This is a great example of why it's irritating when people suggest antifeatures like telemetry or cumulative updates justify using old obsolete operating systems. (Aside from the fact both of those antifeatures have been backported to Windows 7, at this point.) The underlying platform of each successive Windows version is significantly more secure than the last.
Using a ten year old operating system just isn't justifiable in today's threat environment. Use Windows 10 or switch to Mac or Linux.
I see it the other way, this is a great example of why its irritating when microsoft holds security enhances behind anti-features. (on top of putting adware in their updates like that IE windows 10 update infobar they added shortly after GWX (that was included in a security update pack))
I did a job for a small (5 employee) tax/accounting firm that paid us to disable windows update on all of their windows 7 machines to avoid the windows 10 update after it brought down their entire office on a february monday by updating overnight.
I asked him about upgrading to enterprise versions of windows so things like that can't happen while still having updates, and his response was "I shouldn't have to pay microsoft more to gain control over my machine, so I'd rather pay you more to remove their control."
He's not wrong, neither are you. So the question becomes, who should give way? The user? or the corporation?
As far as I know, he is still on update disabled windows 7 for his office.
Users don't care about security, they care about usability, and when security gets in the way, users will bypass it, even if it means paying somebody to bypass it for them.
The current trend is to solve this by making security unbypassable by the device owner, but thats not sustainable, nor is it ethical.
> So the question becomes, who should give way? The user? or the corporation?
Ideally we'd move away from the situation where these are the only choices. This could happen in many ways: Some new runtime which is not platform-dependent and becomes popular. (maybe even dotnet core + gui?) Software vendors getting more interested in macs. ReactOS becoming stable/popular enough for office environments.
The current situation is broken. Either side giving way is a "meh" solution for the current situation.
Unless they want to change, it's kind of meh. If it doesn't come from real incentives, we'll just end up in the same place from another direction again. If this is profitable for them to continue, it's going to continue.
Where real incentives are in the "they'll be fined" or "users have better choices" categories mostly.
This is a great example of why it's irritating when people suggest antifeatures like telemetry or cumulative updates justify using old obsolete operating systems.
I'm sorry you find it irritating. The fact remains that we have experienced far more downtime due to Microsoft than due to malicious attackers, consistently, over many years now. Moreover, the only actual data loss we have experienced was also due to Microsoft, and the only attempted data exfiltration that we have detected has been due to software telemetry, with by far the worst offender being Microsoft.
Microsoft's behaviour in trying to promote an OS that forces updates even if they are broken, forces reboots even if you're in the middle of a long job, and requires uploading any sort of data of any kind to Microsoft without your meaningful consent is literally indistinguishable from malware. On an objective risk analysis, based on consistent patterns of actual behaviour over an extended period and known information about the behaviour of and intent behind Windows 10, I'll take my ten-year-old OS (where, by the way, we still have the option to not install either telemetry or non-security updates) over your antifeature-laden junk any day.
If you think I'm being unreasonable here, ask yourself why Windows 10 Enterprise doesn't require any of those antifeatures to be used.
You may be mixing home and business cases here. But presumably if these issues are important, you should be licensing Windows 10 Enterprise, and disabling any components you dislike.
From my personal experience, almost all of Windows 10's annoyances are relatively trivial to manage in a domain environment (if you've ever had a forced reboot on a domain, you just don't know how to manage a domain, Enterprise licensing is not required to manage updates fully) and I would say our overall system stability has gone up probably tenfold since shifting to a fully Windows 10 environment, alongside switching to solid state drives.
But presumably if these issues are important, you should be licensing Windows 10 Enterprise.
Small businesses and independent professionals typically don't have that option. This is the traditional market for Pro editions of Windows, but unlike previous versions, Windows 10 Pro is more like Windows 10 Home plus a bit than Windows 10 Enterprise minus a bit.
If Microsoft released a version of Windows 10 Pro that was actually aimed at professionals and treated us as such, we'd have no problem upgrading. As long as Microsoft presumes to have more control of our equipment than us, we'll continue with our programme of phasing out Windows and migrating to other platforms wherever possible.
The technical improvements in 10 are not in dispute, but the analogy of making a house perfectly secure by removing all the doors and windows comes to mind.
As I said in my original comment, I see no problem with moving to other platforms. I do see a problem with using obsolete, insecure operating systems like Windows 7. :)
Also, note that I do maintain an environment with Pro licensing, not Enterprise. So I am both aware of the limitations, and the steps needed to mitigate them.
Also, note that I do maintain an environment with Pro licensing, not Enterprise. So I am both aware of the limitations, and the steps needed to mitigate them.
If you know how to mitigate the antifeatures like forced updates, reboots and telemetry in Windows 10 Pro in a supported and future-proof way, please share. I'm sure a lot of people would like to know!
