Am I just as well off without Vulnerability Protection?

I can't stand the interfaces of the new versions of Firefox and Internet Explorer (details not strictly relevant, but provided upon request :smileyhappy: ) and am considering switching to Pale Moon.

 

At first, I hesitated to make the switch, as my understanding is that Pale Moon is "not supported" in NIS. As far as I can tell, "not supported" means that the Norton Toolbar, Identity Protection, and Vulnerability Protection aren't enabled in the browser.

 

I can live withouth the Norton Toolbar and I don't use Identity Protection. But  I was concerned about what not having Vulnerability Protection might mean for my PC's security while surfing the Web. So I went into my NIS 19, clicked on "Advanced," and then selected "Vulnerability Protection" under "Network Protection." A box appeared, listing the applications that are protected by VP and the number of covered vulnerabilities for each.

 

Out of curiosity, I searched for the Mozilla Firefox entry and clicked on it. A new, smaller box appeared listing the 7 Firefox vulnerabilities covered by Vulnerability Protection. I clicked on each one in turn, each time getting a new browser window to a Symantec page detailing the vulnerability.

 

Imagine my surprise when I discovered that every one of the listed Firefox vulnerabilities affected versions of Firefox no more recent than about Firefox 1.5. In every case, the "Response" sections near the bottoms of these pages (here's an example) indicate that the vulnerability has been taken care of by Mozilla.

 

Puzzled by the age of the vulnerabilities protected by Vulnerability Protection. I checked out some other popular programs and discovered similar obsolescence. For example, Micorosoft Office 2007 is listed, but not Office 2010. Checking the Office 2007 vulns, the Symantec page states that they have been fixed by Microsoft. The latest Adobe Acrobat vuln affected version 7 (Adobe has by now released version 11). A random selection of other programs didn't find any vulns protected by VP dated later than 2007 or 2008.

 

So, putting 2 + 2 together, from my sampling Vulnerability Protection doesn't seem to protect against any recent vulnerabilities. Therefore, I figure that if I run current versions of programs, or even if I run old programs with the patches provided by their vendors years ago, then Vulnerability Protection really doesn't offer anything that I don't already have from other sources.

 

As pointed out in other threads about VP (see here and here, for instance), Intrusion Prevention and Norton's other layers of defense already take care of exploits that might somehow get through. VP appears to protect only against old vulnerabilities that have long since been addressed by program vendors, so whether it's enabled or not is not significant.

 

Thus I conclude that I can confidently run Pale Moon or oher "unsupported" browsers.

 

What did I miss? :smileyhappy: