Two years after launch Windows 11 adoption is still waaaay behind Windows 10

[1_rick]

Microsoft is fully aware of all the people running Windows 11 on unsupported hardware and they turn a blind-eye on purpose.

You just gotta be aware that they did the same thing with Windows piracy until they didn't.

 

[Zarathustra[H]]

Me too. I'm in OT cybersecurity.

In that case, the only extra step you can take is filling the USB ports with cement, DoD style, but quite frankly, that's a little overkill for me.

I just don't think I am a big enough target to have to defend against something like Stuxnet.

Now if I were in DoD, or a secret defense program where state sponsored attackers are a problem on the other hand...

Of course, this is all theoretical, because I maintain everything up to date. No unpatched systems on my network.

 

[Aurelius]

A bit late to the party, but: really not surprised. Business and government customers are likely happy with Windows 10 and, even if they weren't on delayed upgrade cycles, are in no rush to either update software or replace hardware. Everyday users either don't have PCs that can officially run Windows 11 or are again in no rush to upgrade. And when PC sales are as sluggish as they have been, Microsoft can't count on home users adopting Windows 11 through new machines.

 

[DukenukemX]

That's interesting, but on any system where that sort of 3D acceleration is actually needed, I wouldn't be setting it up using the integrated Intel graphics. Especially since you can buy used Quadro and FirePro cards for like $15.

Laptops come to mind since you can't upgrade their GPU's. How many people are using Core2Duo's on a desktop in 2023? It's all laptops for me.

You don't need OpenGL to use Office, browse the web, and check your email, which is what most of these older systems get used for.

Depends on what you do. You do for certain CAD programs. I learned that Pronterface the 3D printing software is running OpenGL. Do you really want to run into those situations where you can't use OpenGL applications because Windows 10/11?

I do believe that at some point there will be a future version of Windows that will no longer work on some or most older hardware. But that would almost certainly occur via a yearly feature update (or maybe not until 12), not a security update or monthly cumulative update. Each yearly feature update is supported for 2 years with security updates. That means that even if 23H2 is the last version of 11 that works on old hardware, you'll still be getting security updates just as long as you would with 10 (until October 2025). So there is no longer any potential advantage to staying on 10 in terms of support.

Cumulative updates for sure, but how many of those machines you think won't auto update or maybe the user would update and not know they could be breaking their machine?

Microsoft is fully aware of all the people running Windows 11 on unsupported hardware and they turn a blind-eye on purpose. They certainly could lock things down further if they wanted to, but they didn't, and almost certainly won't, because they would gain nothing. It's them walking a tight line between trying to make Windows 11 a more secure platform by limiting it to secure hardware in most cases while also allowing more advanced users to do what they want to. They know that while the less advanced users certainly outnumber the more advanced users, the more advanced users also tend to be "influencers" for those less advanced users. The last thing Microsoft wants to do is piss them off. Same reason why Microsoft continues/continued to allow free upgrades from 7/8/8.1 for 7 years after the free upgrade offer officially ended.

The difference here is that Windows 11 forcing TPM2.0 and Secure boot is meant to help push developers to use the Windows Store so that when users look to buy software then it's the Microsoft Store. If the transition to the Microsoft Store is slow because developers can't depend on Microsoft's DRM to work properly on Core2Duo's then Microsoft could tighten the leash and release a cumulative update that breaks 11 for older machines.

I thought that I gave a pretty good list in my previous post, but that list is hardly comprehensive.

Those are barely QOL changes in my opinion. There are more annoying new things in Windows 11 than it tries to solve like the right click menu.

 

[pendragon1]

he keeps answering, you keep moving the posts....

 

[Lakados]

I'm curious because a lot of people likes to fearmonger about this, but do we have widespread examples where running W7 after EOL was the cause of security problems for a home user? This seems very much like the meltdown/spectre insanity where everyone was running around like headless chicken, while screaming doomsday and apocalypse now, but nobody could actually show a scenario where a home user could be compromised as a result of either vulnerability.

It's also very strange to me that while claiming that patches are critical you also claim that having a firewall in front of a system doesn't matter. Dude first has to get through the firewall to be able to exploit any vulnerability in the OS, and if dude gets through your firewall into your internal network you are already hosed anyway. And if the user willingly runs malicious software on their computer then having an EOL OS is not a prerequisite to be compromised. The only scenario where it would matter, is when the attacker already has a foot in, either by breaking through the firewall or by having the user run malicious software. Then he might be able to compromise other unpatched systems on the network.

