• Karyoplasma
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    11
    ·
    1 年前

    I don’t. I’m blocking scripts and ads and don’t download obvious bait. Security updates are overrated.

    • Gestrid@lemmy.ca
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 年前

      Correct me if I’m wrong, but hacks like the WannaCry ransomware attack of 2017 don’t even require any user input. They simply require that you haven’t updated your computer. The reason so many organizations (including schools and hospitals) got hit with that attack despite Microsoft already having released a patch for it months earlier was because they didn’t update their computers.

    • Wilzax@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      1
      ·
      1 年前

      Tell me you know nothing about cybersecurity without telling me you know nothing about cybersecurity

      • Karyoplasma
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 年前

        I’m doing nothing sensitive on that machine, I just play video games there.

        • Anonbal185@aussie.zone
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 年前

          I hope you have that machine on a separate VLAN that’s completely firewalled, segregated from the rest of your network, with access to the internet but not the rest of your LAN.

          Because if it does then other devices on your network would be potentially vulnerable.

          I’ve worked with PC’s that are out of support and the company too tightarse to pay for windows updates. The LAN cable was unplugged and you could only access it by physically being on the PC, but it won’t work in your instance as you need the internet to play games.

    • Anonbal185@aussie.zone
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 年前

      Wow I hope you’re not doing your banking on that PC.

      Looking at the CVE for windows 7 after January 2020 (end of support)

      https://www.cvedetails.com/product/17153/Microsoft-Windows-7.html?vendor_id=26

      Doesn’t look pretty. Many exploits to give attackers elevation of privileges (administrator to your PC), remote code execution etc.

      These don’t require you to download “dodgy” software. It happens because parts of the windows source code isn’t coded to perfection (as with all software) and then the attackers exploit the code in a way not originally intended by Microsoft.

      This risk is elevated when the operating system is out of support because different windows systems share the same code base, so when Microsoft releases security updates and CVE reports to the internet, attackers can read these and find out how to attack unpatched systems even if they did not know about the exploit beforehand.

      So it’s imperative to apply the patches in a timely manner usually within 24-48 hours after release.

      On a side note windows 7 isn’t out of support, Microsoft is still releasing patches for it along with XP. Many enterprises have to use these operating systems for compatibility with their software, they are getting the updates because they’re paying Microsoft millions of dollars for them. So are you saying that other users of windows 7 are wasting their millions of dollars for “overrated” security updates?

      • Karyoplasma
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 年前

        Enterprises don’t use their PC exclusively to play video games, I don’t think. Maybe they do tho, would explain a lot of hasty decisions.