Microsoft ending Win7 support soon, should I get Ubuntu?

[engineheat]

Does Ubuntu offer periodic security updates like Windows?

Trying to figure out what my options are other than buying a Win10 license.

Thanks

[amyk]

Note that "ending support" doesn't mean it stops working.

The "security" argument is BS too, just a way to frighten the gullible into their even more disgusting surveillancetelemetry data-collection. Keep your ports closed, don't run random stuff downloaded off the Internet, nor allow JS on every site, and you'll be fine.

[xrunner]

Does Ubuntu offer periodic security updates like Windows?

Yes it does, as does Linux Mint (which I prefer). I run my Seti@Home project on Linux Mint and it works very well. 

[wilfred]

Get a WIN10 license. But if you insist on moving to Linux I suggest you'd be better served by Linux Mint XFCE. The GUI is nearer to what you're are familiar with.

But I advise you to stay with Windows.

[Red Squirrel]

Note that "ending support" doesn't mean it stops working.

The "security" argument is BS too, just a way to frighten the gullible into their even more disgusting surveillancetelemetry data-collection. Keep your ports closed, don't run random stuff downloaded off the Internet, nor allow JS on every site, and you'll be fine.

Pretty much this.  If they tell you it's insecure to run an old OS, then what made it more secure before?  Those security holes that are suddenly a risk were there already!  It's not like new security holes get added the minute it goes out of service. (short of any conspiracy that perhaps they push a final update to do so, which I highly doubt)

You should treat any machine, new OS or not, as if it was full of security holes, by having proper security practices that work beyond relying on the fact that it's secure.  Proper firewalling, proper vlan segmentation of more critical parts of the network, not opening stuff you don't trust, etc...

That said I have a pretty good feeling Microsoft will keep extending support like they did with XP.  It just feels way too early to end support for 7 when lot of companies just finished upgrading to it.  There is no viable upgrade path after windows 7 when it comes to a business environment. Windows 8 and 10 are entertainment OSes and not suitable for productivity use.    If a lot of technical minded people hate it, imagine how general users in an office environment will hate it, and have trouble figuring out how to do anything in it.  If you're going to learn a whole new OS it makes more sense to switch to Linux and use a GUI like KDE or other traditional UI (ex: not Gnome) that will be easier to learn and use.

My company is talking about windows 10 but I really hope it keeps getting delayed.  We literally just upgraded to 7 like a few years ago and now finally everything more or less works properly.  I really don't want to have to go through all that again, for what?  Also Windows 10's horrible all white UI with it's fuzzy gray text and no proper borders or delimitation between UI elements is very hard on the eyes.   In fact out of all the things to hate windows 10 for, to me it's the horrible UI which you can't really change. You have like maybe 3 different choices and they all suck.  Even in windows 3.11 you could customize the UI!

[Simon]

I would happily move to linux but it is behind. Won't support 4K monitors and the attitude of users means no support. If only Linus Torvades would put his weight behind a distribution that gains widespread acceptance we might start to see a usable OS at last. He bemoans that linux did not take off in the desktop market as that is what he wrote it for originally but completely fails to see why: because he let every man and his dog take it, and make it what they wanted and there is no standardization.

Windows 10 is a pain in the ass. You don't own your computer any more. You have no option but to install updates and then when it does it starts to uninstall programs. This is not good, I would use anything else at the drop of a hat if it was serious enough that major program vendors adopted it too. 

[ChunkyPastaSauce]

Trying to figure out what my options are other than buying a Win10 license.

In most cases windows 10 upgrade is still free. You install Windows 10 using ISO, skip entering key at install. Then after it installs and booted, you go to the settings activation window and enter in the windows 7 key. Windows activation then issues you a new win 10 key

[brucehoult]

I would happily move to linux but it is behind. Won't support 4K monitors

wtf?

I must be dreaming about my little i7-8650U NUC (NUC7i7DNKE) running these two 4k monitors at the same time on stock out of the box Ubuntu 18.04 with no configuration whatsoever. Plug them into the two HDMI ports and it Just Works.

[retiredcaps]

Does Ubuntu offer periodic security updates like Windows?

I run lubuntu (light weight version) and it gets security updates when they are released. That is, there is no monthly "patch or update" tuesday.

Sometimes, I get security updates daily, sometimes days or a couple of weeks go by without an update.  So there is no set schedule.

If you want to see the Ubuntu security releases go to

https://usn.ubuntu.com/releases/ubuntu-18.04-lts/

I don't run Windows anymore (2014 XP was my last daily Windows driver), but when I do, it takes hours sometimes for the updates to complete.  With lubuntu, the updates are usually complete within 5 minutes or less.

If you are going to switch from Windows to linux, make sure to pick applications where your data is compatible or available on both platforms.  I also try to choose data formats that are industry standard or open source so I can use any program to access them.

For example, I chose thunderbird email because it runs on both platforms.  Before I was using Eudora, but Eudora doesn't run on linux.

When I moved from XP to linux in 2014, I downloaded and tested about 10 to 15 distros before settling on lubuntu, but for my needs, it runs perfectly.

The ONLY time I need to run Windows is April for a specific Canada Tax program.  While it can run under wine, I found it took too much time to get it running.  It was cheaper for me to buy a $10 PC with a legit Windows 10 license.  On this PC, I have bare bones Windows 10 installed with NO network access. I do my taxes, connect to CRA, upload my taxes and then shut it off for another year.

[Simon]

I would happily move to linux but it is behind. Won't support 4K monitors

wtf?

I must be dreaming about my little i7-8650U NUC (NUC7i7DNKE) running these two 4k monitors at the same time on stock out of the box Ubuntu 18.04 with no configuration whatsoever. Plug them into the two HDMI ports and it Just Works.

You mean I can go in and tell it to magnify everything so that it appears correctly as it does in windows?

[Jeroen3]

You mean I can go in and tell it to magnify everything so that it appears correctly as it does in windows?

That's a problem from Windows. Microsoft refused to implement global dpi scaling parameters until Windows 10.
Both are at an equal level of 4k readyness if you ask me. And the user experience is highly dependent on the application you are running. Older apps get scaled and fuzzy.

Microsoft ending Win7 support soon, should I get Ubuntu?

Try it. You can always go back to Microsoft if you get withdrawal symptoms.

[RoGeorge]

[Linux] Won't support 4K monitors and the attitude of users means no support.

Not true.
I have Ubuntu on a desktop with a mix of 4 different monitors, each with different refresh rates and resolution.  One monitor is 4K at 10bits per pixel.  Scaling is better than in Windows 10 (or Win 7).

There are plenty of help files, blogs and forums to find support at any level, and you will get you real support, not like the Microsoft support where one asks, let's say about a missing dll, and the support replies something completely retarded, like "Is your computer plugged in?".

Just install the latest Ubuntu and see for yourself.  If you don't like it, you can switch back to Windows at any time.

Do not try to make a Linux "look and feel" like Windows.  "Dash-to-panel" will help to make it a little "windows like", but keep in mind that each OS is different.

One last thing, if you do a lot of video gaming, forget about Mac or Linux.  Most of the games are still Windows/Console only.

[Simon]

I'll give ubuntu a go!

[bd139]

Note that "ending support" doesn't mean it stops working.

The "security" argument is BS too, just a way to frighten the gullible into their even more disgusting surveillancetelemetry data-collection. Keep your ports closed, don't run random stuff downloaded off the Internet, nor allow JS on every site, and you'll be fine.

This is ridiculous. Please disconnect all your computers from the internet and glue your doors shut. I am personally fed up of dealing with armies of fucked up unpatched windows machines on botnets because people are too stupid and cheap to wipe out whole classes of vulnerabilities.

A fine point is that windows defender as used on XP is vulnerable to a drive by attack where any incoming files can root the machine with no user intervention at all. Being careful is a ridiculous arrogant form of survivor bias here. Enjoy cryptolocker...

Your advice is beyond wrong. Please stop spreading this crap. You are creating so many problems.

Just get windows 10, fix all the annoying bits and stop bitching. Stuff changes. Get over it.

I'll give ubuntu a go!

Do that too but remember it’s different. Go in with no preconception of “I want this to work like windows did” and you will go far.

[Jeroen3]

As an alternative to retail Windows 10, you might want to consider an LTSC* license from eBay. It's Windows 10 without the bloatware, and a rather conservative update plan. The only problem is that you're stuck with grey license sales on eBay and such.

_{*The Long-Term Servicing Channel (LTSC), 10 years, only security fixes.}

[Kjelt]

Pretty much this.  If they tell you it's insecure to run an old OS, then what made it more secure before?  Those security holes that are suddenly a risk were there already!  It's not like new security holes get added the minute it goes out of service.

No but as you probably know many of these flaws are not known at this moment and people are 24/7 trying to find them to gain an advantage.
The moment it is known and gets momentum they are added to security testing tools that can be run by 12 yr olds.
That is usually the moment MS who already received warnings upfront releases their patches so it is fixed.
That is the same moment with an unsupported OS you have another security issue.

You should treat any machine, new OS or not, as if it was full of security holes, by having proper security practices that work beyond relying on the fact that it's secure.  Proper firewalling, proper vlan segmentation of more critical parts of the network, not opening stuff you don't trust, etc...

Pull the internet plug

That said I have a pretty good feeling Microsoft will keep extending support like they did with XP.  It just feels way too early to end support for 7 when lot of companies just finished upgrading to it. 

Yeah very expensive contracts for very lazy companies or mostly government organizations that have no IT knowledge and don't care spending tax money. 

There is no viable upgrade path after windows 7 when it comes to a business environment. Windows 8 and 10 are entertainment OSes and not suitable for productivity use.   

Don't mix Win8 and Win10 please. Win8 is an abomination and should never have been released. Win10 is better than Win7 IMO it is more stable and can be configured to be used in industry.
Most of our companies are now running Win10, and I am running Win10 for my CNC machines no problems what so ever, just have to shut down some intermittent services and pull the internet plug, but that is real time machining, something windows does not shine, still it works flawlessly.

[Simon]

put it this way. no business "upgraded" to 10 because they wanted to, they were given an ultimatum that came with a "oh and buy the way now you are just allowed to use our OS you will never own it and we can do as we please" hence after every major update of this turd called windows 10 I have to go around reinstalling programs that microsoft removed because they now own my hardware too! fucking wankers!

[ledtester]

Apparently you can still upgrade from Win7 to Win10 for free:

https://www.howtogeek.com/272201/all-the-ways-you-can-still-get-windows-10-for-free/

[bd139]

put it this way. no business "upgraded" to 10 because they wanted to, they were given an ultimatum that came with a "oh and buy the way now you are just allowed to use our OS you will never own it and we can do as we please" hence after every major update of this turd called windows 10 I have to go around reinstalling programs that microsoft removed because they now own my hardware too! fucking wankers!

Actually no, what happened was everyone are cheap asses who factor IT as a profit drain rather than a business function cost. Thus the IT dragged at the tail end of the curve with minimal investment. Then everyone bitches and moans they need to replace their decade or more old piece of shit because they entered the next product cycle at the last minute because they delayed the last one thus meaning a less than 5 year cycle. This causes epic amounts of bitching about having to do everything last minute and then having to accept compromises galore.

[Halcyon]

To the OP: If you're not a big gamer I would seriously look into Linux as an alternative (even if you play the odd Steam game, Linux works just fine). It is a bit of a learning curve but one which I embarked on about a year ago and have never looked back. Windows 10 feels like a bloated, sluggish and productivity-killing piece of crap compared to pretty much any flavour of Linux.

Ubuntu isn't my favourite distro, but it's simple to set up and just works on a wide range of hardware. The various Linux distros are a bit like cars, regardless of what others might think, there is no "best" Linux. The best is what works for you. In the past I've tried Mint, Ubuntu, CentOS, Fedora and now I'm onto Arch Linux. All have their strengths and weaknesses. I will recommend using a window manager other than Gnome (the default on Ubuntu) as it can be slow on older hardware. Good alternatives are MATE (pronounced "maté") or Xfce, but there are many others.

