| > I think that in the days before good windows security, "Before"‽ Windows still sets every file as executable by default (just an example). If it had good security you wouldn't need anti-malware tools always running in the background looking for stuff that has already broken through (to some extent). Basically, Windows security has been and probably always will be absolute garbage. A big reason why Microsoft won't (and can't, really) fix the security of Windows is backwards compatibility... If they fixed the "everything is executable by default" problem it would 100% for sure break a ton of stuff. The code base for Windows is both old and enormous. They don't employ enough developers to constantly review and re-write all that code all of the time. Most of it--even today's Windows 10 core code--was written at a time when Microsoft didn't really give a rat's ass about security. Just look at the past few years of Windows 10 vulnerabilities: https://www.cvedetails.com/product/32238/Microsoft-Windows-1... ...and compare that to say, Canonical/Ubuntu's list: https://www.cvedetails.com/vendor/4781/Canonical.html Looking at last year, in 2021 Ubuntu had 29 CVE-listed vulnerabilities, four of which were "code execution" (the worst). In that same period Windows 10 had 485 CVE-listed vulnerabilities, 112 of which were "code execution"! Now consider for a moment that the scope of Canonical/Ubuntu CVE list includes vastly more software than what comes with Windows. I just looked (Ubuntu 21.04) and there's 6,080 packages in Ubuntu's "main" software repository which is what's in scope for those CVEs (I'm pretty sure anyway). Whereas the scope of Windows 10 is just what comes with the OS which isn't much! If you drill down into the Windows 10 code execution vulnerabilities you'll see that it's all in the core stuff that comes with Windows like the print spooler, media services libraries, remote desktop, file system, etc. It's not obscure extras like bundled games or the snip tool or whatever. |