Is an up-to-date browser secure on an out-of-date OS? The 2019 Stack Overflow Developer Survey Results Are InWhy should browser security be prioritized?How can I protect my browser from being compromised?How does the Yahoo webmail exploit work?Secure information exchange between web applications using browser redirectionSecure browser storageHow to display friendly notification about no TLS 1.0 support in browserWhy do browsers default to http: and not https: for typed in URLs?Are there any architectures currently out there that use hardware-enforced process isolation? What would it take to add that to x86?Chrome + EMET= How Strong Realistic Protection Against Browser-Based Threats?Is using Gmail App over Web Gmail more safe?Designing a sandbox or how to “perfectly” isolate an app?

What do hard-Brexiteers want with respect to the Irish border?

Output the Arecibo Message

What does Linus Torvalds mean when he says that Git "never ever" tracks a file?

How long do I have to send my income tax payment to the IRS?

Why is Grand Jury testimony secret?

Potential by Assembling Charges

What could be the right powersource for 15 seconds lifespan disposable giant chainsaw?

Which Sci-Fi work first showed weapon of galactic-scale mass destruction?

What can other administrators access on my machine?

Is "plugging out" electronic devices an American expression?

Is this food a bread or a loaf?

Idiomatic way to prevent slicing?

Manuscript was "unsubmitted" because the manuscript was deposited in Arxiv Preprints

What is the motivation for a law requiring 2 parties to consent for recording a conversation

Where does the "burst of radiance" from Holy Weapon originate?

Flying Bloodthirsty Lampshades

Is three citations per paragraph excessive for undergraduate research paper?

What does "sndry explns" mean in one of the Hitchhiker's guide books?

Does duplicating a spell with Wish count as casting that spell?

What is the meaning of Triage in Cybersec world?

What are the motivations for publishing new editions of an existing textbook, beyond new discoveries in a field?

The difference between dialogue marks

Is bread bad for ducks?

Pristine Bit Checking



Is an up-to-date browser secure on an out-of-date OS?



The 2019 Stack Overflow Developer Survey Results Are InWhy should browser security be prioritized?How can I protect my browser from being compromised?How does the Yahoo webmail exploit work?Secure information exchange between web applications using browser redirectionSecure browser storageHow to display friendly notification about no TLS 1.0 support in browserWhy do browsers default to http: and not https: for typed in URLs?Are there any architectures currently out there that use hardware-enforced process isolation? What would it take to add that to x86?Chrome + EMET= How Strong Realistic Protection Against Browser-Based Threats?Is using Gmail App over Web Gmail more safe?Designing a sandbox or how to “perfectly” isolate an app?



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








2















Windows 7 support will end on January 14, 2020. Assuming that after that day I still use an updated browser, is it true that I'm still safe? Can it "patch" the OS-based security holes?



Minor question: typically, how long would the browsers stop supporting abandoned OS? Is there any number on this?






Related: Why should browser security be prioritized?










share|improve this question



















  • 1





    Why not just install Windows 10? It's a pain, but you can disable the privacy-violating "telemetry" features and change the desktop to look more like that of 7. Windows 10 has significantly superior security anyways.

    – forest
    3 hours ago












  • thanks. My machine is quite old. I stick to Windows 7 just for the low requirements on hardware

    – Ooker
    2 hours ago











  • Perhaps you should consider switching to a popular Linux distribution like Ubuntu then. It's secure, privacy-friendly, and works very well on a wide-variety of hardware (even old hardware).

    – forest
    2 hours ago












  • unfortunately, I need Windows programs (AutoHotKey, ShareX, ManicTime). Libre Office can replace MS Office, but it's buggy for large files

    – Ooker
    1 hour ago











  • Wine works for many programs, and there are good (sometimes superior) alternatives to many Windows-native programs that are incompatible with Wine. I suppose you'll have to decide whether or not it's important enough for you to buy a new computer (and continue to do so every few years).

    – forest
    1 hour ago

















2















Windows 7 support will end on January 14, 2020. Assuming that after that day I still use an updated browser, is it true that I'm still safe? Can it "patch" the OS-based security holes?



