Is Windows 11 really bad?

[Kardonxt]

No. If my Win 7 installs ever get compromised, I'll come here and personally apologize. Till then, from my cold, dead hands...

The problem with that logic is most users aren't even capable of knowing if they have been compromised. Your computer not shoving popups down your throat or running poorly doesn't mean it's uncompromised these days.

Attacks have become much more sophisticated over the years and threat actors more clever. They know your PC will drop from their botnet if a user notices unusual behavior. I've even heard of some attacks that will patch's PCs behind them to keep out competing "hackers".

Unless you're monitoring all traffic in and out of your PC \ network you really can't be sure. (And maybe you are, I see plenty of users here capable of doing it. I'm just say the majority of users can't \ don't.)

 

[Meeho]

What is funny is so many people said the same thing with Windows XP, Win 7 sucks, it is crap, I will never switch! You never hear of anyone running XP anymore.....

That was short lived. XP really is a massive security hole and Win 7 is objectively better in practically every way, and is orders of magnitude harder to compromise.

But, glad if you do, hopefully you stay safe and never get compromised in some way (I would not wish that on anyone!)
Can I ask, what is it you do on Win 7 you couldnt do on Linux? (gaming or just apps you own use?) If not gaming, you could run linux, and then just toss Win 7 into a VM and run it for what you need when you need it vs being your daily driver.

CAD and photogrametry daily, some proprietary government software occasionally, all Windows only. I can't physically stand Windows 10/11, both UI wise, and privacy and OS-control principle wise. The only non Windows 7 option would be a VM on Linux, but it would be a huuuge pain in the ass to do that for all the office desktops and laptops. Seeing as Win 7 is serving me great, I really can't justify that time sink. A day will come when I will be forced to, but not for several years at least.

 

[Meeho]

The problem with that logic is most users aren't even capable of knowing if they have been compromised. Your computer not shoving popups down your throat or running poorly doesn't mean it's uncompromised these days.

Attacks have become much more sophisticated over the years and threat actors more clever. They know your PC will drop from their botnet if a user notices unusual behavior. I've even heard of some attacks that will patch's PCs behind them to keep out competing "hackers".

Unless you're monitoring all traffic in and out of your PC \ network you really can't be sure. (And maybe you are, I see plenty of users here capable of doing it. I'm just say the majority of users can't \ don't.)

I'm my own sys and network admin. Not saying nothing could get past me, but chances are I would notice. And everything you said applies to newer Windows versions also. There aren't any significant attack vectors knows for Win 7 vs 10/11 that are easily exploitable. Also, the biggest security threat lies in the browsers, so those are realistically more important to keep up to date.

 

[somebrains]

Do not stick with an old and insecure OS that is no longer patched...we get it, "less space an OS uses, the better! more important to have more free space than a secure, patched OS" as per your other thread.



MS makes their money from enterprise and Azure, the catch is they get everyone using their desktop OS, their development tools and such, to get people sucked into the eco system, and thus, they continue to use their products cause they are used to them.


A good firewall does not stop a legit websites ad's from being compromised from the ad serve provider allowing a compromise through an unpatched exploit in Windows, because the OS is EoL and no longer patched. Or a user clicking links they should not have cause they got sloppy and were not paying attention. (There is no such thing as "i browse safe sites only!" any more.

If people are so against Windows 10/11, go to Linux, but please for gods sakes STOP using insecure exploited to heck and back OS's, you are literally part of the problem and why bot nets keep getting bigger and bigger.

I’d interject manufacturer abandoned IoT devices are a massive bandwidth ingress for botnets.

Unpatched Linux kernels are just as problematic as unsupported Win.

People treat computers in the same casual manner.

Maybe they should get iPads instead, if their casual needs are so easy served.

 

[philb2]

I’d interject manufacturer abandoned IoT devices are a massive bandwidth ingress for botnets.

Unpatched Linux kernels are just as problematic as unsupported Win.

People treat computers in the same casual manner.

Maybe they should get iPads instead, if their casual needs are so easy served.

somebrains

You are one smart dude.