[Mechatrommer]

for me use your old Windows OS to the last bit of its blood, ie when your productivity tools and hardwares cannot run in it anymore that inevitably you have to buy new tools/SWs and hardwares that only support new OS, that you already got acceptable profits from the old one. upgrading system in productivity or professional world is not simply upgrading the OS alone, they have to take into account tools/hardwares compatibility in the new OS. incompatibility means they have to spend another multi thousands dollars on new tools/hardwares, disruption in business process etc, not really good for healthy. this is why according to some people, some banking still stick with Cobol but i can understand the reason. the Wannacry outbreak in hospitals using XP, they also have reason for it. if its simply upgrading the OS (given budget is allocated) and they can happily continue business tomorrow, everybody would have done so since the beginning, this some hobby grade people dont understand.

i repeat, use your old Windows OS to the last bit of its blood while you can, BUT.... with a big BUT... also make sure your system is secure by putting in tools by people who are in and care about the security business. afraid of virus, malware, worm, exploits? we have anti virus, anti malware anti worm anti exploits tools, go get it installed. the pro/paid version is not that expensive. for free version i recommend Avast Antivirus. sadly there is hiccup in the Pro version of Avast in WinXP that i have to switch to Panda, but the free version is flawless on my other nonproductivity/family machines.

and second BUT is... if you still dont trust your antivirus well, learn how to make your system backup, such as AOMEI Backupper, pros know their tools so they installed in after fresh OS install, and then make the backup, they paid expert if they dont know how but have the money, if they dont have the money they need to learn, otherwise they should get Murphy's Eligibility Award. when something peculiar happened, another outbreak, HDD cranked in read/write mode for no apparent reason, CPU is throttled while idle etc, should raise the alarm, if needed, formatting and reinstalling backup will take few minutes and then they can resume business in free of fear state. having said this, alertness need to be learnt, some basic computing and OS operation as well. computer virus is not like real virus, real virus persist in existence and no way around it, but computer virus are dead when you pull the plug, they are dead forever when you make fresh install. get another utility tools such as file logger or something, it will inform you when new files created in your system, i made one myself.

forget/ignore about people saying XP users are a fucked up users, they dont have a clue and XP users have reasons to stick, its our money and well beingness, not them. in fact, new Windows are the fucked up one, they cant get the Windows Explorer working right as it used to be... which is the backbone for some pro users. i have 7 and 10 license but my productivity system is still XP . its still can run nothing wrong with it, some Antivirus still supporting it. so i dont see any problem with Win7 for several years to come.

[bd139]

IT sector has anti-vaxxers too...

It's not just your money. It's your customers' data that you are responsible for. Over here if you are running unpatched and get exfiltrated then you are up shit creek because you failed round 1 of due diligence. Big GDPR fines. And GDPR exists because of the lax nature of businesses and individuals on privacy and security.

The only fault is you forgot to charge out your future capex and now have a bill on your plate and you have sod all data protection regulation in the US other than post-fact litigation vulturing.

BUT BUT BUT MY MONEY always 

[ddavidebor]

Does Ubuntu offer periodic security updates like Windows?

Trying to figure out what my options are other than buying a Win10 license.

Thanks

If you do not need any particular software that is not available on Windows than you definitely should.
Ubuntu offers quite fast security updates, guaranteed for 5 years for it's LTS releases
Current version is 18.03 with guaranteed security and maintenance updates up to 2023

You will find that the interface is a bit different but really really good. You will find yourself having to "unlearn" some of the dummer elements of the windows UI, such as how to extract usb keys and such. As well as many "fixes and tricks" you need with windows that on Linux are simply not needed.

The interface can be personalized extensively to your taste (ubuntu is standard Gnome with a few customizations) and supports high density displays.

If after a while you still don't like the UI and want to go back you should consider Linux Mint Cinnamon, a ubuntu derivative which is very popular and has a UI more windows-like

I recommend you upgrade the LTS release 6months to 1 year after the new release is out. Usually, the new features are worth the upgrade hassle. Bug fixes are backported for the full duration of the maintenance period.

Please note that ubuntu is an os with modern features meant to run on a modern PC.

[ebclr]

I would suggest taking a look on all software you need to use, If the are available on Linux, or have similar ones that you like, Go ahead you can even add VMWare and still have windows7 as a virtual machine. I personally did that and since 90% of the software I need is not available on Linux, I opted for the Inverse path, upgraded to Windows 10 and have a lot of Linux Virtual machines for 10% of the software  that must be Linux software, also installed Windows Subsystem for Linux, who gave-me  a full Linux support at full speed and coexist with windows system peacefully

[bd139]

Good advice. Software first 

[Mechatrommer]

if running a server and keeping customers database is the business, too much internet oriented and nothing else, linux is the answer like most people told, and a dedicated machine should be too for it, if another Windows machine is required. but others may have different workflow... if my 5 printers can be installed without hassle in linux. photoshop grade (no, not the GIMP), Ms VB/VC++ can be installed too (forget the VM they have incompatibility issue anyway) and some other Windows (hardware dependent or independent) only tools, Ms Word/Excel doc/xls files can be interchanged/shared between peers among windows and linux, i may have considered or using linux by now. as for Win7 and Win10, dont say i havent tried, they just have a fucked up Windows Explorer and File Search utility, no matter how i changed the settings.

[Simon]

We are at a point where things are now good so these businesses to stay in business and keep taking money just tinker around with thing to make them "better" their job will never be done and it's why companies prefer the subscription model now. Google is another one that keeps messing about with things just for the sake of it.

[fourtytwo42]

Just to add my experience for the OP, I was faced with having to upgrade Windows but balked at both the license cost and lurid stories of usability or lack of on the web. I wanted to go Linux but didn't want to change to rapidly, that's when I discovered the Lubuntu iso that creates a dual boot machine (Windows & Linux) without loosing any of your old data.

This makes it simple to switch (on each boot) to and fro so you can learn whilst always having the security of switching back. These day's after a few years I rarely go back to native Windows as anything I need runs in Linux under Wine (such as Msoft Word & Excel).

There are some differences in the MMI mostly distro dependent, the Windows feature I miss the most is simple shortcuts to folders or files that can be placed anywhere, this is very useful when running lot's of projects with shared resources such as data sheets, I don't find PCMan bookmarks in any way an adequate replacement but then its just a way of working for me developed over more years than I care to think about 

[Simon]

why lubuntu? most distros will install a bootloader for you to do the switch as the most common use case is probably dual boot.

[techman-001]

Does Ubuntu offer periodic security updates like Windows?

Trying to figure out what my options are other than buying a Win10 license.

Thanks

"Does Ubuntu offer periodic security updates like Windows?" is a interesting question. Windows and Linux are very different and what Windows needs, Linux probably doesn't and vice versa.

It's hardly worth the debate because security isn't a product or OS, it's a ongoing service that you maintain with whatever gear you have. It's complicated, and you have to keep up to date all the time. This means modems, routers, networks, PC's, everything.

The crackers are out there, they're clever, educated and pay professional coders to find a way to get into your PC and phone. They want your emails and bank accounts, passwords and so on. Their QA Department PC's run Windows with ALL the latest security software and patches. When their virus/trojan gets thru them all, their 'zero day virus' is  "ready to ship".

So moving on from the massive headache that is security, I recommend that you examine your software closely, if you only browse, email and watch films, Linux will be fine, that's a no brainer. Linux has about 30 thousand free programs, it has tons and tons of software, but will you like Open Office instead of Microsoft Excel. Are your Excel Macros so complicated that Open Office can't handle them ?

Is your Multi Function Printer, scanner and inbuilt WiFI supported by Linux, will everything work ?

If you depend on purely licensed Windows apps, then you're probably "locked in" and should pay that Windows 10 license  .... and the next one, and the next one because it will be far easier to just stay with what you have and know.

There is a way out of the Windows 'lock in' conundrum but it isnt a quick fix. Get another PC and install Linux on it, start learning, allow a couple of years and by that time you may know what works, what doesn't and what your options are.

[fourtytwo42]

why lubuntu? most distros will install a bootloader for you to do the switch as the most common use case is probably dual boot.

Lightweight/small so the advertising says, certainly I don't like what I consider to be the bloated gui desktops of some distro's but horses for courses. When I started dual boot was not so common, certainly for simple peeps like me! The only downside is of course all graphical examples use the bloated gui included in Ubuntu but hell I cannot have everything!

I run this on both low power 32 bit machines as well as 64 bit number crunchers but I wanted a unified environment for both.

[soldar]

This is ridiculous. Please disconnect all your computers from the internet and glue your doors shut. I am personally fed up of dealing with armies of fucked up unpatched windows machines on botnets because people are too stupid and cheap to wipe out whole classes of vulnerabilities.

A fine point is that windows defender as used on XP is vulnerable to a drive by attack where any incoming files can root the machine with no user intervention at all. Being careful is a ridiculous arrogant form of survivor bias here. Enjoy cryptolocker...

Your advice is beyond wrong. Please stop spreading this crap. You are creating so many problems.

Just get windows 10, fix all the annoying bits and stop bitching. Stuff changes. Get over it.

Um, no. I am still running Win XP Pro SP3 on many machines and there is no way in the world I am getting win 10. I am sorry if that upsets you but win XP still works fine for me.  M$ could have made newer versions with the same look and feel of the older versions but they chose to make it totally different. Fuck that. I am not going to spend any time or effort relearning years and years of customs and knowledge. No way. I have almost 25 years of emails in Outlook Express and I intend to keep on using it. If that upsets you blame MS who made everything new and incompatible. Fuck that. If they changed every year the way the pedals and controls of cars work you can bet I would be driving a 30 year old clunker. I am not about to learn to drive a new car every year. So blame MS, don't blame me.

I am running Linux Mint on some machines and Win XP when I need to run the old programs I am familiar with. M$ might like me to buy and learn a new OS, office suite and a ton of programs every new year. sorry. Not doing that. No way. I will be running XP until I no longer can and then I will be either dead or running Linux. 

And, AFAIK, I have never had a virus in my decades of computing in spite of the fact that I never ran anti-virus software which I consider worse than a virus.

And if there are millions of people out there who refuse to upgrade maybe they have their reasons. Like being fed up with MS like I am.

[nctnico]

Note that "ending support" doesn't mean it stops working.

The "security" argument is BS too, just a way to frighten the gullible into their even more disgusting surveillancetelemetry data-collection. Keep your ports closed, don't run random stuff downloaded off the Internet, nor allow JS on every site, and you'll be fine.

I'd go this route. Don't use the machine with administrator rights and keep anti-virus and web-browser up to date.

[ddavidebor]

You folks let's get some praise to the progress that keep us employed instead of all this grampa speaking...

[rrinker]

 Seriously. If I felt like some of the respondents here, I'd still be using the old CP/M machine on the desk behind me as a daily driver.
I've been doing this long enough to see all that come and go. 25 years of Outlook Express mail? Seriously? I switched from XP to 7 oh, about when 7 came out. I still have files saved off my machines that ran 95 and even NT4 (though of course most of that data is useless, but like a pack rat, I've saved it, in case I ever need to refer to it - there is always a way to open most of those files). I couldn't POSSIBLY do my job it I was so stuck in the past to still use XP on a regular basis. Hey, Server 2003 is just fine, why should I upgrade to 2008 2012, 2016, or 2019? And after using the newer ones - when I DO come across a client with Server 2003 still being used, the UI is HORRIBLE.

 Frankly, for the OP, if you are happy with Windows 7, just upgrade to 10. I am sick to death of hearing so much BS about "spying" from people who post on public forums and half probably also use Facebook. Microsoft ain't got nothing on Facebook when it comes to mining your data. Bu all means experiment with Linux. I have a always had a Linux box, or at least a dual boot capability, since 0.89a Linux where I had to compile it myself to my specific hardware. Sometimes an actual separate physical machine, other times a VM. There are some workloads where it is a better choice than Windows, but it's not now and so far has never been the best choice EVERY time, just like Windows and Microsoft products aren't the best option EVERY time.

[bd139]

And if there are millions of people out there who refuse to upgrade maybe they have their reasons. Like being fed up with MS like I am.

Your funeral!

I'm fed up with MS too but at the end of the day I actually have to get shit done.

[Mr. Scram]

I'd go this route. Don't use the machine with administrator rights and keep anti-virus and web-browser up to date.

None of that is much use when the underlying OS is unsafe. Without a clean base you can't defend.

[Mr. Scram]

Um, no. I am still running Win XP Pro SP3 on many machines and there is no way in the world I am getting win 10. I am sorry if that upsets you but win XP still works fine for me.  M$ could have made newer versions with the same look and feel of the older versions but they chose to make it totally different. Fuck that. I am not going to spend any time or effort relearning years and years of customs and knowledge. No way. I have almost 25 years of emails in Outlook Express and I intend to keep on using it. If that upsets you blame MS who made everything new and incompatible. Fuck that. If they changed every year the way the pedals and controls of cars work you can bet I would be driving a 30 year old clunker. I am not about to learn to drive a new car every year. So blame MS, don't blame me.

I am running Linux Mint on some machines and Win XP when I need to run the old programs I am familiar with. M$ might like me to buy and learn a new OS, office suite and a ton of programs every new year. sorry. Not doing that. No way. I will be running XP until I no longer can and then I will be either dead or running Linux. 

And, AFAIK, I have never had a virus in my decades of computing in spite of the fact that I never ran anti-virus software which I consider worse than a virus.

And if there are millions of people out there who refuse to upgrade maybe they have their reasons. Like being fed up with MS like I am.

How do you know you have never been infected when you never used the one tool which can tell you just that? I have to agree with bd139 on this one.

[bd139]

He doesn't until he finds all his machine and all his backups are suddenly asking for a BTC contribution 

[MrMobodies]

When I get a chance I'll give that Windows 10 LTSB a go as some members here advised in other threads thank you very much I didn't even know it existed.

https://www.fileparrots.com/2017/04/windows-10-enterprise-ltsb-3264-bit-iso.html
https://community.spiceworks.com/topic/1303247-windows-10-ltsb-where-to-buy

If I like it I know someone in a business who has agreements with them to find out how much they can get it for.

