Your Windows 10 PC will soon be ‘junk’ - users told to resist Microsoft deadline::If you’re still using Windows 10 and don’t want to upgrade to Windows 11 any time soon you might want to sign a new online petition

  • M0oP0o@mander.xyz
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    6
    ·
    edit-2
    1 year ago

    I would say its a more mixed bag for most consumer level end users. On one hand yes, no more updates. On the other hand, no more new vulnerability and day 0 exploits. I think the risk is also mitigated a bit by now using a non standard OS. Unless someone is targeting this user individually who is running anything targeting windows 8 (Most would target the biggest pool of users)?

    For an organization, yeah big risk. For some person? eh, just back up often and make sure your two factor etc. is working.

    • Dra@lemmy.zip
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      edit-2
      1 year ago

      Windows 8 does not constitute a non standard OS. It was at one point in this category, and the majority of successful system compromises have been from older software. This is a big risk to an individual.

      • M0oP0o@mander.xyz
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        Windows 8 is currently 0.32% of the user base according to this https://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide How does that make it a non standard OS in the past but now standard?

        People fear getting targeted by some hacker out of a 90’s movie but this is not the reality today. Users are mainly phished and scammed today because that is what gets the most money with the least effort. I still have yet to hear of any campaigns to use exploits for individuals because sending out millions of fake ransom emails does the job better then actually compromising a user for a fraction of the work.

        The other part of this that bugs me is the assumption of safety in new software, that is just not true. People need to backup things they care about and not assume everything they do online has no risks. Your best defence for say; online banking is to simply be vigilant and talk to your bank if something looks wrong. If you have a credit card it comes with insurance for this very reason.

        • Dra@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Because much malware already out there utilises existing exploits - so its market share is irrlevant.

    • Lightor@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      New vulnerabilities can still be discovered. And if an especially nasty one pops up they very well could run a campeign, using that new exploit, to target that OS version.

      • M0oP0o@mander.xyz
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        Happen to have any examples in the last 5 years? Because I see lots of fear mongering but have not seen or heard of a non scam/phishing attack in years.

        • Lightor@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          1 year ago

          First off, saying that a system will never have a new vulnerability discovered is beyond naive. It’s the whole reason LTS versions of products exist. To be on a version that constantly is kept up with as new vulnerabilities are discovered. Just because you don’t see them and don’t run in those circles doesn’t mean they don’t exist. So saying something like “there won’t be any new vulnerabilities” is just wrong.

          And sure. Here’s a list I found after 10 seconds of research.

          https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-22318/Microsoft-Windows-8.html?page=1&order=1&trc=254&sha=b04c2ae60c20d88e0ce7a5da9fafd1f9048da6da

          And here’s another broken down by year, citing 62 found this year.

          https://stack.watch/product/microsoft/windows-8-1/

          • M0oP0o@mander.xyz
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            First off, saying that a system will never have a new vulnerability discovered is beyond naive. It’s the whole reason LTS versions of products exist. To be on a version that constantly is kept up with as new vulnerabilities are discovered. Just because you don’t see them and don’t run in those circles doesn’t mean they don’t exist. So saying something like “there won’t be any new vulnerabilities” is just wrong.

            I never said that.

            I am asking of the vulnerability used on end users not a list of what white hats have found. (My argument is not that these old OS are safe just not the OH GOD levels of unsafe).

            • Lightor@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              1 year ago

              You said there would be no new vulnerabilities. https://mander.xyz/comment/4923077

              “On one hand yes, no more updates. On the other hand, no more new vulnerability and day 0 exploits.”

              You said exactly that.

              Also these are not all found by white hats. And those vulnerabilities are what is used in an attack. Those are the tools and gaps being exploited. And that list always grows. I’m beginning to think you don’t understand security well enough to be making these claims.

              • M0oP0o@mander.xyz
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                2
                ·
                1 year ago

                urgh, there are no NEW vulnerabilities in an old OS that does not get updates. What you are for some reason conflating (or using semantics) is newly DESCOVERED vulnerabilities. The same argument can be used for current OSs (here from that same site as you provided: https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-125370/version_id-1684079/Microsoft-Windows-11-22h2-10.0.22621.2361.html)

                Just please show me one report of some home user in the last 5 years who was a victim due to an out of support OS.

                • Lightor@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  edit-2
                  1 year ago

                  urgh, there are no NEW vulnerabilities in an old OS that does not get updates. What you are for some reason conflating (or using semantics) is newly DESCOVERED vulnerabilities.

                  Jesus, so you’re saying there will be no new ones made, now that is semantics. A vulnerability never discovered might as well not exist. But guess what you’re also not getting, fixes for all those vulnerabilities. So your stance of “you get no updates, but you also don’t get new vulnerabilities” really means “new vulnerabilities will continue to be discovered but you’ll never get updates for them. They will just be published and known by all, like a guide book on how to pwn you.”

                  The same argument can be used for current OSs (here from that same site as you provided:

                  Not it can’t, what are you talking about? New OSs get updates to address these issues. An old OS never has them addressed, but known by the world, which is a huge security risk.

                  Just please show me one report of some home user in the last 5 years who was a victim due to an out of support OS.

                  If you need an anecdotal instance of a home user (totally ignoring businesses for some reason) then you don’t have any concept of how these attacks work. Do you remember bleeding heart? Remember how it was used for years and never know? Hell “CVE-2022-22047” was only 2 years ago, and that was an elevated privileges attack, that could take down a whole company.

                  But ok, you need one that effects home users. How about this one: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23697

                  It allows printer jobs sent to the home PC to run any code they would like. This means pulling info from your PC or monitoring it.

                  or this: https://msrc.microsoft.com/blog/2022/05/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

                  • M0oP0o@mander.xyz
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    arrow-down
                    1
                    ·
                    1 year ago

                    Just give me one case of the exploit being used. That’s all I ask. Not found, used.