As long as some platform is capable and powerful for many things, there will be malware. The reason why most (consumer-facing at least) malware isn't targeting Linux is because its desktop market share is like 3%. It's way better to target Windows on desktop since you can reach way more users that way.
The only other alternative is turning your computer into a glorified phone (a.k.a. a locked-down media consumption device) where everything is nicely sandboxed and nothing has any kind of permission to do "bad" things. (Except tracking. Because guess what, the company who makes the OS also sells ads.)
Popularity was the canned cope for why Windows 95 through XP were riddled with so much malware. But then Microsoft started taking security more seriously with Vista and onwards. The situation didn't turn into sunshine and roses, but it did improve dramatically. It turns out that popularity wasn't the problem, the problem was the insecure nature of the software. There is of course still a lot of room for improvement.
> The only other alternative is turning your computer into a glorified phone (a.k.a. a locked-down media consumption device)
There’s a third alternative: keep the platform powerful but increase the default isolation level for third-party software and let the user choose what permissions it has. macOS is headed in this direction. Qubes is a more radical example and I think probably the future of desktop computing: everything will run in its own virtual machine.
It seems like your thesis is disproved in your own examples.
Linux is hugely popular on phones (android), which are every bit as juicy (if not more so at this point) than a desktop target.
There is mobile malware but it's far more rare and harder to come by.
But then there's just the fact that the way software is installed on a linux machine is wildly different from how you'd install it on windows. Just getting that binary blob to run requires some heroic efforts (To the point where we've pretty much decided it's easier to distribute via containers rather than compiled binaries for a given desktop).
And if we expand beyond the desktop, we find linux everywhere in the server world. Easily the most popular OS to run server software. Which makes it a hugely valuable target for hackers. They'd love nothing more than to compromise a bank server.
To say there's nothing about linux that makes it inherently more secure than windows seems just unreal. Because nix was designed around multiple users from the ground up, user permissions have been baked into the common flow for decades. That alone creates a huge layer of security that makes things like root kits or worms running at root super hard to pull off. The old windows (9->XP) pretty much gave everyone running admin permissions. Writing or changing a system32 dll was child's play.
To exploit linux, you have to either trick a user to run something with elevated permissions or find a vulnerability in software running with root permissions. To exploit windows (particularly older windows) you have to trick a user to run your software.
> The reason why most (consumer-facing at least) malware isn't targeting Linux is because its desktop market share is like 3%.
I don't eat that argument anymore. In the mobile space, Android (Linux) is the biggest player. It is even bigger than windows if both are considered among end-users[1] and I don't see as many people complaining about malware on Android as people complain about it on windows.
Of course, I don't think ms is incompetent with regards to windows security. But there are design decisions that make it historically problematic. The fact that win9x had zero process isolation (although with was possible since i386) and people expect program to continue working on winxp (NT kernel), the fact that centralized software distribution is a relatively novelty on windows (compared to apt which exists since 1998) and many other minor things, like extension hiding, make it an easier target than ChromeOS, iOS, Android, MacOS and GNU/Linux.
I remember people saying "when Linux become as popular as windows, you'll see it being target by malware devs". Well, consider smartvs, infotainment, servers, supercomputers, embedded systems, mobile (specially Android). Linux is bigger than windows for a long time. I don't think its lower desktop market share is the main reason for its lack of malware.
Linux has a wider attack vector since there are tons of packages out there. Yet the core has a lot of attention and many eyes on it, just because it is so open.
Vulnerabilities get patched rather sooner than later. Linux versions and gnu packages are running basically the entire internet, so there is definitely incentive to break into into it.
It's also a lot clearer in linux when a process is doing something it shouldn't, since it's a lot easier to probe into it to check what's going on.
Sandboxing isn’t incompatible with a highly customizable OS. Malware is really more a question of being able to install software without the users control and the inability to remove such installations after the fact.
Windows suffers from Malware in no small part due to the systems design rather than simply being common. Plenty of alternatives have more users than windows did back in the late 90’s when it was a huge target.
A very long time ago, Windows normalized the absolute worst security practices ever. This was never meaningfully addressed/punished publicly and we just kind of drifted to today -- where we're stuck with absurdities like the fact that you can't use a USB key literally as intended. No other product is this bad in terms of security; bread will not destroy your toaster the way a USB key can your computer.
Linux has both a huge stack surface and a huge focus on the malware and TA sphere. I worry about my Linux environment far more than my Windows environment. properly securing, monitoring and responding in a Linux environment is much harder than a windows environment for a SOC. the enterprise tool set lags in this space by a lot, and the TAs targeting Linux are generally FAR more sophisticated.
This is definitely true, and I think there are at least two points worth considering here.
- Part of what makes the mainstream OS terrible is the mere fact that it is mainstream. If Linux hit 60-70% adoption, a plague of terrible software, adware, malware, and more would start degrading its quality.
- Despite the points above, it would be really nice if some of the lousy things pointed out the in the graphic were deprecated.
I think there's a unique element to Windows with it's attempt to be extremely backwards compatible. This can be a tremendous boon when, say, running older software targeting a previous OS, but introduces vulnerabilities since your dependency tree has such deep roots. It's definitely a good target because god knows how many banks/hospitals/etc are running windows and have critical business data in Excel sheets or Power BI or whatever, but it doesn't help that Windows itself is constructed of layers and layers of older code that can't be sacrificed without wrecking some client workflow. I mean that screenshot of 10 different design styles in Windows 11 kinda goes to show how much of it is just ported over kinda arbitrarily.
I'm far from a security expert, but this article (or a related one) was posted recently on HN and it covers some fairly technical reasons why Linux isn't as secure as commonly believe [0]. While that may be true, I think in practical terms you are less likely to encounter malware etc on Linux than Windows, but that could very well be because it is a smaller target as you mention.
You can lock down your computer and keep it a computer. For an example look at the work going on with Fedora Silverblue [1] where you have an immutable OS install and use containers and flatpaks for everything. It is coming along nicely with side projects to allow for customization via Dockerfiles [2].
> The only other alternative is turning your computer into a glorified phone (a.k.a. a locked-down media consumption device) where everything is nicely sandboxed and nothing has any kind of permission to do "bad" things.
Your understanding of security research is badly out of date.
Turns out that, since the 80's, we've found a lot of ways to make computing platforms much more secure while sacrificing little flexibility.
For instance: capabilities. Apps working under a capability model get denied access to resources by default. If you later determine that yes, you want a program to be able to access the internet, then you can grant it that capability...but, say, only while the program is running, and you can revoke it at any time.
The dichotomy of "either malware or a locked down media-consumption device" is completely false.
> As long as some platform is capable and powerful for many things, there will be malware.
This is true but there are also degrees of that. Windows in particular is a graveyard of discarded tech waiting to be galvanized by malware, because of the backwards compatibility and because of the Microsoft's habit of abandoning the half-done frameworks and APIs. Apple's stuff is much tidier just because they regularly deprecate and compress their fully owned stack (although they also have their turds of course). In Linux, there's terrible fragmentation and a lot of ancient and barely maintained stuff, but at the same time it can be customized to only include the best practices and omit a lot of dead weight.
> The reason why most (consumer-facing at least) malware isn't targeting Linux is because its desktop market share is like 3%.
This is also why there's not as much software in general. So if a (lack of) regular software is a valid reason to not use linux, a lack of malware is also a valid reason to use it.
>As long as some platform is capable and powerful for many things, there will be malware.
Might want to rephrase that, uhm, Linux?
Windows is a platform that is accessible to the most dumb (and disinterested) users in the world. No offense, but phishers, malware authors and spammers all rely on a sucker buying OEM every minute.
