Your safest bet would be to install Linux and be done with closed source software completely

If you cant trust the software, make plans to use something else.

Macos is really good. Linux is really good. If you can’t figure out one, try the other.

E: just read this thread on its native instance. Disregard the input of @oisteink@lemmy.world, if you want to repudiate their implication that vulnerabilities remediated in security updates aren’t important, just look at cisa and shodan. Also if they’re not French then lol.

Massgrave.dev/windows10_eol

You can use the easy, step-by-step process on this website to change to the version of windows you want, activate it permanently and if you choose 10 iot ltsc 2021 then you get security updates till 2032.

Keep it updated.

If you’re using Windows 11, either your privacy is less important than your convenience, or your threat model doesn’t include Windows telemetry (which honestly can be tamed for the most part). I do have some concerns about Windows, but I’m a Mac user, so I only use Windows at work. Where I feel like I’m losing a battle trying to get others to not tell Copilot anything that isn’t public information (i.e. they don’t realise that talking to the computer may not be private) and hardening it — any time I sit at a computer, I tend to go in and “fix” the settings… and I’m not even the IT guy. The IT guy doesn’t care, but he’s not a total loss. I told him I want Firefox (it’s not in the image by default), he asks why, I say I know how to harden it. Mostly that’s turn off telemetry and install uBlock Origin, but there are a couple other things too. Stuff that doesn’t work in Edge and Chrome (which oddly, IS included in the image). So yeah, as a Mac user and a privacy guy, I’m good with Windows 11 and my relationship with it. Keep it updated.

But we are in a privacy comm, so obviously know your threat level and know how to harden the software you use. It’s not as easy as “just use Linux.” The person who can’t harden a Windows installation shouldn’t just be thrown to Linux, and I don’t even mean Arch. Even if they just use Ubuntu or Mint. People should learn to secure the software they have. Moving to Linux is a great recommendation for someone who can harden Windows but it’s not enough for them. Someone like me — I would be using Linux now if my computers didn’t die. Laptop died, I made a great choice by getting a MacBook. Love it. M2 Air, 16GB RAM. Best laptop ever, obviously not counting the newer models (or the MacBook Pro). So when my desktop died, I was quickly becoming an intermediate Mac user. Sometimes I regret not getting a cheap PC, throwing Linux on it, and gaming via Proton. Linux gaming is kind of awesome now? Still tempted to get an older/new-ish office PC that got stuck on Windows 10, one without a hard drive, put a SATA SSD in it and run Linux. Get a dock for my desk and run all the peripherals to it, then run it to my Mac (M2 Pro, also 16GB RAM) and be able to hot-swap it to the Linux desktop. I dunno, computers are fun to fuck around with, I just don’t really have the room (or the money). And Mac is fine (like Firefox, it has telemetry stuff), but I could be a Linux user. I just chose easy this time. But my privacy threat level doesn’t require me to not use Apple products. If yours does, you’re probably already running Linux, and more power to ya. It’s just about knowing your threat level and skill and working within that.

Like everyone else is saying, updating is the best policy for security, especially/ironically with the increasing internet connectedness of the OS. I’ve heard of things like Windows Shut Up! That disables various undesirable “features” of windows forcefully, there might be something like that for Win11 that you can run after updates. Or maybe a YouTube channel that tells you what new things to combat. If there is someone please let me know.

not updating only works if your so out of date that there are tons more machines with new attack vectors that have not been patched. As time goes by new sotware is not all that new in the way it functions. Its just not a good way to go. I will say to that all the work with blocking windows telemetry is more than any work dealing with linux. Especially so if you use an easy distro.

Your options if you wish to stick with Windows:

• Windows 10 LTSC (massgrave activators and has a guide for getting an ISO for it) which means a reinstallation (best option with Windows, least enshittification, still keep security updates but have to back up your stuff and reinstall everything) though this may not be a long-term plan if you play video games as I expect many places may drop Windows 10 support by 2028-29 end of ESU rather than 2032 end of LTSC support.

• Windows 11 but change to LTSC (massgrave can do this)

• Windows 11 but change to Enterprise license (massgrave can do this) and use Windows Group Policy settings to set target for updates to the current OS build version number which will delay feature updates for I believe up to 6-12 months but allow you immediate security updates. Bad news is you still get the new “features” but good news is they’re delayed significantly and maybe by the time you have to “upgrade” Microsoft has tweaked them to be moderately less bad and much less buggy.

go w10 iot ltsc 21h2

The only winning move is not to play.

It is pretty much always more dangerous to not update. The internet is an extremely hostile environment (from a security perspective). You really should avoid having devices that are not updated or EOL connected to it.

Every new internet-connected feature they add seems to also increase attack surface, so this is a weird dilemma. Still better to keep things up to date in the short term. In the long term, I’ve made the choice to switch to an OS that respects user preferences.

Edit: I’ve also heard that the Windows 11 IoT enterprise edition doesnt come with all this bloat but still gets regular security updates

Not to be adversarial but it’s either their way or the linux way 🤷‍♀️

I think it’s way more fun to mess around and problem solve Linux issues than do whatever is you’re doing on windows.

Maybe you have some specific windows use case, in which case my condolences, but you will probably never be as safe you’d like on windows ever

WannaCry will never touch you but Microsoft does everyday.

Windows always fails to include a libre software license text file, so we never control it, they do.

You gave them your computer, so don’t moan about it now. If you want it back, you know what to do.

You have only 2 choices. Windows 11, or anything else.

There is an option to pay for Extended Security Update (ESU) support for Windows 10. It’ll give you access to critical security and Windows Defender antivirus updates, but no fixes or updates to features. There are three ways to pay:

• “Free” if you’re syncing data to their cloud (pay by letting them datamine your data and settings)
• With Microsoft Reward points, which I believe are primarily earned by using Bing (pay by letting them datamine your searches)
• For $30 a year, at least for the first year, though I’ve read the price goes up each year as they want to drive everyone to Win11.

The program would conceivably allow you to kick the can down the road, possibly as far as Oct. 2028. Personally, I opted instead to switch to Linux months ago instead, and don’t regret my choice.