If you pay attention to botnet propagation and DDoS attacks then Win 8 and below are the primary sources they are coming from. Does it do anything to the home user not really but they could, but it’s a bitch of a problem for the rest of us.

 

[Lakados]

I'm talking about actual air gaps.

Either the machine has no Ethernet cable plugged into it (and no wifi drivers installed or wifi disabled in bios) or the switch it is plugged into is physically disconnected from any network that has Internet access. No VLAN tomfoolery, or machines connected to both networks.

We are talking completely physically separated from any network that touches the internet.

I have active Win 95 machines, no Nic of any sort, it’s a box plugged into a serial cable plugged into a scale for weighing trucks. A few XP Embedded machines that run diagnostic software for boilers it uses an Ethernet connection to the boiler but it’s a crossover cable with a static IP completely different from the rest of the network so can’t route to it through the IP interface on the boiler.
I do have some windows 7 machines with active internet connected to solar arrays that upload real time statistics but the network only allows the ports and application ID’s specific to the software to leave that box so threat is minimal from operating it.

 

[MrGuvernment]

Business seldom go to the latest and greatest and will wait till the last minute to move off Windows 10, we know this, and those of us in IT, know this. Heck, I have clients who are still running Windows 10 21H2 because they dont want to push out 22H2 yet..."just incase"

I do agree, unless you use something specific in Windows 11, why change. And then of course hardware support, when companies evegreen into new gear, which I see more are moving away from the standard 3 year periods to 5 years, or even more, realising hardware is fast enough, and if a device dies, then you replace it...

 

[sadsteve]

Refurbs from Dell can be had that cheaply ($100 to 150) from time to time, that are nice enough. Check slickdeals.

But the whole point here is do they meet the Windows 11 hardware requirements? The don't so they're kind of irrelevant in regards to Windows 11 uptake.

 

[Lakados]

Business seldom go to the latest and greatest and will wait till the last minute to move off Windows 10, we know this, and those of us in IT, know this. Heck, I have clients who are still running Windows 10 21H2 because they dont want to push out 22H2 yet..."just incase"

I do agree, unless you use something specific in Windows 11, why change. And then of course hardware support, when companies evegreen into new gear, which I see more are moving away from the standard 3 year periods to 5 years, or even more, realising hardware is fast enough, and if a device dies, then you replace it...

Windows 11 for businesses is a straight upgrade over 10 IF you are using O365 and Intune. And definitely better if you are using encryption on the local machines and network shares. But if you are using a hybrid AD/Exchange environment with O365 then it’s a toss up, but 11 doesn’t take the performance hit 10 does when decrypting content, 10 has a noticeable lag when doing it.

 

[MrGuvernment]

Windows 11 for businesses is a straight upgrade over 10 IF you are using O365 and Intune. And definitely better if you are using encryption on the local machines and network shares. But if you are using a hybrid AD/Exchange environment with O365 then it’s a toss up, but 11 doesn’t take the performance hit 10 does when decrypting content, 10 has a noticeable lag when doing it.

Sure straight upgrade OS wise, but think about the end user, you change the UI, you change where some things are, somethings are gone..

It is more of a nightmare to support the upgrade for end users who will complain until the cows come home about the change and they cant work now, blah blah blah.

Also, proper companies, still need to do proper testing of their apps and such. 3rd party vendors are famous for forcing companies to stick on X version of windows, simply because they have not tested on a newer one, or even a specific service pack, even though the core OS is the same.

Sure, if all people use is windows and web browsers and m365 apps, go nuts...

Also consider GPO policies and changes in Win 11 vs 10 to review for anything depreciated, or new settings that need to be set.

 

[sk3tch]

But the whole point here is do they meet the Windows 11 hardware requirements? The don't so they're kind of irrelevant in regards to Windows 11 uptake.

Yes - the whole fact that Windows 11 adoption hasn't caught fire is almost by design. Even processors that are a few years old are not even eligible to run Windows 11. They're moving into the new era of software/hardware synchronization and as we have seen it is not all good for the user.

