Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. Multiple ways of delivering exploit code to a browser exist (i.e., Drive-by Target), including:
A legitimate website is compromised, allowing adversaries to inject malicious code
Script files served to a legitimate website from a publicly writeable cloud storage bucket are modified by an adversary
Malicious ads are paid for and served through legitimate ad providers (i.e., Malvertising)
Built-in web application interfaces that allow user-controllable content are leveraged for the insertion of malicious scripts or iFrames (e.g., cross-site scripting)
Browser push notifications may also be abused by adversaries and leveraged for malicious code injection via User Execution. By clicking “allow” on browser push notifications, users may be granting a website permission to run JavaScript code on their browser.
It’s not Hollywood fantasy, as you claim. It is a well documented attack vector.
This is a browser security and PEBKAC error, nothing to do with Windows 7. You’ve simply proven my point that all these attacks are installed and run by the user. If they’re tricked by the site, that’s not on Windows 7.
Your AI generated summary, again, lacks evidence. I asked for a site, or a source where what you claim credibly happened, not just repeating the same myths in a circular series of arguments.
" via User Execution. By clicking “allow” on browser push notifications"
Which is what I said: “the only way to get this malware is to actively download it and install it, yes?”
So you agreed with me on all points, why write so much, though? A simple “yes” would suffice next time. Or “HugeNerd, as usual, is correct and his Windows 7 machine has been running 24/7 for months uncompromised through the miracle of using a hosts file, managing his router, and using his tiny old brain.”
Your AI generated summary, again, lacks evidence. I asked for a site, or a source where what you claim credibly happened, not just repeating the same myths in a circular series of arguments.
I used no AI. Had you actually paid attention you’d see that I cited my source in the first link. The summary I posted it a direct quote from that source. Just because you don’t like what you read that doesn’t automatically make it AI slop.
I don’t feel like refuting any of your other, unsourced assumptions. Good luck with your beloved Windows 7.
Hold on, before you guys keep flaming him. No script, plus zero trust DNS policies. I mean hell, you should be doing it anyway because you’re just as vulnerable to a 0 day attack or some sort of NPM malware that’s apparently going around right now.
If you really want to get crazy you could run your windows 7 OS in an immutable Virtual Environment on a lightweight Linux distribution with hardware pass through to get the most authentic experience. That’s almost bulletproof, and I’d wager infinitely more secure than running stock windows 11 on bare metal.
Which by the way, malware is generally written to target the majority, that means any windows 11 specific exploits wouldn’t work. But I know there’s a lot of unpatched exploits in 7 so I won’t even pretend that’s not there. It’s just that the likelihood that 7 is targeted just depends on who the attacker wants to go after.
Edit: and before anyone says anything about sensitive information being stolen, my response is: fuck no, you should not be putting sensitive information on a windows 7 machine at all.
Why don’t you provide evidence to your claim that the only way to get malware on an outdated os is by downloading and installing something lmfao.
A majority of users still using 7 are not technically savvy and wouldn’t likely know to harden their devices to that extent, trust me I deal with them Irl for my work at a financial company.
It’s called a Drive-by Compromise:
A legitimate website is compromised, allowing adversaries to inject malicious code
Script files served to a legitimate website from a publicly writeable cloud storage bucket are modified by an adversary
Malicious ads are paid for and served through legitimate ad providers (i.e., Malvertising)
Built-in web application interfaces that allow user-controllable content are leveraged for the insertion of malicious scripts or iFrames (e.g., cross-site scripting)
It’s not Hollywood fantasy, as you claim. It is a well documented attack vector.
This is a browser security and PEBKAC error, nothing to do with Windows 7. You’ve simply proven my point that all these attacks are installed and run by the user. If they’re tricked by the site, that’s not on Windows 7.
Your AI generated summary, again, lacks evidence. I asked for a site, or a source where what you claim credibly happened, not just repeating the same myths in a circular series of arguments.
" via User Execution. By clicking “allow” on browser push notifications"
Which is what I said: “the only way to get this malware is to actively download it and install it, yes?”
So you agreed with me on all points, why write so much, though? A simple “yes” would suffice next time. Or “HugeNerd, as usual, is correct and his Windows 7 machine has been running 24/7 for months uncompromised through the miracle of using a hosts file, managing his router, and using his tiny old brain.”
I used no AI. Had you actually paid attention you’d see that I cited my source in the first link. The summary I posted it a direct quote from that source. Just because you don’t like what you read that doesn’t automatically make it AI slop.
I don’t feel like refuting any of your other, unsourced assumptions. Good luck with your beloved Windows 7.
Hold on, before you guys keep flaming him. No script, plus zero trust DNS policies. I mean hell, you should be doing it anyway because you’re just as vulnerable to a 0 day attack or some sort of NPM malware that’s apparently going around right now.
If you really want to get crazy you could run your windows 7 OS in an immutable Virtual Environment on a lightweight Linux distribution with hardware pass through to get the most authentic experience. That’s almost bulletproof, and I’d wager infinitely more secure than running stock windows 11 on bare metal.
Which by the way, malware is generally written to target the majority, that means any windows 11 specific exploits wouldn’t work. But I know there’s a lot of unpatched exploits in 7 so I won’t even pretend that’s not there. It’s just that the likelihood that 7 is targeted just depends on who the attacker wants to go after.
Edit: and before anyone says anything about sensitive information being stolen, my response is: fuck no, you should not be putting sensitive information on a windows 7 machine at all.
Its not even the same person who replied lmfao
Why don’t you provide evidence to your claim that the only way to get malware on an outdated os is by downloading and installing something lmfao.
A majority of users still using 7 are not technically savvy and wouldn’t likely know to harden their devices to that extent, trust me I deal with them Irl for my work at a financial company.