Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Windows Microsoft Security

Windows 10 Gets Three More Years of Security Updates, If You Can Afford Them (arstechnica.com) 80

An anonymous reader quotes a report from Ars Technica: Windows 10's end-of-support date is October 14, 2025. That's the day that most Windows 10 PCs will receive their last security update and the date when most people should find a way to move to Windows 11 to ensure that they stay secure. As it has done for other stubbornly popular versions of Windows, though, Microsoft is offering a reprieve for those who want or need to stay on Windows 10: three additional years of security updates, provided to those who can pay for the Extended Security Updates (ESU) program.

The initial announcement, written by Windows Servicing and Delivery Principal Product Manager Jason Leznek, spends most of its time encouraging users and businesses to upgrade to Windows 11 rather than staying on 10, either by updating their current computers, upgrading to new PCs or transitioning to a Windows 365 cloud-based PC instead. But when Leznek does get to the announcement of the ESU program, the details are broadly similar to the program Microsoft offered for Windows 7 a few years ago: three additional years of monthly security updates and technical support, paid for one year at a time. The company told us that "pricing will be provided at a later date," but for the Windows 7 version of the ESU program, Microsoft upped the cost of the program each year to encourage people to upgrade to a newer Windows version before they absolutely had to; the cost was also per-seat, so what you paid was proportional to the number of PCs you needed updates for.

One difference this time is that Microsoft told us it would be offering Windows 10 ESU updates to individuals, though the company didn't offer particulars. More details should be available on Windows 10's lifecycle support page soon. Leznek reiterated that Windows 10 22H2 would be the final version of Windows 10 and that the operating system would not receive any additional features during the ESU period.

This discussion has been archived. No new comments can be posted.

Windows 10 Gets Three More Years of Security Updates, If You Can Afford Them

Comments Filter:
  • by Anonymous Coward on Tuesday December 05, 2023 @06:32PM (#64058281)
    or bypass the check with a suitable crack.
  • Comedy gold. (Score:5, Informative)

    by MachineShedFred ( 621896 ) on Tuesday December 05, 2023 @06:33PM (#64058285) Journal

    and the date when most people should find a way to move to Windows 11 to ensure that they stay secure.

    If you do, you're doing security wrong. There is absolutely nothing about Windows 11 that would even remotely "ensure" that you would "stay secure" over Windows 10 - most of the same shitty security design and implementations exist in both.

    • For once we agree. It's lipstick on a pig.
    • Re: (Score:3, Insightful)

      by rogoshen1 ( 2922505 )

      dontcha know, it's far easier for MS to shit out another substandard OS with even more mommying and reduction in user control than to patch whatever security holes come up in an existing, already finished OS. If you believe their marketing department that is. It's mildly insulting that they couch it as it being some form of benevolence on their part, that they're pushing you to 11 for your own good.

      Computers/technology are weird in that perfectly functional and workable devices get bricked due to 'advance

    • Re:Comedy gold. (Score:5, Informative)

      by Tony Isaac ( 1301187 ) on Tuesday December 05, 2023 @07:29PM (#64058453) Homepage

      Let's start by agreeing that Windows 10 and 11 are both security nightmares.

      However, it's not that Windows 11 is somehow inherently more secure. It's about support. As software ages, if there is no ongoing support process that includes security fixes, the software becomes less and less secure. Windows 11 will become more secure than Windows 10 over time, for the simple reason that Windows 10 will one day no longer be maintained.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        if there is no ongoing support process that includes security fixes, the software becomes less and less secure

        [citation needed] Seriously. People keep repeating this without evidence from the field or weak theory for support (if they bother). Not only have OSes with extended exposure in the field had ample time to be hardened to a 'good enough' state for typical home users, there's no guarantee that issues found in newer versions relate to older versions.In fact there's probably a better claim that newer ve

        • Re:Comedy gold. (Score:5, Insightful)

          by ElizabethGreene ( 1185405 ) on Tuesday December 05, 2023 @11:12PM (#64058909)

          The assumption you're making here is that security vulnerabilities fixed on windows 11 aren't "backwards compatible" to Windows 10 or other earlier OS. By and large, they are. Attackers regularly reverse engineer high value exploits after patch Tuesday because they are still usable on unpatched and EOL machines in enterprises. By hanging onto that 2008/2012/Win10 RTM machine you've got a growing list of exploits essentially forever with no workaround or mitigations until you upgrade them.

