descender wrote on Aug 1, 2016, 19:14:
Barring the .5% of super-users that will get by regardless of updates... everyone else absolutely should have upgraded to windows 10 for free. They absolutely should have as much of their system upgraded and maintained by MS as humanly possible.
You're here till Thursday and I should try the veal?
Not upgrading was mostly foolish and advising "regular" users not to do was extremely bad advice. People are stupid and shouldn't be trusted to handle these things, this is how botnets run rampant and DDOS attacks become so effective.
Erm. This would be a good argument if Microsoft released security updates which never break anything. In reality, of course, you get shit like this:
Win7 patch is malwareOr this:
Win7 patch is BSODHow quickly people forget.
Microsoft, much like NVidia, is using their userbase as free beta-testers for their software. They're saving money on extensive QA departments because they rely on early adopters.
There was an incident a few years back when a Realtek driver was CORRUPTING DATA, i.e. actual files that you download, and it had WHQL certification from Microsoft!
Microsoft's QA is abysmal, and it cannot be trusted. In light of this, I would argue that those who leave updates to install blindly, are the dumb ones.
I understand that their weird nag campaign bugged a lot of people, but that doesn't "break the trust" of the update service. People have this weird idea that they actually "own" their Windows software and deserve total control over it. In reality you haven't actually "owned" anything more than a license to run Windows since 95.
There's a fundamental difference between the traditional Windows model and the SaaS model they pushed with Windows 10. They know that it will fuck with people's work, and then corporations will sodomize Microsoft, which is why the LTSB version of Win10 is limited to conservative (mostly security) updates.
The "little guy" is inconsequential, of course. But they know. They know it sucks, which is why with LTSB edition they behave like a bully who is suddenly all shy and friendly in the presence of a bigger bully.
They were technically and fundamentally correct in pushing Windows 10 upgrade notices as security updates so that no one skipped installing them. Not updating and continuing to use an older OS is a security risk that all users should be aware of and the new OS contains new security features that everyone should be utilizing.
The attack vectors themselves are limited, and generally they remain the same for every Windows OS. The majority of those exploits wouldn't even execute unless your machine is directly connected to the Internet, aka routerless or in the DMZ mode.
Others would be relying on the user to be dumb, which most of them are. You can't fix stupid with Windows 10.
Windows 10 is going to be proactively updated as much as possible and receive 0-day updates if necessary to address major issues as they arise. Windows 7 will continue to get updates... sure... but when? How frequently? No one can be certain of that.
I'm not so sure there's such a thing as true 0-day updates for an OS. If there is, it is a pretty bad thing.
You know who is the first line of defense when it comes to closing holes in Windows? Certain antivirus companies.
For example, Symantec's Intrusion Prevention feature is a packet interceptor which looks for patterns designed to create buffer overruns and other known exploit types in Windows OS, and not just the OS itself, but any exploitable program (like a browser) that is receiving TCP traffic which can potentially break it.
This system can actually stop threats before there are virus signatures generated for them, as long as their attack patterns are known to the system. It also stops them even if your browser or OS weren't yet patched against them.
Such systems, in modern times, should be used by everyone, because it is a far more stable and timely solution to have an antivirus company take care of it within their very specific and sturdy framework, than wait for Microsoft to get its shit together and release a patch which alters (potentially destabilizes) crucial system files and then starts nagging you to restart the system, after which you hope for no surprises.
In regards to installing batches of MS security updates, the same practice applies as to NVidia drivers - wait a month or two, see if there are cries of people with systems fried by any particular latest patch.