top | item 45450435

(no title)

All the security issues patched in software have either been there since it was released or are introduced with feature updates. As a security veteran, the end of patching is hardly as dire as this imagines.

Update:

Patching has always been security theater for systems where security actually matters (national security), because it's assumed nation states already know vulnerabilities often years before there's a public disclosure or patch. These patches have always been to deal with nuisance actors impacting non-critical users. Besides, the user getting tricked is always the biggest risk, and patching does nothing at all for that.

If you care about security, don't get on the internet. The device you're using right now is probably already trivial compromised by unpatched vulnerabilities, if not known only by a state actor than a spyware company. Pretending this isn't the case is worse than discontinuing vanity security theater.

This is like everyone freaking out because they're shutting down the TSA. The idea that patches are important and effective is more dangerous than not patching.

discuss

crazygringo|5 months ago

I really hope you're not a "security veteran."

Because you're guaranteeing to us that nobody will ever find another vulnerability in the existing codebase of Windows 10?

That's just a silly thing to say.

vachina|5 months ago

It actually is not dire, if you don’t expose your Windows installation open to the internet (and disabling ipv6).

You’re much more likely pwned by phishing or running malware from software updates.

thisisnotauser|5 months ago

That's not what I said.

unknown|5 months ago

[deleted]