BenFenner wrote: ↑2023-09-10, 22:32
[...snip...]
Up until very recently, even just an old NAT device running OpenWRT or similar would be enough to keep a poorly-updated Windows XP box free of malware and intrusions all the way up to just a few years ago. Provided you used a very secure browser (see this forum), never clicked on any links in e-mails (typical good practice anyway), and ran excellent ad blocking. Oh, and generally just having good computer hygiene and a high degree of skepticism toward anything coming from outside your device.
[...snip...]
I feel like this was a really valuable post to see on a forum like this. I've noticed a sudden increase in recent years of people harassing each-other to do one thing or another in the name of what they perceive to be "security." And I think this is going to happen again with Windows 11, as it has with virtually every version of any software with dictatorial decisions behind it -- Some large chunk of people are going to cave into it no matter how bad it is, and then to defend their decision they'll take solace in tech journalists fearmongering about so-called "security," and then they'll take out their frustrations on people who continue to use older versions of the software by arrogantly accusing them of being "stupid" or "childish."
The problem is that software is just that: software. Even if it's proprietary, even if it's a black box, as long as it's reasonably simple, you can predict how it will work to some degree, and mitigate issues with it. This is the same way people are able to comfortably use an unmaintained program even though it has hundreds of discovered bugs. Much in the same way, old/unsupported versions of Windows have predictable behavior, and the issues with security that they have are
specific issues which we can take into account when we use it. There are two major overarching issues to think about:
- The operating system itself, and the services running on it. Since the switch to Windows NT, Windows has had many background services listening for requests, which can be exploited but in most configurations, only by an attacker on the same network. I think this is what Ben Fenner is talking about by using "an old NAT device running OpenWRT" -- having a secured Local Area Network behind NAT is enough to render your Windows XP/7/10/whatever computer effectively invisible to the outside world. Okay, it's a simplified explanation, but still. In many ways, attacks like this are actually the easiest to protect against, because most people are already protecting against it by default..it's just how their home network is configured either way.
- The software you use on top of the operating system. This is actually the biggest issue; software dropping support for old operating systems. A vulnerability in an outdated web browser could potentially mean visiting a page being enough to remotely execute code on your computer, a vulnerability in an e-mail client (for example) could mean that achieving remote code execution could be as simple as receiving an e-mail, you might not even have to open it. This is actually why it is all the more important for software developers to continue supporting old versions whenever it is trivial to do so if they actually care about security, and why Firefox, as one example, dropped support for XP much later than Microsoft did. Needless to say, the most dangerous piece of software most people probably use on their system is their web browser, and people are still developing updated and fully-functional web browsers even for as low as Windows 2000.
In other words, the situation is not as dire as people make it out to be. If we applied a practical understanding of security to this problem, you could argue that Windows 95 is still the most secure version of Windows ever produced, because it doesn't have anything running in the background listening for requests, and very few software for it is "web-enabled." And you could further extrapolate that Windows has actually been getting
more insecure over time, not less, as Windows 10 is ginormous by comparison and does so much more behind-the-scenes that it practically
requires constant automatic updates, where just a decade prior to its release, most people would shun and laugh at the idea of annoying auto-updates.
So, this might seem like a bit of a ramble, but I promise it's incredibly prescient. My point is pretty much that each new version of Windows is being designed (intentionally or not, I do not mean to imply any conspiracy here) to make you increasingly dependent on newer versions. You might mock or laugh at people using old versions, but I think it's admirable that they'd do the best they can to take control of the situation however possible before it gets too late -- they're taking a firm stance by doing that, and saying that they don't want massive corporations forcing horrible ideas down their throats. If you like Windows 10, I actually think you can and should continue using it well after official support ends given the advice above, provided you
know what you're doing.
And that's the thing, Windows 10 was arguably the first version designed to protect you from yourself. It became so complicated and inherently faulty that it needed to start beating you up every time you tried to change anything that could knock over the already-crumbling Jenga tower, so-to-speak. I don't think it's going to get better from here, but if you want to keep using it or any old version of Windows, you do need to know what you're doing. At least, enough to protect yourself from a situation that will only get more fragile in the future. However, there is nothing
wrong with using old software, as I've tried to explain, and it can even be healthy for security to help people who do it and cooperate on the issue, instead of making horrible assumptions about them and letting Microsoft do whatever they want. The problem is that Windows 10 being designed the way that it was implies that Microsoft knows that the vast majority of people already do not know what they are doing and will not be able to learn, and they're not necessarily wrong. The fact that this issue has demonstrated that most people's understanding of security boils down to "old thing bad" is a testament to that.
So, yes, using and supporting older versions of Windows is a conceivable alternative to "just upgrading because you have to," or even using something like GNU/Linux. I know it's very common among electrical engineers with ancient laptops and serial/parallel ports, as well as people in developing countries or poorer areas where access to newer hardware to run newer versions of Windows is scarce. There are definitely people out there who learn by trial and error or otherwise to do these things safely, and they really are fine. It's not the most future-proof solution maybe, but it's not something to deride people for either. If enough people are upset about the prospect of having to upgrade, people might start developing some degree of community support for something like Windows 10, much like what has been seen with Windows XP, and that's a good thing. We're stronger if we work together, after all, and I think this would be a much more positive outcome to hope and strive for than the more depressing future where everyone is forced to update to Windows 11, and then 12, 13, etc.
It is true, however, that something like Windows 7 isn't a great idea for modern hardware, I do get that. I would argue that not everyone
needs, or at least should need, newer hardware though. Computers were already pretty gluttonous specs-wise nowadays, and the vast complexity of software and hardware is going to be nothing but a fractal of issues further down the line, as it already very much is. Not everyone needs to drive a Ferrari to the grocery store, much in the same way people shouldn't need the latest AMD Ryzen gaming computer just to read e-mail. The fastest processor from 2010 is still just as fast as it was in 2010, and that's a remarkable feat as-is, at least to me. And if you're worried about that old hardware breaking one day, well...those aforementioned electrical engineers will tell you that they'll probably just keep fixing theirs until the end of time
