-1

As a bit of background I work on a C# WPF .Net 4.0 application which is deployed to several hundred machines running POSReady 2009. POSReady 2009 is still in support until April 2019 but the highest framework version it supports is 4.0 which will be out of support on 12/01/2016.

I very rarely contact Microsoft for technical support (and they haven't been particularly helpful when I have). This machines tend to be on private networks and are not accessible from the internet.

What are the disadvantages of continuing to use .Net 4.0 after the end of support date?

Chris Stratton
  • 39,853
  • 6
  • 84
  • 117
user1069816
  • 2,763
  • 2
  • 26
  • 43

2 Answers2

2

It really depends on your situation. If all of your workstations are in a very secured environment, end of support might be absolutely not a problem. Otherwise, you probably need to track all newly found security vulnerabilities and check whether they can be related to you.

ie.
  • 5,982
  • 1
  • 29
  • 44
  • Thanks, that is reassuring, these devices are Points Of Sale, for example checkout tills rather than workstations. So by their nature tend to be kept in a secure environment without access to the internet. – user1069816 Jan 16 '15 at 22:44
  • 1
    I believe that most _security vulnerabilities_ and fixes are applied to the OS or hosting (eg. Windows, IIS) patches. .NET might have some odd bugs, but generally isn't a "security concern" itself. That is, running an ill-patched Windows is *much* more insecure than running the latest patch (of no-longer-supported) .NET version. .NET 4.5 ships with Windows Server 2012; so in 1016 (after being in 4 years) that *should* be the "minimum" version [replacing other EOL editions](http://support2.microsoft.com/lifecycle/search/default.aspx?sort=PN&alpha=Windows+server&Filter=FilterNO). – user2864740 Jan 17 '15 at 22:24
  • 1
    @user2864740 I can agree that the most of security updated related to OS itself. Anyway, I can see in the list of recently installed updated on my PC several security updates for Microsoft .NET Framework. For example [KB2937610](http://www.microsoft.com/en-us/download/details.aspx?id=43954) was installed a bit more than a month ago. – ie. Jan 17 '15 at 23:08
  • @user2864740 I don't agree that 4.5 _should_ be the minimum supported version I think Microsoft should continue to support 4.0 while they are supporting operating systems which will not run 4.5 . It seems inconsistent to say "We will patch your OS but we won't patch the version of .Net which runs on it". – user1069816 Jan 18 '15 at 23:19
  • @user1069816 Windows 2012 should be the "minimum" version of Windows server in 2016 ;-) Windows 2012 *ships* with 4.5 (which by extension follows through with a consistent minimum .NET version, IMOHO); Windows 2008 R2 is *off main-stream support* as of a few days ago. Sadly production/infrastructure often lags significantly [for both costs and "if it ain't broke"..] – user2864740 Jan 19 '15 at 03:54
  • @user1069816 Also, just because Microsoft won't correct bugs or release new .NET patches, important *security hotfixes* will likely still be available at least until the appropriate shipped-with Windows version passes the extended support date. It's a little lock-step game. (The KB linked above was for .NET 3.5, btw, which has been ["not supported" since 2011](http://support2.microsoft.com/lifecycle/search/?sort=pn&alpha=.net+framework).) – user2864740 Jan 19 '15 at 03:57
  • (But of course YMMV will vary on the specific issue at hand, should one be discovered. Having the .NET 4/4.5 being an "in place" does result in differences from .NET 3.5 to .NET 4 updates.) – user2864740 Jan 19 '15 at 04:04
1

The disadvantage would be someone finds a security vulnerability in it, which won't be patched because it's no longer being supported. Pretty much the same disadvantage of using any software/os after it's no longer being patched.

aquinas
  • 23,318
  • 5
  • 58
  • 81
  • These machines aren't accessible from the internet and have very restricted physical access, for example there are no accessible USB or serial ports. Are there any other disadvantages? – user1069816 Jan 16 '15 at 22:18
  • If you aren't that worried about security, then the only other big issue would be is if there is a bug in the framework that there is no work around for. That's pretty unlikely though. – aquinas Jan 16 '15 at 22:21
  • That would be a major problem, although we have been using version 4.0 for a couple of years and not found such a bug yet. If we did I assume we could look to see how this was solved in the latest version of .Net and copy the classes for use in our application. – user1069816 Jan 16 '15 at 22:26