 

[Sir Beregond]

Someones used 8 year old computer? Doesnt seem like too many peoples upgrade path. i could find more use out of a couple raspberry pi's

I was on my 4790k machine until last year. Since I watercool (help), I tend to not fiddle with one component upgrades and just wait till I want to build a new computer. Well I was first thinking about it around 2018-2019 (as the 4790k/980 was from 2014-2015), but then was disgusted at the Turing prices, so I waited. 2020 came around and I thought a 3080 looked great and I would give AMD's Zen 3 a try. Well we all know how that all went lol. I eventually got a second hand 3080 Ti once prices came down. 3090 wasn't going to fit in my current case with a waterblock on it. So really at this stage just going to wait out a completely new build again maybe in 2025 because likely I'll need a new case too.

 

[M76]

If you pay attention to botnet propagation and DDoS attacks then Win 8 and below are the primary sources they are coming from. Does it do anything to the home user not really but they could, but it’s a bitch of a problem for the rest of us.

What do you mean pay attention? Cursory internet search did not turn up any statistic on the composition of botnets, so if you had a source for that, that would be good. All I could find is one site claiming that recently botnets are mostly made up of IoT devices.

 

[GotNoRice]

Laptops come to mind since you can't upgrade their GPU's.

Like I said, don't need OpenGL for Office, Email, and Web Browsing.

How many people are using Core2Duo's on a desktop in 2023?

None that I know of. Like I said, all of those systems that I refurbish have Core2Quad CPUs in them by the time I'm done with them. You do know that not all Core2 CPUs were Core2Duo CPUs, right?

Depends on what you do. You do for certain CAD programs. I learned that Pronterface the 3D printing software is running OpenGL. Do you really want to run into those situations where you can't use OpenGL applications because Windows 10/11?

3D printing software? lol. These aren't the people who I'm refurbishing 15 year old computers for, it's just people in offices who want to hold onto their old hardware because they don't need anything more to use Microsoft Word and Outlook. I do newer systems too obviously and I'm happy to set them up with one.

Cumulative updates for sure, but how many of those machines you think won't auto update or maybe the user would update and not know they could be breaking their machine?

Feature Updates don't install automatically on unsupported hardware and Cumulative Updates don't include those kinds of changes. Even if they did, we'd see it coming a mile away on the insider channels starting about a year ahead of time.

The difference here is that Windows 11 forcing TPM2.0 and Secure boot is meant to help push developers to use the Windows Store so that when users look to buy software then it's the Microsoft Store. If the transition to the Microsoft Store is slow because developers can't depend on Microsoft's DRM to work properly on Core2Duo's then Microsoft could tighten the leash and release a cumulative update that breaks 11 for older machines.

That's quite the paranoid delusion, not really worthy of a long response. As I mentioned, any update will go through 4 different insider channels over the course of a year or more before it ever hits a release build. It won't be Dr. Evil flipping a switch and catching people by surprise. Those Core2Duos must have made quite an impression on you as you seem to think that they represent all Core2-era CPUs. I guess you were too poor to afford a Core2Quad.

Those are barely QOL changes in my opinion. There are more annoying new things in Windows 11 than it tries to solve like the right click menu.

Anyone who actually uses Auto-HDR knows how awesome it is. It really does make games look better on an HDR monitor even if that game does not have native HDR support. Flexible Multipath SMB is really great for file transfers especially since even a Laptop will usually have both Ethernet and WiFi. Quick search, even with a dozen or more mapped network drives, can save a ton of time.

And what more are you expecting out of your OS besides QoL changes? Are you expecting it to give you a blowjob?

 

[staknhalo]

Yeah Auto-HDR and SMB3 Multichannel (allowing 2 Gb transfers between my NAS and PC) have been big QoL improvements here for me

Also the HDR calibration app (Win 11 only I think?)

 

[Lakados]

What do you mean pay attention? Cursory internet search did not turn up any statistic on the composition of botnets, so if you had a source for that, that would be good. All I could find is one site claiming that recently botnets are mostly made up of IoT devices.

Pay attention isn’t quite the right word, but the most common malware sets out there like Chaos, Zerobot, and Mirai variants will walk all over 8 and below which are still susceptible to drive by infections unless you are using a 3’rd party protection set that is actually updating itself still for those OS’s which most have dropped support for.
Yeah IoT is still a big one for it, but less so since most places have started doing better with how they handle passwords and such and the old really bad devices get aged out.
Biggest source I need to watch out for is Android devices honestly, old phones are a nightmare to defend against as they will scan the network over wifi and use cellular for relaying back and they technically fall under the IoT category.

