Home Is .NET Framework 4 Client profile secure?
Reply: 1

Is .NET Framework 4 Client profile secure?

Euphoric
1#
Euphoric Published in 2018-02-14 07:58:05Z

This question talks about companies who only support .NET Framework 4 Client profile due to security reasons. But does only allowing use of .NET Framework Client profile increase security? This answers talks about that being main case for Client profile. But that was 8 years ago.

I can see two reasons why using .NET Framework 4 Client profile is not as secure as it might seem:

  • While surface of .NET API is smaller than full framework, it is still possible to PInvoke any WinAPI method. So there is not much security here.
  • Being almost 8 years old, MS might no longer support it, by releasing hotfixes to found security issues. But I was unable to find any information about this.

Is my reasoning above valid? Are there any other reasons why using only .NET Framework 4 Client profile might be more secure than running full and new .NET?

NightOwl888
2#
NightOwl888 Reply to 2018-02-14 17:30:25Z

To reiterate what was talked about in the linked question:

...merely the fact that security updates stopped being issued Jan 2016 should be enough to light a fire under the security conscious.

https://blogs.msdn.microsoft.com/dotnet/2015/12/09/support-ending-for-the-net-framework-4-4-5-and-4-5-1/

I don't see how any software that hasn't been patched because it hasn't been officially supported in over 2 years could be considered secure.

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.37778 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO