Locked Re: Computer recommendations
Martin G0HDB <marting0hdb@...>
On Wed, Feb 19, 2020 at 12:14 AM, George J Molnar wrote:
Even if that exploit is targeted specifically at machines running Win 7 - my reading of the analysis documentation is that it doesn't explicitly verify that - it begs the question of how the WAV files with the hidden malware got onto the affected machines in the first place. If users are stupid enough to import and then open a WAV file without being sure that it's from a fully-trusted source then it's hardly surprising that an infection occurred, and furthermore it might have occurred no matter what OS was being run on the machines on the affected network. In my admittedly limited experience, most infections are caused by poor user procedures and discipline rather than being unavoidable because of the inherent flaws or vulnerabilities that are present in all OS's.
All very interesting, but if you compare CVE's vulnerability stats for 2019 for both Win 7 and Win 10 you'll see that there were 250 vulnerabilities identified for the former and 357 for the latter. Also, in the entire 11-year lifetime on Win 7 from 2009 onwards there has been (according to CVE) a total of 1,283 identified vulnerabilities whereas in the 5-year lifetime of Win 10 since 2015 there are already 1,111 identified vulnerabilities, ie. there are already almost as many vulnerabilities in Win 10 as in Win 7 despite the former being less than half the age of the latter.
Within those numbers of vulnerabilities identified in 2019 there were 100 code execution vulnerabilities for Win 7 and 124 for Win 10, so which OS is potentially the least secure???!! Fortunately there were no public exploits identified for either OS in 2019.
Whilst I agree that it would be prudent for all Win 7 users to plan for a migration path to Win 10 in the not too distant future, I can't help but feel that all the hollering about Win 7 causing the sky to fall imminently just because it fell out of Microsoft long-term support a few weeks ago is somewhat OTT. That's just my opinion of course... :-)