Minor question: typically, how long would the browsers stop supporting abandoned OS? Is there any number on this?






Related: Why should browser security be prioritized?










share|improve this question



















  • 1





    Why not just install Windows 10? It's a pain, but you can disable the privacy-violating "telemetry" features and change the desktop to look more like that of 7. Windows 10 has significantly superior security anyways.

    – forest
    3 hours ago












  • thanks. My machine is quite old. I stick to Windows 7 just for the low requirements on hardware

    – Ooker
    2 hours ago











  • Perhaps you should consider switching to a popular Linux distribution like Ubuntu then. It's secure, privacy-friendly, and works very well on a wide-variety of hardware (even old hardware).

    – forest
    2 hours ago












  • unfortunately, I need Windows programs (AutoHotKey, ShareX, ManicTime). Libre Office can replace MS Office, but it's buggy for large files

    – Ooker
    1 hour ago











  • Wine works for many programs, and there are good (sometimes superior) alternatives to many Windows-native programs that are incompatible with Wine. I suppose you'll have to decide whether or not it's important enough for you to buy a new computer (and continue to do so every few years).

    – forest
    1 hour ago













2












2








2


1






Windows 7 support will end on January 14, 2020. Assuming that after that day I still use an updated browser, is it true that I'm still safe? Can it "patch" the OS-based security holes?



Minor question: typically, how long would the browsers stop supporting abandoned OS? Is there any number on this?






Related: Why should browser security be prioritized?










share|improve this question
















Windows 7 support will end on January 14, 2020. Assuming that after that day I still use an updated browser, is it true that I'm still safe? Can it "patch" the OS-based security holes?



Minor question: typically, how long would the browsers stop supporting abandoned OS? Is there any number on this?






Related: Why should browser security be prioritized?







web-browser appsec operating-systems windows-7






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 38 mins ago









forest

39.8k18128144




39.8k18128144










asked 4 hours ago









OokerOoker

5761611




5761611







  • 1





    Why not just install Windows 10? It's a pain, but you can disable the privacy-violating "telemetry" features and change the desktop to look more like that of 7. Windows 10 has significantly superior security anyways.

    – forest
    3 hours ago












  • thanks. My machine is quite old. I stick to Windows 7 just for the low requirements on hardware

    – Ooker
    2 hours ago











  • Perhaps you should consider switching to a popular Linux distribution like Ubuntu then. It's secure, privacy-friendly, and works very well on a wide-variety of hardware (even old hardware).

    – forest
    2 hours ago












  • unfortunately, I need Windows programs (AutoHotKey, ShareX, ManicTime). Libre Office can replace MS Office, but it's buggy for large files

    – Ooker
    1 hour ago











  • Wine works for many programs, and there are good (sometimes superior) alternatives to many Windows-native programs that are incompatible with Wine. I suppose you'll have to decide whether or not it's important enough for you to buy a new computer (and continue to do so every few years).

    – forest
    1 hour ago












  • 1





    Why not just install Windows 10? It's a pain, but you can disable the privacy-violating "telemetry" features and change the desktop to look more like that of 7. Windows 10 has significantly superior security anyways.

    – forest
    3 hours ago












  • thanks. My machine is quite old. I stick to Windows 7 just for the low requirements on hardware

    – Ooker
    2 hours ago











  • Perhaps you should consider switching to a popular Linux distribution like Ubuntu then. It's secure, privacy-friendly, and works very well on a wide-variety of hardware (even old hardware).

    – forest
    2 hours ago












  • unfortunately, I need Windows programs (AutoHotKey, ShareX, ManicTime). Libre Office can replace MS Office, but it's buggy for large files

    – Ooker
    1 hour ago











  • Wine works for many programs, and there are good (sometimes superior) alternatives to many Windows-native programs that are incompatible with Wine. I suppose you'll have to decide whether or not it's important enough for you to buy a new computer (and continue to do so every few years).

    – forest
    1 hour ago







1




1





Why not just install Windows 10? It's a pain, but you can disable the privacy-violating "telemetry" features and change the desktop to look more like that of 7. Windows 10 has significantly superior security anyways.

– forest
3 hours ago






Why not just install Windows 10? It's a pain, but you can disable the privacy-violating "telemetry" features and change the desktop to look more like that of 7. Windows 10 has significantly superior security anyways.

– forest
3 hours ago














thanks. My machine is quite old. I stick to Windows 7 just for the low requirements on hardware

– Ooker
2 hours ago





thanks. My machine is quite old. I stick to Windows 7 just for the low requirements on hardware

– Ooker
2 hours ago













Perhaps you should consider switching to a popular Linux distribution like Ubuntu then. It's secure, privacy-friendly, and works very well on a wide-variety of hardware (even old hardware).

– forest
2 hours ago






Perhaps you should consider switching to a popular Linux distribution like Ubuntu then. It's secure, privacy-friendly, and works very well on a wide-variety of hardware (even old hardware).

– forest
2 hours ago














unfortunately, I need Windows programs (AutoHotKey, ShareX, ManicTime). Libre Office can replace MS Office, but it's buggy for large files

– Ooker
1 hour ago





unfortunately, I need Windows programs (AutoHotKey, ShareX, ManicTime). Libre Office can replace MS Office, but it's buggy for large files

– Ooker
1 hour ago













Wine works for many programs, and there are good (sometimes superior) alternatives to many Windows-native programs that are incompatible with Wine. I suppose you'll have to decide whether or not it's important enough for you to buy a new computer (and continue to do so every few years).

– forest
1 hour ago





Wine works for many programs, and there are good (sometimes superior) alternatives to many Windows-native programs that are incompatible with Wine. I suppose you'll have to decide whether or not it's important enough for you to buy a new computer (and continue to do so every few years).

– forest
1 hour ago










1 Answer
1






active

oldest

votes


















5














Do not use an outdated OS, even with a modern browser.




Assuming that after that day I still use an updated browser, is it true that I'm still safe?




No, you cannot avoid browser-based security holes only by updating the browser. There are a few reasons for this. Primarily, the browser is not entirely self-contained. It makes use of operating system libraries, for example the system memory allocator. This allocator is designed to mitigate various memory corruption-related security issues. If the allocator is not kept up to date, memory exploitation bugs may be easier to perform against the browser, no matter how up to date the browser is.



Another reason is that browser security often relies on OS sandboxing features. A powerful browser exploit must be combined with a so-called sandbox escape. How easy that escape is depends on how secure the operating system is as well as how secure the browser is. By using an outdated operating system, your browser is being protected by out of date and potentially vulnerable security features.




Can it "patch" the OS-based security holes?




No. Patching operating system vulnerabilities requires elevated privileges, which a browser does not have. Even if it did, browsers are not designed to modify system settings or system files. There is no extension or web page you can go to that is able to patch security vulnerabilities in your OS.




Minor question: typically, how long would the browsers stop supporting abandoned OS?




This is impossible to answer factually. Programs typically continue working on older systems for a very long time. They only stop working when they begin to rely on newer system APIs that aren't present in older versions. This is relatively rare. A browser should be able to run on an outdated operating system for many years, albeit not very securely. Most likely, as it begins to rely on newer and newer APIs, features in the browser will just start breaking one by one (especially security-related features) until it eventually does not start up at all. This does not give you an excuse to use an outdated OS though...






share|improve this answer























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "162"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207122%2fis-an-up-to-date-browser-secure-on-an-out-of-date-os%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    5














    Do not use an outdated OS, even with a modern browser.




    Assuming that after that day I still use an updated browser, is it true that I'm still safe?




    No, you cannot avoid browser-based security holes only by updating the browser. There are a few reasons for this. Primarily, the browser is not entirely self-contained. It makes use of operating system libraries, for example the system memory allocator. This allocator is designed to mitigate various memory corruption-related security issues. If the allocator is not kept up to date, memory exploitation bugs may be easier to perform against the browser, no matter how up to date the browser is.



    Another reason is that browser security often relies on OS sandboxing features. A powerful browser exploit must be combined with a so-called sandbox escape. How easy that escape is depends on how secure the operating system is as well as how secure the browser is. By using an outdated operating system, your browser is being protected by out of date and potentially vulnerable security features.




