Cybersecurity firm ESET is urging Windows 10 users to upgrade to Windows 11 or Linux to avoid a “security fiasco” as the 10-year-old operating system nears the end of support in October 2025.
“It’s five minutes to twelve to avoid a security fiasco for 2025,” explains ESET security expert Thorsten Urbanski.
I really should update
To Linux of course
Definitely should
Gotta get my new laptop so I have a back up computer in case I fuck things up.
But I also should really update.
This is a good time to convince your employer that the company should switch to Linux workstations.
What is the active directory replacement for Linux?
Is my antivirus supported?
How about that program that Bill Jenkins coded 30 years ago That’s still integral to daily operations.
…
I could probably upgrade a third of my company to Linux, but then I would have to support multiple operating systems and employees who could barely understand where the start menu was in Windows.
What is the active directory replacement for Linux?
Client or server? Doesn’t matter, since samba provides both.
Is my antivirus supported
In the same sense that airplane seats have life jackets, yes.
How about that program that Bill Jenkins coded 30 years ago That’s still integral to daily operations.
-
Get better app maintenance and life-cycling and you’ll know already.
-
If it’s thirty years old and coded for windows 3.11, it probably won’t run on windows11. If it’s 30 years old and coded for sun4 or Linux 1.2.13, it can likely be ported.
-
Qemu.
-
Comically I did this at a job, porting an old app forward while my peer redeployed a 4-year-old perl web tool. My c;m;mi was done way before his perl dep hell caused him to just redo it all in c.
Recommending Samba is dangerous, it’ll work okay until it doesn’t. And when that happens you’re better off rebuilding the entire domain then trying to figure out why the PDC stopped trusting itself or some other bullshit.
Also they’re only up to 2016 functional level.
Unrealistic, especially for large and/or old companies that already typically have understaffed IT departments.
Investments like switching the entire OS vendor have to have a very, very good reason.
-
Lol
As long as you have a TPM.
It also takes 15 minutes to upgrade to Linux, with no such requirement.
Even on Linux, it’s probably a good idea to set up SecureBoot with your TPM. Very few distros will automatically set this up for you, but I know for sure that Ubuntu and Fedora do this by default.
Can you explicate why I should want either SecureBoot or a TPM in a Linux environment?
Per the arch wiki for Secure Boot:
Secure Boot is a security feature found in the UEFIstandard, designed to add a layer of protection to the pre-boot process: by maintaining a cryptographically signed list of binaries authorized or forbidden to run at boot, it helps in improving the confidence that the machine core boot components (boot manager, kernel, initramfs) have not been tampered with.
As such it can be seen as a continuation or complement to the efforts in securing one’s computing environment, reducing the attack surface that other software security solutions such as system encryption cannot easily cover, while being totally distinct and not dependent on them. Secure Boot just stands on its own as a component of current security practices, with its own set of pros and cons.
Note: For a deeper overview about Secure Boot in Linux, see Rodsbooks’ Secure Boot article and other online resources.
Per arch wiki for TPM:
Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, which is a dedicated microprocessor designed to secure hardware by integrating cryptographic keys into devices.
In practice a TPM can be used for various different security applications such as secure boot, key storage and random number generation.
TPM is naturally supported only on devices that have TPM hardware support. If your hardware has TPM support but it is not showing up, it might need to be enabled in the BIOS settings.
Note: There are two very different TPM specifications: 2.0 and 1.2, which also use different software stacks.
All that to say this is still not as secure as it could be (since it lacks some decent remote attestation), but security is best in layers, so a Secure Boot setup can be a great way to protect your pre-boot process.
As a normal person I don’t think there’s a good reason. It just makes it harder for someone to get into your system/recover your data if there’s a problem with the machine (or if it’s stolen but personally I think it’s less likely for that to happen for the majority of people). If it’s a company PC with sensitive info on it that’s backed up elsewhere then yea you want to prevent people from getting into that thing as much as possible.
