From: moz.champion@sympatico.ca   
      
   Netscape Guy wrote:   
   > Peter Potamus the Purple Hippo wrote:   
   >   
   >>> So what's the problem with 7.2?   
   >> you're absolutely right, you can still use Net 4.x and Net   
   >> 7.2.  You can continue to use them till the cows come home.   
   >   
   >>   What I mean by their dead products is Netscape isn't   
   >> developing them anymore.   
   >   
   > Microsoft isin't developing XP anymore - so is it dead too?   
   >   
   >> They have many security problems,   
   >> For example, a hacker has sent you an email, and you're   
   >> still using those dead products, then he can gain certain   
   >> information about you, your computer,   
   >   
   > Are you speculating about security problems with the e-mail client   
   > aspect of 4.x or 7.x (speculating because they must have problems   
   > because they're old) or can you point to specific CERT-documented   
   > issues for those versions?   
      
   Microsoft hasn't STOPPED updating XP for security issues, so no it is   
   not 'dead'.   
      
   Microsoft doesn't expect to see the EOL (End of Life) for XP until 2014.   
   They will continue to provide support and updates until that time, so   
   no, XP is NOT DEAD.   
      
   Netscape/AOL HAS STOPPED updating Netscape Communicator, AND Netscape 7   
   AND Netscape 8 - in fact they stopped several years ago (except for   
   Netscape 8 which went on until earlier this year).   
      
   CERT doesn't document threats against outdated/non supportted software.   
   There is no 'testing' done to see which of the modern threats/security   
   holes/exploits are valid in NON SUPPORTTED versions of products. i.e.   
   the latest threats are tested against modern updated versions of   
   supported products.   
      
   CERT does NOT as a rule test with outdated/outmoded/non-supported/EOL   
   software versions. They don't for example test Windows 3.1 any longer   
   because it is "DEAD" according to Microsoft. Microsoft is not making any   
   updates for it.   
      
   Apple is no longer providing any support or updates to System 7 - it   
   likewise is 'dead' - whatever security flaws are in it will NOT be fixed   
   regardless of their severity, that is what 'dead' means in this case.   
      
      
   Many of the Security flaws in modern products DO (or did) apply to older   
   products in the same product line.  The basis for Netscape 7 (all   
   versions) was the same as the current SeaMonkey Line.  So many of the   
   exploits/flaws that were/are current against SeaMonkey apply to Netscape 7.   
   Thunderbird being a derivitive of the 'Mozilla' base product that   
   underlies SeaMonkey, is subject to some of the same flaws/exploits and   
   some of it's own as well (seperate from those of SeaMonkey). Netscape 7,   
   being an earlier version of the base software may or may not be   
   vulnerable to the exploits/flaws.   
      
   The key is that becaues the products ARE non-supported (or DEAD) testing   
   will not be carried out because there is no reason to.  IF the threat is   
   valid and a threat to the version, it won't be fixed, so what is the use   
   of testing it?   
      
   For example. In early versions of Outlook and Outlook Express, the   
   program automatically opened VBS attachments. After someone came up with   
   VBS Viruses, Microsoft changed Outlook and Outlook Express so they no   
   longer automatically open VBS attachments.  CERT doesn't go and test the   
   earlier versions of O and OE (the ones that were subject to VBS   
   infections) because they are likewise 'dead' and non-supported   
   (Microsoft will tell you to upgrade if you have any problems)   
      
   So, in many cases, no one will be able to say with certainty WHICH   
   security flaws/exploits/threats that apply to modern software will (or   
   did) apply to earlier versions.   
      
   As long as softare is supportted by the maker, or there is someone who   
   is providing updates for it, then it will be tested against the latest   
   flaws/exploits/threats.  If there is not, if the maker himself doesnt   
   support it, then why test anything against it, because it won't be fixed   
   regardless!   
      
   AOL/Netscape dropped Netscape 7 support several years ago. When they   
   did, everyone should have migrated to newer software. ANY   
   flaws/exploits/threats that have been discoverd since have NOT been   
   tested against the product, simply because even if proven critical or   
   dangerous, it would NOT be fixed, period.   
      
      
   In a general sense tho, many of the security exploits/flaws/threats that   
   apply to Thunderbird and SeaMonkey would apply to Netscape 7. They all   
   share the same 'root' or basis.  The only way to know for sure is to   
   infect your computer (assuming you are using Netscape 7) and see what   
   happens. Are you willing to purposedly infect your computer?   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)