass destruction?
Could a US political party gain complete control over the government by removing checks & balances?
Monty Hall variation
Idiomatic way to prevent slicing?
What tool would a Roman-age civilization have to grind silver and other metals into dust?
A poker game description that does not feel gimmicky
CiviEvent: Public link for events of a specific type
Potential by Assembling Charges
Are there any other methods to apply to solving simultaneous equations?
On the insanity of kings as an argument against monarchy
Protecting Dualbooting Windows from dangerous code (like rm -rf)
Adding labels to a table: columns and rows
I see my dog run
Is an up-to-date browser secure on an out-of-date OS?
The 2019 Stack Overflow Developer Survey Results Are InWhy should browser security be prioritized?How can I protect my browser from being compromised?How does the Yahoo webmail exploit work?Secure information exchange between web applications using browser redirectionSecure browser storageHow to display friendly notification about no TLS 1.0 support in browserWhy do browsers default to http: and not https: for typed in URLs?Are there any architectures currently out there that use hardware-enforced process isolation? What would it take to add that to x86?Chrome + EMET= How Strong Realistic Protection Against Browser-Based Threats?Is using Gmail App over Web Gmail more safe?Designing a sandbox or how to “perfectly” isolate an app?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
Windows 7 support will end on January 14, 2020. Assuming that after that day I still use an updated browser, is it true that I'm still safe? Can it "patch" the OS-based security holes?
Minor question: typically, how long would the browsers stop supporting abandoned OS? Is there any number on this?
Related: Why should browser security be prioritized?
web-browser appsec operating-systems windows-7
edited 40 mins ago
forest
39.8k18128144
asked 4 hours ago
OokerOoker
5761611
add a comment |
Windows 7 support will end on January 14, 2020. Assuming that after that day I still use an updated browser, is it true that I'm still safe? Can it "patch" the OS-based security holes?
Minor question: typically, how long would the browsers stop supporting abandoned OS? Is there any number on this?
Related: Why should browser security be prioritized?
web-browser appsec operating-systems windows-7
edited 40 mins ago
forest
39.8k18128144
asked 4 hours ago
OokerOoker
5761611
1
Why not just install Windows 10? It's a pain, but you can disable the privacy-violating "telemetry" features and change the desktop to look more like that of 7. Windows 10 has significantly superior security anyways.
– forest
3 hours ago
thanks. My machine is quite old. I stick to Windows 7 just for the low requirements on hardware
– Ooker
2 hours ago
Perhaps you should consider switching to a popular Linux distribution like Ubuntu then. It's secure, privacy-friendly, and works very well on a wide-variety of hardware (even old hardware).
– forest
2 hours ago
unfortunately, I need Windows programs (AutoHotKey, ShareX, ManicTime). Libre Office can replace MS Office, but it's buggy for large files
– Ooker
2 hours ago
Wine works for many programs, and there are good (sometimes superior) alternatives to many Windows-native programs that are incompatible with Wine. I suppose you'll have to decide whether or not it's important enough for you to buy a new computer (and continue to do so every few years).
– forest
1 hour ago
add a comment |
Windows 7 support will end on January 14, 2020. Assuming that after that day I still use an updated browser, is it true that I'm still safe? Can it "patch" the OS-based security holes?
Minor question: typically, how long would the browsers stop supporting abandoned OS? Is there any number on this?
Related: Why should browser security be prioritized?
web-browser appsec operating-systems windows-7
edited 40 mins ago
forest
39.8k18128144
asked 4 hours ago
OokerOoker
5761611
Windows 7 support will end on January 14, 2020. Assuming that after that day I still use an updated browser, is it true that I'm still safe? Can it "patch" the OS-based security holes?
Minor question: typically, how long would the browsers stop supporting abandoned OS? Is there any number on this?
Related: Why should browser security be prioritized?
web-browser appsec operating-systems windows-7
web-browser appsec operating-systems windows-7
edited 40 mins ago
forest
39.8k18128144
asked 4 hours ago
OokerOoker
5761611
edited 40 mins ago
forest
39.8k18128144
asked 4 hours ago
OokerOoker
5761611
edited 40 mins ago
forest
39.8k18128144
edited 40 mins ago
forest
39.8k18128144
edited 40 mins ago
forest
39.8k18128144
39.8k18128144
asked 4 hours ago
OokerOoker
5761611
asked 4 hours ago
OokerOoker
5761611
asked 4 hours ago
OokerOoker
5761611
5761611
1
Why not just install Windows 10? It's a pain, but you can disable the privacy-violating "telemetry" features and change the desktop to look more like that of 7. Windows 10 has significantly superior security anyways.
