The computer is not exposed to the WAN (behind a firewall), the main way it could get infected is via a vulnerability in a browser, but these do get updated. And OS updates don't really protect you from malware in executables you install anyway.
The other potentially obvious question is why bother using an OS that’s out of support when Linux is so good?
I left Windows 11. The last straw wasn’t Microsoft accounts or Windows updates. I actually thought the OS was fine, most OS updates actually added great new features, and anything I considered an annoyance was easy to disable permanently.
Toss your Windows 11 ISO into Rufus and disabling things like Microsoft account requirements is a trivial process.
What I actually rage quit Windows over was AMD graphics drivers and a couple of my video games crashing.
What caught me by surprise is just how little I’d miss it. I thought I’d need to dual boot or run a Windows VM for little random things. Nope, I just don’t need them.
I didn’t expect to find an OS with more software that I tend to like better. Like my email client, where I moved from Thunderbird to Evolution and for the most part I find that to be a step up in user experience.
> The other potentially obvious question is why bother using an OS that’s out of support when Linux is so good?
I'm in the process of setting up a Linux desktop to replace my Win10 one, and for me it's these (if anyone has suggestions for migration or replacement, I'd love some opinions!)
- Lightroom. If anyone knows how to either run this under Linux, or migrate an entirely catalog of photos (plus edits) to something open source (including the Negative Lab Pro plugin), that would be amazing.
- MusicBee. There just does not seem to be a good music manager for Linux that can replace MusicBee. I rarely use it as a music player, there are dozens of great options for Linux music players, but MusicBee feeds my Airsonic instance, and I have not found a good way to manage music graphically in a way that maintains this setup.
- Games. This is really getting better and better each year...but I regularly play Microsoft Flight Simulator and haven't even tried to get that running in Linux yet (anyone have good experiences getting this working?)
> - MusicBee. There just does not seem to be a good music manager for Linux that can replace MusicBee. I rarely use it as a music player, there are dozens of great options for Linux music players, but MusicBee feeds my Airsonic instance, and I have not found a good way to manage music graphically in a way that maintains this setup.
For a traditional "all batteries included" collection management music player try Strawberry and Quod Libet. You should also look into the MuiscBrainz Picard tagger, it's a bit unwieldy to use but is very powerful once you learn it's wonky workflow.
I used Quod Libet as my main music player for a year or two, but I found it lacking and iirc sometimes laggy (it is written in Python!). Updates also seem to be infrequent.
It seems that various MS Flight Simulator editions run on Proton. Focus on recent ratings, as the overall score reflects often reflects old versions of Proton.
> - Games. This is really getting better and better each year...but I regularly play Microsoft Flight Simulator and haven't even tried to get that running in Linux yet (anyone have good experiences getting this working?)
It's a major step up in power but the steam deck has really pushed the wine/proton environment to near parity. The only things that really don't work through it reliably is anti-cheat stuff that I really don't want on my machine anyway.
I can't speak for the experience with nvidia drivers but it's pretty amazing how far it's come.
For games, my tip is that if you happen to be in CachyOS or some similar distribution, make sure you use the bore kernel for gaming.
I switched from the standard kernel to the bore kernel and went from a pretty disappointing experience in terms of performance and stutters to a really great one.
For me, I can't switch to Linux because of my accounting software; it's only on macOS. They are very few Linux business accounting software programs suitable for sole proprietors. GNUcash is too hard to set up. Online accounting software is not good, because one is giving ownership of one's financial data to another entity, who could deny access at any moment.
I've had five clients who have lost access to their Microsoft accounts permanently due to insufficient, or old, recovery information. SMS can't be used anymore. I've been thinking about recommending Yubikeys, but when older people don't even want to use password managers because they don't trust them, that's a hard sell.
The biggest problem is Microsoft changes the rules and requires all of these features, but doesn't tell any normal users of the changes nor the addition of the features.
Namely, it's the "blockers" one hasn't found suitable replacements for.
Love Linux, but Nvidia drivers are still shit on it. I'm not willing to take a performance hit for the convenience. Which I guess is a little ironic, given you left Windows over AMD driver issues.
The last time I had instability on a Nvidia card in Windows turned out to be a faulty card I had to RMA.
It is funny isn’t it? I imagine maybe a clean install or some other intervention might have helped me. The instability only affected two specific games at least on a regular basis and it was kind of a new thing.
But yeah, switching to Linux with an AMD card is basically an upgrade compared to Windows.
I would guess because "so good" does not equate with 100% and presumably the user's needs fall in that 5%.
Linux has been usable for non proprietary software for decades now. The fact that people are refusing to jump ship even when Windows actively undermines them and itself speaks volumes of people's aversion (or inability) to switch OSes.
Oddly I’m like mostly using proprietary Windows software on my Linux machine these days (games).
I also think the AI era goes very far in eliminating those 5% problems. I have a mostly non-technical friend who set up an old laptop with Linux for the first time and he told me that he’d never have been able to do it on his own without AI. Anytime there’s an issue, his solution is just a quick question or copy/paste away.
Running Windows 10 Enterprise IoT LTSC still gives you updates until 2031 with the added benefit of no app store. I run it as my main OS since last October and have yet to encounter any issues.
>Running Windows 10 Enterprise IoT LTSC [...] have yet to encounter any issues.
It depends on the type of software a user runs. I installed Windows 10 LTSC on a friend's computer last year thinking she could run it for at least 5 more years and just ignore the newer Windows 11/12/whatever.
But she needed Intuit TurboTax 2025 and it requires Windows 11 and it's a hard requirement. The installer aborts on Windows 10. It's not a soft requirement like Adobe where they only support Windows 11 but their installer still runs on Windows 10. Autodesk Fusion 360 is another example that requires Windows 11.
I'm guessing if there's a future Windows 12, Intuit TurboTax will be aggressive about making it a requirement that forces the issue even though nobody wants to upgrade to it.
I'd say that comes down to the difference between requirements (i.e. will it run at all, does it use features only found in win11) and support, and the developer's decisions around that. I can appreciate not supporting win10 even if it runs as they have a written or implied burden to make sure it keeps operating correctly for the lifespan, and that may include keeping test systems around or handling bugs that turn up in the OS that's getting reduced support itself, or other factors like drivers. Then there's the question of whether people would be willing to pay for a "your mileage may vary" level of support on something commercial.
Only downside I've encountered using W10 IoT LTSC is that I had the temporarily change the currentbuild key (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion) in registry to 19045 to be able to install docker and WSL2.
From definition, a 0-day is not patched in any system because it's not known. But back to your real question.
The biggest attack vectors are the browser, the mail client and direct network access.
I would never use outlook, edge or connect my computer directly without NAT or firewall to the open internet. And would never open a website without a add blocker.
You can count all other known big attacks(on unpatched Windows 7!!!) on one hand.
1) Remote execution via Wifi Stack
2) Remote execution via True Type Fonts
3) 0-Click code execution via USB Stick Icon processing
Windows update instead gives AT LEAST Microsoft a steady remote code execution on your and millions of other computers. It's a really interesting attack target when you go big. Why I should trust M$ to get the security there right?
I use Windows 10 with a relatively obscure firewall software with a per-process/per-service whitelist, and try to not be stupid on the Internet. I also do regular backups. This should cover most of the risk model applicable to me. Has worked so far.
Why would they need to be any more worried about those now than before?
The same holes exists and have existed for some time already. If he was not worried about them before why be worried about them now? And if you're worried about security holes why not be worried about the ones that exist now?
In general I find it funny that some people think that system is "secure" when it's on the latest version. At time t0 version N is considered "secure" then an update is made at t1 with version N1 and suddenly N is no longer secure. But it didn't change... it's the same version it was before.
Fact is a computer system is never going to be 100% secure.
The computer is not exposed to the WAN (behind a firewall), the main way it could get infected is via a vulnerability in a browser, but these do get updated. And OS updates don't really protect you from malware in executables you install anyway.
The other potentially obvious question is why bother using an OS that’s out of support when Linux is so good?
I left Windows 11. The last straw wasn’t Microsoft accounts or Windows updates. I actually thought the OS was fine, most OS updates actually added great new features, and anything I considered an annoyance was easy to disable permanently.
Toss your Windows 11 ISO into Rufus and disabling things like Microsoft account requirements is a trivial process.
What I actually rage quit Windows over was AMD graphics drivers and a couple of my video games crashing.
What caught me by surprise is just how little I’d miss it. I thought I’d need to dual boot or run a Windows VM for little random things. Nope, I just don’t need them.
I didn’t expect to find an OS with more software that I tend to like better. Like my email client, where I moved from Thunderbird to Evolution and for the most part I find that to be a step up in user experience.
> The other potentially obvious question is why bother using an OS that’s out of support when Linux is so good?
I'm in the process of setting up a Linux desktop to replace my Win10 one, and for me it's these (if anyone has suggestions for migration or replacement, I'd love some opinions!)