          This is the basis behind the upgrade or air gap rule for EOL systems.

        • by dbialac ( 320955 )
          I had a friend years ago who was running Solaris 1.x on his systems. Somebody tried to hack into it and install Linux. The hacker, who obviously wasn't particularly good, couldn't get anything to work and left the system. A quick restore from a nightly backup and he was back to normal. It was late enough that his system could be hacked, but the tools to do anything with it didn't exist anymore.
      • Let's start by agreeing that Windows 10 and 11 are both security nightmares.

        However, it's not that Windows 11 is somehow inherently more secure. It's about support. As software ages, if there is no ongoing support process that includes security fixes, the software becomes less and less secure. Windows 11 will become more secure than Windows 10 over time, for the simple reason that Windows 10 will one day no longer be maintained.

        How much does relative security matter in the real world? Most Windows clients are single user systems hidden behind stealth mode firewalls. For many the software that matters WRT exploitable vulnerabilities is the browser. The most likely vector of attack by far is social engineering.

        • Relative security is the *only* security that matters in the real world. Security is always an arms race.

          You lock your car, the person in the next parking space doesn't. The thief will generally pick the easier target.
          Round 2: everybody locks their car, you have an engine immobilizer, the next car doesn't. The thief will generally pick the easier target. https://www.cnn.com/2023/04/21... [cnn.com]
          Round 3...n.

          You are correct about social engineering. Again, it's an arms race. The harder the OS makes it for clueless us

          • Relative security is the *only* security that matters in the real world. Security is always an arms race.

            You lock your car, the person in the next parking space doesn't. The thief will generally pick the easier target.
            Round 2: everybody locks their car, you have an engine immobilizer, the next car doesn't. The thief will generally pick the easier target. https://www.cnn.com/2023/04/21 [cnn.com]...
            Round 3...n.

            As near as I can tell you seem to be saying there is a fixed number of people who will be owned and the distribution of that ownage will rest on operating system version. I just can't see how either statement makes much sense in cyberspace where attacks are mostly automated and untargeted.

            In other words why would a thief ever want to pick and choose when they can direct robots to steal both vehicles?

            You are correct about social engineering. Again, it's an arms race. The harder the OS makes it for clueless users to get into trouble, the less social engineering will work.

            If you look at something like Windows where everything runs in the context of the user and the user has full

            • As near as I can tell you seem to be saying there is a fixed number of people who will be owned and the distribution of that ownage will rest on operating system version. I just can't see how either statement makes much sense in cyberspace where attacks are mostly automated and untargeted.

              Nope, I didn't say that. In fact, the article I linked explained that, with increased security, car thefts have gone down. The same is true with increased software security. If it makes it harder to break in, fewer people will succeed.

              If you look at something like Windows where everything runs in the context of the user and the user has full access to the system.

              This hasn't been true for a long time. Many types of operations now require elevated permissions, and aren't accessible to normally running processes.

              Here there is a vastly different security model involving end to end cryptography and single use tokens vs permanent identifiers that are trivially readable by anyone who wants to read them. Where is the analogue of such a vast change WRT Windows 10 v. 11...?

              First, credit card chips (at least in the US) simply return a fixed identifier to the reader, it is not a single use token.

              As f

              • Nope, I didn't say that. In fact, the article I linked explained that, with increased security, car thefts have gone down. The same is true with increased software security. If it makes it harder to break in, fewer people will succeed.

                I didn't know how to interpret "The thief will generally pick the easier target. ". What do you believe is being made substantively harder in the analogy?

                If you look at something like Windows where everything runs in the context of the user and the user has full access to the system.

                This hasn't been true for a long time. Many types of operations now require elevated permissions, and aren't accessible to normally running processes.

                ??? I'm looking at a Windows system right now in task manager and sorting by user. All of my programs are running in the context of my user account. If I right click on a desktop program and select "run as administrator" it runs with full privileges which is sufficient to impersonate other accounts including Trusted Installer.