That means I wouldn't have to go to great lengths to alter things just to be left alone but I think that will be some time late in the future.

[soldar]

I'm fed up with MS too but at the end of the day I actually have to get shit done.

My point is that different people have different needs and there is no solution that fits all. I get my shit done with XP and with Linux Mint and it works for me. Others might need or prefer a newer version of Windows, or an Apple system, or whatever. My point is that because something works for you it does not mean that is the best solution for everybody. For me now the best solution I have found is Win XP and transition to Linux Mint as needed. It works for me and I am not about to change to Windows 10 or Apple or whatever just because someone thinks they are better.

I get tired of absolutist answers. Some weeks ago I was cornered at a party by some guy who just insisted Apple was far superior to anything and everything and just would not let go. As they say, a fanatic is a guy who won't change his mind and won't change the subject. I respect the freedom of others to choose what they prefer and I only ask they afford me the same courtesy.

[Muttley Snickers]

My point is that different people have different needs and there is no solution that fits all. I get my shit done with XP and with Linux Mint and it works for me.... (snip)
I get tired of absolutist answers....(snip)

This works for me, in fact I have never once updated Windows 7 on any of my computers and for the one which does go online it actually takes me more time to disable remote access and updates than it does to install the entire operating system. The one computer which has online access but nothing important stored on it was running AVG Virus until recently when the program became sufficiently annoying to warrant removal.

[wilfred]

I get tired of absolutist answers. Some weeks ago I was cornered at a party by some guy who just insisted Apple was far superior to anything and everything and just would not let go. As they say, a fanatic is a guy who won't change his mind and won't change the subject. I respect the freedom of others to choose what they prefer and I only ask they afford me the same courtesy.

" a fanatic is a guy who won't change his mind and won't change the subject"

I haven't heard that but I like it.

I don't care for absolutist answers either. But this thread and the countless others just like it suggest we had both better get used to them.

[Mechatrommer]

As they say, a fanatic is a guy who won't change his mind and won't change the subject. I respect the freedom of others to choose what they prefer and I only ask they afford me the same courtesy.

" a fanatic is a guy who won't change his mind and won't change the subject"

thats fanboyism... a fanatic will also "ask/enforce you to do the same regardless of what you said, otherwise you'll be mocked and labelled as a motherfucker" and possibly will get you killed if they have access... they are certainly fixed to their religion, what they have read and taught (brainwashed) thereof (or lack thereof)... not necessarily the absolute truth though...

[edy]

Does Ubuntu offer periodic security updates like Windows?

Trying to figure out what my options are other than buying a Win10 license.

Thanks

Answer to the first question is YES. Most if not all Linux distros get updated constantly and you can either manually do the update or some have an automatic dialog that pops up asking you if you want to install updates.

Answer to the second question is... IF YOU HAVE a valid Windows 7 license, you can still install Win10 and apply that Product Key. It does not seem that Microsoft has disabled the "upgrade" feature. I have a number of older Win7 machines that I ended up installing Win10 on and licensed it using my Win7 key.

[Kjelt]

I respect the freedom of others to choose what they prefer and I only ask they afford me the same courtesy.

No problem with that, it is just pointing out that if you connect that computer to the internet you can get powned within 10 minutes and they can use your computer to attack other computers.
At that point I think it is fair if a government will shut you down, even disconnect you from the internet if this happens more often.
It is like saying to someone in the 90's it is better to wear a condom if you have sex with a stranger due to all the nasty diseases out there.
You don't have to listen, and indeed do your own thing but one day someone will make a decision for you because you are a risk and threat to others.

If you don't connect that computer to the internet than we are all fine, I have Win XP machines myself for programming eproms and older T&M equipment with parallel ports. No way I will ever hook that up to the internet.

[bd139]

I'm fed up with MS too but at the end of the day I actually have to get shit done.

My point is that different people have different needs and there is no solution that fits all. I get my shit done with XP and with Linux Mint and it works for me. Others might need or prefer a newer version of Windows, or an Apple system, or whatever. My point is that because something works for you it does not mean that is the best solution for everybody. For me now the best solution I have found is Win XP and transition to Linux Mint as needed. It works for me and I am not about to change to Windows 10 or Apple or whatever just because someone thinks they are better.

I get tired of absolutist answers. Some weeks ago I was cornered at a party by some guy who just insisted Apple was far superior to anything and everything and just would not let go. As they say, a fanatic is a guy who won't change his mind and won't change the subject. I respect the freedom of others to choose what they prefer and I only ask they afford me the same courtesy.

Just remember that there are fanatics and professionals. Fanatics run on singular opinion. Professionals run on research, facts, evidence and reputation for getting things right on a problem of a scale rather larger than one user. Professionals know what isolationist opinions lead to in the long run.

When you go to your doctor and they tell you to stop smoking because you're heading to stage 4 COPD, and you say fuck off and continue smoking, you're going to die. The doctors just have to shrug that one off. At least the IT guys get an opportunity to say I told you so. We're lucky in that respect.

I would just like to point out that the thing that got me is I had a woman come to me literally in tears just over a year back desperately asking to help her get rid of cryptolocker on her unpatched XP box. She lost EVERYTHING due to it. Her business (etsy, ebay), 8 years of family photos, all her logins and credentials. The only exit path was to pay the ransom which I recommended not to. She paid it in Dash and you know what? She was just down £700 then as well. It didn't unlock shit.

Like I said, your funeral. That would have been caught with an AV product and/or windows 10's defender and smartscreen features...

Edit: I identified this at the time as a new GandCrab variant. Infection path was likely when she connected her personal laptop to her work network which had a couple of compromised devices on it. The company in question hadn't noticed this AFAIK as the impact was limited to a couple of obsolete embedded XP kiosk machines. Their desktops were all patched and ok (they didn't have any servers - all in O365! Another win!)

[Mr. Scram]

Just remember that there are fanatics and professionals. Fanatics run on singular opinion. Professionals run on research, facts, evidence and reputation for getting things right on a problem of a scale rather larger than one user. Professionals know what isolationist opinions lead to in the long run.

When you go to your doctor and they tell you to stop smoking because you're heading to stage 4 COPD, and you say fuck off and continue smoking, you're going to die. The doctors just have to shrug that one off. At least the IT guys get an opportunity to say I told you so. We're lucky in that respect.

Don't be ridiculous. This is the internet so anyone disagreeing has to be either a troll or a zealot fanatic. You can't possibly think someone with a different opinion actually knows what he's on about. Knowing what's up is the job of people with no experience and three evenings of reading up on the subject.

[soldar]

No problem with that, it is just pointing out that if you connect that computer to the internet you can get powned within 10 minutes and they can use your computer to attack other computers.

I have been hearing that for the last 25 years but it has not happened yet. I regularly have about half dozen computers running XP and three running Linux Mint. I guess I am just lucky but I have never had an infection. But if it comes I am ready because I can also lose my data to a disk crash or corruption and other causes.  Every file I work on is instantly backed up to a different machine and to a memory card. I instantly have three copies and more as I make regular backups. If the machine dies or is compromised I am ready. No sweat, no problem. About three years ago a hard disk died on me and I just reinstalled XP on a new drive and copied my files from backups. To me the threat of some malevolent entity encrypting my files is laughable.

So, for me, what I am doing is working fine and I am not about to dedicate money, time and effort to conform to what someone else thinks I should be doing. To me the risk is totally worth it. If MS wanted me to move up to newer versions they could have made it easier. Sorry.

Linux Mint complements my Windows and between the two I get my shit done. IMHO the risk of virus due to no updates is very much overblown but that's just my opinion. Again, I have about a dozen XP machines of which 6 or 8 are regularly connected to the Internet 24/7 and have yet to get the first virus.   I am not saying it can't happen, I am saying for me the apparent risk is manageable and worth it. I have experienced more data loss over the years from disks dying so I am ready for data loss from any and all causes.

YMMV.

At that point I think it is fair if a government will shut you down, even disconnect you from the internet if this happens more often.

Oh, man! Just what we need. The gubment telling us what OS to use.

[Kjelt]

I have been hearing that for the last 25 years but it has not happened yet. I regularly have about half dozen computers running XP and three running Linux Mint. I guess I am just lucky but I have never had an infection.
...............
To me the threat of some malevolent entity encrypting my files is laughable.

I don't care if your computer data is lost and that is it, that is your problem, your risk and your responsibility.
What I do care about is that I know a lot of computers are infected with bots that are waiting for a single command to overflow nations networks with DOS attacks.
They are sleeping and activated when needed.
That is also your responsibility when you are connected to a global network.

See it as maintaining your car so it is operational and road safe. Noone cares if your steeringwheel breaks and you crash into a tree due to lack of maintenance. A judge however will sentence you to prision if your steering wheel does not work due to lack of maintenance and you crash into another family car and people get injured or die.

So yes by connecting your obsolete unmaintained computer to a global network there ends your freedom and starts the freedom of others. It is bad enough to explain this to old people who never grew up with computers and don't know the first thing about it. Having to explaining it to an engineer 

[Mr. Scram]

I have been hearing that for the last 25 years but it has not happened yet. I regularly have about half dozen computers running XP and three running Linux Mint. I guess I am just lucky but I have never had an infection. But if it comes I am ready because I can also lose my data to a disk crash or corruption and other causes.  Every file I work on is instantly backed up to a different machine and to a memory card. I instantly have three copies and more as I make regular backups. If the machine dies or is compromised I am ready. No sweat, no problem. About three years ago a hard disk died on me and I just reinstalled XP on a new drive and copied my files from backups. To me the threat of some malevolent entity encrypting my files is laughable.

So, for me, what I am doing is working fine and I am not about to dedicate money, time and effort to conform to what someone else thinks I should be doing. To me the risk is totally worth it. If MS wanted me to move up to newer versions they could have made it easier. Sorry.

Linux Mint complements my Windows and between the two I get my shit done. IMHO the risk of virus due to no updates is very much overblown but that's just my opinion. Again, I have about a dozen XP machines of which 6 or 8 are regularly connected to the Internet 24/7 and have yet to get the first virus.   I am not saying it can't happen, I am saying for me the apparent risk is manageable and worth it. I have experienced more data loss over the years from disks dying so I am ready for data loss from any and all causes.

YMMV.

Oh, man! Just what we need. The gubment telling us what OS to use.

I'll ask you again. How do you know you haven't been infected when you don't use the tools which can tell you this? You're not so naive to think you can always tell that your system is compromised by just looking at or using it are you?

[bd139]

I have been hearing that for the last 25 years but it has not happened yet. I regularly have about half dozen computers running XP and three running Linux Mint. I guess I am just lucky but I have never had an infection. But if it comes I am ready because I can also lose my data to a disk crash or corruption and other causes.  Every file I work on is instantly backed up to a different machine and to a memory card. I instantly have three copies and more as I make regular backups. If the machine dies or is compromised I am ready. No sweat, no problem. About three years ago a hard disk died on me and I just reinstalled XP on a new drive and copied my files from backups. To me the threat of some malevolent entity encrypting my files is laughable.

I don't think you realise exactly how nasty these things are. They are dormant for a long time. They cycle themselves into your backups. Then you get owned. Then when you restore and open that fateful document you backed up 6 months ago, you get owned again.

The most successful viruses don't kill the host straight away. The most successful bastards know you better than you do as well.

As for infection vectors, this is my favourite one.

1. Someone sends you an email with an attachment.
2. Your mail client runs the attachment through your AV software when it fetches your email.
3. Your AV software happens to be windows defender on windows 7 (pre sandbox version or any version on XP)
4. WD streams the rar payload from the mail client into its sandbox.
5. WD runs as SYSTEM ( ) on the target machine and unrars the file to scan contents.
6. Due to CVE-2018-0986, there is a memory corruption vulnerability which causes arbitrary execution.
7. code is written into privileged memory on the target and executed.
8. machine compromised.

No. User. Intervention. You don't get to be all clever about it and say it's not a procedural risk because you don't do X, Y, Z. It's a 100% passive attack. Just receiving an email and it's game over. You don't even have to open it. Only way to win against this is stay ahead of the cat in the cat and mouse game.

Also before anyone calls me a platform zealot, you can do the same damn thing in Linux. It's even more fun there. Same thing with an older ~2015 IndexedDB vulnerability in Firefox that can be leveraged to write to .profile in the home directory. Next time you log in or open a shell, wham, your shell forks a process that connects to a command/control endpoint and your entire machine is done.

Need mandatory access control and proper privilege separation, which is incidentally much better in windows 10! Remember all that bitching about UAC. That's mandatory access control. SELinux - everyone turns it off. Mandatory access control.  . That says "firefox can only write to your download folder and talk to the network - anything else it can sod off".

I only rant because I care, more than people do about themselves.

