this post was submitted on 05 Nov 2023
476 points (91.9% liked)

Technology

55973 readers
3241 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
476
Your Windows 10 PC will soon be 'junk' - users told to resist Microsoft deadline (www.express.co.uk)
submitted 8 months ago by L4s@lemmy.world to c/technology@lemmy.world
399 comments fedilink hide all child comments
 

Your Windows 10 PC will soon be 'junk' - users told to resist Microsoft deadline::If you're still using Windows 10 and don't want to upgrade to Windows 11 any time soon you might want to sign a new online petition

you are viewing a single comment's thread
view the rest of the comments
[–] Lightor@lemmy.world 1 points 8 months ago* (last edited 8 months ago) (1 children)

You said there would be no new vulnerabilities. https://mander.xyz/comment/4923077

"On one hand yes, no more updates. On the other hand, no more new vulnerability and day 0 exploits."

You said exactly that.

Also these are not all found by white hats. And those vulnerabilities are what is used in an attack. Those are the tools and gaps being exploited. And that list always grows. I'm beginning to think you don't understand security well enough to be making these claims.

[–] M0oP0o@mander.xyz -1 points 8 months ago (1 children)

urgh, there are no NEW vulnerabilities in an old OS that does not get updates. What you are for some reason conflating (or using semantics) is newly DESCOVERED vulnerabilities. The same argument can be used for current OSs (here from that same site as you provided: https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-125370/version_id-1684079/Microsoft-Windows-11-22h2-10.0.22621.2361.html)

Just please show me one report of some home user in the last 5 years who was a victim due to an out of support OS.

[–] Lightor@lemmy.world 1 points 8 months ago* (last edited 8 months ago) (1 children)

urgh, there are no NEW vulnerabilities in an old OS that does not get updates. What you are for some reason conflating (or using semantics) is newly DESCOVERED vulnerabilities.

Jesus, so you're saying there will be no new ones made, now that is semantics. A vulnerability never discovered might as well not exist. But guess what you're also not getting, fixes for all those vulnerabilities. So your stance of "you get no updates, but you also don't get new vulnerabilities" really means "new vulnerabilities will continue to be discovered but you'll never get updates for them. They will just be published and known by all, like a guide book on how to pwn you."

The same argument can be used for current OSs (here from that same site as you provided:

Not it can't, what are you talking about? New OSs get updates to address these issues. An old OS never has them addressed, but known by the world, which is a huge security risk.

Just please show me one report of some home user in the last 5 years who was a victim due to an out of support OS.

If you need an anecdotal instance of a home user (totally ignoring businesses for some reason) then you don't have any concept of how these attacks work. Do you remember bleeding heart? Remember how it was used for years and never know? Hell "CVE-2022-22047" was only 2 years ago, and that was an elevated privileges attack, that could take down a whole company.

But ok, you need one that effects home users. How about this one: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23697

It allows printer jobs sent to the home PC to run any code they would like. This means pulling info from your PC or monitoring it.

or this: https://msrc.microsoft.com/blog/2022/05/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

[–] M0oP0o@mander.xyz 0 points 8 months ago (1 children)

Just give me one case of the exploit being used. That's all I ask. Not found, used.

[–] Lightor@lemmy.world 0 points 8 months ago (1 children)

They nearly all used, your inability to understand how they're used does not make it less dangerous. I've sat here and spoon fed you information over and over and you are at the point of asking for anecdotal evidence. You've shown yourself to not be knowledgeable about the subject at all, but fully willing to act like you are lol.

[–] M0oP0o@mander.xyz 1 points 8 months ago* (last edited 8 months ago)

You fed me the same info from the same people pushing new software though fear. You could find a single report (a news report, police statement, online complaint, anything) and easily put me in my place, but you did not. Now you are resorting to attacking my credentials as if that somehow changes the basis of my opinion.

I don't really care if you think I am not knowlegable, I don't work in the industry anymore and am happy I don't (mostly because of this sort of pointless tribalism).