Windows 10 Gets Three More Years of Security Updates, If You Can Afford Them (arstechnica.com) 80
An anonymous reader quotes a report from Ars Technica: Windows 10's end-of-support date is October 14, 2025. That's the day that most Windows 10 PCs will receive their last security update and the date when most people should find a way to move to Windows 11 to ensure that they stay secure. As it has done for other stubbornly popular versions of Windows, though, Microsoft is offering a reprieve for those who want or need to stay on Windows 10: three additional years of security updates, provided to those who can pay for the Extended Security Updates (ESU) program.
The initial announcement, written by Windows Servicing and Delivery Principal Product Manager Jason Leznek, spends most of its time encouraging users and businesses to upgrade to Windows 11 rather than staying on 10, either by updating their current computers, upgrading to new PCs or transitioning to a Windows 365 cloud-based PC instead. But when Leznek does get to the announcement of the ESU program, the details are broadly similar to the program Microsoft offered for Windows 7 a few years ago: three additional years of monthly security updates and technical support, paid for one year at a time. The company told us that "pricing will be provided at a later date," but for the Windows 7 version of the ESU program, Microsoft upped the cost of the program each year to encourage people to upgrade to a newer Windows version before they absolutely had to; the cost was also per-seat, so what you paid was proportional to the number of PCs you needed updates for.
One difference this time is that Microsoft told us it would be offering Windows 10 ESU updates to individuals, though the company didn't offer particulars. More details should be available on Windows 10's lifecycle support page soon. Leznek reiterated that Windows 10 22H2 would be the final version of Windows 10 and that the operating system would not receive any additional features during the ESU period.
The initial announcement, written by Windows Servicing and Delivery Principal Product Manager Jason Leznek, spends most of its time encouraging users and businesses to upgrade to Windows 11 rather than staying on 10, either by updating their current computers, upgrading to new PCs or transitioning to a Windows 365 cloud-based PC instead. But when Leznek does get to the announcement of the ESU program, the details are broadly similar to the program Microsoft offered for Windows 7 a few years ago: three additional years of monthly security updates and technical support, paid for one year at a time. The company told us that "pricing will be provided at a later date," but for the Windows 7 version of the ESU program, Microsoft upped the cost of the program each year to encourage people to upgrade to a newer Windows version before they absolutely had to; the cost was also per-seat, so what you paid was proportional to the number of PCs you needed updates for.
One difference this time is that Microsoft told us it would be offering Windows 10 ESU updates to individuals, though the company didn't offer particulars. More details should be available on Windows 10's lifecycle support page soon. Leznek reiterated that Windows 10 22H2 would be the final version of Windows 10 and that the operating system would not receive any additional features during the ESU period.
If you can afford them (Score:3, Insightful)
Don't do drugs. (Score:3)
Don't use Crack.
Don't do drugs.
Use Linux.
Comedy gold. (Score:5, Informative)
and the date when most people should find a way to move to Windows 11 to ensure that they stay secure.
If you do, you're doing security wrong. There is absolutely nothing about Windows 11 that would even remotely "ensure" that you would "stay secure" over Windows 10 - most of the same shitty security design and implementations exist in both.
Re: (Score:2)
Re: (Score:3, Insightful)
dontcha know, it's far easier for MS to shit out another substandard OS with even more mommying and reduction in user control than to patch whatever security holes come up in an existing, already finished OS. If you believe their marketing department that is. It's mildly insulting that they couch it as it being some form of benevolence on their part, that they're pushing you to 11 for your own good.
Computers/technology are weird in that perfectly functional and workable devices get bricked due to 'advance
Re:Comedy gold. (Score:5, Informative)
Let's start by agreeing that Windows 10 and 11 are both security nightmares.
However, it's not that Windows 11 is somehow inherently more secure. It's about support. As software ages, if there is no ongoing support process that includes security fixes, the software becomes less and less secure. Windows 11 will become more secure than Windows 10 over time, for the simple reason that Windows 10 will one day no longer be maintained.