- Lightroom. If anyone knows how to either run this under Linux, or migrate an entirely catalog of photos (plus edits) to something open source (including the Negative Lab Pro plugin), that would be amazing.
- MusicBee. There just does not seem to be a good music manager for Linux that can replace MusicBee. I rarely use it as a music player, there are dozens of great options for Linux music players, but MusicBee feeds my Airsonic instance, and I have not found a good way to manage music graphically in a way that maintains this setup.
- Games. This is really getting better and better each year...but I regularly play Microsoft Flight Simulator and haven't even tried to get that running in Linux yet (anyone have good experiences getting this working?)
> - MusicBee. There just does not seem to be a good music manager for Linux that can replace MusicBee. I rarely use it as a music player, there are dozens of great options for Linux music players, but MusicBee feeds my Airsonic instance, and I have not found a good way to manage music graphically in a way that maintains this setup.
For a traditional "all batteries included" collection management music player try Strawberry and Quod Libet. You should also look into the MuiscBrainz Picard tagger, it's a bit unwieldy to use but is very powerful once you learn it's wonky workflow.
I used Quod Libet as my main music player for a year or two, but I found it lacking and iirc sometimes laggy (it is written in Python!). Updates also seem to be infrequent.
Hadn't heard of Quod Libet, that's a good recommendation!
It seems that various MS Flight Simulator editions run on Proton. Focus on recent ratings, as the overall score reflects often reflects old versions of Proton.
https://www.protondb.com/search?q=microsoft%20flight%20simul...
> - Games. This is really getting better and better each year...but I regularly play Microsoft Flight Simulator and haven't even tried to get that running in Linux yet (anyone have good experiences getting this working?)
It's a major step up in power but the steam deck has really pushed the wine/proton environment to near parity. The only things that really don't work through it reliably is anti-cheat stuff that I really don't want on my machine anyway.
I can't speak for the experience with nvidia drivers but it's pretty amazing how far it's come.
For games, my tip is that if you happen to be in CachyOS or some similar distribution, make sure you use the bore kernel for gaming.
I switched from the standard kernel to the bore kernel and went from a pretty disappointing experience in terms of performance and stutters to a really great one.
Musicbee works fine in Wine (in my experience). It's annoying I have to use it that way, but I'm not expecting it to be ported any time soon.
For me, I can't switch to Linux because of my accounting software; it's only on macOS. They are very few Linux business accounting software programs suitable for sole proprietors. GNUcash is too hard to set up. Online accounting software is not good, because one is giving ownership of one's financial data to another entity, who could deny access at any moment.
I've had five clients who have lost access to their Microsoft accounts permanently due to insufficient, or old, recovery information. SMS can't be used anymore. I've been thinking about recommending Yubikeys, but when older people don't even want to use password managers because they don't trust them, that's a hard sell.
The biggest problem is Microsoft changes the rules and requires all of these features, but doesn't tell any normal users of the changes nor the addition of the features.
Namely, it's the "blockers" one hasn't found suitable replacements for.
You mention clients losing access to Microsoft accounts, which is a requirement for running Windows 11.
So it’s the same risk whether you choose online accounting software or Windows accounting software.
I’m aware that bypassing the Microsoft account is presently trivial, but I figured I’d point out this food for thought.
Love Linux, but Nvidia drivers are still shit on it. I'm not willing to take a performance hit for the convenience. Which I guess is a little ironic, given you left Windows over AMD driver issues.
The last time I had instability on a Nvidia card in Windows turned out to be a faulty card I had to RMA.
It is funny isn’t it? I imagine maybe a clean install or some other intervention might have helped me. The instability only affected two specific games at least on a regular basis and it was kind of a new thing.
But yeah, switching to Linux with an AMD card is basically an upgrade compared to Windows.
(My card is a 9070XT)
I would guess because "so good" does not equate with 100% and presumably the user's needs fall in that 5%.
Linux has been usable for non proprietary software for decades now. The fact that people are refusing to jump ship even when Windows actively undermines them and itself speaks volumes of people's aversion (or inability) to switch OSes.
Oddly I’m like mostly using proprietary Windows software on my Linux machine these days (games).
I also think the AI era goes very far in eliminating those 5% problems. I have a mostly non-technical friend who set up an old laptop with Linux for the first time and he told me that he’d never have been able to do it on his own without AI. Anytime there’s an issue, his solution is just a quick question or copy/paste away.
Where to install it? There was wubi, but iirc it was discontinued?
Thanks for telling! Very interesting way of thinking about the security.
There's always the next great kernel level font or scrollbar exploit.
A simple trade off. Guaranteed malware from microsoft, or potential attacks that you can mitigate with firewalls, airgaps or Anti-Virus software.
Running Windows 10 Enterprise IoT LTSC still gives you updates until 2031 with the added benefit of no app store. I run it as my main OS since last October and have yet to encounter any issues.
>Running Windows 10 Enterprise IoT LTSC [...] have yet to encounter any issues.
It depends on the type of software a user runs. I installed Windows 10 LTSC on a friend's computer last year thinking she could run it for at least 5 more years and just ignore the newer Windows 11/12/whatever.
But she needed Intuit TurboTax 2025 and it requires Windows 11 and it's a hard requirement. The installer aborts on Windows 10. It's not a soft requirement like Adobe where they only support Windows 11 but their installer still runs on Windows 10. Autodesk Fusion 360 is another example that requires Windows 11.
I'm guessing if there's a future Windows 12, Intuit TurboTax will be aggressive about making it a requirement that forces the issue even though nobody wants to upgrade to it.
Fusion 360 complains about Windows 10, but it still runs fine.
I'd say that comes down to the difference between requirements (i.e. will it run at all, does it use features only found in win11) and support, and the developer's decisions around that. I can appreciate not supporting win10 even if it runs as they have a written or implied burden to make sure it keeps operating correctly for the lifespan, and that may include keeping test systems around or handling bugs that turn up in the OS that's getting reduced support itself, or other factors like drivers. Then there's the question of whether people would be willing to pay for a "your mileage may vary" level of support on something commercial.
I am not sure the differences, but turbotax has an online version.
The online version is only for filing one return.
Desktop installed version can file multiple returns so the overall cost is lower.
https://ttlc.intuit.com/turbotax-support/en-us/help-article/...
Most people will just have one federal filing so it doesn't seem like it is an issue for most people.
Those one-offs can always be in a separate VM (in Hyper-V or something)
Only downside I've encountered using W10 IoT LTSC is that I had the temporarily change the currentbuild key (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion) in registry to 19045 to be able to install docker and WSL2.
I thought it was 2032. I use IoT LTSC as well and I can second that this is a great OS and everything runs without issue.
I would add that I've also used Windows 11 IoT LTSC and that experience is very similar to Windows 10 IoT LTSC.
Some software and games conveniently require at least 22H2.
I have Win11 Pro and have yet to encounter any issues
From definition, a 0-day is not patched in any system because it's not known. But back to your real question.
The biggest attack vectors are the browser, the mail client and direct network access. I would never use outlook, edge or connect my computer directly without NAT or firewall to the open internet. And would never open a website without a add blocker.
You can count all other known big attacks(on unpatched Windows 7!!!) on one hand.
1) Remote execution via Wifi Stack
2) Remote execution via True Type Fonts
3) 0-Click code execution via USB Stick Icon processing
Windows update instead gives AT LEAST Microsoft a steady remote code execution on your and millions of other computers. It's a really interesting attack target when you go big. Why I should trust M$ to get the security there right?
I use Windows 10 with a relatively obscure firewall software with a per-process/per-service whitelist, and try to not be stupid on the Internet. I also do regular backups. This should cover most of the risk model applicable to me. Has worked so far.
I don't suppose that you can share the setup with us? What firewall, how are the backups performed, how regular etc.
Microsoft already handles infecting their users, how many times have they broken Windows 11 through patches?
Man 0-days are expensive stuff no one throws them at random people.
Just use mass grave scripts[1] and enable 5 years of security updates.
[1] https://massgrave.dev/
Why would they need to be any more worried about those now than before?
The same holes exists and have existed for some time already. If he was not worried about them before why be worried about them now? And if you're worried about security holes why not be worried about the ones that exist now?
In general I find it funny that some people think that system is "secure" when it's on the latest version. At time t0 version N is considered "secure" then an update is made at t1 with version N1 and suddenly N is no longer secure. But it didn't change... it's the same version it was before.
Fact is a computer system is never going to be 100% secure.
Because the longer software is out in the wild, the more vulnerabilities are found. At least when they're found in windows 11 they should be patched
Not really. The odds are way higher that an update will hose your system and data.
No.
ESU updates are free for private users.
So till november 2026 or so everything is fine. Then I will probably have to switch to Linux.
Only if you accept signing in with a Microsoft account.
You mean Windows 11, or 10?
I joke
lol. He’s using Windows in the first place so, clearly no.