– forest
3 hours ago
thanks. My machine is quite old. I stick to Windows 7 just for the low requirements on hardware
– Ooker
2 hours ago
Perhaps you should consider switching to a popular Linux distribution like Ubuntu then. It's secure, privacy-friendly, and works very well on a wide-variety of hardware (even old hardware).
– forest
2 hours ago
unfortunately, I need Windows programs (AutoHotKey, ShareX, ManicTime). Libre Office can replace MS Office, but it's buggy for large files
– Ooker
2 hours ago
Wine works for many programs, and there are good (sometimes superior) alternatives to many Windows-native programs that are incompatible with Wine. I suppose you'll have to decide whether or not it's important enough for you to buy a new computer (and continue to do so every few years).
– forest
1 hour ago
add a comment |
1
Why not just install Windows 10? It's a pain, but you can disable the privacy-violating "telemetry" features and change the desktop to look more like that of 7. Windows 10 has significantly superior security anyways.
– forest
3 hours ago
thanks. My machine is quite old. I stick to Windows 7 just for the low requirements on hardware
– Ooker
2 hours ago
Perhaps you should consider switching to a popular Linux distribution like Ubuntu then. It's secure, privacy-friendly, and works very well on a wide-variety of hardware (even old hardware).
– forest
2 hours ago
unfortunately, I need Windows programs (AutoHotKey, ShareX, ManicTime). Libre Office can replace MS Office, but it's buggy for large files
– Ooker
2 hours ago
Wine works for many programs, and there are good (sometimes superior) alternatives to many Windows-native programs that are incompatible with Wine. I suppose you'll have to decide whether or not it's important enough for you to buy a new computer (and continue to do so every few years).
– forest
1 hour ago
1
1
Why not just install Windows 10? It's a pain, but you can disable the privacy-violating "telemetry" features and change the desktop to look more like that of 7. Windows 10 has significantly superior security anyways.
– forest
3 hours ago
Why not just install Windows 10? It's a pain, but you can disable the privacy-violating "telemetry" features and change the desktop to look more like that of 7. Windows 10 has significantly superior security anyways.
– forest
3 hours ago
thanks. My machine is quite old. I stick to Windows 7 just for the low requirements on hardware
– Ooker
2 hours ago
thanks. My machine is quite old. I stick to Windows 7 just for the low requirements on hardware
– Ooker
2 hours ago
Perhaps you should consider switching to a popular Linux distribution like Ubuntu then. It's secure, privacy-friendly, and works very well on a wide-variety of hardware (even old hardware).
– forest
2 hours ago
Perhaps you should consider switching to a popular Linux distribution like Ubuntu then. It's secure, privacy-friendly, and works very well on a wide-variety of hardware (even old hardware).
– forest
2 hours ago
unfortunately, I need Windows programs (AutoHotKey, ShareX, ManicTime). Libre Office can replace MS Office, but it's buggy for large files
– Ooker
2 hours ago
unfortunately, I need Windows programs (AutoHotKey, ShareX, ManicTime). Libre Office can replace MS Office, but it's buggy for large files
– Ooker
2 hours ago
Wine works for many programs, and there are good (sometimes superior) alternatives to many Windows-native programs that are incompatible with Wine. I suppose you'll have to decide whether or not it's important enough for you to buy a new computer (and continue to do so every few years).
– forest
1 hour ago
Wine works for many programs, and there are good (sometimes superior) alternatives to many Windows-native programs that are incompatible with Wine. I suppose you'll have to decide whether or not it's important enough for you to buy a new computer (and continue to do so every few years).
– forest
1 hour ago
add a comment |
1 Answer
1
active
oldest
votes
Do not use an outdated OS, even with a modern browser.
Assuming that after that day I still use an updated browser, is it true that I'm still safe?
No, you cannot avoid browser-based security holes only by updating the browser. There are a few reasons for this. Primarily, the browser is not entirely self-contained. It makes use of operating system libraries, for example the system memory allocator. This allocator is designed to mitigate various memory corruption-related security issues. If the allocator is not kept up to date, memory exploitation bugs may be easier to perform against the browser, no matter how up to date the browser is.