[Mechatrommer]

What I do care about is that I know a lot of computers are infected with bots that are waiting for a single command to overflow nations networks with DOS attacks.
They are sleeping and activated when needed.
That is also your responsibility when you are connected to a global network.

imho, for antivirus subscriber like me, that responsibility should be delegated to the antivirus company i paid to. if anything they have to say about why i have to upgrade OS, they have to give a very good reason with good explanation about which attack vector / virus / malware / exploit they are talking about and why their antivirus tool is incapable to protect the old OS. this is their butter and bread, they should be ahead from anybody regarding this matter. since some antivirus still supporting older OS like WinXP, i dont see any eligible warrant for me to do the upgrade, only mostly from either the latest Window$$$ version pusher, security-phobic, biased or have advantage/profit if people do the upgrade. just found an interesting info from what i would say... unbiased view https://windowsreport.com/keep-using-windows-xp/ check the https://windowsreport.com/keep-using-windows-xp/#1 that is my first point earlier...

[bd139]

I'll leave a shit meme as a reply for that. Security is way more than just anti-virus...



Edit: as for the article, it's bollocks. All they're doing is getting page views and ad hits for people googling "how can I not bother to upgrade from XP" and "I don't like my cheese moved!"

[Mechatrommer]

well telling from experience, my antivirus (Avast and Panda) did pretty good job at blocking malwares and malicious internet sites from ever entering my XP for countless number of times. at one occasion, i did run what seemingly like a legit app, and few seconds later, antivirus warned me a malware got downloaded into my history folders and got it deleted, so bye bye app... even if shit happens, my backups are ready, but nowadays its very seldom for me to touch those backups, only when my XP got bloated slow due to too many installs uninstalls of trial SWs... anybody can make a meme cartoon with caption btw, and isnt ad hits is the way of making some small profits out of a free information providers? including the eevblog? nobody can please everybody, nothing can be missed from excuses ymmv cheers.

[Kjelt]

imho, for antivirus subscriber like me, that responsibility should be delegated to the antivirus company i paid to.
....they should be ahead from anybody regarding this matter.

Actually they are always lagging behind, they can only close holes that have been drilled and have a very hard time protecting everything from unkowns creating holes.
For every new antivirus there had to be some victims that start complaining, exception are the findings of security researchers that will be shared in advance.

[Mechatrommer]

agreed, but isnt the latest Windows, and i think even Linux is like that too? should i correct myself, those security providers and update patches should be second, after the attackers yes we know that, but for mortal like us busy with other things, we can be way way behind regarding security, so we need something to watch our back. long time ago i made my own protection, but it was just not worth my time, new viruses/malwares born everyday, how and why people can spend so much time making this malicious and useless job is beyond me.

[Karel]

Rootkit detection is difficult because a rootkit may be able to subvert the
software that is intended to find it. Detection methods include using an
alternative and trusted operating system, behavioral-based methods, signature
scanning, difference scanning, and memory dump analysis. Removal can be
complicated or practically impossible, especially in cases where the rootkit
resides in the kernel; reinstallation of the operating system may be the only
available solution to the problem.

Operation "Red October" was able to stay under the radar for five years:

https://securelist.com/blog/incidents/57647/the-red-october-campaign/


Antivirus software is now so ineffective at detecting new malware threats
most enterprises are probably wasting their money buying it, an analysis
by security firm Imperva has concluded.

http://www.cio.com/article/2390136/antivirus-software/antivirus-software-a-waste-of-money-for-businesses--report-suggests.html


Antivirus tools are a useless box-ticking exercise says Google security chap
Advocates whitelists and other tools that 'genuinely help' security

http://www.theregister.co.uk/2016/11/17/google_hacker_pleads_try_whitelists_not_just_bunk_antivirus_ids/


Several Symantec AV products allow an attacker to run arbitrary code under Linux, MacOS and WIndows. Yes, it's really bad. Affected products are Symantec Endpoint Protection Cloud Client, Symantec Endpoint Protection Small Business Enterprise Client, Norton Family, Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security and Norton 360.

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20161117_00#_SYM16-021_/_Symantec

DoubleAgent: Taking Full Control Over Your Antivirus

http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/

http://cybellum.com/doubleagent-taking-full-control-antivirus/

http://www.theregister.co.uk/2017/07/31/ai_defeats_antivirus_software/

https://www.welivesecurity.com/2017/08/30/eset-research-cyberespionage-gazer/

And here I stopped because I believe I have made my point:

AV is completely useless. The only purpose of AV is to give the user a false impression of (partial) protection.

It doesn't matter if your pc is infected with one or hundred pieces of malware, in both cases you should not use it for important/sensitive tasks.
So, an AV that detects 99% of 10.000 virusses/trojans that goes around in the wild, is completely useless.

And people still believe it's "better" to use one...

[bd139]

It's not completely useless. You want to see our Forefront quarantine...

Security should be layered. That's just another layer.

Some products are notably shit however, which spawned even the creators of the products to rip them (probably NSFW):

[Mechatrommer]

so is the latest Windows. or anything for that matter. all we need is just to wait for another attack, surely some guy with some hat color will dedicate his entire life for this...

AV is completely useless. The only purpose of AV is to give the user a false impression of (partial) protection.
So, an AV that detects 99% of 10.000 virusses/trojans that goes around in the wild, is completely useless.
And people still believe it's "better" to use one...

if its not in the database yet, then yes antivirus is useless, so update (automatic) your virus definition frequently. restoring backup yearly is alot better than restoring backup in every week, i've made the point earlier which i believe you dont get. but be free to use or not use whatever tool you want. soldar claimed he can get by without any AV in XP, but for me i dont want to waste much of my time on this.

[bd139]

Yeah it is but iTunes, Office, Visual Studio 2019 work on it. The OS is irrelevant. The applications are where it's at.

[Mechatrommer]

The OS is irrelevant.

ditto!

[bd139]

The version of the OS isn't however.... 

[techman-001]

<snip>

Also before anyone calls me a platform zealot, you can do the same damn thing in Linux. It's even more fun there. Same thing with an older ~2015 IndexedDB vulnerability in Firefox that can be leveraged to write to .profile in the home directory. Next time you log in or open a shell, wham, your shell forks a process that connects to a command/control endpoint and your entire machine is done.

<snip>

Platform Zealot!!!   

I certainly agree with all your concerns for Windows. "Microsoft Windows ... what Botnet will you unknowingly be helping build today?"

However I'm curious how a application running under a unprivileged user in Linux (or any Unix) can gain Root privilege via that application ?

For those that don't know, Unix has unprivileged users and a "superuser" and  only the superuser (Root) can read and write system wide. This is a core security design of Unix and always has been. Unix security has always been extensive by design, Windows not so much.

I speak from personal experience having had a old Linux Internet facing server cracked around 2002. The cracker gained unprivileged access to my MTA ( Mail Server) with a buffer exploit via a specially crafted email and so had total access to the "mail" user home directory and the MTA.

But that was *all*.

I stumbled across the crack when I noticed a unusually high CPU load on the server, then via my system logs I saw the cracker try all kinds of things but the cracker *only* had control of /home/mail and couldn't write anywhere else except /tmp. I saved all the information, deleted all the cracker stuff, upgraded the MTA and everything was fine for another 5 years before I had a hardware RAID issue and replaced all the hardware.

Linux and Unix users *never* run anything as Root, if they do then all security is compromised and they know it. Only the administrator will gain Root privilege to administrate the system and relinquish it after the job is done.

My security failing with that server was not keeping all the programs up to date. The MTA exploit was well known and had been patched years before I was cracked so the blame was 100% mine alone, I was stupid.

There is a saying " To have good system security one doesn't have to be a genius, one only has to avoid being stupid"

[Mechatrommer]

the ironic reality is, i think i'm the only one who is on XP around, the last of the Urm Berserker. everybody now with latest funky OSes, but more often, these people including families and friends will come to me asking why their pendrive is empty, important files got deleted etc. i snort and say to them, come give me the pendrive i'll get back your files in an instant. some will express their concern that my computer will get infected too, i snorted. the trick is only disable automatic run autorun.inf (which my Panda is by default locked, cant even be deleted which is a little nuisance) and enable hidden view in Explorer and i'll catch the virus before my antivirus did, no need fancy AV warlord. only the recent event, few weeks ago that i encountered a real nasty virus that really deletes files in pendrives, i have to use read only SD Card to USB adapter to transfer files into 2 laptops of my students during a training, that virus doesnt like new files from outside, both are Win10 and they are still happy playing googles and youtubes with it

[bd139]

However I'm curious how a application running under a unprivileged user in Linux (or any Unix) can gain Root privilege via that application ?

It mostly doesn't need to. You've got filesystem access, you've got the user's data, you can run GCC, you can run python, you can run bash, you've got network access. Party time! 

Sure you can finish off with a zero day kernel or suid binary exploit but why bother?

Edit: just for completeness, the low hanging fruit for privilege escalation is people who don't patch or run obsolete OS versions (this thread - lol). Once you've got a remote, local or dumb user exploit and machine access, scan for setuid binaries and associated versions and look for unpatched holes. It's not uncommon to find these without much effort. If you're really lazy you can just fire up metasploit. Then you inject your attack as a ko which is perfectly capable of hiding itself from userland processes, gives you literally everything down to hardware access in the machine and do what you want from there.

[techman-001]

However I'm curious how a application running under a unprivileged user in Linux (or any Unix) can gain Root privilege via that application ?

It mostly doesn't need to. You've got filesystem access, you've got the user's data, you can run GCC, you can run python, you can run bash, you've got network access. Party time! 

Sure you can finish off with a zero day kernel or suid binary exploit but why bother?

Good point, if a malicious program gains Unix user privileges then that user's data is toast along with everything in the user home directory.

I wish I could say that I have set my Unix home directory so it *can't* run any executable files, but I haven't ...

[soldar]

As for infection vectors, this is my favourite one.

1. Someone sends you an email with an attachment.
2. Your mail client runs the attachment through your AV software when it fetches your email.
3. Your AV software happens to be windows defender on windows 7 (pre sandbox version or any version on XP)
4. WD streams the rar payload from the mail client into its sandbox.
5. WD runs as SYSTEM ( ) on the target machine and unrars the file to scan contents.
6. Due to CVE-2018-0986, there is a memory corruption vulnerability which causes arbitrary execution.
7. code is written into privileged memory on the target and executed.
8. machine compromised.

No. User. Intervention. You don't get to be all clever about it and say it's not a procedural risk because you don't do X, Y, Z. It's a 100% passive attack. Just receiving an email and it's game over. You don't even have to open it. Only way to win against this is stay ahead of the cat in the cat and mouse game.

"Your AV software happens to be windows defender"? No, it doesn't. I do not run any AV software. I consider AV software worse than the risk of getting a virus and your example confirms this.

Again, I have multiple computers running XP for decades and never had a problem.  I am willing to continue doing the same because I consider the risk worth it. I do not see any risk to my data and minimal risk of my computer becoming a threat to others. Those who are paranoid can protect themselves as much as they want. I am doing just fine and there is no way in the world I am abandoning Win XP for a newer version of Windows. No way, no how. I am transitioning to Linux but whatever needs XP stays on XP. MS made a decision to change everything around with every new version and I made a decision not to go along. If you want to assign blame then it's MS and not me.

[Mr. Scram]

"Your AV software happens to be windows defender"? No, it doesn't. I do not run any AV software. I consider AV software worse than the risk of getting a virus and your example confirms this.

Again, I have multiple computers running XP for decades and never had a problem.  I am willing to continue doing the same because I consider the risk worth it. I do not see any risk to my data and minimal risk of my computer becoming a threat to others. Those who are paranoid can protect themselves as much as they want. I am doing just fine and there is no way in the world I am abandoning Win XP for a newer version of Windows. No way, no how. I am transitioning to Linux but whatever needs XP stays on XP. MS made a decision to change everything around with every new version and I made a decision not to go along. If you want to assign blame then it's MS and not me.

You keep ignoring the question how you know you've never had a problem.

[bd139]

However I'm curious how a application running under a unprivileged user in Linux (or any Unix) can gain Root privilege via that application ?

It mostly doesn't need to. You've got filesystem access, you've got the user's data, you can run GCC, you can run python, you can run bash, you've got network access. Party time! 

Sure you can finish off with a zero day kernel or suid binary exploit but why bother?

Good point, if a malicious program gains Unix user privileges then that user's data is toast along with everything in the user home directory.

I wish I could say that I have set my Unix home directory so it *can't* run any executable files, but I haven't ...

Again that's another Unix problem that can't be solved without a MAC layer of some sorts. /bin/bash needs to be executable so login can exec it and the user can create subshells and subprocesses. So all the attacker has to do is inject enough code in your process to exec the shell. That's not usually that hard.

To give you an idea how easy it is, lets throw an example down.  All you need to do is write to memory, which isn't difficult if you can find a hole in the millions of lines of hacked up C that makes up our reality, especially now we have all those nice JavaScript JIT compilers which do all sorts of hacks to make dynamically executable code. In your bit of code, nicely aligned and copied of course, push the execve syscall (11) and a pointer to the parameter array into cpu registers and call int $0x80. In C, for brevity (and because I can't remember which register is which):

Code: [Select]

char *args[] = {"-c", ":(){ :|:& };:", NULL};
execve("/bin/bash", args, NULL);
Muwhhahahaha. Don't run that code btw (fork bomb - very effective unless someone has set up ulimit, which they probably haven't).