 

[chameleoneel]

Cumulative updates for sure, but how many of those machines you think won't auto update or maybe the user would update and not know they could be breaking their machine?

You can easily block updates via modern management tools.

 

[Armenius]

If you thought 8 was fine or good.. please turn in your [H] card upon exiting the forum.

8 was garbage, but 8.1 was amazing.

 

[DukenukemX]

Like I said, don't need OpenGL for Office, Email, and Web Browsing.

For that narrow set of applications, sure. For most other people, it could become a problem at some point. You said it's easy to install Windows 11 on unsupported hardware, but that's not most people is it?

3D printing software? lol. These aren't the people who I'm refurbishing 15 year old computers for, it's just people in offices who want to hold onto their old hardware because they don't need anything more to use Microsoft Word and Outlook. I do newer systems too obviously and I'm happy to set them up with one.

Again, this is about the lack of adoption of Windows 11. For you it's fine, but for most people it could be a problem. You want to play Minecraft or Roblox which could run on an old Intel GPU, then too bad. Pronterface could run on a potato but it won't work on Windows10/11 with no OpenGL. Ultimaker Cura which is a 3D printing slicer also needs OpenGL.

Feature Updates don't install automatically on unsupported hardware and Cumulative Updates don't include those kinds of changes. Even if they did, we'd see it coming a mile away on the insider channels starting about a year ahead of time.

You don't know with Microsoft who has a history of pushing for updates without you knowing. Also unless you make it a policy that prevents users from running Windows update, they might just do it on their own because they think it might make the PC faster or fixes the crashing they experience.

Anyone who actually uses Auto-HDR knows how awesome it is. It really does make games look better on an HDR monitor even if that game does not have native HDR support. Flexible Multipath SMB is really great for file transfers especially since even a Laptop will usually have both Ethernet and WiFi. Quick search, even with a dozen or more mapped network drives, can save a ton of time.

How many users you think could actually benefit from those features? For new hardware users this might make sense, but if you're using older hardware then why? Even TPM2.0 and Secure boot don't seem to have any benefit to users, but Microsoft still pushes for it. Even you agree, because you seem to be putting Windows 11 on systems that clearly can't use TPM2.0.

And what more are you expecting out of your OS besides QoL changes? Are you expecting it to give you a blowjob?

I can think of a few things off the top of my head.

• Why not give users the ability to get the Windows 11 UI looking like Windows 10, 7, or even XP? Why is it every new Windows tries to reinvent the UI?
• While we're at it, can we finally fully customize our desktop environment?
• Give power users actual power, and not hide it away like with every iteration of Windows?
• Update all of your software with a single action? I still use Chocolatey to quickly install and update software on Windows machines.
• Safely operate without antivirus? Android, GNU/Linux, iOS, Mac OSX all don't need anti-virus.
• Work effectively on older hardware? Working around TPM 2.0 and having no OpenGL for older Intel GPU's is not a compromise.
• Stop uploading users telemetry data as the default?

 

[GotNoRice]

For that narrow set of applications, sure. For most other people, it could become a problem at some point.

Anyone who has been using the same computer for 10+ years is probably already pretty acquainted with what they are using it for.

You said it's easy to install Windows 11 on unsupported hardware, but that's not most people is it?

Anyone who can change a tire on their car could Install 11 on unsupported hardware if they actually tried. Granted, some people are too stupid to change a tire.

Again, this is about the lack of adoption of Windows 11. For you it's fine, but for most people it could be a problem. You want to play Minecraft or Roblox which could run on an old Intel GPU, then too bad. Pronterface could run on a potato but it won't work on Windows10/11 with no OpenGL. Ultimaker Cura which is a 3D printing slicer also needs OpenGL.

You already said that this OpenGL issue affects both Windows 10 and 11 so it sounds like your gripe is more with Intel for not providing a good driver than with Microsoft. How is it even related to Windows 11 adoption at all?

You don't know with Microsoft who has a history of pushing for updates without you knowing. Also unless you make it a policy that prevents users from running Windows update, they might just do it on their own because they think it might make the PC faster or fixes the crashing they experience.

Again, any "update" that Microsoft would "push" would be showing up on the insider channels up to a year before it ever showed up on a release build. I know that you are desperate to believe that Microsoft is going to hit some imaginary kill switch and surprise everyone, but that's just not how it works.

To install a feature update on unsupported hardware you have to do an in-place upgrade that includes another requirements bypass. While it's certainly possible for a user to do that, it's still more involved than just clicking on something in Windows Update. No need to set anything in Group Policy. They will continue to get security updates and cumulative updates on the old version for the remainder of the 2-year support period.

How many users you think could actually benefit from those features? For new hardware users this might make sense, but if you're using older hardware then why?

"Old hardware" covers a very wide range of devices. HDR isn't exactly rare or limited to expensive monitors these days. My backup system with an overclocked 5820k, paired with my old RTX 2080 is still fully capable of playing games. Even my HTPC with a Sandy-Bridge Xeon and a GTX 1060 can play most games and Auto-HDR works great with my HDTV. And there is nothing about wanting faster network transfers and faster searches that is limited to new hardware.

Even TPM2.0 and Secure boot don't seem to have any benefit to users, but Microsoft still pushes for it.

It's a nice option to have for things like Bitlocker. I never said that I agree with the requirments, but I do understand why they did it.

 

[Lakados]

All operating systems are fine for what they do.
I can’t say any of them are harder or easier to use, it’s just dependent on use case.
Anything can be a hammer but that doesn’t mean it does the job better than a hammer, so find the right hammer for the job.

The My OS is better than your OS because fap fap fap arguments are tiring and it’s souring my beer, which isn’t a sour so I would prefer it go unsoured thank you very much.

Now please go back to one of the Nvidia or AMD announcement threads so you can spend your valuable bandwidth shitting all over teams Red or Green for their obvious greed, incompetence, pandering, fashion choices, etc.

 

[Zarathustra[H]]

For that narrow set of applications, sure. For most other people, it could become a problem at some point.

To be fair, I think web/email/Ms Office is all the overwhelming majority of PC owners ever use their computers for.

We sometimes forget how small of a minority we enthusiasts really are in the grand scheme of things.

 

[Lakados]

To be fair, I think web/email/Ms Office is all the overwhelming majority of PC owners ever use their computers for.

We sometimes forget how small of a minority we enthusiasts really are in the grand scheme of things.

I know more people who own PC’s for the exclusive fact they need something to run TurboTax on than I am comfortable with…

 

[ManofGod]

Windows 10 still utterly dominates the desktop PC operating system market, despite Windows 11 having been around for 2 years now...and there's not much sign of this changing any time soon

the latest figures suggest people, as individuals and as a business, really aren't into Windows 11 at all...with the numbers now updated for September 2023, we can see the global uptake of Microsoft's latest operating system has been stagnant since April 2023, and there doesn't seem to be any indication that this will change

Not only that, but the market share paints a dismal picture: 71% for Win10, just 24% for Win11, and 3% for Win7 (with the rest being XP, 8.1, and so on)...the figure for Windows 10 has barely changed in twelve months and it's only the decline of Windows 7 that has benefited the newest version...

https://www.pcgamer.com/two-years-a...1-adoption-is-still-waaaay-behind-windows-10/

And? Other than being a good piece of information and cool to know, how does this really even matter? The majority of Windows installations are going to be corporate, nowadays and therefore, it is going to be Windows 10. There are far fewer residential desktops than in the past and, therefore, this is not a surprise, at all.

 

[ManofGod]

Yeah Auto-HDR and SMB3 Multichannel (allowing 2 Gb transfers between my NAS and PC) have been big QoL improvements here for me

Also the HDR calibration app (Win 11 only I think?)

I had forgotten about this, although I use Auto HDR and, you are correct.

 

[ManofGod]

I know more people who own PC’s for the exclusive fact they need something to run TurboTax on than I am comfortable with…

Why, would you rather they run Turbotax on their 6 inch screen Android or iPhones?

 

[ManofGod]

8 was garbage, but 8.1 was amazing.

I loved them both for personal use but, for corporate, it was a no go.

 

[Lakados]

Why, would you rather they run Turbotax on their 6 inch screen Android or iPhones?

Nah you need the PC version if you want the actual forms, the web version gives you access to the entry screens but not the base forms themselves.
It’s more a lament over how old I’ve gotten than anything else.

 

[cAllen]

Two years? It's the hardware restriction. Unlike enthusiasts, Corp will not replace all their units "just because" the new OS requires it.

