Results 1 to 7 of 7

Thread: .NET Framework

  1. #1
    Join Date
    May 2013
    Posts
    5
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts

    Default .NET Framework

    Seen on a couple of blogs warnings to not install .NET Framework, due to privacy or security concerns, but Google searches fail to turn up any specifics. Anyone know about such exploits, problems, etc., that would make installation detrimental?

  2. #2
    Join Date
    Nov 2010
    Location
    Serbia
    Posts
    2,242
    Thanks Thanks Given 
    126
    Thanks Thanks Received 
    8
    Thanked in
    5 Posts

    Default

    The whole Windows circus and all it's associated acts (this means .net framework too) are exploitable. They always will be, hence so many security fixes and updates. 'nix based systems (various Linux distros, FreeBSD, Max OS X, ...) are vulnerable too, to a point. But they're not nearly as widely used - and they're harder targets as well - so most people just leave them alone.

    Choosing not to install various versions of .NET frameworks to reduce your computer's attack surface is about as needed and effective as wearing a tinfoil hat to prevent the government from controlling your mind.
    Careful what you wish for... You just might get it.

  3. #3
    Join Date
    Aug 2010
    Posts
    2,700
    Thanks Thanks Given 
    116
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts

    Default

    Without .NET Framework many applications will refuse to run. In fact, Windows 7 comes with framework preinstalled.

    Framework is also regularly updated through Windows Update, so it's probably not much of a concern.

  4. #4
    Join Date
    Jun 2010
    Location
    England
    Posts
    572
    Thanks Thanks Given 
    22
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts

    Default

    Ensure it's updated at every possible point, and have security software running. You should be fine.
    Intel i7-2600k with an XSPC Raystorm water block, 4x4GB Corsair Dominator, SLi Evga-GTX560Ti-448 FTWs, Asrock Extreme4 Gen3, Crucial M4 256GB SSD, Samsung Spinpoint F3 1TB HDD, powered by a Silverstone Strider+ 850 PSU in a Silverstone TJ-07BW case.
    I'm not buying EK GPU blocks ever again. (One GPU killed)

  5. #5
    Join Date
    May 2013
    Posts
    5
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts

    Default

    Quote Originally Posted by McSteel View Post
    The whole Windows circus and all it's associated acts (this means .net framework too) are exploitable. They always will be, hence so many security fixes and updates. 'nix based systems (various Linux distros, FreeBSD, Max OS X, ...) are vulnerable too, to a point. But they're not nearly as widely used - and they're harder targets as well - so most people just leave them alone.

    Choosing not to install various versions of .NET frameworks to reduce your computer's attack surface is about as needed and effective as wearing a tinfoil hat to prevent the government from controlling your mind.
    So would you say that the benefit of installing EMET 4.0 outweighs the detriment of installing .NET Framework (upon which it depends)?

  6. #6
    Join Date
    May 2013
    Posts
    5
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts

    Default

    Quote Originally Posted by rafal_iB_PL View Post
    Without .NET Framework many applications will refuse to run. In fact, Windows 7 comes with framework preinstalled.

    Framework is also regularly updated through Windows Update, so it's probably not much of a concern.
    I will be using XP Pro, so Windows Update will not be happening.

  7. #7
    Join Date
    May 2013
    Posts
    5
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts

    Default

    Quote Originally Posted by allikat View Post
    Ensure it's updated at every possible point, and have security software running. You should be fine.
    I will have plenty of security software, but so did many others, and that did not stop Microsoft from using .NET to mess up Firefox not long ago with that auto-update junk. That said, I really want EMET to bolster security, but cannot help being wary about .NET!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •