What is possible if you want to hack Windows 7?

[Harfeg]

Firstly sorry about the rather provocative title.

I'm wondering if the community knows the answer to a question I've had for a while now. Everyone knows that the weakest part of any IT security system is the human using it. So assuming you are a perfect user and have done nothing to compromise the system by downloading stupid files or leaving passwords all over the internet and you are immune to phishing; my question is this.

Is it actually possible to gain any meaningful control or information from a Windows 7 PC that is
a) Just sitting there connected to the internet?
b) Visits a website with a vaguely decent browser?
c) Does having anti virus change either of the above?

This might seem a stupid question, the way Microsoft constantly releases security updates, but it seems equally stupid that they would release an operating system where the above scenarios are even feasible. Does any one have any examples of what those updates fix.

I know that the BBC show "Click" did a test years back where they hooked up a fresh copy of xp to the internet, and it became a zombie in 7 secs, but I'm not sure by what mechanism. XP doesn't count though because it was designed before broadband was really a thing.

Thanks for your constructive and enlightening replies.

 

[C12Friedman]

The unfortunate truth here is once you put any system on-line, it is vulnerable to attack, entry and becoming someone's bot (zombification). It seems a proficient hacker can have complete control of a machine rather quickly Updates are constantly released, both by MS to fix reported/discovered flaws in the OS (security related and other) and by the AV vendor to (attempt to) keep up with the lastest KNOWN vulnerability threats. The problem basically lies in allowing the user enough control of the machine to do what they want without allowing others the same - seems it's a tricky balancing act.
I have many questions along those lines and it seems the more I research, the more questions I have...

 

[Harfeg]

Thanks for your reply. I was just wondering how that is possible.
Surely it cannot be too difficult to program "don't accept any instructions from the internet or browser" without a security prompt. Seems very obvious to me. So I'd like to know what I'm missing that has spawned a multi-billion dollar industry in cyber defence.
And before anyone says hackers just work around it, would it be that hard to make sure no program runs that comes through the piece of wire on the motherboard that leads to the internet?

 

[MuddyFunster]

It comes down to the FUS triangle - functionality vs ease of use vs security. The closer you get to one point on the triangle the further you get from the other 2, so for a mass produced OS like windows it's all about balance i.e. making it secure while still easy to use and functional.

Vulnerabilities are found in applications or services, then exploits are written to take advantage of those. Exploits can be delivered by a number of means, through a browser, email messages, direct communication with the OS through services etc etc.

 

[Dark Lord of Tech]

This type of thread discussion isn't allowed on Tom's Hardware,Read the rules below: Don't start threads like this again or you will be banned.

Welcome to the Tom's Hardware forums. Here we talk about computer hardware, software, gadgets, gaming, and geekery in general. Speech is free but Tom's Hardware is moderated. We like people who make sense, stay-on-topic, and play nice.

Tom's Hardware Rules of Conduct

The Rules of Conduct are general guidelines for regular users on acceptable behavior in the Tom's Hardware forums. These guidelines may change at the discretion of the Community Manager as necessary to foster an environment appropriate to civil discourse. This outline is a basic set of guidelines and does not encompass every foreseeable event, and individual infractions will be dealt with by moderators on a per incident basis. The Community Manager and Moderation Team has sole discretion on how to interpret and apply these rules to circumstances and situations, including discipline or exception. The Rules of Conduct also include adherence to Tom's Hardware website Terms of Service, located at http://www.tomshardware.com/terms.html.

Do...
Search the forums. Someone else may have already answered your question/discussed the topic.
Read the stickies. They answer a lot of questions, and are great reads too!
Use paragraphs, and avoid walls of text that are hard to read.
Provide details on what is going wrong, and how. Share your hardware specs and OS, when applicable.
Keep criticism constructive. Attack the idea, not the person.
Check out our guide to posting images and styling your posts. You can also see how other users do the same by clicking "BBCode" above their post.
Report violators to the Moderation Team by clicking "Report" above the post.

Don't...
Post in ALL CAPS or use excessive punctuation!!!
Share personal information, like your email address. Identify theft is real.
Bump posts, claim "first!"
Hijack a topic. Stick to the original conversation.
Ask for help pirating, cracking passwords, or bypassing copyright protection

Signatures
An imported signature banner shall be no larger than 75 x 400 size, and you will be allowed to display only one banner.
If the banner contains forwarding links to either past or present websites that have caused problems at THGF, your signature privileges will be suspended.

Violations - It violates the Tom's Hardware Rules of Conduct if you engage in any of the following activity:
Post, promote or distribute any content that is illegal.
Promote or encourage activity which is illegal, such as hacking, cracking, scamming.
Harass, threaten, embarrass or insult other users, including sending unwanted messages, attacking race, religion, gender, sexual orientation, etc. Ad hominem attacks are not permitted.
Hate speech is not permitted. You may not post or distribute content that is harmful, abusive, racist, homophobic, sexually explicit, defamatory, infringing, invasive of privacy, or objectionable.
Disrupt the natural flow of forum discussion through vulgar language, spamming, flooding, or any variant.
Trolling, defined as knowingly soliciting strong negative responses simply for shock value.
Posting off-topic posts in inappropriate forums.
Impersonation.
Phishing. A moderator will never ask for your password.
Upload or link to files which contain a virus or malware.
Make posts to advertise or promote, forward chain letters, pyramid schemes or multi-level marketing programs.

Two more things: Forum accounts are non-transferable. Actions taken by a user on one account may affect all of that user's accounts.

With these in mind, please remember to have fun. Most of these guidelines are common sense, and serve to keep the forums useful for everyone. We thank you for your cooperation and support in this, and if you have any suggestions or feedback regarding the Rules of Conduct, please contact a Moderator.

Thanks for being a part of the Tom's Hardware Community!

 

[Dark Lord of Tech]

The title of this thread (Hack windows 7) is not within the guidelines of Tom's Hardware.Repost with a more appropriate title and this discussion will be permitted to continue.