[hanselot]

I love people that believe there exists a version of windows that could be deemed secure. I was there once. Install the latest update to fix the security problems. Don't worry, our software becomes 300mb larger due to 500 other security problems we are rolling out today, but we managed to close off this one tiny hole over here.

Why does it matter anyways. With both Intel and AMD running processors independent of your machine, there's really no way to keep anything secure unless you use a machine that's over 20 years old.

[jmpz]

But, isn't that backwards? 20 year old systems have been thoroughly exploited and usually do not benefit from more recent updates. It's true you can't patch every single vulnerability, but probability is a huge factor in risk. If many of the common exploits have been patched, it's simply harder for your average hacker, the difficulty and opportunity cost just go up.

[pjmlp]

I love people that believe there exists a version of any operating system with C code on it, that can be deemed secure.

https://en.wikipedia.org/wiki/Morris_worm

[HybridCurve]

It is true that C does not protect against a class of errors related to memory safety, but it disingenuous to imply writing an OS in any other language will make it secure. At best, it will only reduce the porosity of the attack surface.

[pjmlp]

One of the reasons why Multics had a better security assessment than UNIX from DoD, was precisely how PL/I does strings and arrays.

Not wearing seatbelts and helmets doesn't save everyone, so it is worthless to use them as a vain attempt to save human lives.

[maccard]

Microsoft have 122k employees. Assuming that every one of them takes the upgrade, it uses an extra 61TB of storage. I can buy 61TB of NVMe storage from a high street retailer for under $5000. It's less than half that for a normal SSD. It costs more than that for the electricity to install the updates to 120k people I would bet.

> there's really no way to keep anything secure unless you use a machine that's over 20 years old.

This is nonsense. Security isnt a binary thing, and even if it was, you're still vulnerable to wrench-ops. If your threat model is that you suspect your procedure manufacture have backdoored your CPU, you better be running your own fab, air gapping your machines, and desoldering input ports.

Meanwhile for probably 95% of people and businesses out there, keeping windows up to date, 2FA required, encryption in transit and at rest, and regular tested backups is enough.

[corbulo]

At this point I don't think the goal is to reach a state of 'secure'; it's shifting vulnerabilities around to be less predictable. Intentionally or not.

[hulitu]

Windows 1.0 was pretty secure by todays standards. /s

[bee_rider]

No networking, right? I guess it was pretty good.

[AnIdiotOnTheNet]

Also no USB support, so even stuxnet won't work.