Is it safe to remove old .Net versions?

Topic

New Reply

LANGALIST PLUS

Is it safe to remove old .Net versions?

By Fred Langa Microsoft’s .Net framework has been around since the XP era, and most PCs have several .Net versions installed. Here’s how to determine whether you really need them. Plus: A very weird GodMode failure causes continual restarts, and a grim and final warning on eight-character passwords.

---

The full text of this column is posted at windowssecrets.com/langalist-plus/is-it-safe-to-remove-old-net-versions/ (paid content, opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

Reply | Quote

Replies

Better hurry on that password matter.

Assuming that your critical web site will allow you to enter an average of 3.5 quadrillion wrong passwords on a single logonid before locking you out, and assuming that you can consistently feed one password per second to that webserver, it will take our evil Linux hacker 1.11 * 10^8 years to enter those 3.5 quadrillion passwords. Of course he may be down on his luck, in which case it might take him twice that long.

Reply | Quote

Assuming that your critical web site will allow you to enter an average of 3.5 quadrillion wrong passwords on a single logonid before locking you out, and assuming that you can consistently feed one password per second to that webserver, it will take our evil Linux hacker 1.11 * 10^8 years to enter those 3.5 quadrillion passwords

Like this said, it’s better not to do that. You can’t never image what would happen if you removed them. Maybe some of the program was relied on the old version.

Reply | Quote

Fred’s news about 8 character passwords is rather troubling.

It’s possible to change to 12 characters for sensitive sites, but it’s the all-important password manager that worries me. Currently I use 10 characters, with upper and lower case letters, numbers and symbols, which is rated as strong – at least it was the last time it was checked – and it was something I could remember. But 12 or more characters is another matter. It seems that I will have to write it down and keep near the PC, which is OK provided we are not burgled whilst out of the house.

It would be interesting to know how Fred copes with 16 characters for his password manager.

Reply | Quote

Why does a password manager worry you? Fred said he wouldn’t want to remember 16-character passwords.

Reply | Quote

Perhaps I didn’t express myself clearly enough. I use 10 characters to log in to Lastpass, which is about the maximum I can remember at my age, and even then I had to keep a written record for quite a while before confident enough of remembering it.

Obviously LastPass itself needs a secure p/w to prevent a hacker gaining access to my bank and savings accounts, so 12, 14, 16 or more characters are now essential, but I’m not very happy about keeping it on a notepad beside the PC. But what other option is there?

I have considered keeping it on a USB stick, but then they fail sometimes, and it would then probably be recorded somewhere in temp files, which a hacker would be able to access.

Fred said he wouldn’t want to remember 16-character passwords, but he has to remember the one for his p/w manager, perhaps with 700 p/ws he is using it so often he can remember it.

Reply | Quote

Perhaps I didn’t express myself clearly enough. I use 10 characters to log in to Lastpass, which is about the maximum I can remember at my age, and even then I had to keep a written record for quite a while before confident enough of remembering it.
.

George
One easy method you could employ would be to use your existing PW and prefix or suffix a pass phrase that is easy to remember.
example:

One green fox jumped oVer the %arn.

I think even I could remember that, and you could always write that down and let ’em guess what to do with it :confused:;)

:cheers:

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

Wavy, thanks but as mentioned two posts ago – too much typing.

Reply | Quote

Wavy, thanks but as mentioned two posts ago – too much typing.

Well you want a long password w/o the memory reqs and now its too long? You are just too hard to please :huh:

fingerprint reader

https://www.cdw.com/shop/products/DigitalPersona-U.are.U-4500-fingerprint-reader-USB/3387228.aspx?cm_cat=GoogleBase&cm_ite=3387228&cm_pla=NA-NA-2FA_YY&cm_ven=acquirgy&ef_id=mz1NqyYurzIAAEWK:20160226143215:s&gclid=CIzw8dLSlcsCFQckhgodmdgA6Q&s_kwcid=AL!4223!3!61836303019!!!g!69695845134!