                First, credit card chips (at least in the US) simply return a fixed identifier to the reader, it is not a single use token.

                In EMV parlance it's called

                • I didn't know how to interpret "The thief will generally pick the easier target. ". What do you believe is being made substantively harder in the analogy?

                  The most obvious example is MFA.

                  ??? I'm looking at a Windows system right now in task manager and sorting by user. All of my programs are running in the context of my user account. If I right click on a desktop program and select "run as administrator" it runs with full privileges which is sufficient to impersonate other accounts including Trusted Installer.

                  YOU are undoubtedly a local admin. This is not the typical use case any longer, for non-technical users, who are normally NOT local admins.

                  You are correct about the credit card chip.

                  what I'm looking for is what do you believe is such an analogous step change across Windows versions?

                  MFA, UAC, locking down Program Files and Windows folders, Windows Hello. These are some examples of ways security has been increased over time. The older an old version gets, the less likely these types of security enhancements will be applied to the old OS.

                  MFA combined with UAC can protect your s

          • As I grok your point and mostly agree on it, cars are actually a poor example. Car thieves are often out for a specific make, model and color car. In the Netherlands you can buy a "total-loss"-car. You can repair it and then offer the car up to the road safety element of the government body. And if in their investigation the repaired car is road-worthy, they provide a document, making the car legit. With that document, the car is then sold to an unsuspecting buyer.

            What really happens is that the "total-loss

            • Your "sophisticated" car thief no doubt does exist, but they aren't necessarily the predominant variety. Most car thieves are just plain stupid and greedy, as are most script kiddies.

      • by MoHaG ( 1002926 )

        As software ages, if there is no ongoing support process that includes security fixes, the software becomes less and less secure. Windows 11 will become more secure than Windows 10 over time, for the simple reason that Windows 10 will one day no longer be maintained.

        Is stays as secure as it was - the security defects were present whether they were discovered or not... Without patches the defects does not decrease though...

        Practically the impact of the defects does increase when they are widely known. No public knowledge of them does not mean they don't pose a danger or that small groups are not actively exploiting the flaws.

        • It's not really true that security defects were present whether they were discovered or not. Over time, new tools and techniques are created to exploit vulnerabilities. These new techniques are able to exploit security flaws that couldn't be exploited before.

          Security is always an arms race. There is no such thing as an "absolute" standard of security. Security is measured in the context of the techniques available to those who want to circumvent it.

          For example, once upon a time, a 64-bit password was consid

  • ESU (Score:5, Informative)

    by rossdee ( 243626 ) on Tuesday December 05, 2023 @06:40PM (#64058317)

    "that the operating system would not receive any additional features during the ESU period."

    Good. We don't want additional "features".

    • Re:ESU (Score:5, Interesting)

      by rogoshen1 ( 2922505 ) on Tuesday December 05, 2023 @06:57PM (#64058369)

      i go out of my way to make sure my windows 10 computer doesn't receive any "features" (or updates). It works just fine as is, thank you very much.

      • yeah - this

        I block all updates and don't do anything dumb/unsafe with my computer and haven't had an issue pretty much ever...

        big benefit being that updates in the past have caused more harm than good with microsoft...

        • by Ormy ( 1430821 )
          This. Not being an idiot (part of which is using a decent firewall) does a lot more to protect a home/single-user machines then any updates from MS.
          • by dbialac ( 320955 )
            I intentionally put off updating office for a month so that somebody else could be the guinea pig. Recently there was an update of something mainstream (might have been office, I don't remember) that could cause serious problems for users and my reaction to friends was, "That's why I don't update right away."
            • by Ormy ( 1430821 )
              Yep, I pretty much disable automatic updates to ALL software, including windows and all the software on my phone. I then download and install them manually at my convenience when they've been in the wild for a few weeks without report of serious issue. In addition, for software that cannot be rolled back to previous versions AND is not network-facing then I don't update at all unless the update fixes something that was bothering me, just in case the update breaks something or makes anything worse (which h
              • by dbialac ( 320955 )

                "New feature" is often a coded way of saying, "We changed something to justify our jobs." That then made you have to learn something new that worked just fine before.

