I am writing some programs in C (rarely C++). Normally they are simple, but often they can get larger.
I am looking to learn more about using the secure versions of functions, for example strcpy() is insecure and strcpy_s() is Microsoft's new secure version of that function.
I normally use Visual Studio 2010 when coding for Windows * I removed part about Linux - focus on Windows only*
My question is if I use the newer secure version will I still be able to execute my programs on older versions of Windows, for example Windows 95? Due to requirements we can only have a single executable file.
Thank you.
EDIT: Sorry this just appeared in my mind now - ignore the Linux part above. If we write code for Windows I do not mind if it's not portable to Linux, I only care if it still works on older versions of Windows.
My question is if I use the newer secure version will I still be able to execute my programs on older versions of Windows, for example Windows 95? Due to requirements we can only have a single executable file.
The _s versions are not "secure", whether you're talking about Microsoft's implementations or implementations conforming to the actual standard. They do incorporate mechanisms intended to help avoid or mitigate certain programming errors that have security implications, but the effectiveness of those is limited.
But with respect to whether they will be supported on very old Windows versions, no, not by default. The _s functions did not exist during Windows 95's lifetime, so versions of the C runtime library distributed with that version of Windows do not support them. It is relatively common, however, for Windows applications to be packaged with a version of the MS C runtime library that supports their needs. It may be that you can take that route, but I cannot speak to whether there is any version of the MS C runtime that supports all Windows versions from the past 24 years and contains the _s functions.
Your best bet is to limit yourself to functions from the C90 standard library, WinAPI functions supported across all targeted Windows versions, and functions provided by your application itself and any third-party libraries distributed with it (which themselves should comply with the same limitations). Or you could consider limiting support to fewer versions of Windows. Microsoft itself has not supported Windows 95 for 18 years.