    Can it "patch" the OS-based security holes?




    No. Patching operating system vulnerabilities requires elevated privileges, which a browser does not have. Even if it did, browsers are not designed to modify system settings or system files. There is no extension or web page you can go to that is able to patch security vulnerabilities in your OS.




    Minor question: typically, how long would the browsers stop supporting abandoned OS?




    This is impossible to answer factually. Programs typically continue working on older systems for a very long time. They only stop working when they begin to rely on newer system APIs that aren't present in older versions. This is relatively rare. A browser should be able to run on an outdated operating system for many years, albeit not very securely. Most likely, as it begins to rely on newer and newer APIs, features in the browser will just start breaking one by one (especially security-related features) until it eventually does not start up at all. This does not give you an excuse to use an outdated OS though...






    share|improve this answer



























      5














      Do not use an outdated OS, even with a modern browser.




      Assuming that after that day I still use an updated browser, is it true that I'm still safe?




      No, you cannot avoid browser-based security holes only by updating the browser. There are a few reasons for this. Primarily, the browser is not entirely self-contained. It makes use of operating system libraries, for example the system memory allocator. This allocator is designed to mitigate various memory corruption-related security issues. If the allocator is not kept up to date, memory exploitation bugs may be easier to perform against the browser, no matter how up to date the browser is.



      Another reason is that browser security often relies on OS sandboxing features. A powerful browser exploit must be combined with a so-called sandbox escape. How easy that escape is depends on how secure the operating system is as well as how secure the browser is. By using an outdated operating system, your browser is being protected by out of date and potentially vulnerable security features.




      Can it "patch" the OS-based security holes?




      No. Patching operating system vulnerabilities requires elevated privileges, which a browser does not have. Even if it did, browsers are not designed to modify system settings or system files. There is no extension or web page you can go to that is able to patch security vulnerabilities in your OS.




      Minor question: typically, how long would the browsers stop supporting abandoned OS?




      This is impossible to answer factually. Programs typically continue working on older systems for a very long time. They only stop working when they begin to rely on newer system APIs that aren't present in older versions. This is relatively rare. A browser should be able to run on an outdated operating system for many years, albeit not very securely. Most likely, as it begins to rely on newer and newer APIs, features in the browser will just start breaking one by one (especially security-related features) until it eventually does not start up at all. This does not give you an excuse to use an outdated OS though...






      share|improve this answer

























        5












        5








        5







        Do not use an outdated OS, even with a modern browser.




        Assuming that after that day I still use an updated browser, is it true that I'm still safe?




        No, you cannot avoid browser-based security holes only by updating the browser. There are a few reasons for this. Primarily, the browser is not entirely self-contained. It makes use of operating system libraries, for example the system memory allocator. This allocator is designed to mitigate various memory corruption-related security issues. If the allocator is not kept up to date, memory exploitation bugs may be easier to perform against the browser, no matter how up to date the browser is.



        Another reason is that browser security often relies on OS sandboxing features. A powerful browser exploit must be combined with a so-called sandbox escape. How easy that escape is depends on how secure the operating system is as well as how secure the browser is. By using an outdated operating system, your browser is being protected by out of date and potentially vulnerable security features.




        Can it "patch" the OS-based security holes?




        No. Patching operating system vulnerabilities requires elevated privileges, which a browser does not have. Even if it did, browsers are not designed to modify system settings or system files. There is no extension or web page you can go to that is able to patch security vulnerabilities in your OS.




        Minor question: typically, how long would the browsers stop supporting abandoned OS?




        This is impossible to answer factually. Programs typically continue working on older systems for a very long time. They only stop working when they begin to rely on newer system APIs that aren't present in older versions. This is relatively rare. A browser should be able to run on an outdated operating system for many years, albeit not very securely. Most likely, as it begins to rely on newer and newer APIs, features in the browser will just start breaking one by one (especially security-related features) until it eventually does not start up at all. This does not give you an excuse to use an outdated OS though...






        share|improve this answer













        Do not use an outdated OS, even with a modern browser.