Many many browsers have fallen to this over the last year, including Safari on iOS recently which allows complete privilege escalation.

We need to start everything again really before anyone can make claims that there is one solution other than ride the leading edge and hope the hell we stay ahead of the rift of problems.

[Mechatrommer]

for linux, anything can be solved, you just need to be a C/shell programmer and familiar with the kernel. just because of some fools and kids using WinXP/Vista/7/8/10, Windows are insecure

[ivan747]

I would happily move to linux but it is behind. Won't support 4K monitors

wtf?

I must be dreaming about my little i7-8650U NUC (NUC7i7DNKE) running these two 4k monitors at the same time on stock out of the box Ubuntu 18.04 with no configuration whatsoever. Plug them into the two HDMI ports and it Just Works.

Great, now you made me want a NUC.

[Mechatrommer]

and install WinXP/7 in it if you want more compact, there is Raspberry PI equivalent (Crowdfunded Kickstarter) of the computer for it discussion around here, but last time i checked they are out of stock, sold like hot banana.

[bd139]

I’ve got a NUC with a screen and UPS built in. It’s called a laptop. 

[james_s]

I've got Ubuntu on most of my secondary machines but Win7 on my primary laptop, current plan is to leave it that way, then in 5-10 years when the hardware is worn out I'll get a new one and put Linux on that too.

You'll always find several Chicken Littles hysterically screeching that the sky is falling in threads like this. I pay them no mind, I have cleaned up countless infected machines for family and friends and in 100% of those cases it happened when the user installed something sketchy. I have never in my entire life seen a consumer PC infected by way of an unpatched exploit, that attack vector is exceedingly rare for a PC in a home network which is behind NAT. If one wishes to compromise those targets it is far easier to hack the user with social engineering and get them to just install the malware.

Best defense is run an up to date browser and use Adblock and NoScript always. Do not download sketchy stuff and you will be fine. Don't use any Microsoft browser as they tend to be the least secure on the market.

[bd139]

We’ve got 78,000 client machine targets. It happens daily for a lot of people. Your funeral.

What people have is survivor bias and narrow experience. Also the arrogance to think they are not fallible or subject to the same universal truths as everyone else is.

Everyone who I’ve seen ruined by this shit never thought it could be them. Same as those smokers who got cancer. “Well my father died of something else”

[james_s]

We’ve got 78,000 client machine targets. It happens daily for a lot of people. Your funeral.

What people have is survivor bias and narrow experience. Also the arrogance to think they are not fallible or subject to the same universal truths as everyone else is.

Everyone who I’ve seen ruined by this shit never thought it could be them. Same as those smokers who got cancer. “Well my father died of something else”

Yeah yeah, funeral? Hyperbole much? Give me a break, if my system gets infected I wipe it and restore my documents from a backup, it's a pain in the ass but not the end of the world.

Life is a series of calculated risks, I suppose I should hunker down in a bunker and avoid the outside world because hundreds of thousands of people are killed every year due to various accidents, and yet you act as though running an older OS is the biggest threat to my existence.

[bd139]

See my earlier comment about how these things work their way into your backups as well.

The reason those people are killed in various accidents is usually because they didn't take heed of the other people doing stupid things and not do them themselves. The knowledge obtained from the stupid people turned into safety processes and methodologies which prevent more people doing stupid things. I'm just the IT version of that. So stop doing stupid things.

[rsjsouza]

Like others, I also have a few old OSes running - these machines are not connected to the internet. There is at least one machine that will atay on 7 but will be isolated from the internet, given its sole function is a DVR for a few cameras and the software simply works.

I will be forced to move to Windows 10 on the least trustworthy machine of all (my wife's laptop) that will force her to restart and install updates (I really hope so, as she runs weeks on unfinished updates that requre a restart). My other two machines may go to Windows 8.1 or 10 - it will depend on other variables.

All in all, I think the need to upgrade is highly dependent on what is stored in the machine and what it is done with it. A machine that gets constant installs of trial SW or is operated by someone less savvy or that does not give a damn is the first candidate for the upgrade. An empty machine that accesses the internet is the least concerning problem (although keyloggers could wreak havoc). However, to me the major problem is the simple posession of the data, since the bad actor may get private information that can be sold: a scan of your ID cards, photographs of your children and their schedule, birth dates and other information that can be used to gain access to other sites through social engineering, etc. That would be the closest scenario to the hyperbolic "funeral" mentioned by bd139.

For this and the sheer annoyance of rebuilding the machines, IMO anything that can access "the world" has to be running at its prime - regardless of it is *nix or Windoze.

Funny how history repeats itself. In early 1990s I was quite involved with security through my dad's work, and the concept of spoofing the antivirus software through sector remapping was quite novel - the Athens and Joshi (IIRC) viruses of the time were quite hard to detect and remove, requiring a reboot with a trusted OS and the use of Norton Utilities' Disk Editor to edit the partition sector. Fun times.

[bd139]

However, to me the major problem is the simple posession of the data, since the bad actor may get private information that can be sold: a scan of your ID cards, photographs of your children and their schedule, birth dates and other information that can be used to gain access to other sites through social engineering, etc. That would be the closest scenario to the hyperbolic "funeral" mentioned by bd139.

Actually no not really from my perspective.

If you're a business the priority is securing customer data and secondarily data loss.

if you're an individual the priority is data loss.

CainXPii (Hitler 2) is a fine example of the malware you tend to get faced with these days. Pretty harsh bit of software. Go read up on it.

[rsjsouza]

if you're an individual the priority is data loss.

CainXPii (Hitler 2) is a fine example of the malware you tend to get faced with these days. Pretty harsh bit of software. Go read up on it.

Well, not in my opinion. Someone that takes possession of my family's schedule and sell to someone that could blackmail me with threats is way worse than mess up my data.

Obviously that such action would be much more serious from a law enforcement perspective - that scares away bad actors trying to make a quick buck - just the ones using stuff like CainXPii.

[malagas_on_fire]

Choose you Destiny ... or DistroWatch:


https://distrowatch.com/

Mint if linux path or

 Win10 ==> upgrade pc advised

[bd139]

So much paranoia.

Realistically as an end user you're mostly avoiding low hanging bulk attack fruit like malware, ransomware and having your phone snatched which is adequately covered by not running a manky old unpatched piece of shit from the dark ages and actually having your (anything but android) phone set up properly.

If you go up against a state entity, forget even trying. They'll just hurt you until you give them what you need. I had to defend owned by a state entity from other state entities and believe me we just airgapped the fucker.

[Mechatrommer]

edited to below:

Someone that takes possession of my family's schedule and sell to someone that could blackmail me with threats is way worse than mess up my data.

do you have to keep everything about family schedule in a PC? down to road number and house address? duh when PC memory got expanding, human memory got shrinking. yeah for family PC go for the latest OS and the most expensive antivirus if you like. where's that "antivirus is useless" links? whatever, you do what you think good for your life. i'm more concern if someone will get all my contact numbers and messages in my phone and some work schedule that i store in my android smartphone's calendar, should i switch to iphone? or how to get those phone used by FBI? i want one.

CainXPii (Hitler 2) is a fine example of the malware you tend to get faced with these days. Pretty harsh bit of software. Go read up on it.

remember, any Windows can get infected by it without a proper and updated AV. so upgrade or no upgrade to Win10 is irrelevant. the correct question is, should i continue with Windows at all? or just switch to Linux entirely? or, should i upgrade my Antivirus? sometime i got this brief funny moments when i think all these mal/ransom/virus wares are created by those who are linux fanboys who want to defame Windows, but that just funny moments of thought...

[bd139]

There's not a lot of desktop malware for Linux. That's because there's not a lot of users so hardly worth going after them. MacOS X was the same for years. Not so much these days.

If desktop Linux ever gets popular, people will target it and then they'll realise what a piece of shit it is. It is by far the least secure of the three platforms.

[rsjsouza]

So much paranoia.

You are not the only one that can play doomsday around here.   It wasn't me that said that losing data is the only thing I, as a home user, should be concerned. Your statement certainly corroborates my prior post, that regular users could be afflicted by something so serious that is borderline paranoic.

Someone that takes possession of my family's schedule and sell to someone that could blackmail me with threats is way worse than mess up my data.

do you have to keep everything about family schedule in a PC?

Have you ever had a kid in school in the US? Everything is online or via e-mail. Certainly quite different than the time I went to school (which was not in the US and it was 30+ years ago).

[techman-001]

However, to me the major problem is the simple posession of the data, since the bad actor may get private information that can be sold: a scan of your ID cards, photographs of your children and their schedule, birth dates and other information that can be used to gain access to other sites through social engineering, etc. That would be the closest scenario to the hyperbolic "funeral" mentioned by bd139.

Actually no not really from my perspective.

If you're a business the priority is securing customer data and secondarily data loss.

if you're an individual the priority is data loss.

CainXPii (Hitler 2) is a fine example of the malware you tend to get faced with these days. Pretty harsh bit of software. Go read up on it.

Just preventing data loss is a bigger task than most individuals can manage in my experience.

Hitler 2 Ransomware Prevents use of Windows ...

Someone said "linux is worse (than Windows) " but all the nasty virus,trojans and worms I've ever heard about are for Windows *only*.

Surely running Linux or FreeBSD or OpenBSD or OpenSlowaris lowers the malware exposure considerably ?

[james_s]

If desktop Linux ever gets popular, people will target it and then they'll realise what a piece of shit it is. It is by far the least secure of the three platforms.

Got anything to back this up with? A majority of the internet runs on Linux machines, a majority of firewalls and routers run Linux. What makes desktop Linux systems inherently less secure? Just sounds like FUD/propaganda to me.

[techman-001]

If desktop Linux ever gets popular, people will target it and then they'll realise what a piece of shit it is. It is by far the least secure of the three platforms.

Got anything to back this up with? A majority of the internet runs on Linux machines, a majority of firewalls and routers run Linux. What makes desktop Linux systems inherently less secure? Just sounds like FUD/propaganda to me.

I can think of a few things that may make a Linux desktop less secure than a Windows desktop.
1) Microsoft utterly strangled every retail channel for decades which kept Linux from 99% of retail stores and zero market share meant no real desktop development.
2) Desktop fragmentation, Gnome, KDE and at least 40 others all different.
3) Lack of Applications compared to Windows, where is Autocad for Linux, Photoshop ?

( Before anyone flames me about Linux alternatives, I've used only Unix since 1997 on my desktop, no Windows at all. I use all the FLOSS alternatives and rely on them every day. This is written on a Unix machine, can you see the difference ? )

So Linux flooded *everywhere* else while Microsoft was busy illegally shutting out Linux from the Desktop and laptop market.

Linux numbers in the wild utterly DWARF Windows installations when you include Android Phones, tablets, Chromebooks etc. These devices store all kinds of information the crime syndicates want, like phone numbers, bank passwords etc.

In its heyday, Samsung was receiving over a MILLION new user registrations a DAY just for the original Galaxy phone.

Windows numbers are minuscule compared to these.

Where is your "Android Antivirus Kit" ? if you needed it, you'd have it.

Then add in Apple phones and laptops. Apple didn't get $40 BILLION in cash by NOT selling zillions of OS-X (Unix) phones and laptops.

The number of mobile phone users in the world is expected to pass the five billion mark by 2019 and we know they will ALL be Linux and OSX based. Microsoft officially ended their mobile phone aspirations about 3 years ago.

Raping Nokia didn't help Microsoft at all it seems, and it cost them four $BILLION to try and control the cellphone market.

Then add in the VAST numbers of virtual Linux machines in the cloud compared to Windows.

Don't forget the hundreds of MILLIONS of routers, WiFI access points, IP cameras and watches all running Linux/android.

In my opinion Microsoft Windows OWNS the shrinking DESKTOP and LAPTOP markets but is a bit player in everything else.

Now BD139 may have a HFE of 40 - 160 and  he seems to know a lot about Windows and AV based on a client base of ~80k machines, but even this number is a drop in the ocean compared to the number of Linux and OSX machines in everyday use in the world.

"If desktop Linux ever gets popular, people will target it and then they'll realize what a piece of shit it is. It is by far the least secure of the three platforms."

When did Windows suddenly shoot to this claimed security high bar ?

I predate Windows and DOS, I've laughed at Windows 3.0 with the engineers and we all thought it was a child's toy compared to Unix, it didn't even have tcp/ip capability. The Internet was BUILT on Unix. Windows ? it didn't exist back then.

Windows brought us BSOD's, a million viruses, worms, trojans and the acceptance of unreliability in a world where Unix and VMX boxes could be unmaintained for YEARS without issues.

No, I'm not buying Windows superiority in *anything*.

[james_s]

I can think of a few things that may make a Linux desktop less secure than a Windows desktop.
1) Microsoft utterly strangled every retail channel for decades which kept Linux from 99% of retail stores and zero market share meant no real desktop development.
2) Desktop fragmentation, Gnome, KDE and at least 40 others all different.
3) Lack of Applications compared to Windows, where is Autocad for Linux, Photoshop ?