Another reason is that browser security often relies on OS sandboxing features. A powerful browser exploit must be combined with a so-called sandbox escape. How easy that escape is depends on how secure the operating system is as well as how secure the browser is. By using an outdated operating system, your browser is being protected by out of date and potentially vulnerable security features.
Can it "patch" the OS-based security holes?
No. Patching operating system vulnerabilities requires elevated privileges, which a browser does not have. Even if it did, browsers are not designed to modify system settings or system files. There is no extension or web page you can go to that is able to patch security vulnerabilities in your OS.
Minor question: typically, how long would the browsers stop supporting abandoned OS?
This is impossible to answer factually. Programs typically continue working on older systems for a very long time. They only stop working when they begin to rely on newer system APIs that aren't present in older versions. This is relatively rare. A browser should be able to run on an outdated operating system for many years, albeit not very securely. Most likely, as it begins to rely on newer and newer APIs, features in the browser will just start breaking one by one (especially security-related features) until it eventually does not start up at all. This does not give you an excuse to use an outdated OS though...
answered 3 hours ago
forestforest
39.8k18128144
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207122%2fis-an-up-to-date-browser-secure-on-an-out-of-date-os%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Do not use an outdated OS, even with a modern browser.
Assuming that after that day I still use an updated browser, is it true that I'm still safe?
No, you cannot avoid browser-based security holes only by updating the browser. There are a few reasons for this. Primarily, the browser is not entirely self-contained. It makes use of operating system libraries, for example the system memory allocator. This allocator is designed to mitigate various memory corruption-related security issues. If the allocator is not kept up to date, memory exploitation bugs may be easier to perform against the browser, no matter how up to date the browser is.
Another reason is that browser security often relies on OS sandboxing features. A powerful browser exploit must be combined with a so-called sandbox escape. How easy that escape is depends on how secure the operating system is as well as how secure the browser is. By using an outdated operating system, your browser is being protected by out of date and potentially vulnerable security features.
Can it "patch" the OS-based security holes?
No. Patching operating system vulnerabilities requires elevated privileges, which a browser does not have. Even if it did, browsers are not designed to modify system settings or system files. There is no extension or web page you can go to that is able to patch security vulnerabilities in your OS.
Minor question: typically, how long would the browsers stop supporting abandoned OS?
This is impossible to answer factually. Programs typically continue working on older systems for a very long time. They only stop working when they begin to rely on newer system APIs that aren't present in older versions. This is relatively rare. A browser should be able to run on an outdated operating system for many years, albeit not very securely. Most likely, as it begins to rely on newer and newer APIs, features in the browser will just start breaking one by one (especially security-related features) until it eventually does not start up at all. This does not give you an excuse to use an outdated OS though...
answered 3 hours ago
forestforest
39.8k18128144
add a comment |
Do not use an outdated OS, even with a modern browser.
Assuming that after that day I still use an updated browser, is it true that I'm still safe?
No, you cannot avoid browser-based security holes only by updating the browser. There are a few reasons for this. Primarily, the browser is not entirely self-contained. It makes use of operating system libraries, for example the system memory allocator. This allocator is designed to mitigate various memory corruption-related security issues. If the allocator is not kept up to date, memory exploitation bugs may be easier to perform against the browser, no matter how up to date the browser is.
Another reason is that browser security often relies on OS sandboxing features. A powerful browser exploit must be combined with a so-called sandbox escape. How easy that escape is depends on how secure the operating system is as well as how secure the browser is. By using an outdated operating system, your browser is being protected by out of date and potentially vulnerable security features.
Can it "patch" the OS-based security holes?
No. Patching operating system vulnerabilities requires elevated privileges, which a browser does not have. Even if it did, browsers are not designed to modify system settings or system files. There is no extension or web page you can go to that is able to patch security vulnerabilities in your OS.
Minor question: typically, how long would the browsers stop supporting abandoned OS?
This is impossible to answer factually. Programs typically continue working on older systems for a very long time. They only stop working when they begin to rely on newer system APIs that aren't present in older versions. This is relatively rare. A browser should be able to run on an outdated operating system for many years, albeit not very securely. Most likely, as it begins to rely on newer and newer APIs, features in the browser will just start breaking one by one (especially security-related features) until it eventually does not start up at all. This does not give you an excuse to use an outdated OS though...
answered 3 hours ago
forestforest
39.8k18128144
add a comment |
Do not use an outdated OS, even with a modern browser.