Re: (Score:2, Interesting)
[citation needed] Seriously. People keep repeating this without evidence from the field or weak theory for support (if they bother). Not only have OSes with extended exposure in the field had ample time to be hardened to a 'good enough' state for typical home users, there's no guarantee that issues found in newer versions relate to older versions.In fact there's probably a better claim that newer ve
Re:Comedy gold. (Score:5, Insightful)
The assumption you're making here is that security vulnerabilities fixed on windows 11 aren't "backwards compatible" to Windows 10 or other earlier OS. By and large, they are. Attackers regularly reverse engineer high value exploits after patch Tuesday because they are still usable on unpatched and EOL machines in enterprises. By hanging onto that 2008/2012/Win10 RTM machine you've got a growing list of exploits essentially forever with no workaround or mitigations until you upgrade them.
This is the basis behind the upgrade or air gap rule for EOL systems.
Re: (Score:2)
Re: (Score:2)
Let's start by agreeing that Windows 10 and 11 are both security nightmares.
However, it's not that Windows 11 is somehow inherently more secure. It's about support. As software ages, if there is no ongoing support process that includes security fixes, the software becomes less and less secure. Windows 11 will become more secure than Windows 10 over time, for the simple reason that Windows 10 will one day no longer be maintained.
How much does relative security matter in the real world? Most Windows clients are single user systems hidden behind stealth mode firewalls. For many the software that matters WRT exploitable vulnerabilities is the browser. The most likely vector of attack by far is social engineering.
Re: (Score:1)
Relative security is the *only* security that matters in the real world. Security is always an arms race.
You lock your car, the person in the next parking space doesn't. The thief will generally pick the easier target.
Round 2: everybody locks their car, you have an engine immobilizer, the next car doesn't. The thief will generally pick the easier target. https://www.cnn.com/2023/04/21... [cnn.com]
Round 3...n.
You are correct about social engineering. Again, it's an arms race. The harder the OS makes it for clueless us
Re: (Score:2)
Relative security is the *only* security that matters in the real world. Security is always an arms race.
You lock your car, the person in the next parking space doesn't. The thief will generally pick the easier target.
Round 2: everybody locks their car, you have an engine immobilizer, the next car doesn't. The thief will generally pick the easier target. https://www.cnn.com/2023/04/21 [cnn.com]...
Round 3...n.
As near as I can tell you seem to be saying there is a fixed number of people who will be owned and the distribution of that ownage will rest on operating system version. I just can't see how either statement makes much sense in cyberspace where attacks are mostly automated and untargeted.
In other words why would a thief ever want to pick and choose when they can direct robots to steal both vehicles?
You are correct about social engineering. Again, it's an arms race. The harder the OS makes it for clueless users to get into trouble, the less social engineering will work.
If you look at something like Windows where everything runs in the context of the user and the user has full
Re: (Score:2)
As near as I can tell you seem to be saying there is a fixed number of people who will be owned and the distribution of that ownage will rest on operating system version. I just can't see how either statement makes much sense in cyberspace where attacks are mostly automated and untargeted.
Nope, I didn't say that. In fact, the article I linked explained that, with increased security, car thefts have gone down. The same is true with increased software security. If it makes it harder to break in, fewer people will succeed.
If you look at something like Windows where everything runs in the context of the user and the user has full access to the system.
This hasn't been true for a long time. Many types of operations now require elevated permissions, and aren't accessible to normally running processes.
Here there is a vastly different security model involving end to end cryptography and single use tokens vs permanent identifiers that are trivially readable by anyone who wants to read them. Where is the analogue of such a vast change WRT Windows 10 v. 11...?
First, credit card chips (at least in the US) simply return a fixed identifier to the reader, it is not a single use token.