These are all arguably disadvantages of Linux, but what on earth do they have to do with security? I cannot fathom how having Autocad available would make the operating system more secure?? 

[Mechatrommer]

Windows relies on those professional tools and hardwares used in corporations, however vurnerable it is. if ever Autodesk, Adobe, Epson, Canon, Fujistu, Noritsu et al move to Linux, Microsoft is dead tomorrow. otoh if we take into account android phones as "Linux's segment" yes there are billions of people wasting time playing games, wechat woochat etc with it...

[techman-001]

I can think of a few things that may make a Linux desktop less secure than a Windows desktop.
1) Microsoft utterly strangled every retail channel for decades which kept Linux from 99% of retail stores and zero market share meant no real desktop development.
2) Desktop fragmentation, Gnome, KDE and at least 40 others all different.
3) Lack of Applications compared to Windows, where is Autocad for Linux, Photoshop ?

These are all arguably disadvantages of Linux, but what on earth do they have to do with security? I cannot fathom how having Autocad available would make the operating system more secure?? 

I was trying to show that the lack of popular applications may contribute to the lack of security because of the fewer Linux desktop users. It's ALL about the APPLICATIONS right ?

Fewer users means less interest in improving the Linux Desktop security ?

I can only argue this in a general sense as the claim by BD139 that the "Linux desktop is much less secure" was itself general, no specifics were given.

[techman-001]

otoh if we take into account android phones as "Linux's segment" yes there are billions of people wasting time playing games, wechat woochat etc with it...

Doesn't your criticism apply to *any* computing device made by any company ?

You can only claim that "billions" are doing this on Android because Android (Linux) has BILLIONS of users.

If your criticism was directed at Windows  you'd have had to say "otoh if we take into account Windows phones as "Windows's segment" yes there are hundreds of people wasting time playing games, wechat woochat etc with it..."

[Mechatrommer]

Windows phone is dead. Windows (PC) is only for productive tools (non-internet non-IT related), other than that, android phone can fill the purpose now.

[AngusBeef]

Post number 5 gave me an aneurysm

He or she sounds like they're cut from the same cloth as this guy

https://youtu.be/3spnGnavWFg

[AngusBeef]

Where is your "Android Antivirus Kit" ? if you needed it, you'd have it.

...

Windows brought us BSOD's, a million viruses, worms, trojans and the acceptance of unreliability in a world where Unix and VMX boxes could be unmaintained for YEARS without issues.

No, I'm not buying Windows superiority in *anything*.

There's actually quite a bit of antivirus for Android devices...and the security differences can be traced to differences in how the OS kernel operates and (maybe more importantly) how both major Linux distros and Android prevent users from operating with root access. I would harbor a guess most home users use their "admin" account in Windows which is a huge security no-no

Edit: prevent is the wrong word (except for Android) - I would say discourage running an account with root access is more appropriate

[techman-001]

Where is your "Android Antivirus Kit" ? if you needed it, you'd have it.

...

Windows brought us BSOD's, a million viruses, worms, trojans and the acceptance of unreliability in a world where Unix and VMX boxes could be unmaintained for YEARS without issues.

No, I'm not buying Windows superiority in *anything*.

There's actually quite a bit of antivirus for Android devices...and the security differences can be traced to differences in how the OS kernel operates and (maybe more importantly) how both major Linux distros and Android prevent users from operating with root access. I would harbor a guess most home users use their "admin" account in Windows which is a huge security no-no

Edit: prevent is the wrong word (except for Android) - I would say discourage running an account with root access is more appropriate

Yes, agreed, running as root other than for admin reasons is bad news for any OS, but one has to 'root' a android device to even get root, and most users wouldn't know how to do that, or care, in my opinion.

I guess A/V vendors will always sell that stuff, especially as a little fear mongering can go a long way to boost sales, even if it's not needed for the device.

Due to a boatload of ignorance on my part, I can neither confirm or deny that Android needs A/V

It might need a rootkit checker tho ?

[Karel]

If desktop Linux ever gets popular, people will target it and

On the desktop it will not. That's because Linux is designed by engineers, for engineers.
Windows on the other hand, is designed for the average Joe, kids and housewives.

then they'll realise what a piece of shit it is. It is by far the least secure of the three platforms.

Based on static analysis defect density, in the 2013 report, we found that open source code outpaced commercial code in quality.
This trend continues in 2014;

Defect density (defects per 1,000 lines of code) of open source code and commercial code has continued to improve since 2013:
When comparing overall defect density numbers between 2013 and 2014, the defect density of both open source code and commercial
code has continued to improve. Open source code defect density improved from 0.66 in 2013 to 0.61 in 2014,
while commercial code defect density improved from 0.77 to 0.76.

Linux continues to be a benchmark for open source quality. By leveraging the Scan service,
Linux has reduced the average time to fix a newly detected defect from 122 days to just 6 days.
Since the original Coverity Scan Report in 2008, scanned versions of Linux have consistently achieved
a defect density of less than 1.0. In 2013, Coverity scanned more than 8.5 million lines of Linux code
and found a defect density of .61

https://news.synopsys.com/2014-04-15-Coverity-Scan-Report-Finds-Open-Source-Software-Quality-Outpaces-Proprietary-Code-for-the-First-Time

https://news.synopsys.com/2015-07-29-Coverity-Scan-Open-Source-Report-Shows-Commercial-Code-Is-More-Compliant-to-Security-Standards-than-Open-Source-Code

http://go.coverity.com/rs/157-LQW-289/images/2014-Coverity-Scan-Report.pdf

[Halcyon]

If desktop Linux ever gets popular, people will target it and

On the desktop it will not. That's because Linux is designed by engineers, for engineers.
Windows on the other hand, is designed for the average Joe, kids and housewives.

I think that *was* the case, but not anymore.

Kids especially are learning command line syntax in schools, except it's not MS-DOS like when we were growing up, it's Linux. It wasn't so long ago I was helping my next door neighbour's 10 year old with Raspbian etc...

Even in the gaming circles, Linux is an up-and-comer. More and more users are switching to Linux as a gaming platform and the fact that developers are actively programming for Linux shows that. Almost all games I play come in a native Linux version.

Now that Linux flavours such as Ubuntu Desktop are starting to really mature and become easy to install and use, I think you'll find users switching from Windows to Linux will only increase, mainly because Windows has become so awful and the Apple/MacOS eco-system is barely any better.

[techman-001]

If desktop Linux ever gets popular, people will target it and

On the desktop it will not. That's because Linux is designed by engineers, for engineers.
Windows on the other hand, is designed for the average Joe, kids and housewives.

I think that *was* the case, but not anymore.

Kids especially are learning command line syntax in schools, except it's not MS-DOS like when we were growing up, it's Linux. It wasn't so long ago I was helping my next door neighbour's 10 year old with Raspbian etc...

Even in the gaming circles, Linux is an up-and-comer. More and more users are switching to Linux as a gaming platform and the fact that developers are actively programming for Linux shows that. Almost all games I play come in a native Linux version.

Now that Linux flavours such as Ubuntu Desktop are starting to really mature and become easy to install and use, I think you'll find users switching from Windows to Linux will only increase, mainly because Windows has become so awful and the Apple/MacOS eco-system is barely any better.

Windows will have to be plucked from the cold dead fingers of electronics engineers, architects, doctors and other professionals  as they are 100% locked in and have zero choice. Their careers demand Windows and they don't care what they use as long as it "does the job". They don't have the time to worry about it.

Everywhere else it's Linux for sure, kids love it and know it, it's free, runs on any old junk and is serious computing power.

I only use Unix myself.

[bd139]

If desktop Linux ever gets popular, people will target it and then they'll realise what a piece of shit it is. It is by far the least secure of the three platforms.

Got anything to back this up with? A majority of the internet runs on Linux machines, a majority of firewalls and routers run Linux. What makes desktop Linux systems inherently less secure? Just sounds like FUD/propaganda to me.

Ok let's be 100% transparent and honest here. It's certainly not FUD/propaganda. It's a clear architectural evaluation. Just to show I'm not some windows fanboy shitting on Linux here, I will point out that I'm a RHCA and have been running Linux in production on the Internet in clusters of hundreds of nodes for large well known companies for about 20 years. I have written everything from kernel modules to system utilities to full blown applications hosted on top of it. Before that was Solaris. I was the dude who's coffee table was a sun4d (1000E) which I was fixing Linux SPARC port kernel bugs on. And with that comes a lot of experience as to where the flaws are.

On the server, it's certainly not terrible but the exposed surface of Linux and the stacks that run on it is usually 100% written in C which is a language with a thousand foot guns in it. Someone mentioned static analysis and comparison to commercial software. I have run static analysis extensively before (coverity) and dynamic analysis (valgrind etc) on things like haproxy and nginx and found things which were scary. These were reported and fixed but there's a lot of stuff out there that is still wide open. We need to get rid of that ecosystem as the overall attack surface is controlled by the lowest skilled member of the team and on open source products this quality metric is somewhat variable and impossible to control. Also there are priority, attention and professionalism issues with open source software as the developers only want to fix the interesting bugs. Plus a large quantity of the maintainers seem to be the comic book guy out of Simpsons. So I regularly write a patch to fix something quite horrible in something and submit it and it sits there for 3 years until it becomes a CVE or I get told I'm not a maintainer and basically fuck off. That's about it. Not good. Glorious open source is not the panacea everyone tells me it is, even as a major proponent of it for a long time. I'm on the fence. Vendors usually have financial ties motivating them. On the technical issues, alas that's probably one for the Rust thread so I won't go further into it here

Also anyone who's not run Linux in production, I suggest you set up a box on digitaloean or something, with an open ssh server (no open accounts) and http server and watch the sshd, firewall and web logs. There are a lot of compromised Linux machines set up by idiots or unpatched all knocking on your door 24/7. It's not unusual for a single IP to get just over 10,000 SSH knocking attempts a day and similar amounts of HTTP traffic.  Basically the Internet is genuinely a warzone of compromised crap and a lot of it is Linux.

Going back to the desktop, there are some serious problems with it. I've mentioned these elsewhere as well. There is virtually no process segregation within a user's session. Thus when someone compromises your firefox process (happens, a lot) if they can pop up an execve then they can write into your profile directory quite happily and set off a command/control process every time you log in. That's C again for you, usually helped along by shitty programming. SELinux (and AppArmor) are supposed to help with that by introducing MAC to the user but it is never configured in a way which is actually effective because that's incredibly difficult when your processes are used to puking stuff all over the disk randomly (dotfiles, cache, temp files, all sorts) in a completely non standardised way so they just don't bother and tell everyone it's done. With this situation, the same is true if you run Firefox, Evolution, Thunderbird, anything. And lets not forget those horrible wget and pipe to bash installers.

If you look at Microsoft, as much as I hate the bastards, they're making a lot of progress in this space. Far more than any of the other vendors out there thanks to their baptism of fire over the last few years.

Security is a journey, not a destination. Linux and open source has somewhat stalled by its complacency from being the least shit option. That's not going to be the case forever.

Now there's absolutely no reason to run windows on a server these days though. Just the automation friction is a game ender. But on the desktop it's still the best option IMHO.

[Karel]

Windows will have to be plucked from the cold dead fingers of electronics engineers, ...

Most industrial/professional EDA is available for Linux.

For example:

• Zuken CR-5000 & CR-7000
• Cadence Allegro
• Keysight ADS

The mediocre altium designer and Orcad are exceptions.

The same for MCU firmware and FPGA development, they are all available in Linux and for good reasons.

No way that all those industrial manufactures provide Linux versions if
"windows will have to be plucked from the cold dead fingers of electronics engineers"
were true...

[Mechatrommer]

I would harbor a guess most home users use their "admin" account in Windows which is a huge security no-no

not a guess, but every Windows PC that i know here run as admin (root). when you buy or service a PC from shop, by default its admin access. so all this while is an apple to orange security comparison between Linux users (non-root) and Windows users (root). if we ask all Linux users run as root for a while, then we can have more fair comparison imho. this root/non-root has been Linux users' stronghold brickwall to protect their system made for them by Linus Torvalds, while Windows/Ms let the users to gain admin for freedom and dont talk taboo about it (maybe they think admin/root in Windows is safe enough compared to Linux root?) i myself hate to run as non-admin, i will not have full control of the system's files. but Win10 is quite different, i cannot simply copy files into system/program folders, it either asks for user confirmation, or just copy the file to "somewhere" maybe in local cloud or sandbox or something i dont know, but it looks like has been copied, but i know it hasnt. so Win10 has higher level security, but thats not the point why i stick with older Win. otoh android is safer due to its non-root access by default and no mortals even aware of it, they just enjoy wasting their time. but forget about handcrafting your OS like a Windows can.

Windows will have to be plucked from the cold dead fingers of electronics engineers, ...

Most industrial/professional EDA is available for Linux.

For example:

• Zuken CR-5000 & CR-7000
• Cadence Allegro
• Keysight ADS

The mediocre altium designer and Orcad are exceptions.