Assuming that after that day I still use an updated browser, is it true that I'm still safe?
No, you cannot avoid browser-based security holes only by updating the browser. There are a few reasons for this. Primarily, the browser is not entirely self-contained. It makes use of operating system libraries, for example the system memory allocator. This allocator is designed to mitigate various memory corruption-related security issues. If the allocator is not kept up to date, memory exploitation bugs may be easier to perform against the browser, no matter how up to date the browser is.
Another reason is that browser security often relies on OS sandboxing features. A powerful browser exploit must be combined with a so-called sandbox escape. How easy that escape is depends on how secure the operating system is as well as how secure the browser is. By using an outdated operating system, your browser is being protected by out of date and potentially vulnerable security features.
Can it "patch" the OS-based security holes?
No. Patching operating system vulnerabilities requires elevated privileges, which a browser does not have. Even if it did, browsers are not designed to modify system settings or system files. There is no extension or web page you can go to that is able to patch security vulnerabilities in your OS.
Minor question: typically, how long would the browsers stop supporting abandoned OS?
This is impossible to answer factually. Programs typically continue working on older systems for a very long time. They only stop working when they begin to rely on newer system APIs that aren't present in older versions. This is relatively rare. A browser should be able to run on an outdated operating system for many years, albeit not very securely. Most likely, as it begins to rely on newer and newer APIs, features in the browser will just start breaking one by one (especially security-related features) until it eventually does not start up at all. This does not give you an excuse to use an outdated OS though...
answered 3 hours ago
forestforest
39.8k18128144
Do not use an outdated OS, even with a modern browser.
Assuming that after that day I still use an updated browser, is it true that I'm still safe?
No, you cannot avoid browser-based security holes only by updating the browser. There are a few reasons for this. Primarily, the browser is not entirely self-contained. It makes use of operating system libraries, for example the system memory allocator. This allocator is designed to mitigate various memory corruption-related security issues. If the allocator is not kept up to date, memory exploitation bugs may be easier to perform against the browser, no matter how up to date the browser is.
Another reason is that browser security often relies on OS sandboxing features. A powerful browser exploit must be combined with a so-called sandbox escape. How easy that escape is depends on how secure the operating system is as well as how secure the browser is. By using an outdated operating system, your browser is being protected by out of date and potentially vulnerable security features.
Can it "patch" the OS-based security holes?
No. Patching operating system vulnerabilities requires elevated privileges, which a browser does not have. Even if it did, browsers are not designed to modify system settings or system files. There is no extension or web page you can go to that is able to patch security vulnerabilities in your OS.
Minor question: typically, how long would the browsers stop supporting abandoned OS?
This is impossible to answer factually. Programs typically continue working on older systems for a very long time. They only stop working when they begin to rely on newer system APIs that aren't present in older versions. This is relatively rare. A browser should be able to run on an outdated operating system for many years, albeit not very securely. Most likely, as it begins to rely on newer and newer APIs, features in the browser will just start breaking one by one (especially security-related features) until it eventually does not start up at all. This does not give you an excuse to use an outdated OS though...
answered 3 hours ago
forestforest
39.8k18128144
answered 3 hours ago
forestforest
39.8k18128144
answered 3 hours ago
forestforest
39.8k18128144
answered 3 hours ago
forestforest
39.8k18128144
39.8k18128144
add a comment |
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207122%2fis-an-up-to-date-browser-secure-on-an-out-of-date-os%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Why not just install Windows 10? It's a pain, but you can disable the privacy-violating "telemetry" features and change the desktop to look more like that of 7. Windows 10 has significantly superior security anyways.
– forest
3 hours ago
thanks. My machine is quite old. I stick to Windows 7 just for the low requirements on hardware
– Ooker
2 hours ago
Perhaps you should consider switching to a popular Linux distribution like Ubuntu then. It's secure, privacy-friendly, and works very well on a wide-variety of hardware (even old hardware).
– forest
2 hours ago
unfortunately, I need Windows programs (AutoHotKey, ShareX, ManicTime). Libre Office can replace MS Office, but it's buggy for large files
– Ooker
2 hours ago
Wine works for many programs, and there are good (sometimes superior) alternatives to many Windows-native programs that are incompatible with Wine. I suppose you'll have to decide whether or not it's important enough for you to buy a new computer (and continue to do so every few years).
– forest
1 hour ago