As f
Re: (Score:2)
Nope, I didn't say that. In fact, the article I linked explained that, with increased security, car thefts have gone down. The same is true with increased software security. If it makes it harder to break in, fewer people will succeed.
I didn't know how to interpret "The thief will generally pick the easier target. ". What do you believe is being made substantively harder in the analogy?
If you look at something like Windows where everything runs in the context of the user and the user has full access to the system.
This hasn't been true for a long time. Many types of operations now require elevated permissions, and aren't accessible to normally running processes.
??? I'm looking at a Windows system right now in task manager and sorting by user. All of my programs are running in the context of my user account. If I right click on a desktop program and select "run as administrator" it runs with full privileges which is sufficient to impersonate other accounts including Trusted Installer.
First, credit card chips (at least in the US) simply return a fixed identifier to the reader, it is not a single use token.
In EMV parlance it's called
Re: (Score:2)
I didn't know how to interpret "The thief will generally pick the easier target. ". What do you believe is being made substantively harder in the analogy?
The most obvious example is MFA.
??? I'm looking at a Windows system right now in task manager and sorting by user. All of my programs are running in the context of my user account. If I right click on a desktop program and select "run as administrator" it runs with full privileges which is sufficient to impersonate other accounts including Trusted Installer.
YOU are undoubtedly a local admin. This is not the typical use case any longer, for non-technical users, who are normally NOT local admins.
You are correct about the credit card chip.
what I'm looking for is what do you believe is such an analogous step change across Windows versions?
MFA, UAC, locking down Program Files and Windows folders, Windows Hello. These are some examples of ways security has been increased over time. The older an old version gets, the less likely these types of security enhancements will be applied to the old OS.
MFA combined with UAC can protect your s
Re: (Score:2)
As I grok your point and mostly agree on it, cars are actually a poor example. Car thieves are often out for a specific make, model and color car. In the Netherlands you can buy a "total-loss"-car. You can repair it and then offer the car up to the road safety element of the government body. And if in their investigation the repaired car is road-worthy, they provide a document, making the car legit. With that document, the car is then sold to an unsuspecting buyer.
What really happens is that the "total-loss
Re: (Score:2)
Your "sophisticated" car thief no doubt does exist, but they aren't necessarily the predominant variety. Most car thieves are just plain stupid and greedy, as are most script kiddies.
Re: (Score:2)
As software ages, if there is no ongoing support process that includes security fixes, the software becomes less and less secure. Windows 11 will become more secure than Windows 10 over time, for the simple reason that Windows 10 will one day no longer be maintained.
Is stays as secure as it was - the security defects were present whether they were discovered or not... Without patches the defects does not decrease though...
Practically the impact of the defects does increase when they are widely known. No public knowledge of them does not mean they don't pose a danger or that small groups are not actively exploiting the flaws.
Re: (Score:2)
It's not really true that security defects were present whether they were discovered or not. Over time, new tools and techniques are created to exploit vulnerabilities. These new techniques are able to exploit security flaws that couldn't be exploited before.
Security is always an arms race. There is no such thing as an "absolute" standard of security. Security is measured in the context of the techniques available to those who want to circumvent it.
For example, once upon a time, a 64-bit password was consid
ESU (Score:5, Informative)
"that the operating system would not receive any additional features during the ESU period."
Good. We don't want additional "features".
Re:ESU (Score:5, Interesting)
i go out of my way to make sure my windows 10 computer doesn't receive any "features" (or updates). It works just fine as is, thank you very much.
Re: (Score:2)
yeah - this
I block all updates and don't do anything dumb/unsafe with my computer and haven't had an issue pretty much ever...
big benefit being that updates in the past have caused more harm than good with microsoft...
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
"New feature" is often a coded way of saying, "We changed something to justify our jobs." That then made you have to learn something new that worked just fine before.
