this post was submitted on 05 Nov 2023
475 points (91.9% liked)

Technology

59709 readers
2699 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Your Windows 10 PC will soon be 'junk' - users told to resist Microsoft deadline::If you're still using Windows 10 and don't want to upgrade to Windows 11 any time soon you might want to sign a new online petition

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 41 points 1 year ago (2 children)

Not having security patches on a system you do things like go to your banking website on is actually a pretty big deal, and I don't think it should be dismissed lightly. Also AV is mostly snake oil, and is in no way an adequate substitute for a properly patched OS.

[–] [email protected] 2 points 1 year ago (1 children)

Hi, someone that worked on banking stuff in the past.

You are not safe, nothing is even half as secure as it should be and you are most likely just using a web based front end puppeteering a much much older system. The browser you are on is normally the second weak point after your own dumb self and I have not even heard of one case (not saying there are none) of a OS related vulnerability with online personal banking.

[–] [email protected] 0 points 1 year ago (1 children)

I'm with you there. It's all layer upon layer of vulnerability and false security, and then at the bottom of all of it lurks the Ken Thompson hack.

Still bad advice to tell people it's okay to use an explicitly vulnerable OS, I think.

[–] [email protected] 1 points 1 year ago

But in that lies the rub, how is it explicitly vulnerable?

[–] [email protected] -2 points 1 year ago (1 children)

It's not as big a deal as you think because most banking hacks are done via browser vulnerabilities rather than OS vulnerabilities. The exception being if you've somehow managed to install a keylogger, in which case the issue is the user and a decent AV should detect and block the keylogger.

As long as you use a browser that gets the latest updates (Firefox, Vivaldi, Chrome), run a decent AV, and don't install dodgy software you downloaded from some dodgy site, you should be ok.

AV is definitely not snake oil. I worked in Enterprise IT and a robust AV alongside other security measures is a must and does catch alot. More than the built in Windows security catches. Plus the AV normally incorporates a virus/malware removal tool which tends to be better than Windows built in tool.

[–] [email protected] 3 points 1 year ago (1 children)

Would you advise your enterprise clients that running Windows unpatched is 'not a big deal as long as you have patched web browsers and AV'? Of course not. Because that's dangerous advice and could even open you up to legal liability.

So why would you advise otherwise to home users, who are often more vulnerable in the first place?

[–] [email protected] 3 points 1 year ago (1 children)

Because home users are not Enterprise users. They are not nearly as juicy a target.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

If we are talking about malware and vulnerabilities, home users are a far bigger and easier target then corps.

Corporations have a custom firewall, proxy servers, VPN connections for all clients and double safeties for all important processes. While they are an interesting target for big organisations like terrorists and secret services, they have near to no value for the average Internet thiefe. Even if one could get in, there are no bank accounts lying around with money in them.

Home users have none of that, once you are on their PC you get everything. Sure their bank account will only net you a few thousand on average, but you get it easily.

[–] [email protected] 2 points 1 year ago (1 children)

What? Why would you get anything from a home user that you would not get from a corporate user? In fact I think you will find they get all the juice from the person (staff) and then extra from the business (and access to more victims).

You also have to factor in the sad fact that the age of viruses and malware has largely become the age of phishing and scams. People found out you don't need malware when you can just trick people into giving you access anyway. This endless fear of missing updates is now mostly just marketing.

[–] [email protected] 3 points 1 year ago

Very well said 👍