Glaurung brought up a good point in a comment yesterday. If you never go online and/or you’re really careful, do you really need to update your OS to something new?
In my professional opinion, it depends. Didn’t you know that would be my answer?
If you never, ever go online with it, sure, you’re fine. I have Windows 2000 boxes in that category.
But if you do, here are some random thoughts that come to mind:
- Define “careful.” I was downloading some software over the weekend without an ad blocker, and I can’t tell you how many times I clicked the wrong download link. There were only four of them, and three gave you ridealongs you don’t want. If you never, ever, ever install any software, maybe. But now that I’ve seen the state of the download sites, now I no longer wonder why people have spyware.
- Define “no issues.” This weekend I was scanning an old backup copy from 2011 of a “clean” system, and I found an adware DLL that my antivirus missed at the time. Only one, so that system was pretty clean, but not as clean as I thought it was.
- Antivirus is a first line of defense, but exactly how effective it is, nobody knows. Few people say more than 90%. But, look at it another way: It catches 90% of unsophisticated attacks, and you want to catch that 90%. Antivirus alone isn’t good security, but it’s one fundamental piece of it. You don’t want to be going online without it. There was a subcontractor involved in one of the recent breaches that turned out to be using periodic Malwarebytes scans as their antivirus solution. They’re probably going to get fined–that’s not adequate protection.
- Your consumer router isn’t providing all that much protection. You need it to share your Internet connection, but don’t call it a protection device. Most routers have vulnerabilities, and they are being actively exploited, and if this is news to you, that alone is a very good sign your router has an active exploit available for it.
- Malware is different today. The money isn’t in bombarding you with popup and popunder ads every time you blink; the money is in using your GPU to mine bitcoins, or using your IP to DDoS stuff. There are people using botnets to extort as little as $300 from companies today.
- Even worse is banking malware, which sits between you and your bank account, making sure your balances look like they’re supposed to look while emptying it behind the scenes. Or malware like Cryptolocker, which encrypts your files, then destroys the key if you don’t pay a ransom.
For these reasons, I’m actively looking to get away from XP myself. There are basic protections built into Windows 7 (and beefed up in 8 and 8.1) that make it a much more hostile environment for malware to survive in, and I want that extra protection–besides still getting regular security updates.