I see a ton of linux malware as part of my job but it's a different kind to windows malware(which I also reverse/research)
in Linux the focus is on server/enterprise so things like webshells, miners, data scraping are very common
This and I think Linux desktop is way less attractive as a target as not used on corporate machines so often. Corporate Windows desktops might be more much more interesting data-wise.
Proper sandboxing in Unix was a missing feature forever since SUID bit was introduced and was slowly mitigated by adding layers of virtualization instead of OS-level controls.
The single largest outstanding security problem with Windows is the one-two punch combo of hiding file extensions by default + not having an executable bit. This makes it insanely easy for an attacker to simply create a malicious executable that has the icon of a word document or other recognizable type. There is literally no way for a lay person to detect the danger there.
If there were an executable bit, exe’s from strange places wouldn’t just run without being granted permission. If extensions were visible by default, the very slightly savvy could SEE the danger. The combo lack-thereof is the danger.
With how many notifications Windows gives you already, it really seems like at the very least just warning you when you double click something the first time “this is an executable, use caution” would go a long way.
Binaries downloaded from browsers get stapled with a “potentially unsafe” extended attribute that pops a warning the first time you try to open it. This helps but is backwards. It should go the other direction and every binary should warn you until stapled with a “user has acknowledged the danger” attribute.
Malware isnt even the worst part about windows by far these days. Windows is essentially a downloadable telemetry engine; a spyware go-kart with a login screen. When its not cosplaying a mall kiosk barker, flogging various wares and useless dreck its curated through your complacent surveillance, its gaslighting you like a toxic ex into thinking you dont "need" a new browser because this ones better and good and okay. When its time for an upgrade, you'd better hope you have hardware for it because Redmond will expend the same tireless energy gaslighting you about your 'obsolete' 5 year old PC thats performing just fine as it spends reminding you to check out its ghost town app-store and microtransaction rodeo. Oh and did you somehow manage to install chrome? sorry but most of your apps wont remember that preference for longer than it takes Microsoft to find out you had an opinion that wasnt approved by the marketing department.
Windows is like a zombie clown at a haunted carnival, shambling from booth to booth just long enough to offend by its very presence before it shuffles off back to big top corporate america, arguably the only place it still exists to an audience of appreciative patrons at all.
Windows is the malware compatibility layer for everything
Windows NT and all versions of Windows after NT have more security controls than just about any other operating system as those controls came right out of VMS. They are mostly all disabled or weakened to lower friction and increase adoption. The controls are also weakened by default on Linux but it was late to the party and was not as happy-clicky as Windows thus more friction for less technical people at first. It isn't just security controls. Both Windows and Linux allow memory over-commit by default which can affect stability but improves adoption by developers. All of these things can be hardened at the risk of breaking applications that were coded to the default behavior so to speak.
As others mentioned Windows has the highest adoption and usage so it will be the default target. Should Linux take the lead some day it would gain more attention by malware authors. There are plenty of unexplored attack vectors in udev, binfmt mount, eBPF, systemd and how some of those things are glued together currently for a lack of better terminology. This may happen sooner than later if Linux gaming continues to improve at it's current rate. Gaming platforms often code to default behavior or expect elevated privileges thus rendering OS-hardening not an option and not many people will buy a separate gaming machine to keep this isolated from the machine they do taxes, banking, emails, social media, etc...
>Computer security would be about 80% solved if we just deprecated every technology shown in this graphic.
is going to be about memory unsafe languages like C, C++ and JIT compilers (web browser) since
>Around 70% of our high severity security bugs are memory unsafety problems (that is, mistakes with C/C++ pointers). Half of those are use-after-free bugs.
Large reason why MS has been embracing Rust recently... IIRC, they have their first rust based dll replacement in testing now. May take a while to see even half of it shift over though.
Hmm, no. You'd use other attack vectors and once you've closed most of the attack avenues you'd find yourself on a smartphone OS with no permissions and mass tracking... and there would still be malware galore.
backwards compatibility is the cause for all of this, and it's a bitch to deal with
in an ideal world every time you need to break compatibility you would provide extensive documentation and make migration as painless as possible.
this might work if it wasn't for the tiny little problem of abandonware. the amount of critical tasks for which a piece of software that nobody knows how it works anymore is required is astounding.
should it be illegal for businesses and public-adjacent entities to operate proprietary software that is not actively maintained by anyone and has zero support contracts attached?
I wish they would eliminate being able to execute .scr files which were used to share screensavers...back when anyone cared or windows even bothered to use them since its all lock screens. Now they are nothing but guaranteed malware and pretty common for that purpose.
There's absolutely no negative impact disabling the support other than someone still using Windows XP with custom screensavers saying "SEE MICROSOFT IS EVIL!!!"
PIF files are perhaps madder. They're configuration files for MS-DOS programmes running under Windows. But you can rename an .exe to .pif and it'll still work as an .exe as the same internal function to start an executable also handles PIF file parsing. But Windows Explorer considers PIF files "shortcuts", and so like .lnk files the file extension is always hidden even if visibility is requested.
This included 64 bit Windows (at least for 10), which can't actually run MS-DOS programmes, and has no real reason to actually try and do anything for PIF files anyway.
I was surprised to find screensaver support still in Windows. And they still have a bunch of screensavers like "3D Text" which appears to still be using the same code from its first release in 1998.
They also seem to have isolated them onto their own desktop, meaning that if a screensaver crashes then the users desktop won't be shown. That broke the official 'Bubbles' screensaver in Windows 11 - and they clearly don't test that stuff, because they released it anyway, broken.
> Computer security would be about 80% solved if we just deprecated every technology shown in this graphic.
Computer security would be 100% solved if we just got rid of computers. It's impossible to break into something if it doesn't exist. I wonder why we haven't tried this strategy yet?
If computer security is "80% solved" then "computer security researchers" also lose 80% of their "work".
There is an argument to be made that these researchers work for "developers", i.e., the people who create and perpetuate the stuff in the graphic, more than they work for "users", i.e., the people suffer as a result of its continued usage.
Here the security researcher does not tell users, most of whom do not read Twitter, to stop using software that utilises the stuff in the graphic. Instead he communicates with computer security researchers, developers and other Twitter users apparently hoping that developers will deprecate such usage. (But knowing this will never happen.)
Note this comment does not argue that this state of affairs is good or bad. Only a reader can make that so. The comment only makes some observations.
Ahh twitter infosec people. They say shit like this for rage/doom baiting but soon enough they buy their own spiel. I had one person tell me switching to macs should be a priority because it will extinguish most security issues. As a regular mac user, couldn't help facepalming at that.
Vulnerability chains on iOS (and presumably macOS) also rely on various complex 90's/late-80's legacy technologies at the heart of the OS. But I can only assume that such complexity would exist somewhere even in a clean-slate OS.
I hate how a twitter link only shows the exact tweet and not the replies/context/etc. Not even when the person has multiple tweets about a subject. (I forget what this is called.)
I have mostly stopped clicking on twitter links these days.
[+] [-] Pannoniae|2 years ago|reply
The only other alternative is turning your computer into a glorified phone (a.k.a. a locked-down media consumption device) where everything is nicely sandboxed and nothing has any kind of permission to do "bad" things. (Except tracking. Because guess what, the company who makes the OS also sells ads.)
[+] [-] mcpackieh|2 years ago|reply
[+] [-] jolux|2 years ago|reply
There’s a third alternative: keep the platform powerful but increase the default isolation level for third-party software and let the user choose what permissions it has. macOS is headed in this direction. Qubes is a more radical example and I think probably the future of desktop computing: everything will run in its own virtual machine.
[+] [-] cogman10|2 years ago|reply
Linux is hugely popular on phones (android), which are every bit as juicy (if not more so at this point) than a desktop target.
There is mobile malware but it's far more rare and harder to come by.
But then there's just the fact that the way software is installed on a linux machine is wildly different from how you'd install it on windows. Just getting that binary blob to run requires some heroic efforts (To the point where we've pretty much decided it's easier to distribute via containers rather than compiled binaries for a given desktop).
And if we expand beyond the desktop, we find linux everywhere in the server world. Easily the most popular OS to run server software. Which makes it a hugely valuable target for hackers. They'd love nothing more than to compromise a bank server.
To say there's nothing about linux that makes it inherently more secure than windows seems just unreal. Because nix was designed around multiple users from the ground up, user permissions have been baked into the common flow for decades. That alone creates a huge layer of security that makes things like root kits or worms running at root super hard to pull off. The old windows (9->XP) pretty much gave everyone running admin permissions. Writing or changing a system32 dll was child's play.
To exploit linux, you have to either trick a user to run something with elevated permissions or find a vulnerability in software running with root permissions. To exploit windows (particularly older windows) you have to trick a user to run your software.
[+] [-] marcodiego|2 years ago|reply
I don't eat that argument anymore. In the mobile space, Android (Linux) is the biggest player. It is even bigger than windows if both are considered among end-users[1] and I don't see as many people complaining about malware on Android as people complain about it on windows.
Of course, I don't think ms is incompetent with regards to windows security. But there are design decisions that make it historically problematic. The fact that win9x had zero process isolation (although with was possible since i386) and people expect program to continue working on winxp (NT kernel), the fact that centralized software distribution is a relatively novelty on windows (compared to apt which exists since 1998) and many other minor things, like extension hiding, make it an easier target than ChromeOS, iOS, Android, MacOS and GNU/Linux.
I remember people saying "when Linux become as popular as windows, you'll see it being target by malware devs". Well, consider smartvs, infotainment, servers, supercomputers, embedded systems, mobile (specially Android). Linux is bigger than windows for a long time. I don't think its lower desktop market share is the main reason for its lack of malware.
[1] https://gs.statcounter.com/os-market-share#monthly-202206-20...
[+] [-] dacryn|2 years ago|reply
Linux has a wider attack vector since there are tons of packages out there. Yet the core has a lot of attention and many eyes on it, just because it is so open.
Vulnerabilities get patched rather sooner than later. Linux versions and gnu packages are running basically the entire internet, so there is definitely incentive to break into into it.
It's also a lot clearer in linux when a process is doing something it shouldn't, since it's a lot easier to probe into it to check what's going on.
[+] [-] Retric|2 years ago|reply
Windows suffers from Malware in no small part due to the systems design rather than simply being common. Plenty of alternatives have more users than windows did back in the late 90’s when it was a huge target.
[+] [-] jrm4|2 years ago|reply
A very long time ago, Windows normalized the absolute worst security practices ever. This was never meaningfully addressed/punished publicly and we just kind of drifted to today -- where we're stuck with absurdities like the fact that you can't use a USB key literally as intended. No other product is this bad in terms of security; bread will not destroy your toaster the way a USB key can your computer.
You can't JUST put this on market share.
[+] [-] Beached|2 years ago|reply
[+] [-] everdrive|2 years ago|reply
- Part of what makes the mainstream OS terrible is the mere fact that it is mainstream. If Linux hit 60-70% adoption, a plague of terrible software, adware, malware, and more would start degrading its quality.
- Despite the points above, it would be really nice if some of the lousy things pointed out the in the graphic were deprecated.
[+] [-] soraminazuki|2 years ago|reply
[+] [-] lofatdairy|2 years ago|reply
[+] [-] xorcist|2 years ago|reply
It's an operating system that automatically executes code found on USB sticks.
How is this even a discussion?
[+] [-] abrookewood|2 years ago|reply
https://madaidans-insecurities.github.io/linux.html
[+] [-] eikenberry|2 years ago|reply
[1] https://fedoraproject.org/silverblue/ [2] https://github.com/ublue-os
[+] [-] throw10920|2 years ago|reply
Your understanding of security research is badly out of date.
