News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Windows 10 more vulnerable?

    Home Forums AskWoody blog Windows 10 more vulnerable?

    • This topic has 17 replies, 7 voices, and was last updated 2 weeks ago.
    Viewing 9 reply threads
    • Author
      Posts
      • #2378598
        Susan Bradley
        Manager

        ISSUE 18.27 • 2021-07-19 PATCH WATCH By Susan Bradley Every month brings the usual suspects — zero-day vulnerabilities, remote code execution, denial
        [See the full post at: Windows 10 more vulnerable?]

        Susan Bradley Patch Lady

        1 user thanked author for this post.
      • #2378603
        Alex5723
        AskWoody Plus

        the bugs in each version, Windows 10 has more bugs this month than Windows 7

        Windows 10 has more bug than Windows 7, Windows 8/8.1 EVERY month since day 1.
        Every month Windows 10 has Windows 7 bugs + Windows 8 bugs and adds bugs of its own, which shows that some of Windows 10 bugs are decade old.

        • #2378643
          doriel
          AskWoody Lounger

          Windows 10 bugs are decade old

          Not only bugs. Its basis is over decade old. Who remembers XP will know, that rounded corners were already there in the 2000s. In 2021 prepare to be amazed by the brand new context menu 🙂 well.. not so new.. just transparent.

          More added functionality every build means, that there are more and more weak spots. Its not in the power of human to make 100% secured system. Im not surprised.

          The fact is, that the newer system has more discovered vulnerabilities, because the system “is alive” and lot of developpers is digging into it.

          Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 20H2 Enterprise

          HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

          PRUSA i3 MK3S+

      • #2378629
        anonymous
        Guest

        Playing “devil’s advocate”, taking a contrary viewpoint, is it possible that the number of bug fixes for each version of Windows is not a good metric of the real relative quality of each version of Windows, but just a natural consequence of Microsoft’s bug fixing process?

        I have no specific knowledge of Microsoft, but I have worked in software development for other companies and “management” want their staff to concentrate on the money making areas, which usually means the latest versions of things.

        If this is also true for Microsoft (which is likely), their bug fixing will concentrate on Windows 10 (and probably the latest version of W10). They may not have staff explicitly looking for and fixing bugs in W8.1 and W7 (or earlier versions of W10). However different versions of Windows are not completely new, but inherit much from earlier versions, so it makes sense to copy (or “port” in the software development jargon) bug fixes found in W10 to the corresponding source files in W8.1 and W7.

        However W10 includes extra “features” (in the general sense of the word), so not all W10 bugs will have corresponding bugs in W8.1 and W7 (without these extra W10 “features”).

        Thus, each month there will be more W10 bugs, than W8.1. and W7 bugs, and similar numbers of both W8.1 and W7 bugs (and occasionally slightly more W8.1 than W7 bugs, because W8.1 has more “features” in common with W10, but not in W7).

        I haven’t kept a detailed record, but from memory having both W8.1 and W7 PCs, this is what we see.

        I’m not making any claims about the real relative quality or security of the different Windows versions, just making the point that the number of bug fixes each month for each version might not be a good indication of relative quality.

        Just a thought!

         

      • #2378722
        Ascaris
        AskWoody MVP

        From the article:

        But as Microsoft layers on more protections in Windows 10, it opens up more vulnerabilities. A case in point is Windows Hello (facial recognition instead of passwords), which can be tricked into allowing an attacker to bypass the authentication (see Bleeping Computer).

        It is considered a bad practice to use biometrics instead of a password. Biometrics can increase security if they are used in conjunction with a password, but to use them alone is not a good idea. Yes, it’s more convenient, but security isn’t.

        A Twitter user put it best: “Telling Windows Home users that they should actually want to use new PCs with Windows 11 so they can take advantage of VBS defenses that “stop 60% of malware” when Home edition doesn’t even get most of those defenses, really is pretty crappy.”

        Indeed, but that’s been the norm for the “new” Microsoft under Nadella. They’ve been lying to users for years, like when they said that older versions of Windows would not run properly on newer architectures (Kaby and newer on the Intel side), which was blatantly false. If it had been true, they would not have had to put a Trojan horse in an update to break future updates (deliberately leaving the PC vulnerable to third party malware) to get people to stop putting Windows 7 (or even 8.1) on newer PCs. If it didn’t run properly, that would be a big enough disincentive.

        It’s not much different than how they just told us that we have to have 8th gen or later (again, on the Intel side; I haven’t used an AMD CPU in a while, so I have not kept up with the requirements for AMD) to have the features that support the Windows Driver Model. That wasn’t true either. At best, the newer generations have the virtualization features MS wants all Windows 11 users to have even though only a subset of those can apparently benefit from them.

        All of that fits right in with the deception and dark patterns MS has been using to promote Windows 10 from the start, not to mention the “oops” moments when “bugs” conveniently reset people’s Windows 10 PCs to the settings MS wanted rather than those the owners of those PCs had selected.

        Don’t get me wrong. I’m looking forward to the advances that the Trusted Platform Module can bring to the table.

        You don’t need Windows 11 for that. Windows has had the capability of using those for years, and all PCs certified for Windows were supposed to have one since 2015. It’s another little bit of deception to suggest that you need Windows 11 to get the benefits of that feature.

        A TPM is not a magic little thing that increases security just by being there. It’s a tiny bit of protected memory that is meant to store secrets like encryption keys, and to be able to detect if any potentially malicious change has occurred in the environment in “lives” in before releasing the information.

