Cybersecurity firm ESET is urging Windows 10 users to upgrade to Windows 11 or Linux to avoid a “security fiasco” as the 10-year-old operating system nears the end of support in October 2025.

“It’s five minutes to twelve to avoid a security fiasco for 2025,” explains ESET security expert Thorsten Urbanski.

    • 9tr6gyp3@lemmy.world
      link
      fedilink
      English
      arrow-up
      16
      arrow-down
      5
      ·
      10 months ago

      Even on Linux, it’s probably a good idea to set up SecureBoot with your TPM. Very few distros will automatically set this up for you, but I know for sure that Ubuntu and Fedora do this by default.

        • 9tr6gyp3@lemmy.world
          link
          fedilink
          English
          arrow-up
          12
          ·
          edit-2
          10 months ago

          Per the arch wiki for Secure Boot:

          Secure Boot is a security feature found in the UEFIstandard, designed to add a layer of protection to the pre-boot process: by maintaining a cryptographically signed list of binaries authorized or forbidden to run at boot, it helps in improving the confidence that the machine core boot components (boot manager, kernel, initramfs) have not been tampered with.

          As such it can be seen as a continuation or complement to the efforts in securing one’s computing environment, reducing the attack surface that other software security solutions such as system encryption cannot easily cover, while being totally distinct and not dependent on them. Secure Boot just stands on its own as a component of current security practices, with its own set of pros and cons.

          Note: For a deeper overview about Secure Boot in Linux, see Rodsbooks’ Secure Boot article and other online resources.


          Per arch wiki for TPM:

          Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, which is a dedicated microprocessor designed to secure hardware by integrating cryptographic keys into devices.

          In practice a TPM can be used for various different security applications such as secure boot, key storage and random number generation.

          TPM is naturally supported only on devices that have TPM hardware support. If your hardware has TPM support but it is not showing up, it might need to be enabled in the BIOS settings.

          Note: There are two very different TPM specifications: 2.0 and 1.2, which also use different software stacks.


          All that to say this is still not as secure as it could be (since it lacks some decent remote attestation), but security is best in layers, so a Secure Boot setup can be a great way to protect your pre-boot process.

        • lightnsfw@reddthat.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 months ago

          As a normal person I don’t think there’s a good reason. It just makes it harder for someone to get into your system/recover your data if there’s a problem with the machine (or if it’s stolen but personally I think it’s less likely for that to happen for the majority of people). If it’s a company PC with sensitive info on it that’s backed up elsewhere then yea you want to prevent people from getting into that thing as much as possible.

      • Telorand@reddthat.com
        link
        fedilink
        English
        arrow-up
        3
        ·
        10 months ago

        Bazzite and probably other uBlue distros, which are all based on some Fedora atomic variant, also do this by default and have instructions for setting it up later, if you choose not to do it at install.

        • 9tr6gyp3@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 months ago

          Depends on your distros documentation, but essentially it verifies your UEFI, OS kernel, and other boot processes haven’t been tampered with based on cryptographic signatures. Its really a neat setup.

      • ℍ𝕂-𝟞𝟝@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        4
        ·
        10 months ago

        Yes, my Fedora install is happy to pull files from NTFS with no adjustments, and there must be some Windows software that can read the LVM of Fedora.

        That’s assuming they are either not encrypted or you know the encryption keys.

        • ℍ𝕂-𝟞𝟝@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          3
          ·
          10 months ago

          What does that protect against other than physical attacks?

          I have it switched on but I never had a second thought about it.

      • kbal@fedia.io
        link
        fedilink
        arrow-up
        2
        ·
        10 months ago

        Files on your Windows disks can be accessed from Linux if you dual-boot.

    • kbal@fedia.io
      link
      fedilink
      arrow-up
      1
      ·
      10 months ago

      People planning to migrate to Linux should probably allow themselves more than 15 minutes for the process of backing up all the things, choosing a distro, installing it, finding out what software is available, what needs to be learned, what needs to be given up, what new things are available, configuring everything, and getting used to using it.

      It’s a pretty big job. You’ve got to do it eventually though, might as well get started.

      • ℍ𝕂-𝟞𝟝@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 months ago

        I’d argue it’s no bigger job than keeping up with Windows.

        Switching to 11 would cause more than 15 minutes of headaches as well.

  • TranquilTurbulence@lemmy.zip
    link
    fedilink
    English
    arrow-up
    31
    ·
    10 months ago

    I’ve seen a some of ancient enterprise laptops upgraded to 11, so I thought a slightly newer gaming laptop should be just fine. Wrong! Having more powerful hardware wasn’t enough, since that CPU isn’t supported by W11. Seems like Microsoft is really trying to make sure perfectly functional hardware gets thrown away.

  • mapumbaa@lemmy.zip
    link
    fedilink
    English
    arrow-up
    34
    arrow-down
    3
    ·
    10 months ago

    This is a good time to convince your employer that the company should switch to Linux workstations.

    • ghen@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      1
      ·
      edit-2
      10 months ago

      What is the active directory replacement for Linux?

      Is my antivirus supported?

      How about that program that Bill Jenkins coded 30 years ago That’s still integral to daily operations.

      I could probably upgrade a third of my company to Linux, but then I would have to support multiple operating systems and employees who could barely understand where the start menu was in Windows.

      • corsicanguppy@lemmy.ca
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        10 months ago

        What is the active directory replacement for Linux?

        Client or server? Doesn’t matter, since samba provides both.

        Is my antivirus supported

        In the same sense that airplane seats have life jackets, yes.

        How about that program that Bill Jenkins coded 30 years ago That’s still integral to daily operations.

        1. Get better app maintenance and life-cycling and you’ll know already.

        2. If it’s thirty years old and coded for windows 3.11, it probably won’t run on windows11. If it’s 30 years old and coded for sun4 or Linux 1.2.13, it can likely be ported.

        3. Qemu.

        4. Comically I did this at a job, porting an old app forward while my peer redeployed a 4-year-old perl web tool. My c;m;mi was done way before his perl dep hell caused him to just redo it all in c.

        • ghen@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          1
          ·
          10 months ago

          Recommending Samba is dangerous, it’ll work okay until it doesn’t. And when that happens you’re better off rebuilding the entire domain then trying to figure out why the PDC stopped trusting itself or some other bullshit.

          Also they’re only up to 2016 functional level.

        • filcuk@lemmy.zip
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          10 months ago

          Unrealistic, especially for large and/or old companies that already typically have understaffed IT departments.
          Investments like switching the entire OS vendor have to have a very, very good reason.

  • ggppjj@lemmy.world
    link
    fedilink
    English
    arrow-up
    31
    arrow-down
    5
    ·
    10 months ago

    Sounds like ESET is happy to blame people for not having enough money to buy new computers or enough time and experience to switch to Linux.

    Makes me wonder what necessitates this “security disaster”. Surely, there is no other reasonable course of action that anyone aside from the consumer could take. I’m sure that ESET is only interested in avoiding security issues in writing that it would be the consumer’s fault for not replacing their OS on, say, a two year old appliance to an entirely different, worse version that has different and unnecessary hardware requirements.

    • bassomitron@lemmy.world
      link
      fedilink
      English
      arrow-up
      43
      arrow-down
      1
      ·
      10 months ago

      I mean their job is cybersecurity. Warning people that their OS is about to no longer receive security updates from the vendor seems pretty reasonable. They have no control over Microsoft’s business decisions. The fact ESET even points out that people could move to Linux and get out of the Microsoft ecosystem is at least something.

      Also, obligatory, “Fuck Microsoft.”

      • ggppjj@lemmy.world
        link
        fedilink
        English
        arrow-up
        14
        ·
        10 months ago

        I don’t disagree, and also I think it would be better if this were framed as a failing of Microsoft instead of being on the consumer.