 

[deaedius]

I have no issues with Ad's or anything of the sort. There are minor differences that took a bit getting used to. I find it to be stable and fast, I do not use an online account to log into the system and found it to be quite pleasant from a stability and performance perspective.

 

[somebrains]

somebrains..

You are one smart dude.

I worked for an ISP once.
I’ll never do that again.

The sludge I found when doing drill downs with the Staff Network Admin broke both of us during the heavy DDoS 2015-2018 era.

People just don’t give an F, or they care about their use cases more than it’s implications contributing to real events.

I prefer working with Dev now, bc I can jail them in CICD and never let complete garbage into Prod.

I’ve never worked desktop, and I left basic sys admin a long time ago.

 

[philb2]

I prefer working with Dev now, bc I can jail them in CICD and never let complete garbage into Prod.

somebrains

Are you part of an Agile team, doing Scrum or something similar? Kanban, maybe?

 

[ZodaEX]

Do not stick with an old and insecure OS that is no longer patched...we get it, "less space an OS uses, the better! more important to have more free space than a secure, patched OS" as per your other thread.



MS makes their money from enterprise and Azure, the catch is they get everyone using their desktop OS, their development tools and such, to get people sucked into the eco system, and thus, they continue to use their products cause they are used to them.


A good firewall does not stop a legit websites ad's from being compromised from the ad serve provider allowing a compromise through an unpatched exploit in Windows, because the OS is EoL and no longer patched. Or a user clicking links they should not have cause they got sloppy and were not paying attention. (There is no such thing as "i browse safe sites only!" any more.

If people are so against Windows 10/11, go to Linux, but please for gods sakes STOP using insecure exploited to heck and back OS's, you are literally part of the problem and why bot nets keep getting bigger and bigger.

It took you long enough to get the point. Good grief..

 

[GoldenTiger]

It took you long enough to get the point. Good grief..

Oh yeah that was suuuuuuch a wall of text /s .

 

[ZodaEX]

Oh yeah that was suuuuuuch a wall of text /s .

I can lead a horse to water, but I can't force it to drink. You do you.

 

[gvx64]

The problem with that logic is most users aren't even capable of knowing if they have been compromised. Your computer not shoving popups down your throat or running poorly doesn't mean it's uncompromised these days.

Attacks have become much more sophisticated over the years and threat actors more clever. They know your PC will drop from their botnet if a user notices unusual behavior. I've even heard of some attacks that will patch's PCs behind them to keep out competing "hackers".

Unless you're monitoring all traffic in and out of your PC \ network you really can't be sure. (And maybe you are, I see plenty of users here capable of doing it. I'm just say the majority of users can't \ don't.)

Asking from the perspective of an average user, what's the best way to monitor traffic in and out of your PC? If you see unauthorized traffic, how can you stop it? Do you have to basically reformat to fix the more sophisticated attacks once your infected?

I still use 7 on my 2010 computer mainly because when I tried upgrading to 10 back in 2016 the audio drivers stopped working and I couldn't figure out how to fix it. I don't think my 2010 PC is cut out for Win 11 and so I won't even try. I tried installing Linux Mint a while back but it had ethernet driver issues where my internet connection would only work sporadically. I guess, I could try Linux again (maybe buy a ethernet-USB adapter) but is it really that much more secure than Windows 7? I don't remember my Linux install getting many (if any) system updates for the six months I was using it either.

 

[GoldenTiger]

I can lead a horse to water, but I can't force it to drink. You do you.

Yeah, I feel like that with Win7 users .

 

[somebrains]

somebrains

Are you part of an Agile team, doing Scrum or something similar? Kanban, maybe?

I work really closely with frameworks that never make sense when reality hits.

 

[somebrains]

Asking from the perspective of an average user, what's the best way to monitor traffic in and out of your PC? If you see unauthorized traffic, how can you stop it? Do you have to basically reformat to fix the more sophisticated attacks once your infected?

I still use 7 on my 2010 computer mainly because when I tried upgrading to 10 back in 2016 the audio drivers stopped working and I couldn't figure out how to fix it. I don't think my 2010 PC is cut out for Win 11 and so I won't even try. I tried installing Linux Mint a while back but it had ethernet driver issues where my internet connection would only work sporadically. I guess, I could try Linux again (maybe buy a ethernet-USB adapter) but is it really that much more secure than Windows 7? I don't remember my Linux install getting many (if any) system updates for the six months I was using it either.

You want network flow logs, and device access logging.
Any $25 intel nic 1 gen behind newest will work for a given Linux distro.
There’s a bunch of desktop adapters for laptop nicks that seem popular given the volume of laptop nicks out there.
Check out some of the nicer antenna setups and you should be set.

 

[philb2]

I work really closely with frameworks that never make sense when reality hits.

Like the one that IBM used to use, something like "Spirals?"

 

[somebrains]

Like the one that IBM used to use, something like "Spirals?"

Hell no.
Even the MS integrations for the in house DevOps flow isn’t something I want to deal with.

 

[MrGuvernment]

It took you long enough to get the point. Good grief..

Sorry for wanting to provide actual detail instead of just a line of useless text that contributes nothing or provides any context. Don't like it, don't read it.

 

[MrGuvernment]

I’d interject manufacturer abandoned IoT devices are a massive bandwidth ingress for botnets.

Unpatched Linux kernels are just as problematic as unsupported Win.

People treat computers in the same casual manner.

Maybe they should get iPads instead, if their casual needs are so easy served.

100 % agree, they are, it is a user issue thinking they are doing something special and different when all they are doing is being part of the problem. IoT....if we could only nuke it all from orbit!

 

[MrGuvernment]

Asking from the perspective of an average user, what's the best way to monitor traffic in and out of your PC? If you see unauthorized traffic, how can you stop it? Do you have to basically reformat to fix the more sophisticated attacks once your infected?

I still use 7 on my 2010 computer mainly because when I tried upgrading to 10 back in 2016 the audio drivers stopped working and I couldn't figure out how to fix it. I don't think my 2010 PC is cut out for Win 11 and so I won't even try. I tried installing Linux Mint a while back but it had ethernet driver issues where my internet connection would only work sporadically. I guess, I could try Linux again (maybe buy a ethernet-USB adapter) but is it really that much more secure than Windows 7? I don't remember my Linux install getting many (if any) system updates for the six months I was using it either.

Mint and Manjaro usually have updates every 1-2 weeks for various things, depending what you have installed. If you set it to auto install and such, you may not have noticed them, but they do get updated often.

 

[ZodaEX]

Sorry for wanting to provide actual detail instead of just a line of useless text that contributes nothing or provides any context. Don't like it, don't read it.

No worries man.

 

[somebrains]

100 % agree, they are, it is a user issue thinking they are doing something special and different when all they are doing is being part of the problem. IoT....if we could only nuke it all from orbit!

I’ve been telling all these people that want to get into cybersecurity or DevOps/SRE/platform engineering to go build stuff.
Usually someone will come up with a project that I believe could be maintained, I’ll encourage them to maintain it world facing.

My point is to build things, so you learn how to break them.
You learn where skill sets tapers off and good ‘nuff opens opportunities to break or mandates to fix.

Getting back to win11, it’s a great Dev tool now with wsl2 performance + wslg capability.
I think with the right parts focus it’s a more performant content creation platform than my m1 air.
Certainly the lack of text scaling issues, multi window management, and wide gamut of display types makes win11 tops.
Cost of my 5650u junker Thinkpad was laughably low, I got it for $70 off a lady whose son got it for her but then she switched to an iPad Air.

Switch to Linux for some bleeding edge open source work and nvme drives are cheap.
Gpus have gotten affordable as long as you aren’t 4090 chasing.
If I have to cpu chug my way thru, that’s affordable right now.
There some interesting minimal virtualization to try that’s starting to leak as open source projects from public cloud vendors.
Ddr4 ram is cheap right now.

So bottom line I can do a lot with win11 that can be $, or just irritating on other OSes.

Is it perfect?
No.

Can you do a lot with it?
Yes.

Are there niche things other OSes and hardware do better?
Sure…..but the majority of people out there don’t DO that much.

Then the gear becomes a question of upkeep, and frankly win11 is much easier to deal with for the majority.

These guys asking about endpoint protection, internal file access, network flow control……they’re missing the point that the network layer will not protect an unsupported device or USEAGE.

If they ran into enough guys with my skillsets, they would upgrade to supported gear and software.

 

[philb2]

I’ve been telling all these people that want to get into cybersecurity or DevOps/SRE/platform engineering to go build stuff.
Usually someone will come up with a project that I believe could be maintained, I’ll encourage them to maintain it world facing.

My point is to build things, so you learn how to break them.
You learn where skill sets tapers off and good ‘nuff opens opportunities to break or mandates to fix.

Getting back to win11, it’s a great Dev tool now with wsl2 performance + wslg capability.
I think with the right parts focus it’s a more performant content creation platform than my m1 air.
Certainly the lack of text scaling issues, multi window management, and wide gamut of display types makes win11 tops.
Cost of my 5650u junker Thinkpad was laughably low, I got it for $70 off a lady whose son got it for her but then she switched to an iPad Air.

Switch to Linux for some bleeding edge open source work and nvme drives are cheap.
Gpus have gotten affordable as long as you aren’t 4090 chasing.
If I have to cpu chug my way thru, that’s affordable right now.
There some interesting minimal virtualization to try that’s starting to leak as open source projects from public cloud vendors.
Ddr4 ram is cheap right now.

So bottom line I can do a lot with win11 that can be $, or just irritating on other OSes.

Is it perfect?
No.

Can you do a lot with it?
Yes.

Are there niche things other OSes and hardware do better?
Sure…..but the majority of people out there don’t DO that much.

Then the gear becomes a question of upkeep, and frankly win11 is much easier to deal with for the majority.

These guys asking about endpoint protection, internal file access, network flow control……they’re missing the point that the network layer will not protect an unsupported device or USEAGE.

If they ran into enough guys with my skillsets, they would upgrade to supported gear and software.

somebrains

Even thoiugh I'm not a dev, I found your last post very informative and interesting.

 

[OFaceSIG]

Now that I know the registry fix for the right click context menu, how to fix the file explorer spacing and they've implemented a dark mode task manager I'll probably finally switch to 11 on my next build or re-format. Until then, 10 is more than sufficient. Before all these things? I would not use 11 full time.

 

[socK]

I’ve been telling all these people that want to get into cybersecurity or DevOps/SRE/platform engineering to go build stuff.

absolutely, building shit is paramount.

my github came up in my last job interview - it's one thing to just say you've done xyz and another to have all your code available to talk about. was not only a great conversation, but now my employer.

WSL2 is quite good. 95% of my work in in WSL + dev containers. Dev work on Windows is probably the best it's ever been.

 

[MrGuvernment]

I'm my own sys and network admin. Not saying nothing could get past me, but chances are I would notice. And everything you said applies to newer Windows versions also. There aren't any significant attack vectors knows for Win 7 vs 10/11 that are easily exploitable. Also, the biggest security threat lies in the browsers, so those are realistically more important to keep up to date.

The difference is the Windows 10/11's get patched, Windows 7 ones do not... And it is not just browsers, you can have a fully patched browser and visit a compromised site, your browser just does what it is supposed to, present you the site. Are all your perimeter devices secure? What do you use for firewalls? Do you use IDS in any form? How would you know if anything was leaving your network or your system was part of a sleeping botnet not yet activated? What do you have for a SOC monitoring everything? Cause most people have nothing../.

Enterprises with $100k to millions worth of security tools can still get compromised from one website visit, one bad URL click, or a poorly implemented firewall rule, or unpatched perimeter device, so, no, going to disagree, that 99% of people on [H] would have no clue if they were actually exploited. We all like to think we would, but likely would not, until it was too late.

It is not a matter of it, but when, and running Windows 7 just moves that "when" closer and closer.

 

[Meeho]

The difference is the Windows 10/11's get patched, Windows 7 ones do not... And it is not just browsers, you can have a fully patched browser and visit a compromised site, your browser just does what it is supposed to, present you the site. Are all your perimeter devices secure? What do you use for firewalls? Do you use IDS in any form? How would you know if anything was leaving your network or your system was part of a sleeping botnet not yet activated? What do you have for a SOC monitoring everything? Cause most people have nothing../.

Enterprises with $100k to millions worth of security tools can still get compromised from one website visit, one bad URL click, or a poorly implemented firewall rule, or unpatched perimeter device, so, no, going to disagree, that 99% of people on [H] would have no clue if they were actually exploited. We all like to think we would, but likely would not, until it was too late.

It is not a matter of it, but when, and running Windows 7 just moves that "when" closer and closer.

OPNsense for firewall/routing/IDS duties + software firewalls on each machine, segmented and isolated VLANs for IoT and low security devices, VPN only for WAN access. I regularly check running processes and startup entries in case browser, UAC, antivirus, local firewall and OPNsense failed to detect anything.

Sure, a meaningful exploit COULD be found that Win7 won't be patched for. Could. And if/when that day comes, I'll move to Linux. Untill then, I'm realistically as (un)safe as I would be on Win10/11.

 

[somebrains]

How about a CSS exploit that returns the logging payload in a react object?
That’s all the rage right now.
I literally cringe at how little credit I give CSS when I see it leveraged in compromised npm packages.

I just had to learn how Nextjs getServersideProps, getServersidePath, and all the Tailwind F’ery turns into a storm last month.
Frigging inject references into {id}.js and you’re in biz.

You guys see any funny low prices on a google search during Xmas inspect the scripts running in the poorly built fake e-commerce site.

Wanna click on some links you see in social media that’s borderline NSFW?
There are so many iterations of this old idea: https://www.hackread.com/hackers-malware-james-webb-space-telescope-images/

There’s so much opportunity right now bc people are consuming so much content.

There’s just so much going on that captivates people while they’re getting ready to shop that’s it’s a good time to weaponize some homework.

 

[Meeho]

Wanna click on some links you see in social media that’s borderline NSFW?
There are so many iterations of this old idea: https://www.hackread.com/hackers-malware-james-webb-space-telescope-images/

"campaign involves sending phishing emails that contain a Microsoft Office attachment named Geos-Rates.docx. The file is downloaded as a template.

These emails are the attack chain’s entry point. When the attachment is opened, an obfuscated VBA macro is auto-executed if the recipient has enabled macros. When executed, the macro downloads an image file titled OxB36F8GEEC634.jpg."

- open an unknown email attachment
- have macros auto enabled
- have Word have unrestricted Internet access

You can't fix stupid.

 

[philb2]

You can't fix stupid.

Meeho

Stupid, or perhaps just not informed enough. Think of the "little old lady" who uses her computer just to do zoom calls with her grandchildren, and maybe some email. The same one about whom the used car salesman swore that she drove the car only on Sundays to go to church, and never more than 30 miles per hour.

 

[Silentbob343]

I worked for an ISP once.
I’ll never do that again.

The sludge I found when doing drill downs with the Staff Network Admin broke both of us during the heavy DDoS 2015-2018 era.

People just don’t give an F, or they care about their use cases more than it’s implications contributing to real events.

I prefer working with Dev now, bc I can jail them in CICD and never let complete garbage into Prod.

I’ve never worked desktop, and I left basic sys admin a long time ago.

DevOps?

 

[Meeho]

Stupid, or perhaps just not informed enough. Think of the "little old lady" who uses her computer just to do zoom calls with her grandchildren, and maybe some email. The same one about whom the used car salesman swore that she drove the car only on Sundays to go to church, and never more than 30 miles per hour.

Sometimes stupid, sometimes uninformed, true. I'm not advocating anything for others, just stating my preferences.