Bazzite and probably other uBlue distros, which are all based on some Fedora atomic variant, also do this by default and have instructions for setting it up later, if you choose not to do it at install.
's probably a good idea to set up SecureBoot with your TPM.
How does this work?
Depends on your distros documentation, but essentially it verifies your UEFI, OS kernel, and other boot processes haven’t been tampered with based on cryptographic signatures. Its really a neat setup.
Can you keep a dual boot while still accessing files from either?
Yes, my Fedora install is happy to pull files from NTFS with no adjustments, and there must be some Windows software that can read the LVM of Fedora.
That’s assuming they are either not encrypted or you know the encryption keys.
What does that protect against other than physical attacks?
I have it switched on but I never had a second thought about it.
Files on your Windows disks can be accessed from Linux if you dual-boot.
People planning to migrate to Linux should probably allow themselves more than 15 minutes for the process of backing up all the things, choosing a distro, installing it, finding out what software is available, what needs to be learned, what needs to be given up, what new things are available, configuring everything, and getting used to using it.
It’s a pretty big job. You’ve got to do it eventually though, might as well get started.
I’d argue it’s no bigger job than keeping up with Windows.
Switching to 11 would cause more than 15 minutes of headaches as well.
I’ve seen a some of ancient enterprise laptops upgraded to 11, so I thought a slightly newer gaming laptop should be just fine. Wrong! Having more powerful hardware wasn’t enough, since that CPU isn’t supported by W11. Seems like Microsoft is really trying to make sure perfectly functional hardware gets thrown away.
Hey, if you can’t run their DRM, they don’t want you upgrading. Buy and consume.
Sounds like ESET is happy to blame people for not having enough money to buy new computers or enough time and experience to switch to Linux.
Makes me wonder what necessitates this “security disaster”. Surely, there is no other reasonable course of action that anyone aside from the consumer could take. I’m sure that ESET is only interested in avoiding security issues in writing that it would be the consumer’s fault for not replacing their OS on, say, a two year old appliance to an entirely different, worse version that has different and unnecessary hardware requirements.
I mean their job is cybersecurity. Warning people that their OS is about to no longer receive security updates from the vendor seems pretty reasonable. They have no control over Microsoft’s business decisions. The fact ESET even points out that people could move to Linux and get out of the Microsoft ecosystem is at least something.
Also, obligatory, “Fuck Microsoft.”
I don’t disagree, and also I think it would be better if this were framed as a failing of Microsoft instead of being on the consumer.
I started duel booting with Linux over the weekend so I can ease myself into outright switching. Unfortunately I’m stuck with Windows 11 for my work computer and it’s honestly surprising how bad it is for productivity. All the bloatware, notifications, and unnecessary addictions/changes makes working with Windows 11 frustrating. I’m sure it’s decent for gaming and general use, but when I have to use it for actual work it’s a significant downgrade. Plus it’s getting significantly harder to use the software that I need for my job. I’ve had to start going into the registry and download 3rd party software just to do my job. And don’t even get me started on Microsoft 365.
Welcome, have a glass of wine🍷
Running Windows after experiencing Linux for a while is indeed quite frustrating, with constant distractions, poor customizations and an ever-present feeling that the system could run a bit faster.
Hope you’ll be able to move more of your workloads to Linux. Make sure to familiarize yourself with capabilities of Wine (a compatibility layer allowing to run Windows apps on Linux), as well as full-on virtualization and WinApps for programs that refuse to run on Linux under other circumstances. Also, Linux has native apps for just about everything, for when you don’t need a very specific Windows-only program!
Team Penguin all the way!
En garde!
Just curious, what do you do for work where you need special stuff like that? Also why are you allowed to edit the registry and download third party apps on your work computer? What previously built in features/apps does Win 11 lack so that you need third party apps?