 

[DukenukemX]

Anyone who has been using the same computer for 10+ years is probably already pretty acquainted with what they are using it for.

Acquainted enough that they won't switch to the newest version of Windows. I know I hate it when UI changes move stuff around, which forces me to hunt for things that used to be more accessible.

Anyone who can change a tire on their car could Install 11 on unsupported hardware if they actually tried. Granted, some people are too stupid to change a tire.

You over estimate how many people can change a tire.

You already said that this OpenGL issue affects both Windows 10 and 11 so it sounds like your gripe is more with Intel for not providing a good driver than with Microsoft. How is it even related to Windows 11 adoption at all?

If you were the end user, do you care who's fault it is? You probably just want it working. The issue is explained right here, and maybe offers a solution. None of the solutions they offered seem to be good. I myself had issues with my old sound card as well since I still use my Xonar Sound card. UniXonar used to work for a while, but enough Windows 10 updates ended up breaking the drivers and causing stability issues. Funny enough, not an issue with Linux Mint.

"In order to fix any problem we must understand its root cause. In the early days of Windows 10 development Microsoft decided to change the Windows major version from 6 to 10. However Microsoft thought it is enough to provide software developers APIs to advertise Windows 10 compatibility. Programs that advertise compatibility get current OS version when they ask for it, others get the old 6.3 format. When implementing this Microsoft forgot about dynamic link libraries or maybe was unable to do anything about them. There is no similar mechanism(s) for DLLs as far as I know, they always inherit Windows version received by the programs that loads them. As a result of this, things go south when a program advertising Windows 10 compatibility loads a DLL that is not ready for current Windows 10 major version. Anything can happen but most likely the DLL just unloads right away. Intel OpenGL driver for iGPU generations listed above is the perfect example and as a result it unloads immediately."

 

[Mazzspeed]

thought upnp was for outgoing connections

You don't forward ports for outgoing connections.

The scenario you are describing still includes the user downloading malicious code on their own volition, which can happen on any system not just an EOL windows.

My example was one of tens of thousands of exploits being released each week under Windows, making use of vulnerabilities under Windows as an OS, vulnerabilities that are patched all the time. Should you choose to run a modded "Windows 10 Lite", or a modded "Windows 11 lite" or Windows 8 or Windows 7 - You undoubtedly open yourself up to increased risk of such exploits as certain patches are stripped away for increased performance, or certain operating systems didn't receive the patch in the first place.

 

[MrGuvernment]

I'm curious because a lot of people likes to fearmonger about this, but do we have widespread examples where running W7 after EOL was the cause of security problems for a home user? This seems very much like the meltdown/spectre insanity where everyone was running around like headless chicken, while screaming doomsday and apocalypse now, but nobody could actually show a scenario where a home user could be compromised as a result of either vulnerability.

It's also very strange to me that while claiming that patches are critical you also claim that having a firewall in front of a system doesn't matter. Dude first has to get through the firewall to be able to exploit any vulnerability in the OS, and if dude gets through your firewall into your internal network you are already hosed anyway. And if the user willingly runs malicious software on their computer then having an EOL OS is not a prerequisite to be compromised. The only scenario where it would matter, is when the attacker already has a foot in, either by breaking through the firewall or by having the user run malicious software. Then he might be able to compromise other unpatched systems on the network.

Website, Email...firewalls dont stop users from clicking on crap and opening things they should not. The OS has old SSL / TLS versions and Cipher suites that are easily exploited and many other holes. As browsers stop supporting old OS"s, the very browsers people use are not longer patches with all the holes they have, thus making just simple web browsing even less secure.

 

[GotNoRice]

Acquainted enough that they won't switch to the newest version of Windows. I know I hate it when UI changes move stuff around, which forces me to hunt for things that used to be more accessible.

In many cases these people are upgrading from 7 so their UI is changing no matter what. In that scenario, given the choice between 10 or 11 (with risks explained), most choose 11. Even among those who are already on 10 many are enthusiastic about upgrading to an OS that is the same OS you see on most new computers. If I move the start menu over to the left instead of the center, most don't even see much of a difference.

If you were the end user, do you care who's fault it is?