It reminds me of going from genuine vi to vim years ago. I made the switch because I was using Linux and it required no changes in my behavior. I then could try new features at my leisure, if I so desired. To this day I don't use most of the "new" features. Pretty much just cut and paste. It was a switch/upgrade that didn't require me to use it
Windows 365 (Score:5, Informative)
To my shame, I had never heard of Windows 365 before. So I checked it.
Holy bananas... it's incredibly expensive.
Re: (Score:2)
Re: (Score:2)
Windows 365 isn't an OS, it's a VM. $66 a month for a Windows VM with 2vcpu and 16GB of RAM does not seem to be all that expensive.
Re: (Score:2)
Because you compare it with other VMs.
Quoting TFS (relevant excerpts in bold):
encouraging users and businesses to upgrade to Windows 11 rather than staying on 10, either by updating their current computers, upgrading to new PCs or transitioning to a Windows 365 cloud-based PC instead
$66 per month is close to $800 per year.
The average life span of a laptop is, say, 3 years (maybe more, but what the heck, I feel generous).
Between a new desktop/laptop with Windows 11 license and paying for the above-mentioned VM for three years, each for $2400, which one would you choose?
The laptop would have better hardware specs, be 100% yours, would not need a client to use, and after three years, if kept in reasonably good c
Re: (Score:2)
Because you compare it with other VMs.
You know that scene in Infinity War where Peter Dinklage looks really confused and says, "Yes... that's what killing you means?" That's me right now. Yes, I am comparing it with other VMs because that's what it is.
Between a new desktop/laptop with Windows 11 license and paying for the above-mentioned VM for three years, each for $2400, which one would you choose?
Depends on my application. For home use, almost certainly not (unless I had an application where having a client sitting in a well connected data center would be beneficial). For business use? Well, if my infrastructure all lived in Azure and my applications lived in Azure, the Azure based VDI
Re: (Score:2)
I tried to make the point twice now, here's a third time.
It was also an encouragement to users, regular people, average joes, to transition to cloud-based VMs. For that target. it's too expensive.
That's all.
Re: (Score:2)
Not all that expensive?
When compared apples to apples to other VMs with those resources, no, it's not all that expensive.
If you spend that for 5 years, you'll have spent $3960. Spend $3960 on a computer and you'll have a REALLY nice computer, with a lot more than 16GB RAM and a a dozen or more CPU cores.
Sure, an i7,128GB of RAM, a couple of TB of NVMe storage, and a really nice graphics card will come in quite a bit cheaper than that. Which is great and all, but not especially useful if what I actually need is a VM sitting in a well connected data center.
People should find a way to move to Linux (Score:2, Insightful)
Re:People should find a way to move to Linux (Score:5, Funny)
If I wanted to convince someone to use Linux, I'd do my best to hide from them that DistroWatch exists.
Re: (Score:2)
And this is the rub with Linux, for most regular people. Answering that first question is no simple chore: "Which distro should I choose?"
If you're in a grocery store looking at 600 different brands of coffee, you're going to have a hard time choosing. If there are half a dozen, you probably can make that choice a little more easily.
There are around 600 Linux distros. https://truelist.co/blog/linux... [truelist.co]. Even as a guy who has built and set up several distros myself, I'm not sure which one I would choose for g
Re:People should find a way to move to Linux (Score:4, Informative)
For me, the answer to this is simple: Mint with MATE.
Classic and traditional GUI, up to date packages and fairly long term support, with the hope of an in-place upgrade in the future (didn't work for me last time I tried).
Re:People should find a way to move to Linux (Score:4, Interesting)
My MythTV DVR started in 2004 with Debian on x86. The same OS has been upgraded incrementally over the years, including switches in-place to 64-bit and to Devuan. It has been migrated to new disks and motherboards.
Is it, like the Ship of Theseus, the same entity after all that time?
There were occasional hiccups, usually from incautious use of "apt dist-upgrade", but it still runs. I doubt it would have fared as well with an RPM-based distro.
