Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > alt.comp.os.windows-10 > #182002

Re: What is critical Windows 11 hardware

Show all headers | View raw

On 2/5/2025 6:53 AM, John C. wrote:

> consideration to running two computers from this point:
> 
> 1. an air-gapped one running Windows 7
> 2. another for accessing the internet and running a bare minimum of
> programs for doing so.
> 
> File transfers via thumb drive or portable hard drive, often after
> running anti-malware scans on such files.
> 
    I've read that the CIA does that. The only organization,
apparently, with the common sense not to put their databases
online for "convenience". But it seems like an awfully lot of
trouble for normal use. And transferring files via USB stick
would potentially compromise security.


   For people who understand nothing of computers, letting
Microsoft handle their system is probably a necessary evil.
However, if you're somewhat handy then keeping up
with the MS services dripfeed is neither desirable nor necessarily
safer.

  Look at a list of patches in a month. Here's a typical sample
from Sept 2024:

https://isc.sans.edu/diary/Microsoft+September+2024+Patch+Tuesday/31254

   Most of the issues are potential elevation of privilege,
remote execution, or bugs in MS software. Most problems
can be avoided with basic security: Minimize script in the
browser, email and office programs, and PDF programs.
Avoid script, period. Use a good firewall. Don't use remote
execution software. If you can call into your computer
remotely then you're a sitting duck. Avoid MS software.
They make great stuff, but they always put functionality
far ahead of security. (Executable code in an office doc is
wildly reckless.)

     This is all common sense on a SOHo install.
Microsoft's bug fixes are especially aimed at corporate
workstations where employees are running restricted and
there's no protection from the network.

   In short, a SOHo machine should have all the windows and
doors to the outside locked. A corporate machine has the front
door wide open, but all inside cabinets and rooms are locked.
One trusts the user but not the outside. The other is the
reverse.

   What do you get beyond patches you shouldn't even need
with MS patches? You get
the odd fixed 0-day vulnerability. But if you avoid MS
software in the first place, and avoid risky businesss like
Remote Desktop, then the main attack vector is either
the browser or tricks, like emails that appear to be from
your bank. (You also shouldn't be reading email online
in a browser. It should be read text-based and it shouldn't
be able to load remote images. TBird blocks remote by default,
so it's hard for anyone to imitate your bank, the IRS, etc.)

    So MS patches are not useless. But how useful are they?
Not very. And there's always a risk of problems. People forget
that newsgroup discussions didn't used to be mostly about
what broke in the latest dripfeed update from MS or Mozilla.

   I was using XP as my main computer until less than a year
ago. I've never had malware. I haven't run AV software since
about 2000. But I know how to be careful.

   Despite my frequent criticism of MS, I've been pleasantly
surprised with Win10 and even Win11... at least after some
2 weeks of hunting down fixes and tweaks. For people wary
of Win11, I've found it quite usable, aside from the glaring
issue of the broken taskbar. But even that's fixable. And the
update seems to often work on systems where officially it
shouldn't. However, I would add the one caveat that neither
one of these systems should be used without blocking out
Microsoft from unexpected intrusions and unwanted changes.

   Unless you actually want to be a halfwit left prattling with
Copilot, you need to seriously consider ongoing security from
MS. Win11 is probably destined to be a shopping service for
fools -- a consumer product more than a productivity tool.
(I just read yesterday that a Copilot button is being added
to Paint.)

Back to alt.comp.os.windows-10 | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread

Thread

What is critical Windows 11 hardware Oliver <ollie@invalid.net> - 2025-02-04 01:15 -0700
  Re: What is critical Windows 11 hardware Paul <nospam@needed.invalid> - 2025-02-04 06:39 -0500
  Re: What is critical Windows 11 hardware Andy Burns <usenet@andyburns.uk> - 2025-02-04 11:50 +0000
    Re: What is critical Windows 11 hardware Oliver <ollie@invalid.net> - 2025-02-04 15:36 -0700
  Re: What is critical Windows 11 hardware Newyana2 <newyana@invalid.nospam> - 2025-02-04 07:35 -0500
    Re: What is critical Windows 11 hardware Paul <nospam@needed.invalid> - 2025-02-04 08:39 -0500
      Re: What is critical Windows 11 hardware Frank Slootweg <this@ddress.is.invalid> - 2025-02-04 14:09 +0000
        Re: What is critical Windows 11 hardware mummycullen@gmail-dot-com.no-spam.invalid (MummyChunk) - 2025-02-04 21:13 +0000
          Re: What is critical Windows 11 hardware Newyana2 <newyana@invalid.nospam> - 2025-02-04 19:49 -0500
            Re: What is critical Windows 11 hardware "John C." <r9jmg0@yahoo.com> - 2025-02-05 03:53 -0800
              Re: What is critical Windows 11 hardware "John C." <r9jmg0@yahoo.com> - 2025-02-05 04:02 -0800
              Re: What is critical Windows 11 hardware Newyana2 <newyana@invalid.nospam> - 2025-02-05 09:28 -0500
              Re: What is critical Windows 11 hardware Char Jackson <none@none.invalid> - 2025-02-05 17:55 -0600
          Re: What is critical Windows 11 hardware Char Jackson <none@none.invalid> - 2025-02-04 19:13 -0600
            Re: What is critical Windows 11 hardware Java Jive <java@evij.com.invalid> - 2025-02-05 12:10 +0000
              Re: What is critical Windows 11 hardware Graham J <nobody@nowhere.co.uk> - 2025-02-05 12:55 +0000
  Re: What is critical Windows 11 hardware Java Jive <java@evij.com.invalid> - 2025-02-06 13:26 +0000
    Re: What is critical Windows 11 hardware Java Jive <java@evij.com.invalid> - 2025-02-06 17:04 +0000

csiph-web