It's almost like you totally forgot about what we were talking about? If the best example of a potential issue with Windows 11 driver support is an issue that effects both 10 and 11, then I think that says a lot about Windows 11 driver support. Windows 10 came out in 2015 when a lot of "old" computers weren't nearly as "old".

As far as what end users care about, the idea that there is a significant percentage of users out there that care about OpenGL support on old Integrated Intel graphics is just some convoluted nonsense that you pulled out of your ass. Again, if anything, that just shows how good Windows 11 driver support is.

I'm not sure what the deal is with your old Asus sound card but once again you're bringing up an issue that apparently affects 10 just as much as 11 so I'm really not sure how that serves as an example of bad Windows 11 driver support. Also, somehow the X-Fi Titanium Fatal1ty Professional from 2008 that I still use in my main computer still works fine, the X-Fi XtremeMusic from 2005 in my HTPC still works fine, and the X-Fi Titanium HD from 2010 in the dedicated computer that I use for my 2-channel stereo also still works fine. All three of those computers are running Windows 11. I've also never had an issue with integrated audio working on older PCs, so it really sounds like an issue with that specific card or ASUS dropping the ball rather than a Windows issue.

 

[MrGuvernment]

• Safely operate without antivirus? Android, GNU/Linux, iOS, Mac OSX all don't need anti-virus.

They do actually and should... Apple got nailed couple years back when they themselves claimed users should have at least 2 AV products installed, they tried to sell it as "only to stop transferring of viruses for windows systems" crap, then they removed the entry from their knowledgebase.

You are aware of what is going around these days on Android, iOS, Linux and macOS? They are all susceptible. How many rush patches has Apple been pushing out in iOS 16 and now 3 patches for iOS 17 already since it launched?

Mind you, most AV like defender is easily defeated with the right methods, but still, no OS is safe alone with out some form of protections these days. The difference these days is, people get infected, but do not even know it...because that is the goal for most end users. Even corporate targets, malicious actors are moving away from encrypting what they access and simply moving to data exfiltration, and extortion. The average exploited company, has someone in their infra for around 2 years were the last numbers, before they are found in some way..

 

[Lakados]

They do actually and should... Apple got nailed couple years back when they themselves claimed users should have at least 2 AV products installed, they tried to sell it as "only to stop transferring of viruses for windows systems" crap, then they removed the entry from their knowledgebase.

You are aware of what is going around these days on Android, iOS, Linux and macOS? They are all susceptible. How many rush patches has Apple been pushing out in iOS 16 and now 3 patches for iOS 17 already since it launched?

Mind you, most AV like defender is easily defeated with the right methods, but still, no OS is safe alone with out some form of protections these days. The difference these days is, people get infected, but do not even know it...because that is the goal for most end users. Even corporate targets, malicious actors are moving away from encrypting what they access and simply moving to data exfiltration, and extortion. The average exploited company, has someone in their infra for around 2 years were the last numbers, before they are found in some way..

At this stage the best practice for network security is to keep it the hell off your network. Run a zero trust network from the get go, assume everything is compromised and do your darnedest to keep your sensitive data from getting out and your backups hidden.

iOS is the big target all the baddies have their eyes on because that’s what is in most corporate environments, and that’s where the money goes. 30% of the smartphone market but 70% of the revenue, credit cards galore. And they are in the board rooms, they are connected to the CEO’s and CFO’s email, they have the saved passwords they are the gilded piggybanks the hackers want. So a crapload of resources are poured in to finding those holes in iOS, I would be far more worried about a lack of frequent patches for iOS, than weekly ones.

But 2 years is an exaggeration, it’s closer to 5 weeks, you would need one hell of a bad patching policy and a complete lack of reviews for something to be floating around longer than that unless they are exploiting something completely unknown. Much longer than that requires somebody actively working on the inside which does happen in major corporate espionage stuff but that’s bond movie level hijinks.

 

[MrGuvernment]

At this stage the best practice for network security is to keep it the hell off your network. Run a zero trust network from the get go, assume everything is compromised and do your darnedest to keep your sensitive data from getting out and your backups hidden.

iOS is the big target all the baddies have their eyes on because that’s what is in most corporate environments, and that’s where the money goes. 30% of the smartphone market but 70% of the revenue, credit cards galore. And they are in the board rooms, they are connected to the CEO’s and CFO’s email, they have the saved passwords they are the gilded piggybanks the hackers want. So a crapload of resources are poured in to finding those holes in iOS, I would be far more worried about a lack of frequent patches for iOS, than weekly ones.