                It reminds me of going from genuine vi to vim years ago. I made the switch because I was using Linux and it required no changes in my behavior. I then could try new features at my leisure, if I so desired. To this day I don't use most of the "new" features. Pretty much just cut and paste. It was a switch/upgrade that didn't require me to use it

  • Windows 365 (Score:5, Informative)

    by war4peace ( 1628283 ) on Tuesday December 05, 2023 @06:54PM (#64058355)

    To my shame, I had never heard of Windows 365 before. So I checked it.
    Holy bananas... it's incredibly expensive.

    • by dbialac ( 320955 )
      And not only that, if you suddenly find you can't pay the bill, you suddenly don't have your data. A hospital recently "lost" my cell phone. Without a backup, I would have lost a lot of data from it.
    • by Zak3056 ( 69287 )

      Windows 365 isn't an OS, it's a VM. $66 a month for a Windows VM with 2vcpu and 16GB of RAM does not seem to be all that expensive.

      • Because you compare it with other VMs.
        Quoting TFS (relevant excerpts in bold):

        encouraging users and businesses to upgrade to Windows 11 rather than staying on 10, either by updating their current computers, upgrading to new PCs or transitioning to a Windows 365 cloud-based PC instead

        $66 per month is close to $800 per year.
        The average life span of a laptop is, say, 3 years (maybe more, but what the heck, I feel generous).
        Between a new desktop/laptop with Windows 11 license and paying for the above-mentioned VM for three years, each for $2400, which one would you choose?
        The laptop would have better hardware specs, be 100% yours, would not need a client to use, and after three years, if kept in reasonably good c

        • by Zak3056 ( 69287 )

          Because you compare it with other VMs.

          You know that scene in Infinity War where Peter Dinklage looks really confused and says, "Yes... that's what killing you means?" That's me right now. Yes, I am comparing it with other VMs because that's what it is.

          Between a new desktop/laptop with Windows 11 license and paying for the above-mentioned VM for three years, each for $2400, which one would you choose?

          Depends on my application. For home use, almost certainly not (unless I had an application where having a client sitting in a well connected data center would be beneficial). For business use? Well, if my infrastructure all lived in Azure and my applications lived in Azure, the Azure based VDI

          • I tried to make the point twice now, here's a third time.
            It was also an encouragement to users, regular people, average joes, to transition to cloud-based VMs. For that target. it's too expensive.
            That's all.

  • DistroWatch.com [distrowatch.com] Put the fun back into computing.
    • by OrangeTide ( 124937 ) on Tuesday December 05, 2023 @06:59PM (#64058379) Homepage Journal

      If I wanted to convince someone to use Linux, I'd do my best to hide from them that DistroWatch exists.

      • And this is the rub with Linux, for most regular people. Answering that first question is no simple chore: "Which distro should I choose?"

        If you're in a grocery store looking at 600 different brands of coffee, you're going to have a hard time choosing. If there are half a dozen, you probably can make that choice a little more easily.

        There are around 600 Linux distros. https://truelist.co/blog/linux... [truelist.co]. Even as a guy who has built and set up several distros myself, I'm not sure which one I would choose for g

        • by whoever57 ( 658626 ) on Tuesday December 05, 2023 @07:46PM (#64058511) Journal

          For me, the answer to this is simple: Mint with MATE.

          Classic and traditional GUI, up to date packages and fairly long term support, with the hope of an in-place upgrade in the future (didn't work for me last time I tried).

          • by msk ( 6205 ) on Tuesday December 05, 2023 @09:06PM (#64058709)

            My MythTV DVR started in 2004 with Debian on x86. The same OS has been upgraded incrementally over the years, including switches in-place to 64-bit and to Devuan. It has been migrated to new disks and motherboards.

            Is it, like the Ship of Theseus, the same entity after all that time?

            There were occasional hiccups, usually from incautious use of "apt dist-upgrade", but it still runs. I doubt it would have fared as well with an RPM-based distro.

            • I've done the same with Fedora...16 years running 24/7.

              What is your doubt based on?

