Running a 14 year old operating system in the world we live in today is dangerous and stupid.
If you don't like newer Windows, that's fine, don't use Windows. But operating systems that old should be relegated to airgapped machines for historical purposes.
> Running a 14 year old operating system in the world we live in today is dangerous and stupid.
Forcing an upgrade treadmill on your users just to shake them down for a few extra advertising dollars in the world we live in today is dangerous and stupid.
> If you don't like newer Windows, that's fine, don't use Windows.
I don't believe that Windows 11 was at all necessary to achieve this security nirvana.
Well, Windows 10 is necessary currently. At the moment 11 doesn't offer any real improvements above it yet from a security standpoint. But obviously Windows 10 only officially has about two years of life left, though I expect Microsoft to extend it.
Last year I found an old xp machine that I wanted to show to a kid to learn to mess with.
Took me hours to get Firefox because everything else refuses to work. That was because I remembered the Mozilla download site directly.
Then, programs screaming end of support and security and vulnerability and what not.
WHAT IS THE THREAT MODEL HERE?
I come from a place which got high speed internet only 2 years ago. Until then, EVRRYONE USED TO DISABlE WINDOWS UPDATE, because data was precious and guess what happened, nothing.
You actually believe if I use Firefox with ubo on windows 7 that suddenly malware would jump on my machine, turn it into a bot and destroy data?
What about using office tools like excel or say libreoffice.
If a windows 7 or xp is connected to internet and you don't use a browser, will it still get infected?
> You actually believe if I use Firefox with ubo on windows 7 that suddenly malware would jump on my machine, turn it into a bot and destroy data?
https://www.cvedetails.com/cve/CVE-2011-5046/ is a remote-code-execution attack that works via setting the height of an IFRAME because the graphics device interface doesn't vet the size of the resulting buffers generated to support that IFRAME.
It won't just jump on your machine, but it is a threat you may be continuously vulnerable to for every website you choose to access with an insufficiently-patched Win7 install. And with Win7 now EOL, there are fewer eyes on it looking for vulnerabilities that will report those vulns.
The world we life in is dangerous and stupid. A always on, surveillance first, roll it out while it's red Schrott OS might bei alot worser than old abandon wäre that at least doesn't actively try to deprecate perfectly fine hardware.
I felt that explaining why water is wet was probably not worth my time, but someone suggested if I needed something very basic explained, I should try ChatGPT. Here you go:
Security vulnerabilities: Operating systems, like any software, are prone to security vulnerabilities. As time passes, these vulnerabilities become more apparent and are exploited by hackers and malicious actors. A 14-year-old operating system lacks the latest security updates, leaving it highly vulnerable to various cyber threats, including viruses, malware, and hacking attempts. Security patches and updates provided by the operating system developer help address these vulnerabilities, but they are typically discontinued for older versions.
Lack of support and compatibility: As technology advances, software developers focus their efforts on creating applications and tools compatible with the latest operating systems. By running an outdated operating system, you severely limit your ability to use modern software and benefit from the latest features and improvements. Moreover, software developers and tech support teams usually stop providing assistance and compatibility updates for older operating systems, leaving you stranded if you encounter any issues.
Incompatibility with newer hardware: Old operating systems may lack the necessary drivers and support for modern hardware components. This means you may have difficulties installing and using new devices, such as printers, scanners, or graphics cards. As hardware manufacturers continue to innovate, they prioritize compatibility with up-to-date operating systems, making it increasingly challenging to integrate old systems with new hardware.
Missing out on advancements: Operating systems have come a long way in the past 14 years. Newer versions offer significant advancements in terms of performance, stability, user experience, and productivity features. By sticking to an outdated operating system, you miss out on these improvements, making your computing experience less efficient, less secure, and less enjoyable.
Lack of software updates and features: Older operating systems no longer receive software updates, bug fixes, or new features. This lack of support means you won't benefit from improvements that enhance usability, introduce new functionalities, or address software issues. It also restricts you from accessing the latest applications and services that may require newer operating system versions.
Compliance and legal concerns: Depending on your use case, running an unsupported operating system could lead to compliance and legal issues. Organizations, particularly in regulated industries like finance or healthcare, are often required to maintain up-to-date and secure systems to protect sensitive data. Failure to comply with these regulations can result in penalties, loss of reputation, and legal consequences.
It's crucial to keep your operating system up to date to ensure the security, compatibility, and functionality of your computer. By running a 14-year-old operating system, you expose yourself to unnecessary risks and miss out on the benefits of the advancements made in recent years. It's generally recommended to upgrade to the latest supported operating system or a version that is still receiving security updates to ensure a safer and more productive computing experience.
> drive-by system takeover isn't on your threat list?
How would that "drive-by system takeover" happen?
AFAIK, Windows 7 came with its network firewall enabled by default, so most services wouldn't be exposed to the network. And that network is often a local network, with another firewall separating it from the rest of the Internet. For many users, the only exposed attack surface would be the web browser itself.
Firefox is I believe the last browser here to announce dropping Windows 7, but a ton of web-connected OS features in Windows 7 use Internet Explorer to load content, and dangerously outdated IE at that. At least with Windows 8, also a bad idea, many of those connected features use the legacy Edge engine which is (marginally) better.
Nope. The machine's behind a router and its own firewall. Most JavaShit is disabled in the web browsers. Why would a drive-by attack be in my threat model?
There's a lot more ways to exploit a Windows OS than JavaScript if you load websites at all. We won't even get into "if you ever read an email or open a document".
Sure, fonts local to my machine. Remote fonts can go to hell, and I've likewise got cookies and JavaShit all blocked as emails go because WTF does email need them for?
Seriously, my threat model doesn't include anything that updates claim to guard against. I'm not a fucking enterprise server, nor does any government specifically want my shit. Try arguing for me to update my router before talking about the virtues of Windows updates, at least that might alleviate random port scans and the like which are in my threat model.
I'm far more likely to get pwned by some service getting hacked and leaking my shit rather than /me/ getting hacked. People who scream at me that EOL Windows is dangerous can go pound sand, because they have no clue WTF they're crying about.
iframes are purely an HTML element. Of course, this flaw is patched in the latest Windows 7, but it's a great example of the potential risks nonetheless.
If you don't like newer Windows, that's fine, don't use Windows. But operating systems that old should be relegated to airgapped machines for historical purposes.