Although Microsoft is ending regular security patches for the widely used operating system, it does not spell immediate disaster. Speaking on "Vikerhommik," Peeter Marvet explained that European Union users will have the option to continue receiving free security updates for another year, though activating this feature may prove complicated for ordinary users. In addition, updates for Windows' built-in antivirus tool, Defender, will continue until 2028.

"The panic department can take a break," Marvet stressed. He reassured listeners that the days when an internet-connected Windows computer could be hijacked by criminals within seconds are long gone. "There's no reason to think that after October 15, anything will suddenly get worse because of this," he said.

Greatest risk between the screen and the chair

According to Marvet, the main source of danger today is no longer a vulnerability in the operating system itself, but the person sitting at the computer. Cybercriminals primarily rely on social engineering to trick users into installing malware themselves. "It's the same as when someone calls you, claims to be the police conducting an investigation and tells you to withdraw all your money and leave it in a shoebox behind a park bench," the IT expert said by way of comparison.

One of the most common tools used by cybercriminals is so-called "stealers" — programs that users download and run under some pretext. Because the user grants permission for the program to operate, it gains free access to stored passwords, browser cookies and other sensitive data, which are then sent to criminals.

Malware creators are extremely adept at bypassing security measures. Marvet gave an example of how, after a Chrome browser update made it harder to extract passwords, criminals paused their activities for only a week before finding a workaround.

One temporary method involved a fake CAPTCHA, in which users were asked, under the pretense of proving they weren't robots, to copy and run a piece of code that actually installed malware. "By doing that, you're not proving you're human — you're proving you're extremely gullible," Marvet commented

Necessary updates

Even though no immediate catastrophe is expected, Peeter Marvet stressed that leaving an operating system unpatched is unwise. "You should always keep up with updates. That way, you're among the 20 percent who are better protected than others. Users with weaker protection are easier prey for criminals," he explained.

Updating is especially critical for companies and institutions that process personal data. In the event of a data breach, they are required to prove that sufficient measures were taken to safeguard information. Using outdated software could bring liability and fines. According to Marvet, Windows 11 offers stronger protection mechanisms that make it harder for users to run programs with suspicious origins.

Kids as the greater security risk

Surprisingly, statistics show that the greatest risk does not come from office computers but from home devices, which often serve as a gateway for criminals to access work data.

Marvet recently analyzed stolen data packages originating from Estonia and discovered a pattern. "What do you think was the one password you could always find in the stolen data from Estonian computers?" he asked rhetorically. "eKool — and usually there was also some smaller school. Alongside that were sites like Roblox and other game-related platforms."

This suggests that the main entry point is children's accounts, which allow criminals to move on to work and other important accounts stored on the same computer. "In reality, the biggest risk to your workplace data is your children, if you're logging into a home computer with your work accounts," Marvet noted.

The solution, however, is simple and comes down to basic digital hygiene. According to Marvet, computers should be treated like toothbrushes — not shared with others. "If you really can't afford more than one computer, then at least everyone should log in with their own account and log out after finishing their tasks," he advised. That way, if a child loses access to a gaming account, the damage remains a lesson for them and doesn't extend to their parents' employer.

--

Follow ERR News on Facebook and X and never miss an update!