:cheers:

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

Well you want a long password w/o the memory reqs and now its too long? You are just too hard to please :huh:

Too true! But it turned out that you supplied the answer.

Changing the password proved surprisingly difficult, as every time I generated a 12 character password and entered it, a note said it was very weak, as it shows in the vault as generated p/w for LastPass. Even deleting that and creating another, writing it on a notepad and manually entering it rather than pasting, still showed the ‘generated password’ message.

On reflection, I don’t see why that makes it weak, as one has to know the p/w to open the vault, but that didn’t occur to me at the time – getting senile.

Eventually deciding it was necessary to skip the p/w generator and create my own, I began adapting one of the generated p/words when I remembered your suggestion, which now seemed worthwhile. Adding my 7 digit RAF number from 1950 to the existing 10 character p/w gives a nice long password that I can easily remember without the need for written records.

Problem solved. Sincere thanks to you Wavy.

Reply | Quote

George, you’re right that a notepad next the PC isn’t very good. But it could be placed somewhere not obvious (in a drawer say).

Another possibility – I have many of my books on shelves in my room. I could make a password from one of them say LondonRailwayAtlas. You could use zeros for Os etc, or add some punctuation – L0ndonRa1lwayAtlas4thedition. So you could have quite a long password and it would be hidden in plain sight!

There are other ways as well – if you have a spreadsheet with many tabs, then one of them could have the password (but not on a tab called password!).

Eliminate spare time: start programming PowerShell

Reply | Quote

George, you’re right that a notepad next the PC isn’t very good. But it could be placed somewhere not obvious (in a drawer say)./QUOTE]

Of course you are right, I can keep the notepad beside the PC, and only hide it when the house is unoccupied. As it will be used every day, it should avoid a previous mistake – 3-4 years ago I bought a couple of Krugerrands, kept them in my desk drawer for quite a long time, then decided to put them somewhere more secure. Unfortunately they can’t be found, but must still be in the house somewhere.

Your second option has been considered, and rejected, as requiring a really long password, which is too prone to error even with my one finger typing. Also, remembering which letters had been replaced by numbers or symbols would probably necessitate employing the above option.

Your third suggestion is appealing, it would be really well hidden if added as a comment somewhere on a spread sheet with many comments, and it would save typing errors by copy and pasting to log in to Lastpass. I shall definitely test how practical this is, whilst hiding away my notebook at night and when leaving the house.

Many thanks
George

Reply | Quote

I’m sorry, but this whole business of length and nature of passwords is completely wrong headed – to my way of thinking. It’s putting the responsibility squarely on the shoulders of the person least capable of ensuring security – the end user.

There are web sites I routinely access that give you a limited number of tries at login. Get it wrong and you are locked out until you re-authenticate yourself and reset the password. That completely stops brute force attacks.

I’ve used VPNs with three different companies that require 3rd-party authentication by way of numeric token that changes every 30 seconds. And there are dozens of different ways to accomplish this.

My bank won’t let you log in from a computer other than your regular one without a phone call to authenticate. Plus, it automatically resets that every couple weeks so that you have to re authenticate.

IOW, the holder of the content can and should take the responsibility of securing that content. They are far better equipped to protect it than someone to whom a computer is a thing of total mystery.

Reply | Quote

I’m sorry, but this whole business of length and nature of passwords is completely wrong headed – to my way of thinking. It’s putting the responsibility squarely on the shoulders of the person least capable of ensuring security – the end user./QUOTE]

I agree wholeheartedly, but there is little one can do about it.

My bank, and some other sites only request 3 or 4 characters from the password, and I often wonder whether this is more or less secure than asking for the whole password. After all, it shoudn’t take too long to crack 4 characters, and some sites still ask for the same characters if one makes a mistake, with no indication of how many errors are allowed before blocking further attempts.

Reply | Quote

Glad to have helped George. :cheers:

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote