Windows 10 hacked front and back

B00nie

[H]F Junkie
Joined
Nov 1, 2012
Messages
9,327
https://thehackernews.com/2020/08/microsoft-software-patches.html

n a nutshell, your Windows computer can be hacked if you:


  • Play a video file — thanks to flaws in Microsoft Media Foundation and Windows Codecs
  • Listen to audio — thanks to bugs affecting Windows Media Audio Codec
  • Browser a website — thanks to 'all time buggy' Internet Explorer
  • Edit an HTML page — thanks to an MSHTML Engine flaw
  • Read a PDF — thanks to a loophole in Microsoft Edge PDF Reader
  • Receive an email message — thanks to yet another bug in Microsoft Outlook

So if you use Windows, better either stop using it or at least update and pray.
 
In the article (which I also have a hard time taking seriously because they couldn’t even bother to proofread the thing). -

But don't worry, you don't need to stop using your computer or without Windows OS on it. All you need to do is click on the Start Menu → open Settings → click Security and Update, and install if any new update is available.
 
In the article (which I also have a hard time taking seriously because they couldn’t even bother to proofread the thing). -

But don't worry, you don't need to stop using your computer or without Windows OS on it. All you need to do is click on the Start Menu → open Settings → click Security and Update, and install if any new update is available.

Over the top source is over the top.
 
Most of this is old news. I'm with the rest, mostly fear mongering. BTW your Mac is as hackable as Windows 10. Linux a bit less so but still fairly easy. There are always updates as hackers find new ways to trick the OS into allowing access. Since Windows is by far the most deployed OS it makes sense they are the usual targets for hackers.

Overall, Yawn, yet another article from someone who likely had an hour before deadline to actually write something. So fell back on tried and true.
 
They could have said 'desktop OS' and been correct...

Segregating the term OS could also be viewed as reaching. OS is OS, platform is irrelevant. Especially when the tasks being performed on the platform are also desirable targets for hackers.
 
Yeah 120 total vulnerabilities fixed this time and if history is correct, a few thousand more to be discovered.
 
Segregating the term OS could also be viewed as reaching. OS is OS, platform is irrelevant. Especially when the tasks being performed on the platform are also desirable targets for hackers.
Well, not really. It's just applying the broadest level of specificity: you don't run the full Windows stack on a phone. Windows mobile was not the same stack as Windows desktop. Apple iOS is not the same stack as Mac OS X, and Android is most certainly not the same stack as GNU/Linux.

And given that 'GNU' is the actual 'operating system', where Linux is just the kernel, well, it's also the most correct thing to do.
Yeah 120 total vulnerabilities fixed this time and if history is correct, a few thousand more to be discovered.
So you're new to this concept of humans writing code for machines...?
 
Well, I was getting bored so, thanks for the entertainment value of this thread. :)
 
Well, I was getting bored so, thanks for the entertainment value of this thread. :)
o_O:facepalm:
Have to agree. This one is kind of like I find over on the firearms forums. So which Caliber is better... Let the raging discussion begin!
 
Well, not really. It's just applying the broadest level of specificity: you don't run the full Windows stack on a phone. Windows mobile was not the same stack as Windows desktop. Apple iOS is not the same stack as Mac OS X, and Android is most certainly not the same stack as GNU/Linux.

And the Windows 'stack' is nothing like the Linux stack. I'm sorry, but you're not furthering your cause beyond simple vendor bias. As for GNU vs Linux - Bleh, not really interested in such semantics.

The fact remains that as far as operating systems go as a collective, Android is globally the most popular OS by far, and the tasks being performed under the platform are just as attractive to potential hackers as the tasks performed under any other OS. Therefore, the drawn out and always largely questionable argument of security via obscurity regarding anything but the Windows operating system has been turned on it's head by virtue of the fact that Windows is now the worlds second most popular OS and is by far the most attacked OS.

If you want an echo chamber, you may as well just PM people you know will most definitely agree with your point of view.
 
And the Windows 'stack' is nothing like the Linux stack. I'm sorry, but you're not furthering your cause beyond simple vendor bias. As for GNU vs Linux - Bleh, not really interested in such semantics.
No bias here, I use both extensively on a daily basis.

However, if you're not saying 'GNU/Linux', then you're just talking about a kernel. Android is a completely different 'operating system' from desktop Linux, and it isn't a desktop operating system to begin with. It's rather disingenuous to compare Android to Windows while calling it 'Linux'.
 
No bias here, I use both extensively on a daily basis.

However, if you're not saying 'GNU/Linux', then you're just talking about a kernel. Android is a completely different 'operating system' from desktop Linux, and it isn't a desktop operating system to begin with. It's rather disingenuous to compare Android to Windows while calling it 'Linux'.
You know as well as we do that nobody says GNU/Linux when talking about linux distributions. Everyone understands that desktop linux is never just a kernel.
 
You know as well as we do that nobody says GNU/Linux when talking about linux distributions. Everyone understands that desktop linux is never just a kernel.

We should also assume that people understand that Linux is exploitable as well, but some people don't think software be like it is.
 
You know as well as we do that nobody says GNU/Linux when talking about linux distributions. Everyone understands that desktop linux is never just a kernel.
I know as well as anyone that when speaking about operating systems other than desktop Linux distributions, such as the aforementioned Android, that the specification is necessary.
 
We should also assume that people understand that Linux is exploitable as well, but some people don't think software be like it is.

Well if we want to get into specifics, Android Linux is by far not as exploitable as Windows and Android Linux is the more popular OS. Therefore, it stands to reason that the issue must be something related to out of the box Windows installs.

I'm not at all interested in vendor bias. I'm only interested in simple, sound, deductive logic.
 
Well if we want to get into specifics, Android Linux is by far not as exploitable as Windows and Android Linux is the more popular OS. Therefore, it stands to reason that the issue must be something related to out of the box Windows installs.

I'm not at all interested in vendor bias. I'm only interested in simple, sound, deductive logic.

I would make a guess that no one on this forum knows for a fact which operating systems are most vulnerable. I doubt anyone here makes a career exploiting these things. As such we have assumptions......
 
I would make a guess that no one on this forum knows for a fact which operating systems are most vulnerable. I doubt anyone here makes a career exploiting these things. As such we have assumptions......
Something can be deducted from the amount of known exploits per OS. I think Windows leads something like 1000:1 - to the negative side that is.
 
The fact remains that as far as operating systems go as a collective, Android is globally the most popular OS by far, and the tasks being performed under the platform are just as attractive to potential hackers as the tasks performed under any other OS. Therefore, the drawn out and always largely questionable argument of security via obscurity regarding anything but the Windows operating system has been turned on it's head by virtue of the fact that Windows is now the worlds second most popular OS and is by far the most attacked OS.
Well if we want to get into specifics, Android Linux is by far not as exploitable as Windows and Android Linux is the more popular OS. Therefore, it stands to reason that the issue must be something related to out of the box Windows installs.

I'm not at all interested in vendor bias. I'm only interested in simple, sound, deductive logic.

I guess security is easier when you are forced to go through a monopolistic app store, and choose from a list of approved apps, in order to install a program on your device. When you remove the user's ability to freely install any software that they want to, then it's obviously harder for a user to infect their own system. People are often their own worst enemy. With that said, I'd still rather have an open platform like a Windows PC than adopt the "please put me in jail, and tell me what I can and can't do, so that I'll be safer!" approach that you get with Android and Chrome OS.
 
I guess security is easier when you are forced to go through a monopolistic app store, and choose from a list of approved apps, in order to install a program on your device. When you remove the user's ability to freely install any software that they want to, then it's obviously harder for a user to infect their own system. People are often their own worst enemy. With that said, I'd still rather have an open platform like a Windows PC than adopt the "please put me in jail, and tell me what I can and can't do, so that I'll be safer!" approach that you get with Android and Chrome OS.
Windows is suspectible to many forms of fly-by attacks where user gets infected by receiving a malformed image, office file etc. from a web browser or e-mail often requiring no other interaction but to just open a page or (automatic) preview an e-mail. Those kinds of attacks can come from any 'safe' site that runs ads, since ad hosts are the golden opportunity for hackers that want to spread their payload through 'regular' sites.
 
Windows is suspectible to many forms of fly-by attacks where user gets infected by receiving a malformed image, office file etc. from a web browser or e-mail often requiring no other interaction but to just open a page or (automatic) preview an e-mail. Those kinds of attacks can come from any 'safe' site that runs ads, since ad hosts are the golden opportunity for hackers that want to spread their payload through 'regular' sites.

It is the same for Nix. At least on Windows, there is typically an AV trying to help. Linux users tend not to have a modern and capable AV.
 
It is the same for Nix. At least on Windows, there is typically an AV trying to help. Linux users tend not to have a modern and capable AV.
No it's not lol. To my knowledge Linux/BSD/OSX distributions do not have that kind of vulnerabilities. They don't have Office, Outlook nor IE or their components which are the most common paths for privilege escalation and infections.

https://help.ubuntu.com/community/Linuxvirus
 
No it's not lol. To my knowledge Linux/BSD/OSX distributions do not have that kind of vulnerabilities. They don't have Office, Outlook nor IE or their components which are the most common paths for privilege escalation and infections.

https://help.ubuntu.com/community/Linuxvirus
And yet commercial holistic protection suites ship AV for Linux right alongside Windows and Mac OS (and various Unixes usually too).
 
And yet commercial holistic protection suites ship AV for Linux right alongside Windows and Mac OS (and various Unixes usually too).
Yes and if you would have read the article, they're mostly to protect Windows users. Windows viruses easily slip undetected by a linux user and can infect others. The very fact that most software is installed through reliable repositories makes linux and OSX much safer than Windows, even if you don't take direct vulnerabilities to account.

I run a commercual antivirus on my OSX. Not because I would think I need it for my mac but to protect the customers who run WIndows.
 
Yes and if you would have read the article, they're mostly to protect Windows users. Windows viruses easily slip undetected by a linux user and can infect others. The very fact that most software is installed through reliable repositories makes linux and OSX much safer than Windows, even if you don't take direct vulnerabilities to account.

I run a commercual antivirus on my OSX. Not because I would think I need it for my mac but to protect the customers who run WIndows.
I'm speaking from industry experience. We're constantly updating AV on Linux, among other things on Linux, to keep it as secure as possible. From our perspective, Linux is no more secure than Windows, and it is far more targeted by attackers, in part precisely due to the FUD that people like you spread about it being 'more secure'.
 
No it's not lol. To my knowledge Linux/BSD/OSX distributions do not have that kind of vulnerabilities. They don't have Office, Outlook nor IE or their components which are the most common paths for privilege escalation and infections.

https://help.ubuntu.com/community/Linuxvirus

That is just not correct. People who run linux are probably running software, or else why are they running a computer in the first place :)

Software is always vulnerable.
 
I'm speaking from industry experience. We're constantly updating AV on Linux, among other things on Linux, to keep it as secure as possible. From our perspective, Linux is no more secure than Windows, and it is far more targeted by attackers, in part precisely due to the FUD that people like you spread about it being 'more secure'.

Out of the box, Linux is vastly more secure than Windows, that's why any decent network has the core Windows network protected by Linux machines. AV under Linux is vastly unnessecary, AV under Windows isn't much better than the Malware it's supposed to be preventing when it comes to resource sucking software and advertising pop ups. It's not uncommon for pop ups regarding purchaced AV software, with the vendor trying to sell the unsuspecting customer even more bloatware.

I've said it before, I'll say it again - The simple issue regarding double extension exploits under Windows has existed since forever and 'still' hasn't been rectified, why can't Microsoft rectify this issue? Rectifying that simple issue would eliminate a vast number of infections.
That is just not correct. People who run linux are probably running software, or else why are they running a computer in the first place :)

Software is always vulnerable.

Not when you don't have the issue of double extension exploits.

I guess security is easier when you are forced to go through a monopolistic app store, and choose from a list of approved apps, in order to install a program on your device. When you remove the user's ability to freely install any software that they want to, then it's obviously harder for a user to infect their own system. People are often their own worst enemy. With that said, I'd still rather have an open platform like a Windows PC than adopt the "please put me in jail, and tell me what I can and can't do, so that I'll be safer!" approach that you get with Android and Chrome OS.

The highlighted portion is the issue here, Microsoft users know Microsoft will do everything they can to make a killing out of an app store, however the fact is limiting software installation to an app store will virtually eliminate almost all MS infections overnight.

Arch users under Linux love their central repository of software, it's one of the selling points of the distro.
 
That is just not correct. People who run linux are probably running software, or else why are they running a computer in the first place :)

Software is always vulnerable.
Microsoft software has proven to be about 100x more vulnerable than others. Other OSes do not have blatant fly-by vulnerabilities like Microsoft software has.
 
I'm speaking from industry experience. We're constantly updating AV on Linux, among other things on Linux, to keep it as secure as possible. From our perspective, Linux is no more secure than Windows, and it is far more targeted by attackers, in part precisely due to the FUD that people like you spread about it being 'more secure'.
That's interesting since there are only about a dozen known linux viruses and even they are extremely rare. Why would you 'constantly update' your AV for a threat that last manifested itself about 10 years ago? LOL.
 
Microsoft users know Microsoft will do everything they can to make a killing out of an app store, however the fact is limiting software installation to an app store will virtually eliminate almost all MS infections overnight.

As a "Microsoft user", I've never felt that Microsoft has prevented me from installing whatever I want to on my own computer. Do you have actual evidence to the contrary? If you are okay with surrendering your freedom and allowing your choices to be dictated to you by an app-store, that's okay, you can just admit it. No need to cloud it in some anti-Microsoft fantasy.
 
As a "Microsoft user", I've never felt that Microsoft has prevented me from installing whatever I want to on my own computer. Do you have actual evidence to the contrary? If you are okay with surrendering your freedom and allowing your choices to be dictated to you by an app-store, that's okay, you can just admit it. No need to cloud it in some anti-Microsoft fantasy.
Your 'freedom' is the freedom of getting PUP/malware/viruses freely to your computer.
 
Your 'freedom' is the freedom of getting PUP/malware/viruses freely to your computer.

So you are okay with allowing someone, other than yourself, to decide what you can or can't run on your own device?
 
So you are okay with allowing someone, other than yourself, to decide what you can or can't run on your own device?
If it's a mobile phone, perfectly fine if it means keeping secure. As for desktops, no OS currently limits what you can run. However some OSes provide safe methods of installing things instead of downloading from unknown sources. Installing software from a random source is about as smart as going about having sex with strangers unprotected.
 
Back
Top