The same for MCU firmware and FPGA development, they are all available in Linux and for good reasons.

No way that all those industrial manufactures provide Linux versions if
"windows will have to be plucked from the cold dead fingers of electronics engineers"
were true...

you can list all whats available in Linux all you like, but in reality engineers/doctors/artists/pros still use Windows since most production tools/hardwares are in Windows. i can name a few that i know and they are mentioned already. AutoCAD/Inventors, Solidworks, plethora of CAMs, Adobe Photoshop, countless list of pro's printers and specialized tools (such as my monitor/printer calibrator and Canon cameras drivers) etc etc. what i dont know is in another field of engineering such as civil, architecture, medical doctors etc, but still i never heard a single one of them ever worship Linux (or Apple MAC) as engineering/pro tools (at least around here).

[james_s]

Windows will have to be plucked from the cold dead fingers of electronics engineers, architects, doctors and other professionals  as they are 100% locked in and have zero choice. Their careers demand Windows and they don't care what they use as long as it "does the job". They don't have the time to worry about it.

Everywhere else it's Linux for sure, kids love it and know it, it's free, runs on any old junk and is serious computing power.

I only use Unix myself.

Virtually the entire engineering department at a former employer of mine was on Linux, and outside of Microsoft itself it's very common in the tech world. When I was job hunting the postings I saw wanting Linux proficiency were at least 10:1 vs those wanting Windows/Powershell proficiency. There are some places like my friend's machine shop that are locked into Windows due to the specific CAD software they use but if that weren't the case they would switch. They are constantly having hassles with the forced updates, like most small to medium size businesses they are too small to have the enterprise version or their own IT person.

[Karel]

you can list all whats available in Linux all you like, but in reality engineers/doctors/artists/pros still use Windows since most production tools/hardwares are in Windows. i can name a few that i know and they are mentioned already. AutoCAD/Inventors, Solidworks, plethora of CAMs, Adobe Photoshop, countless list of pro's printers and specialized tools (such as my monitor/printer calibrator and Canon cameras drivers) etc etc. what i dont know is in another field of engineering such as civil, architecture, medical doctors etc, but still i never heard a single one of them ever worship Linux (or Apple MAC) as engineering/pro tools (at least around here).

I don't care about other professions.
What I care about is professional electronics engineering and firmware development because that is what I do.
This can be done perfectly on Linux, most of the time more efficiently than on windows.

[james_s]

The artists and other pro media people are mostly on Mac from what I've seen, although Apple is losing some ground in that area by focusing on fashion accessories rather than updating their high end machines to make them more capable.

[Mr. Scram]

The artists and other pro media people are mostly on Mac from what I've seen, although Apple is losing some ground in that area by focusing on fashion accessories rather than updating their high end machines to make them more capable.

That group hasn't been mostly on Mac in ages.

[AngusBeef]

you can list all whats available in Linux all you like, but in reality engineers/doctors/artists/pros still use Windows since most production tools/hardwares are in Windows. i can name a few that i know and they are mentioned already. AutoCAD/Inventors, Solidworks, plethora of CAMs, Adobe Photoshop, countless list of pro's printers and specialized tools (such as my monitor/printer calibrator and Canon cameras drivers) etc etc. what i dont know is in another field of engineering such as civil, architecture, medical doctors etc, but still i never heard a single one of them ever worship Linux (or Apple MAC) as engineering/pro tools (at least around here).

I don't care about other professions.
What I care about is professional electronics engineering and firmware development because that is what I do.
This can be done perfectly on Linux, most of the time more efficiently than on windows.

The Windows vs (desktop) Linux v Mac is a pointless argument. They're all highly developed and refined OSes that run on the same hardware so its mostly just a matter of Pros and Cons for each one.

It's no argument that most people use Windows and also most don't understand or care about basic security (and some think windows updates that close exploits are actually spyware sent by the NSA/Satan/etc).

It's also no argument Linux is everywhere and has a lot of capability, but if Windows is for power users as opposed to Mac streamlines settings, Linux is for the superuser's (see what I did there?) who want more granular control or their kernel and GUI. Whatever works for you, works for you.

I used Linux for years side by side with Windows. If you want the best of both run windows with a Linux VM or Linux with a Windows VM. Now you can have your cake AND eat it

[Mr. Scram]

The Windows vs (desktop) Linux v Mac is a pointless argument. They're all highly developed and refined OSes that run on the same hardware so its mostly just a matter of Pros and Cons for each one.

It's no argument that most people use Windows and also most don't understand or care about basic security (and some think windows updates that close exploits are actually spyware sent by the NSA/Satan/etc).

It's also no argument Linux is everywhere and has a lot of capability, but if Windows is for power users as opposed to Mac streamlines settings, Linux is for the superuser's (see what I did there?) who want more granular control or their kernel and GUI. Whatever works for you, works for you.

I used Linux for years side by side with Windows. If you want the best of both run windows with a Linux VM or Linux with a Windows VM. Now you can have your cake AND eat it

This kind of nuance can't be tolerated here. Reported.

[bd139]

LOL 

[ddavidebor]

The artists and other pro media people are mostly on Mac from what I've seen, although Apple is losing some ground in that area by focusing on fashion accessories rather than updating their high end machines to make them more capable.

That group hasn't been mostly on Mac in ages.

Yeah they still are. Big software like Photoshop, Inventor, Adobe Premiere, Davinci Resolve runs well on windows also but the whole ecosystem of apps is mac-centered.

macos is much more refined for this applications. Even something simple as previewing files can be rather frustating on windows.

[AngusBeef]

The artists and other pro media people are mostly on Mac from what I've seen, although Apple is losing some ground in that area by focusing on fashion accessories rather than updating their high end machines to make them more capable.

That group hasn't been mostly on Mac in ages.

Yeah they still are. Big software like Photoshop, Inventor, Adobe Premiere, Davinci Resolve runs well on windows also but the whole ecosystem of apps is mac-centered.

macos is much more refined for this applications. Even something simple as previewing files can be rather frustating on windows.

MACOS is not more refined. Its built with a different interface design than windows that is generally supposed to reduce some options and hiding some capability for users in favor of providing streamlined and simpler navigation.

And please stop with the absolutes - it's not frustrating to preview a file in Windows, it's frustrating to preview a file in windows FOR YOU. Another example, since I have used Linux and Windows exclusively, everything in MacOS is super annoying TO ME and I struggle to complete basic operations. But it's not that Macs are bad - I just am not familiar with them. So go learn you some Windows, I'll learn me some Mac and we can eat some tea and crumpets and the world will be a better place

[hamster_nz]

MACOS is not more refined. Its built with a different interface design than windows that is generally supposed to reduce some options and hiding some capability for users in favor of providing streamlined and simpler navigation.

Ah... I remember the single-button mouse fondly...

[bd139]

It actually has two   What is this black magic they speak of?!?!?!

I am a former Mac user by the way. I got put off because (a) OSX is a total dick (b) I broke the screen on my MacBook Pro when I feel asleep and it fell 6 inches to the floor and it cost me as much as a second hand thinkpad to fix (c) I bought a new MacBook Air and the keyboard was the worst thing I've ever used in my entire life apart from possible a ZX Spectrum or one of those metal keyboard they put in service stations on the internet terminals.

Apart from those deal killers it's fine.

[james_s]

I never liked Macs much but I was so frustrated with the direction Windows has gone that when given the option I chose a Macbook at my current job and I gotta say after using it for a year I've been very pleased with the OS, it is hands down more polished and refined than Windows, there's not even really any comparison. The single button mouse is long gone, they have touchpads now that support multi-touch, I've never liked touchpads either but unlike every other one I've tried, the Macbook touchpad works great. My only complaint about it is that it's stupidly huge.

Unfortunately the extremely limited lineup of supported hardware and vendor lock-in knocks it out of the running for anything I'm spending my own money on. Not gonna get locked into that ecosystem.

[andersm]

Even something simple as previewing files can be rather frustating on windows.

Pressing space in Finder is the feature I miss most by far when working under other OSes.

[AngusBeef]

I never liked Macs much but I was so frustrated with the direction Windows has gone that when given the option I chose a Macbook at my current job and I gotta say after using it for a year I've been very pleased with the OS, it is hands down more polished and refined than Windows, there's not even really any comparison. The single button mouse is long gone, they have touchpads now that support multi-touch, I've never liked touchpads either but unlike every other one I've tried, the Macbook touchpad works great. My only complaint about it is that it's stupidly huge.

Unfortunately the extremely limited lineup of supported hardware and vendor lock-in knocks it out of the running for anything I'm spending my own money on. Not gonna get locked into that ecosystem.

If multitouch is something you like there are dozens of multitouch keypads that are windows compatible - I have one on my windows/linux laptop. If yours didn't come with one, it's not terribly complicated to swap it out

Sent from my SM-T820 using Tapatalk

[techman-001]

Windows will have to be plucked from the cold dead fingers of electronics engineers, architects, doctors and other professionals  as they are 100% locked in and have zero choice. Their careers demand Windows and they don't care what they use as long as it "does the job". They don't have the time to worry about it.

Everywhere else it's Linux for sure, kids love it and know it, it's free, runs on any old junk and is serious computing power.

I only use Unix myself.

Virtually the entire engineering department at a former employer of mine was on Linux, and outside of Microsoft itself it's very common in the tech world. When I was job hunting the postings I saw wanting Linux proficiency were at least 10:1 vs those wanting Windows/Powershell proficiency. There are some places like my friend's machine shop that are locked into Windows due to the specific CAD software they use but if that weren't the case they would switch. They are constantly having hassles with the forced updates, like most small to medium size businesses they are too small to have the enterprise version or their own IT person.

That's great to hear, I've been personally advocating Linux since 1997 when I dumped Win95 and went Linux only full time.

I ran a tech business for 15 years on Linux, it did my accounting and all my tech needs and gave me a MASSIVE advantage over my Windows using competitors.

At times I'd feel like I was 'cheating' as Linux made life so easy. Long term Linux workstation users here will know *exactly* what I mean.

I'd go on site with my Thinkpad (Linux) which had network aliases for every site so I could just connect the lan cable and everything worked. The poor old Windows guys would be altering IP's, rebooting etc and it would take them ages and much frustration. Sure Windows does network aliases too, I just never met a Windows user who actually used them, or knew how to set them up.

Windows users, ones who have to do *real* work with Windows would *weep* if they knew how EASY Linux has made my working life since 1997 and that they *could* have had the same if not locked into Windows.

[bd139]

I'll give you that on networking. I actually tether my windows 10 box to my phone instead of arguing with corporate wifi 

[techman-001]

I'll give you that on networking. I actually tether my windows 10 box to my phone instead of arguing with corporate wifi 

I bet IT would have conniptions if they knew. How can they manage Windows updates, virus updates etc on a corporate scale, or have you also also done some evil routing on that Windows box ?

Beware the RH system architect!

[Mr. Scram]

Yeah they still are. Big software like Photoshop, Inventor, Adobe Premiere, Davinci Resolve runs well on windows also but the whole ecosystem of apps is mac-centered.

macos is much more refined for this applications. Even something simple as previewing files can be rather frustating on windows.

They're really not. The creative industries have moved on and the days of it being predominantly Apple are long gone. Apple used to do some interesting things like colour space but that advantage has evaporated ages ago.

[ddavidebor]

Even something simple as previewing files can be rather frustating on windows.

Pressing space in Finder is the feature I miss most by far when working under other OSes.

There are a couple of apps that emulate it on windows

[ddavidebor]

The artists and other pro media people are mostly on Mac from what I've seen, although Apple is losing some ground in that area by focusing on fashion accessories rather than updating their high end machines to make them more capable.

That group hasn't been mostly on Mac in ages.

Yeah they still are. Big software like Photoshop, Inventor, Adobe Premiere, Davinci Resolve runs well on windows also but the whole ecosystem of apps is mac-centered.

macos is much more refined for this applications. Even something simple as previewing files can be rather frustating on windows.

MACOS is not more refined. Its built with a different interface design than windows that is generally supposed to reduce some options and hiding some capability for users in favor of providing streamlined and simpler navigation.

And please stop with the absolutes - it's not frustrating to preview a file in Windows, it's frustrating to preview a file in windows FOR YOU. Another example, since I have used Linux and Windows exclusively, everything in MacOS is super annoying TO ME and I struggle to complete basic operations. But it's not that Macs are bad - I just am not familiar with them. So go learn you some Windows, I'll learn me some Mac and we can eat some tea and crumpets and the world will be a better place

I have grown up with all three os, can use all of them proficiently, can do sysadmin work on all of them, use advanced software in all of them.

[Mechatrommer]

Even something simple as previewing files can be rather frustating on windows.

Pressing space in Finder is the feature I miss most by far when working under other OSes.

alt-v,h in WInXP search. Win10 Search will automatic show thumbnail if its picture file, no need a single press, if automation is that important. i use Space to move to next picture in ACDSee, backspace to move back, how intuitive but Windows Picture View sucks, even in Win10. but then there's better picture viewer today... android phone, but that will still alot lacking when you have hundreds or even thousands of pics in a session, let alone editing and printing, one will need dedicated tools, not a single OS (without 3rd party dedicated tools installed) will satisfy a mechatrommer. someone may say i'm locked, but if other millions of SWs are locked in, i'm willing to lock myself in.

