No Stupid Questions
No such thing. Ask away!
!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules (interactive)
Rule 1- All posts must be legitimate questions. All post titles must include a question.
All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.
Rule 2- Your question subject cannot be illegal or NSFW material.
Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.
Rule 3- Do not seek mental, medical and professional help here.
Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.
Rule 4- No self promotion or upvote-farming of any kind.
That's it.
Rule 5- No baiting or sealioning or promoting an agenda.
Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.
Rule 6- Regarding META posts and joke questions.
Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.
On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.
If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.
Rule 7- You can't intentionally annoy, mock, or harass other members.
If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.
Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.
Rule 8- All comments should try to stay relevant to their parent content.
Rule 9- Reposts from other platforms are not allowed.
Let everyone have their own content.
Rule 10- Majority of bots aren't allowed to participate here. This includes using AI responses and summaries.
Credits
Our breathtaking icon was bestowed upon us by @Cevilia!
The greatest banner of all time: by @TheOneWithTheHair!
view the rest of the comments
No, I mean is it prone to being hacked now more than before? Or has MS actively pushing updates to worsen it to force people to move to Win 11?
It was simple to get extended security updates for w10 for a year. After Oct, it'll require payment for another year, up to 3 years total I believe.
Did something happen to Windows 10 that made them vulnerable?
Support has been extended, but 10 is EOL, which means soon™ it'll stop getting updates. Once that happens, any vulnerabilities that exist (discovered or not) will stop being fixed.
This doesn't effectively increase your risk as a consumer. It only increases risk at the enterprise and infrastructure level.
All threat models include who you are and the environment the OS is run in for a reason. Just browsing the web is fine as a consumer, until browsers stop targeting your OS for updates.
The main vector for infection for any OS isn't the OS itself. Malware doesn't just spawn on your computer the second you plug it in to a router (no matter what Trump's FCC thinks with their chinese router ban). It needs to get on your computer.
An up to date browser will prevent the majority of infections, with common sense preventing the rest. I kept Windows XP well into windows 7 years, and windows 7 well into windows 10 years before switching to linux. Just don't download malware, you'll be fine. Worst case scenario you keep a backup clone of your hard drive on a usb stick (which you should have anyway) and just reflash your drive every few months (or just switch to linux, it can do anything windows can do at this point with enough faffing about.)
You could download a Trojan that takes advantage of a known vulnerability.
It is part of the swiss cheese model.
Your browser could have a vulnerable plugin, or maybe the user delays updates.
I bought a USB drive off a sketchy guy in college which had auto-run Malware on it -- but it didn't work on Ubuntu.
Not a good idea to use an unpatched OS.
Just... don't do that?
This is part of Common Sense™. It's a package that every single human being in a developed country is taught in regards to technology, and has been taught since the 1990s. (2000s for developing countries like the US).
Every single person that interacts with a computer in a professional setting has been taught explicitly how to never have a single virus on their computer. And they have been repeatedly taught this every 6 to 12 months for the last 3 decades. It is only people that purposefully infect themselves or purposefully choose to remain stupid — not ignorant, just stupid — that get infected with Trojans.
See above, and the previous comment.
See above. You did not use common sense™. You chose to be stupid, despite your college freshman orientation clearly covering basic safety.
Kinda. For people like you and me, sure this sense is common. How many normies do you know that have your level of technical paranoia?
Here's an outlier example: I recently bought a carded, new micro SD card from the local brick and mortar because urgent reasons that don't matter for this story. I went to load up the card, and its capacity was only 8MB, rather than 256GB. More than that, it was also loaded with 3 different auto-run malware. I was prepared for something like this (well, not the inconvenience of a counterfeit card). How many here are genuinely prepared to deal with brand new card that came from a trusted retailer with malware? Do YOU genuinely expect malware in this context?
I think a little empathy and education can go much further than "I'm smarter, just git gud."
Good luck out there
Sec+ holder, I'll be fine. So will anyone with any amount of common sense.
Don't download strange executables. Use trusted sites. keep your browser up to date and run an effective adblock.
Congrats you've eliminated 99.9% of all attack vectors in use today. I guarantee you aren't going to be targeted by the last .1%.
All of these are best security practices. But read more about the swiss cheese model to know why you can't just tell someone, "run a vulnerable os, you'll be fine so long as you are perfect and nothing goes wrong."
The swiss cheese model assumes equal risk, or in other words fails to differentiate actual risk from multiple sources. You aren't being targeted by a state actor. DDoSing via zombies is more expensive (including risk capital) than using VPSs these days. The actual people targeting you are going to be bottom of the barrel commercial scammers and skiddies wanting the least possible effort targets, and again unless all the holes magically line up in your model, they won't ever get that. Your adblock is a layer, your browser is a layer, these days your DNS is a layer, your router is a layer, your search engine is a layer, if you live in a particularly hell hole your ISP is a layer. Given the inherent insecurity of WIndows it was never a layer.
If you care about security and/or are paranoid enough about security that you care about whether or not your OS is updated, you aren't on windows. No security professional will ever recommend windows, and all real world infrastructure using windows as a backbone never has windows as a security layer. Lets be honest if someone has access to any windows PC on your network, it does not matter if windows is up to date, they have total control over that computer, and its not windows nor windows server preventing access to other devices on the network.
Stand aside, Sec+ holder coming through
Edit: why don't you put your Sec+ badge in your lemmy comments so we can be impressed by your knowledge
You still need some sort of exploit to be able to hit your machine. If you’re behind a firewall and not raw dogging it on the internet then you’ve got a decent layer of security.
At that point it’s just your web browser (or your brain) that needs an exploit to for something bad to happen. And both chrome and Firefox will be supporting 10 for years to come.