As someone mentioned upthread, that's fine until some software you rely upon starts using something not present on older versions. It's one of the points that I keep in mind with most "what OS?" discussions, the OS by itself isn't really that useful but what it lets you do is. When win7 +3 year extended support ended that was the time chromium framework dropped support, and when projects using it updated then they would also need to drop win7 support (or "your mileage may vary" territory). I expect 2028 onwards may see another gradual win10 migration wave.
The support you're paying for is security updates against 0-day attacks. Once you stop receiving those then your machine becomes open season for botnets
By definition no support protects you from a zero day attack, A one day attack? sure if the supporting org is on their toes. Most of the time it will be weeks to months. if it is patched at all.
>A one day attack? sure if the supporting org is on their toes. Most of the time it will be weeks to months. if it is patched at all.
You should look at the CVE list that's fixed every month. Surely you agree it's important to have those exploits patched, especially since baddies can reverse engineer the patches to find the original exploits?
Yes, but they can only be analyzed, patched and distributed "After" the attack is known.
A zero day attack is where there have been zero days since the attack mechanism is discovered(by the victim, not the attacker obviously), there is no after. There is no time for a fix to be developed. When you get hit one day after the attack vector is known that would be a one day attack. if you get a fix one day after the attack that would be a one day patch. If the vulnerability gets discovered and patched before the attack occurs, then there is no zero day attack. only multi day ones on people who did not get or apply the patch.
I’m not so sure if you are using a web browser. Even the best enterprise firewall with SSL decryption and the best whizz bang features probably wouldn’t stop some novel zero day RCE. WannaCry was so bad that even WinXP and Server 2000/2003 got updates.
Ah yes, everyone knows that a firewall is the ultimate defense against malware and software vulnerabilities. I'll see your firewall and raise you one web browser.
Microsoft security patches doesn’t protect you from doing that. Unsupported Win 10 behind firewall is perfectly fine, as long as you use an updated browser
Even that won't last forever. Notably, Edge is only guaranteeing updates until October 2028 [1], coinciding with the end of Windows 10's 3-year ESU period. Previously, Chromium ended support for Windows 7 at the end of its ESU period (which was also the end of support for Windows 8.1) [2]. However, Firefox continues to support Windows 7/8.1 by providing security updates for an older ESR version of Firefox 115; they appear to be re-evaluating whether to continue support every 6 months, currently set to end in March 2026.
