You could download a Trojan that takes advantage of a known vulnerability.
Just… don’t do that?
This is part of Common Sense™. It’s a package that every single human being in a developed country is taught in regards to technology, and has been taught since the 1990s. (2000s for developing countries like the US).
Every single person that interacts with a computer in a professional setting has been taught explicitly how to never have a single virus on their computer. And they have been repeatedly taught this every 6 to 12 months for the last 3 decades. It is only people that purposefully infect themselves or purposefully choose to remain stupid — not ignorant, just stupid — that get infected with Trojans.
Your browser could have a vulnerable plugin, or maybe the user delays updates.
See above, and the previous comment.
I bought a USB drive off a sketchy guy in college which had auto-run Malware on it – but it didn’t work on Ubuntu.
See above. You did not use common sense™. You chose to be stupid, despite your college freshman orientation clearly covering basic safety.
All of these are best security practices. But read more about the swiss cheese model to know why you can’t just tell someone, “run a vulnerable os, you’ll be fine so long as you are perfect and nothing goes wrong.”
The swiss cheese model assumes equal risk, or in other words fails to differentiate actual risk from multiple sources. You aren’t being targeted by a state actor. DDoSing via zombies is more expensive (including risk capital) than using VPSs these days. The actual people targeting you are going to be bottom of the barrel commercial scammers and skiddies wanting the least possible effort targets, and again unless all the holes magically line up in your model, they won’t ever get that. Your adblock is a layer, your browser is a layer, these days your DNS is a layer, your router is a layer, your search engine is a layer, if you live in a particularly hell hole your ISP is a layer. Given the inherent insecurity of WIndows it was never a layer.
If you care about security and/or are paranoid enough about security that you care about whether or not your OS is updated, you aren’t on windows. No security professional will ever recommend windows, and all real world infrastructure using windows as a backbone never has windows as a security layer. Lets be honest if someone has access to any windows PC on your network, it does not matter if windows is up to date, they have total control over that computer, and its not windows nor windows server preventing access to other devices on the network.
You could download a Trojan that takes advantage of a known vulnerability.
It is part of the swiss cheese model.
Your browser could have a vulnerable plugin, or maybe the user delays updates.
I bought a USB drive off a sketchy guy in college which had auto-run Malware on it – but it didn’t work on Ubuntu.
Not a good idea to use an unpatched OS.
Just… don’t do that?
This is part of Common Sense™. It’s a package that every single human being in a developed country is taught in regards to technology, and has been taught since the 1990s. (2000s for developing countries like the US).
Every single person that interacts with a computer in a professional setting has been taught explicitly how to never have a single virus on their computer. And they have been repeatedly taught this every 6 to 12 months for the last 3 decades. It is only people that purposefully infect themselves or purposefully choose to remain stupid — not ignorant, just stupid — that get infected with Trojans.
See above, and the previous comment.
See above. You did not use common sense™. You chose to be stupid, despite your college freshman orientation clearly covering basic safety.
Good luck out there
Sec+ holder, I’ll be fine. So will anyone with any amount of common sense.
Don’t download strange executables. Use trusted sites. keep your browser up to date and run an effective adblock.
Congrats you’ve eliminated 99.9% of all attack vectors in use today. I guarantee you aren’t going to be targeted by the last .1%.
All of these are best security practices. But read more about the swiss cheese model to know why you can’t just tell someone, “run a vulnerable os, you’ll be fine so long as you are perfect and nothing goes wrong.”
The swiss cheese model assumes equal risk, or in other words fails to differentiate actual risk from multiple sources. You aren’t being targeted by a state actor. DDoSing via zombies is more expensive (including risk capital) than using VPSs these days. The actual people targeting you are going to be bottom of the barrel commercial scammers and skiddies wanting the least possible effort targets, and again unless all the holes magically line up in your model, they won’t ever get that. Your adblock is a layer, your browser is a layer, these days your DNS is a layer, your router is a layer, your search engine is a layer, if you live in a particularly hell hole your ISP is a layer. Given the inherent insecurity of WIndows it was never a layer.
If you care about security and/or are paranoid enough about security that you care about whether or not your OS is updated, you aren’t on windows. No security professional will ever recommend windows, and all real world infrastructure using windows as a backbone never has windows as a security layer. Lets be honest if someone has access to any windows PC on your network, it does not matter if windows is up to date, they have total control over that computer, and its not windows nor windows server preventing access to other devices on the network.
Stand aside, Sec+ holder coming through
Edit: why don’t you put your Sec+ badge in your lemmy comments so we can be impressed by your knowledge