That may how your IT department has chosen to configure updates then. In a domain environment, you can configure about thirty options for how Windows Update works including what options the user has and whether or not to reboot automaticially, and approve individual updates at any given time you like. Updates can absolutely be held indefinitely.
And if Microsoft didn't treat its customers like sacks of exploitable data and idiots who need Candy Crush forced on them, then maybe people would've been more inclined to upgrade. The fault is with them, not the users; by actively alienating customers Microsoft has inherently made the world a less secure place.
And no, for those with massive Steam libraries and other Windows only software "just switch to Linux/Mac" isn't a viable or acceptable alternative.
I found that Candy Crush and other junk kept coming back after updates, wasting a lot of time and data. This combined with the crazy amount of telemetry sent to MS makes it less impressive from a security standpoint. It's a pity because Windows 10 does have great potential.
Must be peculiar to some users. I have used Windows 10 Home since 2015 on my laptop and yes, Candy Crush was installed the very first time I installed 10 (as a free in-place upgrade over 8.1), and I uninstalled it from the Store app and never saw it again in my menu. This despite upgrading through several versions of Windows 10 from 2015 to now (1809 at present.)
As for updates force rebooting, they only do so during designated non-active hours, which I set from 2AM to 5AM and leave my laptop on. By the next morning, its updated and ready to use.
One thing I don't like about 10 is how updates tend to uninstall my hardware manufacturer's drivers and replace them with vanilla Windows ones and I have to go through the tedious process of re-installing them. Happens most often with webcam and sound drivers.
Oh, and I don't use any hack software like ShutUp10 etc. This is just stock Windows.
As for updates force rebooting, they only do so during designated non-active hours, which I set from 2AM to 5AM and leave my laptop on.
This presumes that any hours can reasonably be designated non-active. For some professionals, and for that matter some home users if they work shifts or the like, that simply won't be the case.
The junk, including Candy Crush, was never downloaded or installed on your system. Those were just tiles that, if clicked on, would download and install them.
I mostly use Manjaro Linux for my work now because Windows can be quite annoying when trying to use many popular `nix-first` dev tools that I need to use. I also maintain a couple of Macs that are used for testing and doing stuff for iOS. I'm saying this to point out that I'm not some Windows zealot...
But I have 4 Windows 10 PCs in my house and dozens at work and I never had this problem. I see people on HN complaining about it every time a story about Windows 10 comes up though.
It's not a complaint that I've ever heard in real life either, ever, from anyone that I know that uses Windows 10 (that's a ton of people at my company.) It's also not a complaint that I hear outside of this kind of tech circle online very much.
I wonder if people who "know what they're doing" with computers take some drastic unnecessary action in Windows 10 that causes this problem?
This isn't about what's good or bad for Microsoft. You are making a very bad decision for yourself if you are trying to keep an old, insecure version of Windows. Having to spend five seconds uninstalling Candy Crush is not a good excuse for not using a vastly more secure operating system.
Also, a surprisingly large percentage of your Steam library will work on Linux. And you can always use a VM for those that don't.
> Having to spend five seconds uninstalling Candy Crush
Straw-manning arguments does not make your case more convincing. Trying to make NT10 a reasonable platform (rip out the dumb preloaded junk, neuter most of the spyware, make updates give the user some choice in when they're applied) takes a massive amount of effort and is a constant game of cat-and-mouse against MS.
Last time I checked, the three pillars of InfoSec were confidentiality, integrity, and availability. On Windows 10, way too much info is shared with MS, equating to loss of confidentiality by default. The update system is rather heavy handed, leading to loss availability (at possibly important times).
For the above reasons, Windows 10 is not secure enough for me. I still use windows 7 and have not experienced any security issues. Windows 10 has the potential to be more secure, but sadly MS choses to treat its users with contempt.
Read the fine article. It explains in detail why "number of bugs" doesn't matter. Each successive version of Windows has an increased number of mitigation technologies, making bugs in general less exploitable.
That would mean "fewer known and unknown bugs" if successive versions of Windows were otherwise identical, and if the mitigations, being the only changes, didn't carry any potential to introduce bugs as changes do.
> It's very common to think about computer security primarily in terms of fixing vulnerabilities. In reality, security teams spend a lot of their time on a different goal: making bugs hard to exploit. This often takes the form of lowering privileges and introducing exploit mitigations. Windows 10 has a lot of investment in those areas, whereas Windows 7 doesn't contain any of the improvements made in the last several years. That's why even though Windows 7 continues to receive security bug fixes from Microsoft, it is considerably less safe to use.
To be fair, I did not see anything recommending that the reader switch to Firefox; the article was mostly about "newer versions of Windows don't have the bugs shown".
Using a ten year old operating system just isn't justifiable in today's threat environment. Use Windows 10 or switch to Mac or Linux.