Turns out that, since the 80's, we've found a lot of ways to make computing platforms much more secure while sacrificing little flexibility.
For instance: capabilities. Apps working under a capability model get denied access to resources by default. If you later determine that yes, you want a program to be able to access the internet, then you can grant it that capability...but, say, only while the program is running, and you can revoke it at any time.
The dichotomy of "either malware or a locked down media-consumption device" is completely false.
[+] [-] howinteresting|2 years ago|reply
[+] [-] orbital-decay|2 years ago|reply
This is true but there are also degrees of that. Windows in particular is a graveyard of discarded tech waiting to be galvanized by malware, because of the backwards compatibility and because of the Microsoft's habit of abandoning the half-done frameworks and APIs. Apple's stuff is much tidier just because they regularly deprecate and compress their fully owned stack (although they also have their turds of course). In Linux, there's terrible fragmentation and a lot of ancient and barely maintained stuff, but at the same time it can be customized to only include the best practices and omit a lot of dead weight.
[+] [-] trelane|2 years ago|reply
This is also why there's not as much software in general. So if a (lack of) regular software is a valid reason to not use linux, a lack of malware is also a valid reason to use it.
[+] [-] INTPenis|2 years ago|reply
Might want to rephrase that, uhm, Linux?
Windows is a platform that is accessible to the most dumb (and disinterested) users in the world. No offense, but phishers, malware authors and spammers all rely on a sucker buying OEM every minute.
[+] [-] CyberRage|2 years ago|reply
[+] [-] ensocode|2 years ago|reply
[+] [-] failuser|2 years ago|reply
[+] [-] donatj|2 years ago|reply
If there were an executable bit, exe’s from strange places wouldn’t just run without being granted permission. If extensions were visible by default, the very slightly savvy could SEE the danger. The combo lack-thereof is the danger.
With how many notifications Windows gives you already, it really seems like at the very least just warning you when you double click something the first time “this is an executable, use caution” would go a long way.
Binaries downloaded from browsers get stapled with a “potentially unsafe” extended attribute that pops a warning the first time you try to open it. This helps but is backwards. It should go the other direction and every binary should warn you until stapled with a “user has acknowledged the danger” attribute.
[+] [-] nimbius|2 years ago|reply
Windows is like a zombie clown at a haunted carnival, shambling from booth to booth just long enough to offend by its very presence before it shuffles off back to big top corporate america, arguably the only place it still exists to an audience of appreciative patrons at all.
[+] [-] LinuxBender|2 years ago|reply
Windows NT and all versions of Windows after NT have more security controls than just about any other operating system as those controls came right out of VMS. They are mostly all disabled or weakened to lower friction and increase adoption. The controls are also weakened by default on Linux but it was late to the party and was not as happy-clicky as Windows thus more friction for less technical people at first. It isn't just security controls. Both Windows and Linux allow memory over-commit by default which can affect stability but improves adoption by developers. All of these things can be hardened at the risk of breaking applications that were coded to the default behavior so to speak.
As others mentioned Windows has the highest adoption and usage so it will be the default target. Should Linux take the lead some day it would gain more attention by malware authors. There are plenty of unexplored attack vectors in udev, binfmt mount, eBPF, systemd and how some of those things are glued together currently for a lack of better terminology. This may happen sooner than later if Linux gaming continues to improve at it's current rate. Gaming platforms often code to default behavior or expect elevated privileges thus rendering OS-hardening not an option and not many people will buy a separate gaming machine to keep this isolated from the machine they do taxes, banking, emails, social media, etc...
[+] [-] tester756|2 years ago|reply
I thought this tweet
>Computer security would be about 80% solved if we just deprecated every technology shown in this graphic.
is going to be about memory unsafe languages like C, C++ and JIT compilers (web browser) since
>Around 70% of our high severity security bugs are memory unsafety problems (that is, mistakes with C/C++ pointers). Half of those are use-after-free bugs.
https://www.chromium.org/Home/chromium-security/memory-safet...