Re: (Score:1)
I've done the same with Fedora...16 years running 24/7.
What is your doubt based on?
Re: (Score:2)
Red Hat first releasing, then sometimes withdrawing, procedures for in-place upgrades between major releases, especially with the transition to that bloatware systemd between RHEL 6 and RHEL 7.
The procedure for going from RHEL 7 to RHEL 8 is needlessly complicated.
This is based on RHEL in my job environment.
Going from one major release to another in a Debian-based distro is usually less painful, sometimes even seamless.
If you started with Fedora from the start, your experience may differ from mine, and Fedo
Re: (Score:2)
the hope of an in-place upgrade
Sounds great! One day you "hope" the upgrade will work! Now, imagine an 80-something who struggles to figure out a TV remote, finding a way to "love" that!
Re: (Score:2)
Second that. I also have been using Linux Mint host for a few years. Feels at home to a Windows user.
Re: (Score:3)
Sounds like a support nightmare. The best Linux distro is ChromeOS. It really does just work, it updates quietly and automatically, and since moving family members to it the only tech support issues I've had to deal with have been related to WiFi routers dying.
Re:People should find a way to move to Linux (Score:5, Insightful)
Here is an easy answer: Ubuntu.
It is very mature, super-usable, corporate-backed, large software library, options for ordinary desktop users and business users. There are distros that derive from this one with various fancy options and trade-offs, and none of them are necessary.
I have worked with Fedora as well, and found Ubuntu to be more stable and more reliable across upgrades. Much more, in fact.
People love their favorite distros and will argue vehemently about this or that advantage....but for someone who is timid about Linux I think that vanilla Ubuntu is by far the best starting point.
Re: (Score:2)
OK, so yes, Ubuntu is a good choice.
Now, how do we convince regular people of this? You might be able to convince your friends and/or relatives. But the vast majority of potential users...don't know you and therefore can't be convinced by you.
Most non-technical people don't research OSes like this. They don't have a clue, and they don't really want to take the time to get a clue. They want the option they've heard of, that all their friends use, and that their grandkids can help them figure out. And that's
Re: (Score:2)
Re: (Score:2)
Fun for whom? Nerds like us who hang around Slashdot? Maybe. Non-nerds like my elderly in-laws, who can't figure out how to "download" pictures from their digital camera onto their PC? Probably not going to be fun, ever.
Re: (Score:2)
Back when computing was "fun," only we computer nerds used computers. Everybody else, not so much.
That's kind of how technology works. It's fun, until everybody jumps onto the bandwagon, and then it's just work.
Re:If They Would Have Stuck With DOS (Score:4, Informative)
I almost never use the command prompt, nor have I needed to configure a text file in years. This is using Ubuntu Linux, which is nothing at all like DOS.
Incidentally, Free DOS [freedos.org] exists. And it's not Linux. Nor is it anything like Linux.
Re: (Score:1)
Re: (Score:3)
Unbreakable? There is, and never will be, any unbreakable software. Not even one single title.
The problem is that software is complex, and complexity breeds fragility. There is no getting around that.
And...who wants to set up a system by messing around with text file configurations? I'm a developer who grew up on DOS, and I certainly don't.
Coasting (Score:1)
I usually upgrade Windows when my PC dies and I need a new one. Most of my home PC's last about 7 years*. Rather than do the annoying conversion dance, I just may pay for the security updates until my current PC croaks.
* One got a nasty virus rather than hardware failure, but rather than clean it I figured it was time for new hardware anyhow.
So... no more features for Win 10? (Score:2)
I thought you wanted to convince people to move away from it. No new features is pretty much what everyone wants, you know the usual "new MS feature" question, right?
Can I turn it off and if, how?
Pray I Do Not Alter It Further (Score:5, Informative)
I'm old enough to remember when Microsoft said Windows 10 was going to be the last version of Windows and it was rolling release from here on out.
Can't charge for 'extended updates' and upgrades that way!