But 2 years is an exaggeration, it’s closer to 5 weeks, you would need one hell of a bad patching policy and a complete lack of reviews for something to be floating around longer than that unless they are exploiting something completely unknown. Much longer than that requires somebody actively working on the inside which does happen in major corporate espionage stuff but that’s bond movie level hijinks.

Agree, assume all is comprimised. Checking, the numbers had dropped, on average, but still upwards of 200 days years back.
https://www.infosecurity-magazine.com/news/hackers-spend-over-200-days-inside

But, also noted as being on the rise, but far lower numbers and depends on industry, and these are only ones known and found.
https://news.sophos.com/en-us/2022/06/07/active-adversary-playbook-2022/

Perhaps their 200 days quotes were from systems they found things on, but the Malicious actor forgot all about them

I am sure you know, there are plenty of bad patching policies out there in companies massive and tiny, that do not even patch because their boomer IT person thinks patching is bad and the Windows XP box they use for Day to day work is still fine cause Windows [insert version] sucks! I mean, we see it when a 0-day is released, and weeks and months or a year later, news comes along about a company being comprimised, via an exploit, that was patched a year ago (think Cisco, Fortinet perimeter devices)

 

[Lakados]

Agree, assume all is comprimised. Checking, the numbers had dropped, on average, but still upwards of 200 days years back.
https://www.infosecurity-magazine.com/news/hackers-spend-over-200-days-inside

But, also noted as being on the rise, but far lower numbers and depends on industry, and these are only ones known and found.
https://news.sophos.com/en-us/2022/06/07/active-adversary-playbook-2022/

Perhaps their 200 days quotes were from systems they found things on, but the Malicious actor forgot all about them

I am sure you know, there are plenty of bad patching policies out there in companies massive and tiny, that do not even patch because their boomer IT person thinks patching is bad and the Windows XP box they use for Day to day work is still fine cause Windows [insert version] sucks! I mean, we see it when a 0-day is released, and weeks and months or a year later, news comes along about a company being comprimised, via an exploit, that was patched a year ago (think Cisco, Fortinet perimeter devices)

If you get infected day 2 but day 5 a patch comes along that renders it ineffective and it sits impotent on a machine for another 195 days before being discovered was the system compromised for 200 days or for 3?

Those external devices are tricky, I finally upgraded my PA220 edge devices to the recommended version of 10 after a full year because Jesus fudge the upgrade process was not kind. Took hours of prep work and hours more of upgrades and reboots that shut the site down for a full day to do, and was nail biting the whole time. And those are for the tiny site, bigger ones can be worse, I can fully appreciate the pain I’m not upgrading the edge nodes major revisions if you don’t have hot swappable or fail overs in place.

Went with Palo Alto because they have a good history of keeping their minor revisions updated frequently for security but others you need the big jumps and often it’s easier to replace than upgrade those then it’s a game of crossing your fingers and hoping you don’t get hit before your new budget kicks in.
Getting approval for day or days long down times is tricky. It is a sad reality brought about by a lack of explaining to accounting why you need 2 of those $$$$ switches and not one.

 

[Zarathustra[H]]

8 was garbage, but 8.1 was amazing.

I felt like 8 was garbage, and 8.1 reversed most of that garbage, but it was still worse than 7

 

[M76]

You don't forward ports for outgoing connections.

You have to allow the port for outgoing connections. Up till recently I've been running a firewall with no upnp where I manually had to open each port regardless of it being outgoing or incoming.

My example was one of tens of thousands of exploits being released each week under Windows, making use of vulnerabilities under Windows as an OS, vulnerabilities that are patched all the time. Should you choose to run a modded "Windows 10 Lite", or a modded "Windows 11 lite" or Windows 8 or Windows 7 - You undoubtedly open yourself up to increased risk of such exploits as certain patches are stripped away for increased performance, or certain operating systems didn't receive the patch in the first place.

But all those exploits and vulnerabilities are predicated on the offending code running on the local computer. The only difference between an up to date system and one that has not been updated is the number of exploits that might work on it. Since there are thousands of day 0 exploits that aren't patched even on the most up to date systems, the risk is still there. And the most important thing is for the user to be able to identify malicious code before running it. If that is given the risk of running an older system is only minimally higher than running the latest version of Windows 11.