Thanks for the comments. Again, as with my earlier post, I generally agree, but it has to be taken in context. In this case, for instance, to the best of my understanding the Fallout exploit kit is based on browser vulnerabilities and not OS vulnerabilities. It underscores the importance of running an updated browser. But even without that, I presume that a good antivirus program would block it; certainly, the analysts at BitDefender who published a paper on this exploit state that their product blocks it, and this should be true for any good antivirus product.
This also highlights the point that the latest updated OS is not a protection against malware that does not exploit an OS weakness, but rather, a weakness in some other component, like a browser or the user himself inadvertently allowing malware to execute (the famous aphorism that the weakest component of any computer system resides between the chair and the keyboard ).
Incidentally, I do in fact run an ad blocker, but I don’t consider it a particularly crucial defense against malware compared to good practices and a competent antivirus protection along with a router firewall. I’m not a security expert but believe me, I know the kinds of things that lurk out there – on rare occasions I’ve enabled FTP service on my computer (and opened the corresponding ports in the firewall) in order for someone to retrieve some large files, and I was not surprised at all to see in the log that there were break-in attempts even during those brief periods.
Understandable. I hope you don’t think I’m trying to undermine your very good advice. I’m just trying to provide some perspective, because the idea that everyone absolutely MUST upgrade to Windows 10 and keep it current at all costs is simply not universally applicable to everyone. In the unfortunate situation that you cite, it sounds like your predecessor was a hacker’s dream come true, the key part of your quote in my view being the bolded part: “…didn’t believe in upgrading or patching, or security in general”. The thing that really set me off was the statement, not made by you, and not even in this thread, that no one in his right mind would allow a Windows 7 system to connect to the internet today. That is just nonsense and I wanted to try to explain why.
With certain important qualifications, a statement like that may have at its core a nugget of truth - for example if you were to install Windows 7 from an install disc that was made before the first service pack even came out, and you performed that installation on a machine connected to the Internet with an old, unpatched firewall, there’s a genuine risk that the machine may end up compromised before you have even fully completed the installation. But that’s a fairly unusual and specific scenario.
Windows 7 will become increasingly risky to continue using, as it falls behind with no updates, but part of that risk is offset by the diminishing pool of Windows 7 machines left running - the more it disappears from use, the less criminals will tend to target it specifically. The remaining and potentially growing risk is where Windows 7 shares technology components with Windows 10; Win10 will get a patch; Win7 won’t.
Of course, if it’s REALLY that important to you to control your updates, cough up $100 and upgrade from home to pro. Of course, you’ll be paying for a lot of business features you probably don’t need or want.
Frankly, I’ve occasionally found the Win 10 update policy annoying, but it hasn’t done anything horrible to me, beyond deciding to do its thing at inopportune times - I have a machine I leave on 24/7, which does a bunch of background stuff at night. In particular, it hasn’t installed crap that I’ve noticed. I’m up to date, and the only recent installations I didn’t do are an apparent update of edge and onedrive. I simply don’t use the latter, and it does nothing to announce its presence. I don’t generally use edge either, but sometimes I want to see if something looks different or doesn’t work in the MS browser.
One thing I feel obliged to add, which is really neither here nor there in the larger scheme of things but perhaps worth noting. All support for Windows XP ended in April, 2014, yet when some really bad vulnerabilities were discovered across the OS line, Microsoft issued special patches for XP despite it being well beyond end of support, not once, but twice. One was in 2017 in response to the WannaCry ransomware, and another was in 2019 in response to a Remote Desktop Services vulnerability. Hardly something you can depend on, but just saying, in the interest of fairness. The former required decisive action because it made major news headlines, and while I don’t know if the latter was ever widely exploited, it had the potential to be really bad.
I think that demonstrates at least a modicum of good intention behind the update process, whatever else might be said about it. I believe MS did this because at those points, the threat was sufficiently great that issuing the patch was a more pragmatic move than trying to continue to wean people off XP.
The downside with that though, is that, sure, those two big news items got patched, but countless other vulnerabilities remain unpatched in XP, but those after-support patches may have created a false sense of security for some people still hanging on to that version of Windows.
The fact that Microsoft believes it to be better for business to update your machine for free than sell you an update should give you some idea what kind of hellhole the internet would become without security patches.
You can create a “frozen” windows machine for your abandon-ware as a VM. Just don’t browse the dope from that machine. (Disable networking: use the disk sharing option of the VM-host) No internet— no windows updates.
Windows will run happily for decades without ever seeing an update.
Creating a VM and installing some obsolete apps takes approx. 30 mins on a modern machine.
Another fun Windows update from Microsoft. Now every time I turn my computer on, it opens to an ad telling me I should be using Edge instead of Chrome. I’m sure this is a necessary process to protect my laptop’s security.
To emphasize the advantages of switching to Edge, this update also erases my Chrome password manager every time I shut off my computer.
I use windows and Chrome and allow all the updates and turn my computer off and on and I have not seen these new ads or experienced this new password eraser aspect.
Did someone from Chrome programming have their pay cut and sold the secrets to Bill Gates?
I think I remember seeing a popup inviting me to try the new (Chromium-based) MS Edge. It went away after I dismissed it.
I tend to think that in general, the harder you try, and the more workarounds you implement to try to disable updates, the more troublesome those updates will tend to be if one or two of them manage to squeeze through
Can you explain what is actually happening? Because I very very much doubt that a Windows update is “erasing” your password manager. Do you mean you have to log into it again after closing the browser?
I have all updates and have not seen this. Sometimes I see a pitch for Edge if I actually open Edge but it doesn’t change any settings. What you are describing creates the potential for anti-competitive behavior lawsuits.
Whenever I use a password to enter a website (like the SDMB for example) a Chrome window opens and ask me if I want Chrome to store the password for use on this computer (it’s the only computer I use and I am the only user so I say yes). After that any time I enter the site, the password manager enters my password automatically without me having to sign back in.
This stopped working the last time I got a Windows update. Now any time I turn my computer off and then back on, I have to reenter all my passwords the first time I sign on to a site like the SDMB . Chrome will again ask me if I want to say the password but that only works until I shut off the computer again.
I think it’s a Chrome issue that was exacerbated after the Windows update. This article was one of several I found when I googled your issue. It lists a number of things you can try to fix this issue.
I’ve been using Chrome’s password manager for years across multiple releases and updates of Windows and have never had an issue as you are describing.
Either you’re consistently doing something wrong with your computer, or else you have phenomenally long-term bad luck.
As several other people have indicated, it is extremely rare to have the kinds of issues with Windows that you seem to continually have.
And quite frankly, you’re sort of coming across as the computer equivalent of the people who insist that medical vaccines are dangerous because they contain aluminum/mercury/whatever. You seem to be inhabiting your own version of reality that simply doesn’t jibe with what the overwhelming majority of people are experiencing.
).