[johncoatesdev]

Updating software is good advice. Do you realize how many CVEs are reported on a daily basis? Once you've got a password manager you're largely protected against phishing, so the biggest target becomes your computer, and the most likely way to compromise that would be through outdated software with public vulnerabilities.

What do you expect your browser security levels to the max to do? Browsers are designed to be secure from default settings.

[peanut-walrus]

Vulnerabilities in the software you use don't even make the top 5 in ways bad guys actually compromise you.

The most common attacks:

- Phishing

- Getting the user to run the malware themselves

- Credential reuse

- Literal physical theft

- Users uploading their own stuff completely willingly to some sketchy service

Vulnerabilities in the services you use are important, but you can't update those yourself :)

[dolmen]

> Users uploading their own stuff completely willingly to some sketchy service

> Getting the user to run the malware themselves

Here are two good reasons for not trusting a password manager that stores your vault online.

On the other hand, most people have no backup strategy for their digital life.

[ndriscoll]

Almost all CVEs are basically irrelevant to everyone that doesn't have some obligation to keep on top of patching them. Meanwhile, auto-updates are RCE by default.

[cwillu]

Indeed. I'm far more worried about picking up a supply-chain hack via updates than I am that some low-profile denial-of-service attack will actually affect me; the updates themselves historically have caused me far more actual denials of service than they fix.

[cwillu]

Case in point: “[Print] To meet security goals and support new print capabilities, this update transitions Windows printing components from MSVCRT to a modern Universal C Runtime Library.

As a result of this change, print clients running versions of Windows prior to Windows 10, version 2004 and Windows Server, version 2004 (Build number 19041) will intentionally fail to print to remote print servers running Windows 11, versions 24H2 or 25H2, and Windows Server 2025, that have installed this update, or later updates. Attempting to print from an unsupported print client to an updated print server will fail with one of the following errors: […]”

[csmantle]

CVEs are better viewed as "a uniform numbering system that ensures we are talking about the same bug" today. But updating software is good anyway.

> Browsers are designed to be secure from default settings.

Not quite. They are usually designed to be both fast and safe, but neither goal is considered "done" yet in modern ones. If you want max security, you'll likely have to disable all performance boosts like JS JIT.