Reputation: 12849
Is .NET Framework 4 Client profile secure?
This question talks about companies who only support .NET Framework 4 Client profile due to security reasons. But does only allowing use of .NET Framework Client profile increase security? This answers talks about that being main case for Client profile. But that was 8 years ago.
I can see two reasons why using .NET Framework 4 Client profile is not as secure as it might seem:
- While surface of .NET API is smaller than full framework, it is still possible to PInvoke any WinAPI method. So there is not much security here.
- Being almost 8 years old, MS might no longer support it, by releasing hotfixes to found security issues. But I was unable to find any information about this.
Is my reasoning above valid? Are there any other reasons why using only .NET Framework 4 Client profile might be more secure than running full and new .NET?
Upvotes: 1
Views: 249
Answers (1)
Reputation: 56869
To reiterate what was talked about in the linked question:
...merely the fact that security updates stopped being issued Jan 2016 should be enough to light a fire under the security conscious.
I don't see how any software that hasn't been patched because it hasn't been officially supported in over 2 years could be considered secure.
Upvotes: 1
Related Questions
- Differences between Microsoft .NET 4.0 full Framework and Client Profile
- Will an application targeted for .NET 4.0 work on a system with .NET 4.0 client profile version
- .NET Framework 4.0 Client Profile vs .NET Framework 4.0
- Why should someone use the .NET Framework 4 Client Profile?
- .NET 4.0 Full/Client profiles; Does anyone care?
- .Net Framework 4 Full and Net Framework 4 Client Profile Targeting
- When is the right time to use .NET Framework 4 rather than .NET Framework 4 Client Profile?
- Can .NET 4 applications use libraries targeted at .NET 4 Client Profile?
- .NET framework compatibility: 3.5 SP1 & 4.0 Client Profile
- .NET Framework 4 Client Profile vs .NET Framework 3.5 Client Profile