Comment

Comment on Microsoft doing shady Microsoft stuff again

I’ve heard that the last time I said I till use 7, six months ago. Still waiting for that malware. You understand the only way to get this malware is to actively download it and install it, yes?

source

Sort:hotnew top

Jakeroxs@sh.itjust.works ⁨1⁩ ⁨day⁩ ago
Thats not remotely true, there’s many ways to inject things through ads or hacked websites onto your computer without you intentionally installing or downloading anything. Much much more rare and on updated systems generally will be better protected from those things, however using an outdated OS intentionally is asking for trouble.

source
- HugeNerd@lemmy.ca ⁨1⁩ ⁨day⁩ ago
  Using an adblocker solves that. Not sure how that is specific to Win 7. Hacked websites? Name an example, source it. Difficulty: not from a movie with a skull and crossbones laughing on my screen. None of these hacker fantasies happen in real life. You do have a big hosts file and manage your router, yes? Give me a link to a “hacked website” (F! U! D! Oh my!) right now that I can click on and will install malware on my Windows 7 PC.
  
  Simply untrue. Hollywood fantasies.
  
  source
  - incompetent@programming.dev ⁨1⁩ ⁨day⁩ ago
    It’s called a Drive-by Compromise:
    
    Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. Multiple ways of delivering exploit code to a browser exist (i.e., Drive-by Target), including:
    
    A legitimate website is compromised, allowing adversaries to inject malicious code
    
    Script files served to a legitimate website from a publicly writeable cloud storage bucket are modified by an adversary
    
    Malicious ads are paid for and served through legitimate ad providers (i.e., Malvertising)
    
    Built-in web application interfaces that allow user-controllable content are leveraged for the insertion of malicious scripts or iFrames (e.g., cross-site scripting)
    
    Browser push notifications may also be abused by adversaries and leveraged for malicious code injection via User Execution. By clicking “allow” on browser push notifications, users may be granting a website permission to run JavaScript code on their browser.
    
    It’s not Hollywood fantasy, as you claim. It is a well documented attack vector.
    
    source
    HugeNerd@lemmy.ca ⁨1⁩ ⁨day⁩ ago
    
    normal course of browsing
    
    This is a browser security and PEBKAC error, nothing to do with Windows 7. You’ve simply proven my point that all these attacks are installed and run by the user. If they’re tricked by the site, that’s not on Windows 7.
    
    Your AI generated summary, again, lacks evidence. I asked for a site, or a source where what you claim credibly happened, not just repeating the same myths in a circular series of arguments.
    
    " via User Execution. By clicking “allow” on browser push notifications"
    
    Which is what I said: “the only way to get this malware is to actively download it and install it, yes?”
    
    So you agreed with me on all points, why write so much, though? A simple “yes” would suffice next time. Or “HugeNerd, as usual, is correct and his Windows 7 machine has been running 24/7 for months uncompromised through the miracle of using a hosts file, managing his router, and using his tiny old brain.”
    
    source
    -> View More Comments