John connor wrote:
Why I don't use updates. Haven't used them since 98se.
Not been hacked, no malware, none of that fear mongering BS. I just knew that the update would mess up people's computers. Because I know quality control at M$ is out the Window.
John Connor - My systems have been hacked just the once, properly hacked. I'm still unsure as to how. So, don't assume that because it hasn't happened to you (it may have done and you may not know) that it won't happen. For a long while I supported PCs and many that came in had been infected/hacked. The possibility exists and the reality is that it happens.
My own personal infection almost certainly came through an exploit that allowed read access to files. I have always tried to avoid using all Microsoft products except the o/s to prevent higher privilege access to system resources but somehow a script/program accessed my system was able to do some file access. It looked for Filezilla passwords which it knew were stored in plaintext in a set location. It infected 40 of my Joomla sites with penis enlargement links...
All sites had to be rebuilt from backups.
Filezilla at that time took any password you entered to access a site and stored it, even if you hadn't told it to - it stored the passwords and did so in plain text in an XML file. It didn't bother to obfuscate/hash or provide you with an option to prevent this. The developer refused to change this default behaviour even when he was informed that his program was acting as a trojan horse for malware devs to exploit. It had been used as a well-known hack exploit for thousands of malware injections for years. His response was "you should use a secure o/s instead of Windows".
I have tried to damage filezilla's reputation ever since as I was so unimpressed by that devs appalling attitude, ignoring suggestions to tighten his ship even though he knew it was a point of failure and exploit. The point is that despite even the best intentions any software can give your system vulnerabilities, you can be infected and if you take no precaution you may not know you have already been hacked.
PS. On a separate instance at a different time, someone tried to transfer thousands from my wife's account and they were able to use her password on online banking with a major UK bank. It was only stopped as the transaction was so strange the bank closed her account. We still don't know how they took her password as she only entered it ever through supposedly secure school computers... An example of an unknown exploit.