  • TommySoda@lemmy.world
    link
    fedilink
    English
    arrow-up
    18
    arrow-down
    1
    ·
    edit-2
    10 months ago

    I started duel booting with Linux over the weekend so I can ease myself into outright switching. Unfortunately I’m stuck with Windows 11 for my work computer and it’s honestly surprising how bad it is for productivity. All the bloatware, notifications, and unnecessary addictions/changes makes working with Windows 11 frustrating. I’m sure it’s decent for gaming and general use, but when I have to use it for actual work it’s a significant downgrade. Plus it’s getting significantly harder to use the software that I need for my job. I’ve had to start going into the registry and download 3rd party software just to do my job. And don’t even get me started on Microsoft 365.

    • lud@lemm.ee
      link
      fedilink
      English
      arrow-up
      7
      ·
      10 months ago

      Just curious, what do you do for work where you need special stuff like that? Also why are you allowed to edit the registry and download third party apps on your work computer? What previously built in features/apps does Win 11 lack so that you need third party apps?

      • TommySoda@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        ·
        edit-2
        10 months ago

        I’m a CAD tech for a land surveying company. We do a lot of things like 3D scanning and hydrographic surveying as well. A lot of the software that we use for hydrographic surveying and 3D scanning is relatively old and cryptic. Still updated to this day but definitely not what some would consider “modern.” Some of the software just doesn’t work or has huge performance issues in Windows 11 without changing the way Windows works with the software. And the compatibility mode that Windows 11 offers isn’t robust enough to get some of them to work so I have to download third party software as a work around. And with every update there’s always a new and exciting way it fucks with the something I need to get my job done.

        I’m sure there are more, but off the top of my head the new right click menu doesn’t even have half the shit I need. So I had to go into the registry to get the old one back because I was tired of clicking the “more options” button every time I needed to run a program as administrator for example. Add onto that the constant notifications for features that our company doesn’t use get shoved in my face is constantly annoying. I’ve had to uninstall so much bloatware just to get it to shut up.

        It’s not like it’s the worst OS I’ve ever used. It’s just all the little things that add up over time that generally makes things more difficult or frustrating. I’ve had to troubleshoot more issues with using Windows 11 than I can even count and with each update the list only grows.

        • ido@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          5
          ·
          10 months ago

          I highly recommend ExplorerPatcher to anyone I know coming to win 11 from win 10, its a quick way to get the win 10 right click menu back along with a lot of other useful things. Can switch between the previous UIs of windows explorer and it has some cool start menu options too.

        • lud@lemm.ee
          link
          fedilink
          English
          arrow-up
          3
          ·
          10 months ago

          Ah, I have heard that CAD stuff can be weird. I hate when software isn’t supported properly by the seller.

          It’s pretty bad that the program can’t be run without admin, that could possibly be fixed by IT. But a tip is to hold down shift and ctrl when clicking on a program. It will run the program as an admin.

        • MIDItheKID@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          10 months ago

          Just so you know, if you hold down shift and right-click on something, run as admin is there.

          • MrJukes@lemmy.today
            link
            fedilink
            English
            arrow-up
            3
            ·
            10 months ago

            Ctrl+Shift+Click or Ctrl+Shift+Enter will launch most things as elevated. Works in Start, taskbar, run dialog, explorer, etc.

          • lightnsfw@reddthat.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            10 months ago

            also if its on your taskbar you can right click on the icon>properties>Advanced and check the box to run as administrator every time.

          • TommySoda@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            10 months ago

            Well it’s both. There’s no reason Windows can’t open a program that is still being updated to this day and the vender needs to optimize their shit before everyone switches.

            • lud@lemm.ee
              link
              fedilink
              English
              arrow-up
              2
              ·
              10 months ago

              Well, Windows is generally very backwards compatible but there is a limit to that. It’s simply unreasonable of vendors to expect that everything will always be completly backwards compatible and that they don’t have to fix their product. Windows can’t be the one that has to fix every single problem for every single app.

