If you want to keep running Win10, look into 0patch. They do in memory patching and are MUCH smaller, it’s what a real OS manufacturer would put out.
skisnow@lemmy.ca 5 months ago
How bad would running Windows 10 past support be exactly? Seems like most vulnerabilities should have been patched by now.
Passerby6497@lemmy.world 5 months ago
BlackPenguins@lemmy.world 5 months ago
I wouldn’t be surprised if there’s a conspiracy where Microsoft purposely left a massive hole in windows 10. And they are going to attack their own system in 2 months and be like “oh noez, welp guess you have to come to windows 11”.
Blue_Morpho@lemmy.world 5 months ago
They don’t care about forcing you to 11 other than it saves them development costs. All the ads and spyware are also in 10.
BlackPenguins@lemmy.world 5 months ago
But 11 has spyware at unseen levels with AI. They want you on 11 for your data. That’s why they keep asking me to upgrade every week after I decline.
Linux isn’t an evil corporation. That’s not a fair comparison.
LastYearsIrritant@sopuli.xyz 5 months ago
There’s always going to be vulnerabilities, that’s why they’re ending support. They don’t want to spend time updating an OS they don’t want people using.
Windows 10 is probably fairly secure… today. In 2 years, someone might discover a new vulnerability, and you won’t get the update. If there’s a new way to do web security and the browsers need OS support to implement it, you’ll be stuck on legacy security settings.
skisnow@lemmy.ca 5 months ago
Out of curiosity, does anyone know how many critical vulnerabilities are currently unpatched in Windows 7?
Rooster326@programming.dev 5 months ago
It’s not going to take 2 years…
New vulnerabilities are found on a daily to weekly basis.
To put this in perspective. In 2024 there were 1360 reported, 587 vulnerabilities confirmed with 33 of them deemed critical.
I would guess that there are critical vulnerabilities that are right now being worked on because there is no concern of the exploit being patched.
prof@infosec.pub 5 months ago
See an example here:
Microsoft said both issues could allow attackers to execute code with elevated privileges, although there are currently no indications on how they are being exploited and how widespread these efforts may be. In the case of CVE-2025-24990, the company said it’s planning to remove the driver entirely, rather than issue a patch for a legacy third-party component.
The security defect has been described as “dangerous” by Alex Vovk, CEO and co-founder of Action1, as it’s rooted within legacy code installed by default on all Windows systems, irrespective of whether the associated hardware is present or in use.
New attack vectors are found constantly. Having no support can very likely result in a system that can be automatically breached in a few weeks to months.
As long as you don’t have a public IP on your device and are in a trusted network you should be fine. But if you use a public wifi or somehow expose a port to the internet you’re increasingly vulnerable for each day after the last security update.
Holytimes@sh.itjust.works 5 months ago
Short term honestly likely fine for your avg person. After even six months tho I wouldn’t trust using it for banking, government sites or anything more sensitive then looking at cat memes.
Rekorse@sh.itjust.works 5 months ago
Its probably more lazy than anything. Security always depends on what you need to protect. If you want to keep using it, dont keep sensitive information on it. People will target vulnerabilities in Windows 10 as time goes on.
AlDente@sh.itjust.works 5 months ago
Extended security updates are available. This can be activated for free using Microsoft Activation Scripts.
Microsoft tech support has been repeatedly caught using these scripts to resolve support tickets for license issues. (bleepingcomputer.com/…/microsoft-support-cracks-w…) Also, the open source MAS code is hosted on Microsoft-owned Github, so they are appearantly not very concerned with people taking advantage of this exploit.
If you go this route, please also see the FAQ entry here. There is currently a glitch with commercial ESU keys (which this uses) and Windows Update will continue to claim that your device will no longer receive security updates. This is also effecting W10 LTSC systems. However, you can verify that the license key is active through Command Prompt and instructions are given in the FAQ.