Subject: Re: Windows 10. Horrible!
"Eric Stevens"<firstname.lastname@example.org> wrote
| > Which comes full circle to where this started:
| >Security updates are nice, but only a small part
| >of computer security. The latest version of Windows
| >is far less safe than careful use of an old version.
| But the careful use of the latest version is better than the careful
| use of an old version.
Maybe a little bit. But the risks are different. Not
all the same vulnerabilities apply to both. And are you
careful? do you disable networking and either disable
script or at least use NoScript to limit it? Do you avoid
using risky Microsoft and Adobe products? If not then
you're not being careful.
The top 6 vulnerabilities last year were connected
with Flash. One was in Windows, one in Silverlight
and 2 in IE. The worst was an IE bug. The Windows
bug example I've seen used a rigged Powerpoint
file. So all of the top 10 bugs were avoidable by
not using IE, Silverlight, Flash, or MS Office. That's
pretty much what the situation was 10 years ago,
or even 15 years ago. Flash, Adobe Acrobat, Java,
MS Office and IE were the big risks and still are.
And the vast majority of those attacks also require
like script to run from the Internet. (Though with MS
Office it's usually about opening a rigged file on
For over 15 years the basic advice to stay safe has
been pretty much the same.
That's what I was talking about initially: Actual
attacks on Windows itself are rare and usually
connected to unsafe networking. The only bug I
can recall that was otherwise was a bug some years
ago in gdiplus.dll that allowed attacks via image files.
Typically the Windows bugs require a machine to be
allowing contact through risky ports - 135, 139, 445
I think they are. Remote Desktop, file sharing....
stuff like that carries risks.
So, yes, there are bugs that are fixed in Win10 and
not in XP. There are most probably also bugs that
exist for Win10 and not for XP or Win7. It's just not
that big of a deal which version you're using. Microsoft
and their media army play up the security angle so
that people will be afraid not to update. Are you safer
with Win10? That's hard to say out of context. Will
you be safer if you avoid script, Flash, Acrobat, Java
and MS Office? Undoubtedly. Avoiding the most popular
software, in general, helps.
Not running as admin will help a little bit, but personally
I don't think it's worth the hassle. Creating user
restrictions has just forced malware writers to find
ways to bypass restrictions.
There's also the so-called social engineering angle:
Getting people to click links in emails that look official,
The one arguable advantage with Win10 is the
constant updating. But that's also a vulnerrability,
a potential destabilizer, a privacy issue, and renders
Win10 a changing product. You might not want all
those changes. If you like Win10 then I doubt there's
any big security risk in using it. But security is not
a reason to switch to Win10.