              • by msk ( 6205 )

                Red Hat first releasing, then sometimes withdrawing, procedures for in-place upgrades between major releases, especially with the transition to that bloatware systemd between RHEL 6 and RHEL 7.

                The procedure for going from RHEL 7 to RHEL 8 is needlessly complicated.

                This is based on RHEL in my job environment.

                Going from one major release to another in a Debian-based distro is usually less painful, sometimes even seamless.

                If you started with Fedora from the start, your experience may differ from mine, and Fedo

          • the hope of an in-place upgrade

            Sounds great! One day you "hope" the upgrade will work! Now, imagine an 80-something who struggles to figure out a TV remote, finding a way to "love" that!

          • Second that. I also have been using Linux Mint host for a few years. Feels at home to a Windows user.

          • by AmiMoJo ( 196126 )

            Sounds like a support nightmare. The best Linux distro is ChromeOS. It really does just work, it updates quietly and automatically, and since moving family members to it the only tech support issues I've had to deal with have been related to WiFi routers dying.

        • by Brain-Fu ( 1274756 ) on Tuesday December 05, 2023 @10:18PM (#64058823) Homepage Journal

          Here is an easy answer: Ubuntu.

          It is very mature, super-usable, corporate-backed, large software library, options for ordinary desktop users and business users. There are distros that derive from this one with various fancy options and trade-offs, and none of them are necessary.

          I have worked with Fedora as well, and found Ubuntu to be more stable and more reliable across upgrades. Much more, in fact.

          People love their favorite distros and will argue vehemently about this or that advantage....but for someone who is timid about Linux I think that vanilla Ubuntu is by far the best starting point.

          • OK, so yes, Ubuntu is a good choice.

            Now, how do we convince regular people of this? You might be able to convince your friends and/or relatives. But the vast majority of potential users...don't know you and therefore can't be convinced by you.

            Most non-technical people don't research OSes like this. They don't have a clue, and they don't really want to take the time to get a clue. They want the option they've heard of, that all their friends use, and that their grandkids can help them figure out. And that's

          • by KlomDark ( 6370 )
            If you're used to Macs, then yes Ubuntu. But for Windows folk, Mint with MATE is far more usable. I personally find the modern Ubuntu ugly and awkward to do things with.
    • Fun for whom? Nerds like us who hang around Slashdot? Maybe. Non-nerds like my elderly in-laws, who can't figure out how to "download" pictures from their digital camera onto their PC? Probably not going to be fun, ever.

    • Back when computing was "fun," only we computer nerds used computers. Everybody else, not so much.

      That's kind of how technology works. It's fun, until everybody jumps onto the bandwagon, and then it's just work.

  • I usually upgrade Windows when my PC dies and I need a new one. Most of my home PC's last about 7 years*. Rather than do the annoying conversion dance, I just may pay for the security updates until my current PC croaks.

    * One got a nasty virus rather than hardware failure, but rather than clean it I figured it was time for new hardware anyhow.

  • I thought you wanted to convince people to move away from it. No new features is pretty much what everyone wants, you know the usual "new MS feature" question, right?

    Can I turn it off and if, how?

  • by bill_mcgonigle ( 4333 ) * on Tuesday December 05, 2023 @08:24PM (#64058611) Homepage Journal

    I'm old enough to remember when Microsoft said Windows 10 was going to be the last version of Windows and it was rolling release from here on out.

    Can't charge for 'extended updates' and upgrades that way!

    People at the time were saying all the money was in Office. :shrug:

    • Re: (Score:2, Troll)

      by williamyf ( 227051 )

      I'm old enough to remember when Microsoft said Windows 10 was going to be the last version of Windows and it was rolling release from here on out.

      It is still a rolling release. Most, if not all the codebase of Win11 was derived from the current (at the time) Win10. And, if your HW qualifies, is free to go from Win10 to Win11. In that sense, it was just a change of name.