        Assuming that after that day I still use an updated browser, is it true that I'm still safe?




        No, you cannot avoid browser-based security holes only by updating the browser. There are a few reasons for this. Primarily, the browser is not entirely self-contained. It makes use of operating system libraries, for example the system memory allocator. This allocator is designed to mitigate various memory corruption-related security issues. If the allocator is not kept up to date, memory exploitation bugs may be easier to perform against the browser, no matter how up to date the browser is.



        Another reason is that browser security often relies on OS sandboxing features. A powerful browser exploit must be combined with a so-called sandbox escape. How easy that escape is depends on how secure the operating system is as well as how secure the browser is. By using an outdated operating system, your browser is being protected by out of date and potentially vulnerable security features.




        Can it "patch" the OS-based security holes?




        No. Patching operating system vulnerabilities requires elevated privileges, which a browser does not have. Even if it did, browsers are not designed to modify system settings or system files. There is no extension or web page you can go to that is able to patch security vulnerabilities in your OS.




        Minor question: typically, how long would the browsers stop supporting abandoned OS?




        This is impossible to answer factually. Programs typically continue working on older systems for a very long time. They only stop working when they begin to rely on newer system APIs that aren't present in older versions. This is relatively rare. A browser should be able to run on an outdated operating system for many years, albeit not very securely. Most likely, as it begins to rely on newer and newer APIs, features in the browser will just start breaking one by one (especially security-related features) until it eventually does not start up at all. This does not give you an excuse to use an outdated OS though...







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 3 hours ago









        forestforest

        39.8k18128144




        39.8k18128144



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Information Security Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207122%2fis-an-up-to-date-browser-secure-on-an-out-of-date-os%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Disable / Remove link to Product Items in Cart Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?How can I limit products that can be bought / added to cart?Remove item from cartHide “Add to Cart” button if specific products are already in cart“Prettifying” the custom options in cart pageCreate link in cart sidebar to view all added items After limit reachedLink products together in checkout/cartHow to Get product from cart and add it againHide action-edit on cart page if simple productRemoving Cart items - ObserverRemove wishlist items when added to cart

            Helsingin valtaus Sisällysluettelo Taustaa | Yleistä sotatoimista | Osapuolet | Taistelut Helsingin ympäristössä | Punaisten antautumissuunnitelma | Taistelujen kulku Helsingissä | Valtauksen jälkeen | Tappiot | Muistaminen | Kirjallisuutta | Lähteet | Aiheesta muualla | NavigointivalikkoTeoksen verkkoversioTeoksen verkkoversioGoogle BooksSisällissota Helsingissä päättyi tasan 95 vuotta sittenSaksalaisten ylivoima jyräsi punaisen HelsinginSuomalaiset kuvaavat sotien jälkiä kaupungeissa – katso kuvat ja tarinat tutuilta kulmiltaHelsingin valtaus 90 vuotta sittenSaksalaiset valtasivat HelsinginHyökkäys HelsinkiinHelsingin valtaus 12.–13.4. 1918Saksalaiset käyttivät ihmiskilpiä Helsingin valtauksessa 1918Teoksen verkkoversioTeoksen verkkoversioSaksalaiset hyökkäävät Etelä-SuomeenTaistelut LeppävaarassaSotilaat ja taistelutLeppävaara 1918 huhtikuussa. KapinatarinaHelsingin taistelut 1918Saksalaisten voitonparaati HelsingissäHelsingin valtausta juhlittiinSaksalaisten Helsinki vuonna 1918Helsingin taistelussa kaatuneet valkokaartilaisetHelsinkiin haudatut taisteluissa kaatuneet punaiset12.4.1918 Helsingin valtauksessa saksalaiset apujoukot vapauttavat kaupunginVapaussodan muistomerkkejä Helsingissä ja pääkaupunkiseudullaCrescendo / Vuoden 1918 Kansalaissodan uhrien muistomerkkim

            Adjektiivitarina Tarinan tekeminen | Esimerkki: ennen | Esimerkki: jälkeen | Navigointivalikko