People at the time were saying all the money was in Office. :shrug:
Re: (Score:2, Troll)
I'm old enough to remember when Microsoft said Windows 10 was going to be the last version of Windows and it was rolling release from here on out.
It is still a rolling release. Most, if not all the codebase of Win11 was derived from the current (at the time) Win10. And, if your HW qualifies, is free to go from Win10 to Win11. In that sense, it was just a change of name.
The change in name was driven by a steep change in requirements, so that Joe Sixpack and Jane the plumber knew that, this time around they needed to look a little bit more carefully to decide if their HW was compatible or not. Imagnine if Jane the plumber and/or Joe sixpack had to deco
Re: (Score:3)
The only reason that Microsoft released Windows 11 was to drop support for older hardware. They realized that supporting older systems was costing them a lot of money, and making it difficult to roll out new features like enhanced security that requires TPM 2.0, when they had to maintain full compatibility with every machine that could run Windows 10 when it launched back in 2015.
I think anyone really looking at their claim that Windows 10 would be the last version could see this coming. They could have jus
Good news, even if you do not qualify for ESU (Score:4, Insightful)
The precense of the ESU means that, most likely, Google and Firefox will support their browsers in 22h2 until the ESU runs out (like they did in the past).
Google supporting chrom(ium) means that Valve can support the client in 22h2 until a little while after the ESU runs out.
Also, some other SW houses (that are not very relevant to my use case, but may be relevant to yours) are known to support Win* as long as the ESU is running, no questions asked.
Good news for people like me, with machines that have ample performance, but can not go to Win11 (in my case, a Mac mini with 6 cores, an 8th gen proc and ample memory, and a Sonnos Box with a dedicated GPU over TB3)
If you need support beyond ~2028 when the ESU Runs out:
Win10 LTSC 2019 will be supported until ~2029
Win10 IoT 2021 will be supported until ~2031
Caveat emptor with both.
Or ... (Score:1)
Windows 10's end-of-support date is October 14, 2025. That's the day that most Windows 10 PCs will receive their last security update and the date when most people should find a way to move to Windows 11 to ensure that they stay secure.
I'll finish moving to Linux (Mint) full-time. So far I've been lazy -- all of my systems are too old to (officially) run Windows 11.
Also, ... "Windows 11 to ensure that they stay secure" -- are Windows 10/11 users secure now?
HOW MUCH TO BRING BACK OUTLOOK EXPRESS??! (Score:1)
Best email client ever. Gmail can suck it.
The biggest problem... (Score:5, Informative)
That means hundreds of millions of PCs waiting to be compromised by malware networks, just waiting to ruin everyone's day because they will still be sharing the same Internet as your PC.
Re: (Score:3)
Another problem, with my desktop PC, it doesn't have a TPM, which is required by Windows 11
I couldn't upgrade even if I wanted to. It's been going fine for the last 6 years, there's no reason it won't be around in 2 years time.
Re: (Score:3)
Re: (Score:2)
The CPU requirements can be bypassed as well, but Microsoft threatens to block updates [microsoft.com].
Re: (Score:2)
They also provide zero support
If you proceed with installing Windows 11, your PC will no longer be supported and won't be entitled to receive updates
Re: (Score:3)
Re: (Score:2)
My CPU is capable, but I purposefully alter it so it is not perceived as capable. It keeps Windows 10 from nagging me overly much or surprising me with an unrequested 'upgrade'.
I think I may be done with computing entirely. I am tired of this shit.
Ditch the unnecessary UI Changes (Score:2)
In a twist of fate, Windows 10 will be the last (Score:2)
I know they walked back that announcement, but it will be the last Windows I'll use on my computers, and only as long as the Windows 7 key activations survive. Then it's no more Windows for me.
"Nice operating system you have there." (Score:2)
And all Mac OS updates are free.... (Score:1)
Re: And all Mac OS updates are free.... (Score:1)