
Chrome and Windows Exploit: Security Beyond Bug Fixes - tptacek
https://alexgaynor.net/2019/mar/07/chrome-windows-exploit-security-beyond-bugfixes/
======
ocdtrekkie
This is a great example of why it's irritating when people suggest
antifeatures like telemetry or cumulative updates justify using old obsolete
operating systems. (Aside from the fact both of those antifeatures have been
backported to Windows 7, at this point.) The underlying platform of each
successive Windows version is significantly more secure than the last.

Using a ten year old operating system just isn't justifiable in today's threat
environment. Use Windows 10 or switch to Mac or Linux.

~~~
worble
And if Microsoft didn't treat its customers like sacks of exploitable data and
idiots who need Candy Crush forced on them, then maybe people would've been
more inclined to upgrade. The fault is with them, not the users; by actively
alienating customers Microsoft has inherently made the world a less secure
place.

And no, for those with massive Steam libraries and other Windows only software
"just switch to Linux/Mac" isn't a viable or acceptable alternative.

~~~
staticassertion
Can you uninstall Candy Crush? It doesn't seem that egregious if so.

It is / was an extremely popular game, they probably figured:

* We can make some money

* Users love this garbage anyways

I haven't been a Windows user for years, but Windows 10 looks fairly
impressive - especially from a security standpoint.

~~~
iliketosleep
I found that Candy Crush and other junk kept coming back after updates,
wasting a lot of time and data. This combined with the crazy amount of
telemetry sent to MS makes it less impressive from a security standpoint. It's
a pity because Windows 10 does have great potential.

~~~
Santosh83
Must be peculiar to some users. I have used Windows 10 Home since 2015 on my
laptop and yes, Candy Crush was installed the very first time I installed 10
(as a free in-place upgrade over 8.1), and I uninstalled it from the Store app
and _never_ saw it again in my menu. This despite upgrading through several
versions of Windows 10 from 2015 to now (1809 at present.)

As for updates force rebooting, they only do so during designated non-active
hours, which I set from 2AM to 5AM and leave my laptop on. By the next
morning, its updated and ready to use.

One thing I _don 't_ like about 10 is how updates tend to uninstall my
hardware manufacturer's drivers and replace them with vanilla Windows ones and
I have to go through the tedious process of re-installing them. Happens most
often with webcam and sound drivers.

Oh, and I don't use any hack software like ShutUp10 etc. This is just stock
Windows.

~~~
Silhouette
_As for updates force rebooting, they only do so during designated non-active
hours, which I set from 2AM to 5AM and leave my laptop on._

This presumes that _any_ hours can reasonably be designated non-active. For
some professionals, and for that matter some home users if they work shifts or
the like, that simply won't be the case.

------
svnpenn
I prefer Firefox, but it should be noted that author is software engineer at
Mozilla

~~~
saagarjha
To be fair, I did not see anything recommending that the reader switch to
Firefox; the article was mostly about "newer versions of Windows don't have
the bugs shown".

~~~
ChrisSD
Or more to the point he's making, newer versions of Windows contain
mitigations that would limit the effect of exploiting similar bugs.

But that's a bit of a mouthful.

