1

This question talks about companies who only support .NET Framework 4 Client profile due to security reasons. But does only allowing use of .NET Framework Client profile increase security? This answers talks about that being main case for Client profile. But that was 8 years ago.

I can see two reasons why using .NET Framework 4 Client profile is not as secure as it might seem:

  • While surface of .NET API is smaller than full framework, it is still possible to PInvoke any WinAPI method. So there is not much security here.
  • Being almost 8 years old, MS might no longer support it, by releasing hotfixes to found security issues. But I was unable to find any information about this.

Is my reasoning above valid? Are there any other reasons why using only .NET Framework 4 Client profile might be more secure than running full and new .NET?

NightOwl888
  • 55,572
  • 24
  • 139
  • 212
Euphoric
  • 12,645
  • 1
  • 30
  • 44

1 Answers1

1

To reiterate what was talked about in the linked question:

...merely the fact that security updates stopped being issued Jan 2016 should be enough to light a fire under the security conscious.

https://blogs.msdn.microsoft.com/dotnet/2015/12/09/support-ending-for-the-net-framework-4-4-5-and-4-5-1/

I don't see how any software that hasn't been patched because it hasn't been officially supported in over 2 years could be considered secure.

Community
  • 1
  • 1
NightOwl888
  • 55,572
  • 24
  • 139
  • 212