With the qemu software its possible to run outdated operating systems for example Debian 9.13 from july 2020. [1] The standard browser in 2020 is of course EOL, that means, it hasn't received any updates for 4 years. To determine if this browser is secure or not we can run a browseraudit.[2] The result is shown in the screenshot and contains of 413 different test and 0 critical outcomes.[3] The shown skipped tests and warning are produced because of a time lag. That means, the internet connection or the Qemu VM was to slow so that the test failed.
The only question left open is how to interpret the results. From a technical standpoint the outdated webbrowser works fine. It can be used to playback videos, connect to HTTPS websites, show wikipedia and run even games. This makes it hard to define what the difference is between secure and insecure, between valid and invalid.
Before its possible to label a browser as insecure, a test has to proof it including a concrete explanation. In the demonstration this was not the case. The only thing what is obvious is, that the quality of the font renderer in the screenshot is low, but this is caused by the resolution in the qemu VM not because of the underlying Debian OS.
[1] qemu-system-x86_64 -enable-kvm -m 2048 -boot d -vga virtio -cdrom debian-live-9.13.0-amd64-xfce+nonfree.iso
[2] https://browseraudit.com/
[3] screenshot with browseraudit
No comments:
Post a Comment