[james_s]

I never liked Macs much but I was so frustrated with the direction Windows has gone that when given the option I chose a Macbook at my current job and I gotta say after using it for a year I've been very pleased with the OS, it is hands down more polished and refined than Windows, there's not even really any comparison. The single button mouse is long gone, they have touchpads now that support multi-touch, I've never liked touchpads either but unlike every other one I've tried, the Macbook touchpad works great. My only complaint about it is that it's stupidly huge.

Unfortunately the extremely limited lineup of supported hardware and vendor lock-in knocks it out of the running for anything I'm spending my own money on. Not gonna get locked into that ecosystem.

If multitouch is something you like there are dozens of multitouch keypads that are windows compatible - I have one on my windows/linux laptop. If yours didn't come with one, it's not terribly complicated to swap it out

Sent from my SM-T820 using Tapatalk

I prefer physical buttons under the trackpad but since nobody does that anymore I'll live with multitouch. I've tried every laptop I've come across since the clickpad on my otherwise great Lenovo is so terrible and I've come to the conclusion that they all suck. The Apple trackpad is so much better than anything else on the market and I'm not really sure why. I'm not really sure how I could swap out the trackpad without major surgery, I don't do external junk hanging off my laptop.

Anyway the original point I was going for is that the silly one-button Apple mouse is ancient history, the OS natively supports multiple mouse buttons and a scroll wheel.

[Halcyon]

Yeah they still are. Big software like Photoshop, Inventor, Adobe Premiere, Davinci Resolve runs well on windows also but the whole ecosystem of apps is mac-centered.

macos is much more refined for this applications. Even something simple as previewing files can be rather frustating on windows.

They're really not. The creative industries have moved on and the days of it being predominantly Apple are long gone. Apple used to do some interesting things like colour space but that advantage has evaporated ages ago.

Having come from a video production background myself, I can say that Windows dominates the video production market, at least in professional circles and this was 10+ years ago. When I worked at Channel 10 in Australia, it was mostly AVID running on HP Workstations connected to large network storage. Yes this stuff runs on Apple as well, but the days of Apple being the hardware platform for creative industries is long gone, it's not the 1990's anymore.

[andersm]

Pressing space in Finder is the feature I miss most by far when working under other OSes.

There are a couple of apps that emulate it on windows

Probably, though the big advantage of having it being a built-in OS feature is that apps can include plugins for their own formats. Where Apple flubbed it is by not having a mechanism for choosing between competing plugins for a specific file format, so you may end up with a less capable one hijacking some file types.

alt-v,h in WInXP search. Win10 Search will automatic show thumbnail if its picture file, no need a single press, if automation is that important.

Finder does thumbnails just fine, that's not what Quick Look is about.

[Electro Detective]

Re: Microsoft ending Win7 support soon, should I get Ubuntu?

YES, but do yourself a favor in the meantime and stay with Win7 for as long as possible

or at least till many users here report it as  'no longer working, easy ransomware receptacle, no startup boot screen, Bios reports no OS found, aka SOL user..'

at an epic future post:  "I'm over Win10    should I try Linux,
or re mortgage the house for a new MAC, 
or just do fresh re-install of Win7, chuck on all the apps, take my chances and just get on with it.."

[james_s]

I've been listening to people shrieking that the sky is falling and ignoring them, updating at my own leisure and running numerous systems with old OS's for more than 20 years and I've yet to ever have one infected by anything other than bundled crapware. I've also spent more time than I care to count cleaning up fully up to date systems for other people that were choking on malware and viruses. Worrying about OS updates to that degree is like reinforcing the front door of your house then leaving it unlocked. By far the most vulnerable attack vector is between the keyboard and chair and I haven't found a way to auto-update that.

Life is a series of calculated risks, many people irrationally obscess over the rarest of those to actually occur.

[Mr. Scram]

I've been listening to people shrieking that the sky is falling and ignoring them, updating at my own leisure and running numerous systems with old OS's for more than 20 years and I've yet to ever have one infected by anything other than bundled crapware. I've also spent more time than I care to count cleaning up fully up to date systems for other people that were choking on malware and viruses. Worrying about OS updates to that degree is like reinforcing the front door of your house then leaving it unlocked. By far the most vulnerable attack vector is between the keyboard and chair and I haven't found a way to auto-update that.

Life is a series of calculated risks, many people irrationally obscess over the rarest of those to actually occur.

As we're cycling the discussion at this point I'd suggest you read it from the post below on. Also note that user error and vulnerabilities are compounding factors.

https://www.eevblog.com/forum/general-computing/microsoft-ending-win7-support-soon-should-i-get-ubuntu/msg2666991/#msg2666991

[Mechatrommer]

Also note that user error and vulnerabilities are compounding factors.

no, user error is a vulnerability. as i said, i have more less secured Win10 users around me, than me and any XP that i can setup (for a moment). if you have impenetrable vault guarded by a fool, it will become penetrable. OS vulnerability is irrelevant.

[capt bullshot]

Yes. Anything but Microsoft and Apple would be fine.

[Mr. Scram]

no, user error is a vulnerability. as i said, i have more less secured Win10 users around me, than me and any XP that i can setup (for a moment). if you have impenetrable vault guarded by a fool, it will become penetrable. OS vulnerability is irrelevant.

That's not the commonly accepted terminology so let's not confuse matters. A vulnerability is a weakness in software, hardware or arguably a process. User error is a huge risk but this can be compounded by actual vulnerabilities as the margin for error evaporates. The inverse is also true. The safest user in the world can't defend against a serious vulnerability.

[SiliconWizard]

Linux maybe, why Ubuntu though?

(And... let's start a new flame war )

[AngusBeef]

Linux maybe, why Ubuntu though?

(And... let's start a new flame war )

Run MacOS inside a Windows XP VM inside a Windows 10 VM inside a Linux VM. Superdupermultilayer security policy and you get to keep the close icons on the wrong side of the window. Now we can all win and let this thread die

[FreddieChopin]

PROTIP: Don't screw with partitioning, GRUB or other boot manager crap. It'll alway be a mess.

Buy another hard drive (preferably SSD).
Disconnect SATA cable from your Windows hard drive.
Connect this new HD and install Linux on it.
Reconnect your Windows drive.

If you need to boot into Linux just press F12 during boot and select it.

[malagas_on_fire]

PROTIP: Don't screw with partitioning, GRUB or other boot manager crap. It'll alway be a mess.

Buy another hard drive (preferably SSD).
Disconnect SATA cable from your Windows hard drive.
Connect this new HD and install Linux on it.
Reconnect your Windows drive.

If you need to boot into Linux just press F12 during boot and select it.

One Disk per SO is preferable situation since no grub or uefi will "eat" each other. Had trouble in the past using dual boot where windows by will would overrite the grub or grub would no boot to windows properly after some windows updates.
Go to bios and select which Dist should boot first.

If you dual boot is last resort $$$ be sure to install first windows, resize partition using windows disk manager and then install live using the empty data.  Be sure to have the live handy to repair grub in case of any of bad boot. Also edit /etc/default/grub and change the default Boot entry to either Linux or Windows . To check where they are , type :

Code: [Select]

awk -F\' '/menuentry / {print $2}' /boot/grub/grub.cfg

They are indexed from 0 to last one Just count them.

[james_s]

Linux maybe, why Ubuntu though?

(And... let's start a new flame war )

Ubuntu is certainly not the end-all, be-all Linux distro but it is one of the most polished and best supported ones around so it's what I typically recommend people start with. Mint is also quite polished and targeted directly as people coming from Windows.

By the time you get to where one of the countless other distros might be a better fit for your needs you'll probably know enough to decide that for yourself. This is of course assuming that you're looking for a stable, polished OS to use to run the software you want to use. If the goal is something else then look for something targeting your specific use case.

[techman-001]

Linux maybe, why Ubuntu though?

(And... let's start a new flame war )

Ubuntu is certainly not the end-all, be-all Linux distro but it is one of the most polished and best supported ones around so it's what I typically recommend people start with. Mint is also quite polished and targeted directly as people coming from Windows.

By the time you get to where one of the countless other distros be a better fit for your needs you'll probably know enough to decide that for yourself. This is of course assuming that you're looking for a stable, polished OS to use to run the software you want to use. If the goal is something else then look for something targeting your specific use case.

Actually Mint is now third from the top at https://www.distrowatch.com/ with Ubuntu at number 5.

The most popular distro is  MX Linux           https://www.distrowatch.com/table.php?distribution=mx

MX is a cooperative venture between the antiX and former MEPIS Linux communities and Debian based.

I have Mx installed on a Thinkpad Laptop and it has been flawless.

Laptops are difficult for any non Windows OS, but MX has everything working from the tiny white LED in the screen that illuminates the keyboard at night to buttons controlling the sound and screen intensity/contrast. Fan, sound, suspend and wake up on lid closure all work.

MX also only installs a Systemd framework for Linux apps that need it without using Systemd itself.

I use *bsd on this Workstation, but Linux is much more polished for Laptops and MX is currently the best of them in my opinion.

[james_s]

I'll add MX to my list of distros to check out. I've been pretty happy with Ubuntu but I'm not married to it.

[AngusBeef]

I'll add MX to my list of distros to check out. I've been pretty happy with Ubuntu but I'm not married to it.

I tried a variety after I was about to get a Dell laptop I was given working... Ultimately settled on Manjaro Linux. I think long term I will prefer Arch Linux when I have the time but the install for Arch took me 3 evenings following a wiki... and I fucked it up. Meanwhile in 5 minutes I got Manjaro running. Manjaro benefits from much of Arch Linux but takes a little bit of the turbo-nerd-Unix-god edge off.

Mint is a branch of Ubuntu is a branch of Debian. Most of Mint's repository seems to be Ubuntu which is always lagging behind. The repositories for Arch/Manjaro (they're the same) are much more current.

Edit: the learning curve for Arch (not Manjaro) isn't just steep, it's literally an overhanging cliff with rocks falling down on your head.

[james_s]

Arch is precisely the opposite of what the typical PC user wants. It's great as as a hardcore learning experience for the masochist but suggesting it to a noob is an almost guaranteed way to put them off Linux forever.

[AngusBeef]

Arch is precisely the opposite of what the typical PC user wants. It's great as as a hardcore learning experience for the masochist but suggesting it to a noob is an almost guaranteed way to put them off Linux forever.

Spot on. But that's where Manjaro is the best of both worlds - it gives you all the awesome of Arch without the masochism

[wilfred]

Trying to figure out what my options are other than buying a Win10 license.

In most cases windows 10 upgrade is still free. You install Windows 10 using ISO, skip entering key at install. Then after it installs and booted, you go to the settings activation window and enter in the windows 7 key. Windows activation then issues you a new win 10 key

If (just for discussion) you found a Win7 desktop on the roadside and found it to be 2.5 times better than your current machine is this one of the free Win10 upgrade options. I'm inclined to convert to an SSD and keep the HD as a WIN7 fallback if I need it for old hardware.  The WIn7 would be definitely offline only.

[AngusBeef]

Trying to figure out what my options are other than buying a Win10 license.

In most cases windows 10 upgrade is still free. You install Windows 10 using ISO, skip entering key at install. Then after it installs and booted, you go to the settings activation window and enter in the windows 7 key. Windows activation then issues you a new win 10 key

If (just for discussion) you found a Win7 desktop on the roadside and found it to be 2.5 times better than your current machine is this one of the free Win10 upgrade options. I'm inclined to convert to an SSD and keep the HD as a WIN7 fallback if I need it for old hardware.  The WIn7 would be definitely offline only.

Assuming it's got a valid Win 7 key then yes. Just read up before you use an SSD as your lone hard drive - it's 100% doable but you may run into an issue booting up if Windows formats the drive incorrectly

[james_s]

I've been running Win7 on SSDs for years on heavily used machines, never had any trouble with that.

[Jeroen3]

Windows 7 can be troublesome on nvme ssd's.

[SiliconWizard]

Windows 7 can be troublesome on nvme ssd's.

Never had a problem with this, but AFAIR, you need to install support drivers that are not part of the base OS, which may the tricky part.
I have a Samsung 960 PRO NVMe, not exactly your entry-level SSD either, but I don't think that matters much. The main point are the drivers. If you're installing WIn 7 from scratch, you need to provide them during installation (there's a specific step for that). If you're just upgrading to an NVMe an existing system, as I did, you need to (in order): 1/ install NVMe support drivers while your machine is still on your old HDD/SSD, 2/ physically install the NVMe drive, 3/ clone your partition(s) to the NVMe, and 4/ optionally remove the old drive/reformat it/do whatever you wish with it.

Failing to install the support drivers BEFORE cloning will render the cloned OS unbootable. You may of course be able to "repair" the cloned system with an install CD, but frankly the above is much simpler.