[2Gkashmiri]

Last year I found an old xp machine that I wanted to show to a kid to learn to mess with.

Took me hours to get Firefox because everything else refuses to work. That was because I remembered the Mozilla download site directly.

Then, programs screaming end of support and security and vulnerability and what not.

WHAT IS THE THREAT MODEL HERE?

I come from a place which got high speed internet only 2 years ago. Until then, EVRRYONE USED TO DISABlE WINDOWS UPDATE, because data was precious and guess what happened, nothing.

You actually believe if I use Firefox with ubo on windows 7 that suddenly malware would jump on my machine, turn it into a bot and destroy data?

What about using office tools like excel or say libreoffice.

If a windows 7 or xp is connected to internet and you don't use a browser, will it still get infected?

[_nalply]

> EVRRYONE USED TO DISABlE WINDOWS UPDATE, because data was precious and guess what happened, nothing.

Nothing obviously visible, you mean.

[shadowgovt]

> You actually believe if I use Firefox with ubo on windows 7 that suddenly malware would jump on my machine, turn it into a bot and destroy data?

https://www.cvedetails.com/cve/CVE-2011-5046/ is a remote-code-execution attack that works via setting the height of an IFRAME because the graphics device interface doesn't vet the size of the resulting buffers generated to support that IFRAME.

It won't just jump on your machine, but it is a threat you may be continuously vulnerable to for every website you choose to access with an insufficiently-patched Win7 install. And with Win7 now EOL, there are fewer eyes on it looking for vulnerabilities that will report those vulns.