 

[somebrains]

Meeho

Stupid, or perhaps just not informed enough. Think of the "little old lady" who uses her computer just to do zoom calls with her grandchildren, and maybe some email. The same one about whom the used car salesman swore that she drove the car only on Sundays to go to church, and never more than 30 miles per hour.

My friends elderly dad got hit a few weeks back for $20k.
They got his banking credentials.
She and her sister had to lock down his accounts, so there are additional controls if you ask.

I feel really bad for the guy because he was an ATT Systems Engineer in the 70s-early 2000s.
We’d talked over the years about public cloud and mainframe time sharing, evolution of the trade is often circular.
I would bounce concepts off him bc I started in the mid 90s when IS&T was a lot more like what you see advocated now in platform engineering.
Guy was the same age as my old man, so he could let the Nam stories out while I was wrenching on my car.
He was a Forward Observer, and good at it bc he gave no Fs as a young man.
I’m pretty much the son every dude like that wanted, so they talk about things with me like they’re in a confessional.

Id always ask him about how he learned C and Assembly to do his job, perspectives on personal initiative and continual learning bc you care about your trade.
He worked at the place Unix was practiced as a science, so all the math I hated when I was younger he helped me in perspective of flat file databases, resource management and workload orchestration, how to see latency in an application as unnecessary transmit in the distributed era.

But eventually we all diminish with age.
It’s very much whether we can question our decisions before calamity is the result that’s the issue.

Now that process you quoted has direct pathology to how I’d nest form input and state in a CSS hack then rig script passthru to weaponize it.
Manipulation of js DOM is just a diff way to send the payload.
One guy even salted log files to obscure the keylogger trail, and that’s why we have serverless deep inspect tools as sop now.
All the cool kids are learning it on various hackme sites, bootcamps, etc.
It’s further core CS ideation to make $.

DevOps?

Yeah, whatever they want to call me running npm audits, patch/update old crap everyone is afraid to touch, test on known good deployment, merge as latest.

Want to migrate applications from one cloud provider to another, I’m your guy bc I’ll lay in convos at every workflow focused on getting everything right.

I swear I’m just the “you’re wrong, take a look here at this branch and it’s fixed” guy.

Learned to argue with even more people as time goes on.

Old code is easy to remediate bc the standards were different, so is old architecture.

We continually learn ideally.

 

[Toboggan]

11 has been great for me so far and if you want to keep the windows 7 start menu there's a program called startallback that will do it for you

 

[polonyc2]

normally I always upgrade my OS...but not this time...I recommended to keep using Windows 10 for as long as possible...unless you have a newer Intel CPU it's not worth it

 

[emphy]

What is funny is so many people said the same thing with Windows XP, Win 7 sucks, it is crap, I will never switch! You never hear of anyone running XP anymore.....
...

(emphasis added)

Erm ... your post is literally the first time I am hearing about it. I suspect you are confusing 7 with vista.

 

[Furious_Styles]

(emphasis added)

Erm ... your post is literally the first time I am hearing about it. I suspect you are confusing 7 with vista.

He is. I totally skipped Vista and it never was an issue. Hell I upgraded to 7 when memory limitations in XP (32 bit) basically required it. I didn't think twice about trying 64 bit XP because everything I read said it was not good.

 

[socK]

I remember installing Vista and wasting a day trying to make my games not run at half the fucking framerate.

Gave up, installed XP again, problem solved. By the time 7 rolled around it was smooth sailing.

I'm having flashbacks to the hilariously stripped down version of XP I had that was like 80mb. No themes, backgrounds, sounds, anything, and it booted in seconds on a spinner.

I think it barely even had like 10 processes running on boot.

 

[philb2]

I'm having flashbacks to the hilariously stripped down version of XP I had that was like 80mb. No themes, backgrounds, sounds, anything, and it booted in seconds on a spinner.

I think it barely even had like 10 processes running on boot.

Them were the days.

 

[Deleted member 83233]

11 is great. I've never had less problems with an OS. It's fast, clean, and just works. Just disable as much of the annoying crap as possible, and you're all set.