>Figure 1: ~70% of the vulnerabilities Microsoft assigns a CVE each year continue to be memory safety issues
https://msrc.microsoft.com/blog/2019/07/a-proactive-approach...
Also HN title is editorialized.
[+] [-] tracker1|2 years ago|reply
[+] [-] CyberRage|2 years ago|reply
Most of malware, logically, abuse common features within the operating system
[+] [-] Run_DOS_Run|2 years ago|reply
Hmm, no. You'd use other attack vectors and once you've closed most of the attack avenues you'd find yourself on a smartphone OS with no permissions and mass tracking... and there would still be malware galore.
https://www.bleepingcomputer.com/news/security/apps-with-15m...
[+] [-] CrampusDestrus|2 years ago|reply
in an ideal world every time you need to break compatibility you would provide extensive documentation and make migration as painless as possible.
this might work if it wasn't for the tiny little problem of abandonware. the amount of critical tasks for which a piece of software that nobody knows how it works anymore is required is astounding.
should it be illegal for businesses and public-adjacent entities to operate proprietary software that is not actively maintained by anyone and has zero support contracts attached?
[+] [-] PeterStuer|2 years ago|reply
Seriously, if another platform would hold 90% of the juice, you realy think it would not be the victim of malware by a long shot?
FwIW, I used to be a front line malware eradicater in the 80's , the prime target back then were Apple Mac's on uni computer classrooms.
[+] [-] fsflover|2 years ago|reply
[+] [-] halkony|2 years ago|reply
[+] [-] adamc|2 years ago|reply
But history is a thing.
Also, every time I click on a twitter link, I seem to get "something went wrong" and have to reload. Is that the modern twitter?
[+] [-] chungy|2 years ago|reply
So, yes or no. Depending on your idea of modern.
[+] [-] lucb1e|2 years ago|reply
[+] [-] delfinom|2 years ago|reply
There's absolutely no negative impact disabling the support other than someone still using Windows XP with custom screensavers saying "SEE MICROSOFT IS EVIL!!!"
[+] [-] fredoralive|2 years ago|reply
This included 64 bit Windows (at least for 10), which can't actually run MS-DOS programmes, and has no real reason to actually try and do anything for PIF files anyway.
[+] [-] londons_explore|2 years ago|reply
They also seem to have isolated them onto their own desktop, meaning that if a screensaver crashes then the users desktop won't be shown. That broke the official 'Bubbles' screensaver in Windows 11 - and they clearly don't test that stuff, because they released it anyway, broken.
[+] [-] _gabe_|2 years ago|reply
Computer security would be 100% solved if we just got rid of computers. It's impossible to break into something if it doesn't exist. I wonder why we haven't tried this strategy yet?
[+] [-] radicalbyte|2 years ago|reply
Them having actual backwards compatibility (unlike the fruity side) is the least of our problems.
[+] [-] 1vuio0pswjnm7|2 years ago|reply
There is an argument to be made that these researchers work for "developers", i.e., the people who create and perpetuate the stuff in the graphic, more than they work for "users", i.e., the people suffer as a result of its continued usage.
Here the security researcher does not tell users, most of whom do not read Twitter, to stop using software that utilises the stuff in the graphic. Instead he communicates with computer security researchers, developers and other Twitter users apparently hoping that developers will deprecate such usage. (But knowing this will never happen.)
Note this comment does not argue that this state of affairs is good or bad. Only a reader can make that so. The comment only makes some observations.
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] badrabbit|2 years ago|reply
[+] [-] TazeTSchnitzel|2 years ago|reply
[+] [-] bb88|2 years ago|reply
https://archive.fo/2MIuC
[+] [-] mrguyorama|2 years ago|reply
Human sustenance is solved if we choose to let everyone die.
These statements have equal utility.
[+] [-] _trampeltier|2 years ago|reply
[+] [-] intsunny|2 years ago|reply
I have mostly stopped clicking on twitter links these days.