> So, let me get this straight. If I've been lazy, postponed updates and I'm still on 8.5.8 (Oct 2023) - it turns out I'm actually...safer?

Is this surprising? My model is that keeping with the new versions is generally more dangerous than sticking with an old version, unless that old version has specific known and exploitable vulnerabilities.

▲

illiac786 2 hours ago | parent [-]

Yes, it is very much atypical. Most hacks happen because admins still haven’t applied a 2 years old patch. I hate updates, but it‘s statistically safer that running an old software version. Try exposing a windows XP to the internet and watch how long it takes before it‘s hacked.

▲

card_zero 2 hours ago | parent [-]

Debatable. "I connected Windows XP to the Internet; it was fine" - https://news.ycombinator.com/item?id=40528117

One comment there points out that XP is old enough for infected attack vectors to have all died out. I dunno.

▲

illiac786 an hour ago | parent | next [-]

https://www.tomshardware.com/software/windows/idle-windows-x...

But good we are talking about my point rather than than the example.

	▲	badsectoracula 22 minutes ago \| parent [-]
		> YouTuber Eric Parker demonstrated in a recent video how dangerous it is to connect classic Windows operating systems The video referenced in that article explicitly connects directly to the internet, using a VPN to bypass any ISP and router protections and most importantly disables any protections WinXP itself has. So yeah, if you really go out of your way to disable all security protections, you may have a problem.

▲

bigfatkitten an hour ago | parent | prev [-]

I experienced this first hand in 2014. We got to a point where drive-by exploit kits just weren’t shipping IE8, Java 6 or Windows XP payloads anymore.