      The change in name was driven by a steep change in requirements, so that Joe Sixpack and Jane the plumber knew that, this time around they needed to look a little bit more carefully to decide if their HW was compatible or not. Imagnine if Jane the plumber and/or Joe sixpack had to deco

    • by AmiMoJo ( 196126 )

      The only reason that Microsoft released Windows 11 was to drop support for older hardware. They realized that supporting older systems was costing them a lot of money, and making it difficult to roll out new features like enhanced security that requires TPM 2.0, when they had to maintain full compatibility with every machine that could run Windows 10 when it launched back in 2015.

      I think anyone really looking at their claim that Windows 10 would be the last version could see this coming. They could have jus

  • by williamyf ( 227051 ) on Tuesday December 05, 2023 @08:35PM (#64058633)

    The precense of the ESU means that, most likely, Google and Firefox will support their browsers in 22h2 until the ESU runs out (like they did in the past).

    Google supporting chrom(ium) means that Valve can support the client in 22h2 until a little while after the ESU runs out.

    Also, some other SW houses (that are not very relevant to my use case, but may be relevant to yours) are known to support Win* as long as the ESU is running, no questions asked.

    Good news for people like me, with machines that have ample performance, but can not go to Win11 (in my case, a Mac mini with 6 cores, an 8th gen proc and ample memory, and a Sonnos Box with a dedicated GPU over TB3)

    If you need support beyond ~2028 when the ESU Runs out:
    Win10 LTSC 2019 will be supported until ~2029
    Win10 IoT 2021 will be supported until ~2031
    Caveat emptor with both.

  • Windows 10's end-of-support date is October 14, 2025. That's the day that most Windows 10 PCs will receive their last security update and the date when most people should find a way to move to Windows 11 to ensure that they stay secure.

    I'll finish moving to Linux (Mint) full-time. So far I've been lazy -- all of my systems are too old to (officially) run Windows 11.

    Also, ... "Windows 11 to ensure that they stay secure" -- are Windows 10/11 users secure now?

  • by Anonymous Coward

    Best email client ever. Gmail can suck it.

  • by xlsior ( 524145 ) on Tuesday December 05, 2023 @09:33PM (#64058757)
    ...Is that there will undoubtedly be hundreds of millions of win10 PCs which can't be upgraded to windows 11 because of Microsoft's arbitrary hardware restrictions (Heck, even my 16-core 2950X Ryzen Threadripper is no longer listed on the Win11 CPU compatibility list), and the vast majority of the holdouts won't be paying for ongoing support (if they are even aware of the option)

    That means hundreds of millions of PCs waiting to be compromised by malware networks, just waiting to ruin everyone's day because they will still be sharing the same Internet as your PC.
    • Another problem, with my desktop PC, it doesn't have a TPM, which is required by Windows 11
      I couldn't upgrade even if I wanted to. It's been going fine for the last 6 years, there's no reason it won't be around in 2 years time.

      • by Ormy ( 1430821 )
        FYI you can bypass the TPM requirement of win11 pre-install reasonably easily. Although it's likely that any features within windows that explicitly rely on the TPM to function won't do so, none of those features are required for the average home user or gamer.
      • One of the great things about this is you don't get any windows 11 nag messages
    • My CPU is capable, but I purposefully alter it so it is not perceived as capable. It keeps Windows 10 from nagging me overly much or surprising me with an unrequested 'upgrade'.

      I think I may be done with computing entirely. I am tired of this shit.

  • If they did away with all the unnecessary UI changes, I'd upgrade without a second thought.
  • I know they walked back that announcement, but it will be the last Windows I'll use on my computers, and only as long as the Windows 7 key activations survive. Then it's no more Windows for me.

  • "Shame if anything were to happen to it." - Not usually what you expect to hear from the company that sells you the operating system!
  • And all Mac OS updates are free as long as they support them. Companies with machinery that runs Windows 10 or earlier OS versions run the risk of borking their equipment if they upgrade. Had this happen when I still worked at Merial when a vial piece off equipment in the fill room wouldn't work and they had to downgrade back.
    • "As long as they support them", so I don't see a huge qualitative difference there. And due to the relatively frequent breaking of software backwards compatibility, not installing a macOS upgrade is also quite often a matter of "I can't, even if I wanted to."

If you steal from one author it's plagiarism; if you steal from many it's research. -- Wilson Mizner

Working...