Comment by gloosx
3 months ago
So if you run as a standard (non-admin) user, don't expose network services, don't insert random USB devices, and never run untrusted executables or installers, can a random person really get remote access to it?
I mean, even if you patch constantly, you are only safe from yesterday exploits — not from the next 0-day, and those keep coming super-often. It seems smarter to focus on hardening the system itself rather than relying on Microsoft to patch things fast enough and hoping you are safe in the gap between discovery and fix.
Keep it offline and in particular avoid surfing the web or opening untrusted files (images, photos, documents etc included) and it's probably low-risk.
Safety is not binary. One of the most common attacks is an automated probe for vulnerability, whereupon a successful discovery, the machine gets backdoored and joined into a network, awaiting instructions. These botnets, or services built on them are then rented out on the black or grey market. Patching regularly practically prevents this.
The smart thing to do is patching regularly AND having a good security posture. Neither can be given up, really.
Also, even risky things can work for a long time. An individual can go a lifetime of speeding, doing drugs, things like that, and not be majorly impacted. And on the flip side, another individual can have a stroke of bad luck despite their good posture.
I think the chances of a vulnerability being leveraged in your scenario is extremely low. For a machine connected to the network, the longer it goes without patching, the higher the chances of a security incident