I’m a CAD tech for a land surveying company. We do a lot of things like 3D scanning and hydrographic surveying as well. A lot of the software that we use for hydrographic surveying and 3D scanning is relatively old and cryptic. Still updated to this day but definitely not what some would consider “modern.” Some of the software just doesn’t work or has huge performance issues in Windows 11 without changing the way Windows works with the software. And the compatibility mode that Windows 11 offers isn’t robust enough to get some of them to work so I have to download third party software as a work around. And with every update there’s always a new and exciting way it fucks with the something I need to get my job done.
I’m sure there are more, but off the top of my head the new right click menu doesn’t even have half the shit I need. So I had to go into the registry to get the old one back because I was tired of clicking the “more options” button every time I needed to run a program as administrator for example. Add onto that the constant notifications for features that our company doesn’t use get shoved in my face is constantly annoying. I’ve had to uninstall so much bloatware just to get it to shut up.
It’s not like it’s the worst OS I’ve ever used. It’s just all the little things that add up over time that generally makes things more difficult or frustrating. I’ve had to troubleshoot more issues with using Windows 11 than I can even count and with each update the list only grows.
I highly recommend ExplorerPatcher to anyone I know coming to win 11 from win 10, its a quick way to get the win 10 right click menu back along with a lot of other useful things. Can switch between the previous UIs of windows explorer and it has some cool start menu options too.
Just so you know, if you hold down shift and right-click on something, run as admin is there.
Ctrl+Shift+Click or Ctrl+Shift+Enter will launch most things as elevated. Works in Start, taskbar, run dialog, explorer, etc.
also if its on your taskbar you can right click on the icon>properties>Advanced and check the box to run as administrator every time.
Ah, I have heard that CAD stuff can be weird. I hate when software isn’t supported properly by the seller.
It’s pretty bad that the program can’t be run without admin, that could possibly be fixed by IT. But a tip is to hold down shift and ctrl when clicking on a program. It will run the program as an admin.
This isn’t a Windows issue. It’s a app vendor issue.
Well it’s both. There’s no reason Windows can’t open a program that is still being updated to this day and the vender needs to optimize their shit before everyone switches.
Well, Windows is generally very backwards compatible but there is a limit to that. It’s simply unreasonable of vendors to expect that everything will always be completly backwards compatible and that they don’t have to fix their product. Windows can’t be the one that has to fix every single problem for every single app.
If the vendor actually updates their product they should consider actually updating and making it compatible with the newest releases of the biggest operating system.
Basically if it can’t run on win 11 by now it’s pretty much abandonware even if the vendor technically patches a few things here and there.
Not the other user but I support a whole load of apps that run everything you can think of: printers, x-ray machines, radio frequency modelling, surveying equipment, forensic software/hardware, etc… it’s a lot. The Windows 10 upgrade hit us hard enough but this one has been on another level, now that Microsoft is also consistently a source of issues. Updates get forced through sometimes, Microsoft turns on random experimental features in our environment, and some shit just cannot reliably be blocked or controlled at all.
Windows was sometimes annoying or difficult, but now it is hostile. This is unacceptable.
Sounds like a threat
Please bro, update to windows 11.
Linux isn’t just a 5 minutes upgrade either.
Windows, what a joke OS.
I think that blurb is referencing the Doomsday Clock:
the Clock is a metaphor, not a prediction, for threats to humanity from unchecked scientific and technological advances. That is, the time on the Clock is not to be interpreted as actual time. A hypothetical global catastrophe is represented by midnight on the Clock, with the Bulletin’s opinion on how close the world is to one represented by a certain number of minutes or seconds to midnight, which is then assessed in January of each year.
Ooh absolutely read that too fast as 5-12 minutes linux install. My bad!
No doubt. Same, but your comment made me double check. It was good reading anyway!
Man, the Windows XP computer I have up in the attic is currently feeling unusually tense.
Look, I think MS should not discontinue support…
…but the weird amplification of the panic around it seems to me like it actively ignore the user patterns (and security outcomes) we’ve seen from Windows users for the last three decades. If this was less panicky and more targeted to business users I would take it more seriously. Getting some Y2K vibes from this whole thing.
When they allow me to put the damn taskbar where I want I will consider it.
