Windows 10 EOL PSA
Windows 10 EOL PSA
Windows 10 EOL PSA
You're viewing a single thread.
Hell my win10 pc hasnt had an update since '21 so no great loss
That computer better be air gapped. Security updates are essential.
It has no internet connection, so no
You mean yes lol. That's air gapped.
For web browsing, that almost makes no difference. As long as the browser is being updated, the most important attack vectors are closed. Even if there are any exploitable vulnerabilities on the OS, that will stop malware from even getting to them.
Absolute joke of a comment. You are assuming the browser is a holy grail completely isolating the internet from the operating system.
First of all. The browser runs on the operating system's services. In particular, the isolation that you implicitly cite is done entirely by the kernel. (That's for example why you cannot run chrome in an unprivileged docker container - the crucial isolation-centered system calls are not available) The whole network stack is managed by the operating system. Cryptography can also partially be done OS-sided. The simplest example is CSPRNG, which is usually provided by the OS. (Advanced systems may rely on external physical generators, see Cloudflare's lava lamps).
Secondly. Completely and utterly wrong. The linked video displays the execution of Meltdown/Spectre within a browser. Using JavaScript. This allows the attacker to gain access to any data they want on your computer simply by running some JavaScript code. Easily remotely executed via XSS on a poorly written website. You may read the full article here. Or inform yourself about Meltdown and Spectre here. How is that relevant? Combating this vulnerability was primarily done via critical OS updates. The exploits are inherit to certain CPUs and are therefore not fully fixable. Still, the combination of BIOS, Chipset, OS, and browser updates help prevent very serious attack vectors. (That's the reason why the browser's time measurement is only accurate to about the millisecond.)
So no. Browsers aren't the magic solution to everything (sorry Ubuntu Snap). They very much depend on the OS providing the assumed security guarantees. And even assuming no direct vulnerabilities in the OS, we can never exclude side-channel attacks, like what Meltdown and Spectre were (or still are if you refuse to update your system).
Here is an alternative Piped link(s):
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.
i know you guys are probably right when you say that security updates are important, but why exactly? give me an example of how i could be fucked over while i’m just mindlessly playing my steam games and watching twitch+youtube on a system that hasn’t been updated since 2016.
i blindly assume that as long as i don’t download and run stupid .exes or click stupid links, i am completely fine
You don't need to click anything suspicious. Remote code execution has in the past been done through images, PDFs, comments on some webpage, or supposedly trustworthy games. Just recently, Minecraft would let an attacker run anything on the victim's computer due to a vulnerability in Log4j.
If your computer is not directly exposed to the internet, you might get away with some security updates that for example fix vulnerabilities that target the system firewall. But the point is, you're constantly exposing yourself to attackers without knowing so.
A few example vectors:
There are a lot of things that could go wrong. And they go wrong daily. Security updates fix vulnerabilities that we constantly find. They may be updates for your browser, your games, or indeed your operating system, depending on where that vulnerability is. The examples I gave are exaggerated, because they're meant to be simple to understand. We do not find vulnerabilities in TLS every single day. Still, weak points are being discovered and fixed constantly. One of the bigger exploits were Spectre/Meltdown (attacks on the CPU) that let an attacker read any data they want, provided they can simply run some code on your computer in some way.
Also, obviously, if you expose yourself to the internet directly (e.g. port forwarding) or connect to an unsecure WiFi network, you'll be bombarded with automated attacks that exploit holes found in firewall and the likes. If you open a port on your computer right now, you'll get around a few hundred such knocks per day.
There are plenty of videos online that display what happens if you for example use a Windows 95 computer, either directly exposed to the internet or not. Might be worth watching to see just how easy it is for attackers to take over in the case of such an ancient system. Same principles apply to newer systems as well, the attacks are just more complex.
thank you for the explanation and the examples :) i will no longer be so ignorant about security updates