Support has been extended, but 10 is EOL, which means soon™ it’ll stop getting updates. Once that happens, any vulnerabilities that exist (discovered or not) will stop being fixed.
This doesn’t effectively increase your risk as a consumer. It only increases risk at the enterprise and infrastructure level.
All threat models include who you are and the environment the OS is run in for a reason. Just browsing the web is fine as a consumer, until browsers stop targeting your OS for updates.
The main vector for infection for any OS isn’t the OS itself. Malware doesn’t just spawn on your computer the second you plug it in to a router (no matter what Trump’s FCC thinks with their chinese router ban). It needs to get on your computer.
An up to date browser will prevent the majority of infections, with common sense preventing the rest. I kept Windows XP well into windows 7 years, and windows 7 well into windows 10 years before switching to linux. Just don’t download malware, you’ll be fine. Worst case scenario you keep a backup clone of your hard drive on a usb stick (which you should have anyway) and just reflash your drive every few months (or just switch to linux, it can do anything windows can do at this point with enough faffing about.)
You could download a Trojan that takes advantage of a known vulnerability.
Just… don’t do that?
This is part of Common Sense™. It’s a package that every single human being in a developed country is taught in regards to technology, and has been taught since the 1990s. (2000s for developing countries like the US).
Every single person that interacts with a computer in a professional setting has been taught explicitly how to never have a single virus on their computer. And they have been repeatedly taught this every 6 to 12 months for the last 3 decades. It is only people that purposefully infect themselves or purposefully choose to remain stupid — not ignorant, just stupid — that get infected with Trojans.
Your browser could have a vulnerable plugin, or maybe the user delays updates.
See above, and the previous comment.
I bought a USB drive off a sketchy guy in college which had auto-run Malware on it – but it didn’t work on Ubuntu.
See above. You did not use common sense™. You chose to be stupid, despite your college freshman orientation clearly covering basic safety.
All of these are best security practices. But read more about the swiss cheese model to know why you can’t just tell someone, “run a vulnerable os, you’ll be fine so long as you are perfect and nothing goes wrong.”
The swiss cheese model assumes equal risk, or in other words fails to differentiate actual risk from multiple sources. You aren’t being targeted by a state actor. DDoSing via zombies is more expensive (including risk capital) than using VPSs these days. The actual people targeting you are going to be bottom of the barrel commercial scammers and skiddies wanting the least possible effort targets, and again unless all the holes magically line up in your model, they won’t ever get that. Your adblock is a layer, your browser is a layer, these days your DNS is a layer, your router is a layer, your search engine is a layer, if you live in a particularly hell hole your ISP is a layer. Given the inherent insecurity of WIndows it was never a layer.
If you care about security and/or are paranoid enough about security that you care about whether or not your OS is updated, you aren’t on windows. No security professional will ever recommend windows, and all real world infrastructure using windows as a backbone never has windows as a security layer. Lets be honest if someone has access to any windows PC on your network, it does not matter if windows is up to date, they have total control over that computer, and its not windows nor windows server preventing access to other devices on the network.
Did something happen to Windows 10 that made them vulnerable?
Support has been extended, but 10 is EOL, which means soon™ it’ll stop getting updates. Once that happens, any vulnerabilities that exist (discovered or not) will stop being fixed.
This doesn’t effectively increase your risk as a consumer. It only increases risk at the enterprise and infrastructure level.
All threat models include who you are and the environment the OS is run in for a reason. Just browsing the web is fine as a consumer, until browsers stop targeting your OS for updates.
The main vector for infection for any OS isn’t the OS itself. Malware doesn’t just spawn on your computer the second you plug it in to a router (no matter what Trump’s FCC thinks with their chinese router ban). It needs to get on your computer.
An up to date browser will prevent the majority of infections, with common sense preventing the rest. I kept Windows XP well into windows 7 years, and windows 7 well into windows 10 years before switching to linux. Just don’t download malware, you’ll be fine. Worst case scenario you keep a backup clone of your hard drive on a usb stick (which you should have anyway) and just reflash your drive every few months (or just switch to linux, it can do anything windows can do at this point with enough faffing about.)
You could download a Trojan that takes advantage of a known vulnerability.
It is part of the swiss cheese model.
Your browser could have a vulnerable plugin, or maybe the user delays updates.
I bought a USB drive off a sketchy guy in college which had auto-run Malware on it – but it didn’t work on Ubuntu.
Not a good idea to use an unpatched OS.
Just… don’t do that?
This is part of Common Sense™. It’s a package that every single human being in a developed country is taught in regards to technology, and has been taught since the 1990s. (2000s for developing countries like the US).
Every single person that interacts with a computer in a professional setting has been taught explicitly how to never have a single virus on their computer. And they have been repeatedly taught this every 6 to 12 months for the last 3 decades. It is only people that purposefully infect themselves or purposefully choose to remain stupid — not ignorant, just stupid — that get infected with Trojans.
See above, and the previous comment.
See above. You did not use common sense™. You chose to be stupid, despite your college freshman orientation clearly covering basic safety.
Good luck out there
Sec+ holder, I’ll be fine. So will anyone with any amount of common sense.
Don’t download strange executables. Use trusted sites. keep your browser up to date and run an effective adblock.
Congrats you’ve eliminated 99.9% of all attack vectors in use today. I guarantee you aren’t going to be targeted by the last .1%.
Stand aside, Sec+ holder coming through
Edit: why don’t you put your Sec+ badge in your lemmy comments so we can be impressed by your knowledge
All of these are best security practices. But read more about the swiss cheese model to know why you can’t just tell someone, “run a vulnerable os, you’ll be fine so long as you are perfect and nothing goes wrong.”
The swiss cheese model assumes equal risk, or in other words fails to differentiate actual risk from multiple sources. You aren’t being targeted by a state actor. DDoSing via zombies is more expensive (including risk capital) than using VPSs these days. The actual people targeting you are going to be bottom of the barrel commercial scammers and skiddies wanting the least possible effort targets, and again unless all the holes magically line up in your model, they won’t ever get that. Your adblock is a layer, your browser is a layer, these days your DNS is a layer, your router is a layer, your search engine is a layer, if you live in a particularly hell hole your ISP is a layer. Given the inherent insecurity of WIndows it was never a layer.
If you care about security and/or are paranoid enough about security that you care about whether or not your OS is updated, you aren’t on windows. No security professional will ever recommend windows, and all real world infrastructure using windows as a backbone never has windows as a security layer. Lets be honest if someone has access to any windows PC on your network, it does not matter if windows is up to date, they have total control over that computer, and its not windows nor windows server preventing access to other devices on the network.