-
You heard it here first: Black Friday 2024 has arrived!
Zero F's given that support is ending.
It's almost laughable that many pretend security experts like to state that you are less secure, when actually, you are more secure with an OS that has had its years of security patches rather than jumping onto the latest, which hasn't!
Raise your hand if you have been exploited in recent years. I've still got 3 Win7 boxes on the internet and they have never been exploited in the many years they've been running. On the internet does mean behind a router and with much more recent and updated browsers.
It's time to stop pretending that you need to switch from an OS that works fine for you, merely because "support" has ended. If anything that is a virtue because you don't have to cross your fingers and hope the latest update, doesn't cause problems if you leave auto-update active instead of waiting to see what the fallout is for other beta-testers of the patches, service packs and period era update packs.
It's almost laughable that many pretend security experts like to state that you are less secure, when actually, you are more secure with an OS that has had its years of security patches rather than jumping onto the latest, which hasn't!
Raise your hand if you have been exploited in recent years. I've still got 3 Win7 boxes on the internet and they have never been exploited in the many years they've been running. On the internet does mean behind a router and with much more recent and updated browsers.
It's time to stop pretending that you need to switch from an OS that works fine for you, merely because "support" has ended. If anything that is a virtue because you don't have to cross your fingers and hope the latest update, doesn't cause problems if you leave auto-update active instead of waiting to see what the fallout is for other beta-testers of the patches, service packs and period era update packs.
Why do you feel that you "need" to switch a HTPC to win11?
You don't, unless there is some specific must-have feature that win11 adds, that would add to your HTPC entertainment experience.
What specific security vulnerabilities do you fear to cause a risk using it as a HTPC? That is the ironic question that no security expert can answer, whether there is really any risk for a specific use or if they have no idea and are just repeating madness with over-generalizations.
On the other hand, if you just WANT to keep up with whatever MS dishes out, to feel modern, to keep up windows use skills as they are useful in the world at large, that's a different story but I don't see that being relevant to a HTPC which just needs to keep doing what it already has been, right?
abufrejoval
Reputable
- Jun 19, 2020
- 589
- 424
- 5,260
You may be lucky, you may be an unattractive target, you may have been infected without knowing and be an unwitting DDoS gateway.
Computers and programming was all about solving problems for decades. Few could afford the early computers and far fewer would have thought about abusing them and had little chance not to be discovered when they did.
That implied that software did its best to compute valid outputs for valid expectable inputs, nobody tested for seemingly nonsensical trash being entered as input. But that's exactly how you overwrite stack data and hijack the control flow via return oriented programming or similar. And finding out exactly what you need to put there is easy and automated, if you have a binary copy of the exact same binary code at your disposal, which is easy with software widely distributed in binary.
You should read that up, it's a true marvel of (criminal) ingenuity! And it's been made so easy, even half-dumb kids can do this. They simply need to write the malware code and they can use a special compiler to translate that into data inputs you need to feed the victim to hijack it with that code.
Fixing that in seven decades of old code is tons of hard work that is hard to finance, because it doesn't help the original use case (e.g. doing your accounting). So lots of time it just doesn't get done and software contains vulnerabilities. As long as nobody knows about them, it's relatively safe. But once they are found and documented, they either need fixing or they turn any system not patched into a wide open potential bot. And those are permanently scanned for, found and exploited by professional mafias and inimical state actors.
And even writing new code that is inherently safe isn't exactly easy or 100% reliable, even if the industry is trying very hard to enable that e.g. in the old days via ADA, SPARK, formal verification, or more recently via programming languages like Rust or ISA extensions like CHERI, ARM tagged memory or x86 shadow stacks.
The Mirai botnet was able to spread to millions of devices exactly because they had unfixed known and documented vulnerabilities which made malware automatically hijack them and turn them into a bad actor.
Since many of these devices could not be patched, some "white hats" actually went ahead and bricked them. Now the legality of that hasn't been decided in courts and those might even contradict each other, but I'd say as an owner of such a device you would be legally responsible for part of the damage that you cause by allowing it to be abused (obviously the abuser and the vendor share some of the guilt).
You know Windows 7 is no longer maintained so if a hijacker turns your Windows 7 machine into a bot, that is a consequence of your action (or inaction in this case), which implies liability.
Even not knowing it's unsafe to leave loaded guns or grenades littered around your house, doesn't mean you're not responsible what happens if a puppy, a kid or even an intruder plays with it. And in this case you've been told, even if you didn't listen.
I'd suggest you spend a little less time laughing about it or shrugging it off and investigate.
Sure, computer security is a billion dollar business and there is tons of exaggerations and FUD around. But unlike genetic code computer code does not mutate and manage that variability on every single device. The fact that on millions of devices the code is truly identical to something you know how to kill is too attractive not to exploit by digital predators of any persuation.
You might also want to add Krebs on Security to your daily reading list.
I didn't bother reading through it all, to be honest. I heard all that before. If you want to feel safe, disconnect the internet. There's no other way and never install anything except the OS.
This is the same BS people were saying in the 90's. You PC will be infected within minutes after connecting to Internet. You need an antivirus!
Yours privace is compromised by legitimate software by a huge margin. Because one installs it by choice, therefore doesn't scrutinize it.
- Aug 24, 2012
- 16,964
- 1,835
- 87,240
All right folks this is a Windows 10 thread, let's keep the Linux conversations to an absolute minimum, as in no further Linux talk will be tolerated in here.
abufrejoval
Reputable
- Jun 19, 2020
- 589
- 424
- 5,260
It's morally ok, to compromise on your own personal security, at least as long as you don't have kids or similar to provide for.
But it's not morally ok, to endanger others.
And that's the part you may not entirely appreciate.
If you leave a Windows 7 system on the Internet and it gets turned into a bot, that's you leaving a loaded gun out, which others can use.
And this is not BS, it's a truth that may see a lot of exaggeration, and isn't immediately obvious, especially if you are in denial.
I am a German. I didn't kill any Jews (being born too late might have helped), nor did anyone in my family for all I know.
But did they all put their lives at risk to save them?
No, and their complacency made them guilty and for generations, which includes me.
So please, don't be complacent. Accept the shared responsibility of denying bad actors an attack surface to exploit.
JohnBonhamsGhost
Champion
- Jan 14, 2016
- 9,232
- 1,704
- 56,190
if you play stupid and allow infections to run rampant on your system then that is on you, not those who share the same inter/intranet.
keep your own personal security in check.
which has nothing to do with what your OS provides, but what you choose to keep.
and then the "Nazis" won't have the option to take over "half of Europe" and continue to influence evil across the globe...
TRENDING THREADS
-
-
-
News AI PCs aren't driving sales — The need to upgrade from Windows 10 drove 2025 laptop sales- Started by Admin
- Replies: 23
-
-
-
Review AMD Ryzen 7 9800X3D Review: Devastating Gaming Performance
- Started by Admin
- Replies: 202
Facebook
Twitter
Instagram