        It’s a niche thing that benefits some people in some circumstances, but it’s far from universally useful (the kind of thing that it would make some kind of sense to make mandatory). The laptop I am using now to write this (my Dell XPS 13) has TPM 2.0 functionality, but it’s idle at the moment. I don’t have any need for it, even though I do have security features enabled, like an encrypted volume on the PC. I don’t keep the encryption key stored in the “secure” TPM when it is not in use; it isn’t stored on the PC at all. When the PC is off, the key is not on it, and no matter how relatively secure the TPM may be, it’s not as secure as the secret not being there in the first place.

         

         

        Group "L" (KDE Neon Linux 5.22.4 User Edition)

        5 users thanked author for this post.
        • #2378731
          b
          AskWoody MVP

          It’s another little bit of deception to suggest that you need Windows 11 to get the benefits of that feature.

          Where did Microsoft suggest that?

          Windows 10 Pro version 21H2 build 19044.1151 + Microsoft 365 (group ASAP)

          • #2378930
            Ascaris
            AskWoody MVP

            Where did Microsoft suggest that?

            Here, for one:

            Security. Windows 11 raises the bar for security by requiring hardware that can enable protections like Windows Hello, Device Encryption, virtualization-based security (VBS), hypervisor-protected code integrity (HVCI) and Secure Boot. ”

            The hardware they require that “can enable protections like Windows Hello, Device Encryption” is the TPS, and it was already required for 10, and 8.1, and 8. But they didn’t mention that bit! It’s like how one of the beer companies started advertising some bit of beermaking that all of the beer companies do, with the obvious implication being that no one else does it, and that you should buy their product because it’s better that it does this one thing. They wouldn’t be pushing the point for any other reason… there’s no need to advertise something that everyone does, and people tend to think that no one would.

            Susan is something of an authority on many security-related things with Windows, but even she had said that she was looking forward to the things TPM would bring to the table, even though those benefits have been at the table for more than five years. I don’t think that was by any means an “oops” on Microsoft’s part.

             

            Group "L" (KDE Neon Linux 5.22.4 User Edition)

            • #2379290
              b
              AskWoody MVP

              The hardware they require that “can enable protections like Windows Hello, Device Encryption” is the TPS, and it was already required for 10, and 8.1, and 8. But they didn’t mention that bit!

              Depends what your definition of “required” is!

              For 8/10, TPM was required of OEMs; but not to install/run Windows:

              Hardware-assisted security, which has been an optional part of Windows 10, is now mandatory, which means Secure Boot and device encryption are available by default to protect against increasingly sophisticated online attacks.

              Windows 11 FAQ: Everything you need to know

              No tips or tricks were ever needed to do anything on Windows 8/10 without a TPM.

              Windows 10 Pro version 21H2 build 19044.1151 + Microsoft 365 (group ASAP)

      • #2378774
        anonymous
        Guest

        That is certainly the result of throwing in all sorts of “stuff,”  (i.e. features) without serious testing.  What ever happened to the concept so successful in normal business–you want extra, you pay extra?  How many home users or even small business need or want all the stuff that comes embedded with Windows-10?  There was a solid reason behind the different SKUs of Windows-7 and before.  The critical problem facing MS, if they choose to recognize it, is that Windows-11 gives them the opportunity to atone and publicly admit their past mistakes and return to when Windows was a solid and reliable OS.

        1 user thanked author for this post.
      • #2378824
        win7patchme703n.com
        AskWoody Plus

        I run 0patch (zero patch) software on both Win7 and Win10. On Win10, it issues zero day patches for new threats, days or even weeks before msoft. On Win7 it does zero day plus patches to cover what msoft stopped when they stopped supporting Win7 security. I am just an end-user, not linked in any to 0patch.com.

        2 users thanked author for this post.
      • #2378906
        anonymous
        Guest

        Yeah, Microsoft sure loves their features and gimmicks.

        Meanwhile in the real world, a Microsoft screw-up just exposed NTLM password hashes to ordinary users and even sandboxed apps in Windows 11 and the latest versions of Windows 10. This means escalation of privilege for any attacker with the computing power to crack some (notoriously easy) NTLM hashes.

      • #2379001
        BobT
        AskWoody Lounger

        Most secuuuuure OS ever, remember?

        2 users thanked author for this post.
        • #2379179
          doriel
          AskWoody Lounger

          Just PR and marketing. Maybe most secure, but it should be last OS ever too 🙂
          I totally lost any beliefs in such statement what so ever. Its like trying to make driving safe 100%. You just cant reach that goal. You can make driving easier (steering and breaking assist and other assits). But adding those assists to the car does not guarantee you cant crash. Also, such functions creates another tens or hundreds risks, that were not present in the mechanical car in the first place! Old Buick from 1990 its harder to drive it, but you cannot crash, because you are playing with the touch panel and trying to watch Fast and Furious on the TV while driving.

          You are as safe as you behave. You cannot blame others for empting your account if you wrote your banking password on your monitor! Not you, @BobT36, just people in general 🙂

          Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 20H2 Enterprise

          HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

          PRUSA i3 MK3S+

          1 user thanked author for this post.
      • #2379021
        win7patchme703n.com
        AskWoody Plus

        Elephant in the room: Microsoft is getting 50%ish of the $10 billion US DoD cloud-computing contract. Either DoD will have 70 hacks per month or MS has totally bulletproof code for them and can’t or won’t fix Windows 7 and/or 10. Think about it. Perhaps Win 11 will come with a EULA that does not relieve MS from liability for hacks due to not testing code, removing ALL buffer overflows, etc. Sigh …

      • #2379030
        Alex5723
        AskWoody Plus

        $10 billion US DoD cloud-computing contract.

        The contract has been canceled.

        1 user thanked author for this post.
    Viewing 9 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: Windows 10 more vulnerable?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.