              If the vendor actually updates their product they should consider actually updating and making it compatible with the newest releases of the biggest operating system.

              Basically if it can’t run on win 11 by now it’s pretty much abandonware even if the vendor technically patches a few things here and there.

      • CancerMancer@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        10 months ago

        Not the other user but I support a whole load of apps that run everything you can think of: printers, x-ray machines, radio frequency modelling, surveying equipment, forensic software/hardware, etc… it’s a lot. The Windows 10 upgrade hit us hard enough but this one has been on another level, now that Microsoft is also consistently a source of issues. Updates get forced through sometimes, Microsoft turns on random experimental features in our environment, and some shit just cannot reliably be blocked or controlled at all.

        Windows was sometimes annoying or difficult, but now it is hostile. This is unacceptable.

    • Allero@lemmy.today
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      10 months ago

      Welcome, have a glass of wine🍷

      Running Windows after experiencing Linux for a while is indeed quite frustrating, with constant distractions, poor customizations and an ever-present feeling that the system could run a bit faster.

      Hope you’ll be able to move more of your workloads to Linux. Make sure to familiarize yourself with capabilities of Wine (a compatibility layer allowing to run Windows apps on Linux), as well as full-on virtualization and WinApps for programs that refuse to run on Linux under other circumstances. Also, Linux has native apps for just about everything, for when you don’t need a very specific Windows-only program!

      Team Penguin all the way!

  • Valmond@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    5
    ·
    edit-2
    10 months ago

    Please bro, update to windows 11.

    Linux isn’t just a 5 minutes upgrade either.

    Windows, what a joke OS.

    • Bone@lemmy.world
      link
      fedilink
      English
      arrow-up
      19
      ·
      10 months ago

      I think that blurb is referencing the Doomsday Clock:

      the Clock is a metaphor, not a prediction, for threats to humanity from unchecked scientific and technological advances. That is, the time on the Clock is not to be interpreted as actual time. A hypothetical global catastrophe is represented by midnight on the Clock, with the Bulletin’s opinion on how close the world is to one represented by a certain number of minutes or seconds to midnight, which is then assessed in January of each year.

      • Valmond@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        1
        ·
        10 months ago

        Ooh absolutely read that too fast as 5-12 minutes linux install. My bad!

        • Bone@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          ·
          10 months ago

          No doubt. Same, but your comment made me double check. It was good reading anyway!

  • MudMan@fedia.io
    link
    fedilink
    arrow-up
    7
    arrow-down
    1
    ·
    10 months ago

    Man, the Windows XP computer I have up in the attic is currently feeling unusually tense.

    Look, I think MS should not discontinue support…

    …but the weird amplification of the panic around it seems to me like it actively ignore the user patterns (and security outcomes) we’ve seen from Windows users for the last three decades. If this was less panicky and more targeted to business users I would take it more seriously. Getting some Y2K vibes from this whole thing.

  • JokeDeity@lemm.ee
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    5
    ·
    10 months ago

    JFC…

    Lost your dog? Try Linux. Wife divorcing you? Maybe try Linux. Just got fired? Believe it or not, Linux.

    • Allero@lemmy.today
      link
      fedilink
      English
      arrow-up
      2
      ·
      10 months ago

      Well, in this instance this is relevant, because most computers existing today (that includes older ones) do not fit the system requirements to install Windows 11 without TPM hacks. Most of them can run Linux, though.

      But yes, the amount of Linux-everything is overwhelming on Lemmy, and I can absolutely see how it can hurt the community and its members.

      • JokeDeity@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 months ago

        I wish, then I wouldn’t have seen this 10 thousand times. Any thread even remotely tech related devolves into a sea of try Linux comments.

        • the_crotch@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          10 months ago

          If there was a one size fits all solution to every tech issue, it wouldn’t need prosletyzers because everyone would already be using it lol