Presonus : "So we are targeting 3-4 "major" feature releases every year..."

[stanft]

[..] The proof for me would be that something bad would happen to my system... not some obscure there might be this or that, that could happen eventually under circumstances X or Y in the following 10ms if user does this or that but just when the moon is shining toghether with the sun and Jupiter is in correlation with Mars on days with more than 24 hours... [..]

Nobody forces you to update or upgrade anything. And if nothing ever happened to you ... well, great!

But if we take Windows 8.1 as an example: It has been out of support since January 2023. Based on the rate of discovered CVEs (and because all newer Windows versions share the same base OS/kernel), you can estimate around 500-600 security vulnerabilities that are currently present in Windows 8.1 and will not be fixed anymore. And the number keeps growing.

If nothing has ever happened to you, then this is simply no proof that nothing will ever happen to anybody. Your statement sounds a bit like smokers who say that the connection between smoking and lung cancer is nonsense, as they have been smoking their whole lives and have not gotten lung cancer.

[Vocalpoint Studios]

If you haven't experienced malware in 27 years, that likely says more about your personal habits than about the threat landscape. Avoiding suspicious links and attachments already removes a large part of the risk.

Staying in your lane on the internet practically removes ALL the risk.

I have been doing Windows since 1993 - have never seen anything "neferious" come across my screen, my network or my email - ever - in all that time.

The reality is - no one is coming to get you unless you make yourself available and give them a reason to exploit you.

VP

[stanft]

Staying in your lane on the internet practically removes ALL the risk. [..]

I would say "MOSTLY ALL" of the risks. Zero day exploits i.e. often don't require you to do anything wrong. The attackers are in the lead, not you.

If you really want to use a system with practically no risks, you have to use it offline. And only use software that is trustworthy.

[Vocalpoint Studios]

#2. You talk about "unpatched", Windows 10 is patched now for 10 years???? So open for weaponized attacks still?

Yes - you do not understand how this works.

Windows 10 concluded it's initial run on Oct 14, 2025. It "was" in as "finished" a state as it could be as of that day.

Then add in the ESU program - and another year of security updates.

But on Oct 14, 2026 - that is the end of the road for ANY updates.

And starting on Oct 15, 2026 - someone somewhere out there will come up with the next exploit to break thru that last release. And another. And another. By Dec 31, 2026 - you could have 50 unpatched exploits out there. The next year - a 100 and so on.

So there is no concept of any OS being "patched" for 10 years.

Maybe patched for 10 minutes - but there are individuals trying to ruin your day - 24x7x365.

VP

[Vocalpoint Studios]

Zero day exploits i.e. often don't require you to do anything wrong. The attackers are in the lead, not you.

What "zero day" exploit is coming for me? How is that even possible? Where exactly does one need to "go" to have this mysterious zero day cause any issues whatsoever?

To this day - still haven't seen a single attacker "in the lead" of anything.

All I ever see is usual clickbait from key tech sites stoking fear with yet another overblown "report" that takes the form of a process or procedure whose steps and setup are so obscure and so unlikely to ever effect anyone on the entire planet - that it is waste of time even reading the report.

Now - I am not saying these weird ass security vectors do not exist - I am saying that the likelihood of ever encountering one in daily life has the same odds as me winning the Powerball.

Pretty sure that between Sept 1993 and today - there have millions of "zero-day" exploits out there - especially in those early days when we had nothing to use to stop them - and I still have nothing to report.

You would think that if this is such a rampant issue - we would have ALL been "zero-dayed" by now?

VP

[starflakeprj]

If you haven't experienced malware in 27 years, that likely says more about your personal habits than about the threat landscape. Avoiding suspicious links and attachments already removes a large part of the risk.

Staying in your lane on the internet practically removes ALL the risk.

I have been doing Windows since 1993 - have never seen anything "neferious" come across my screen, my network or my email - ever - in all that time.

The reality is - no one is coming to get you unless you make yourself available and give them a reason to exploit you.

VP

Personal caution reduces risk, but it does not eliminate it. Network-exposed services, zero-click vulnerabilities, and background exploitation exist regardless of user behavior. Attackers don't need a personal invitation to target you. They scan for systems that are available and vulnerable, and exploit them automatically.

Again, not seeing anything doesn't necessarily mean nothing happened. Modern attacks are specifically designed to avoid user-visible signs, so absence of visible activity is not evidence of absence. Threats can stay dormant for months or even years. Attackers can place a small, nearly undetectable loader on a system that does nothing until it is triggered, at which point it downloads additional payloads from the internet.

This is a well-documented attack pattern and one of the reasons absence of visible symptoms or AV alerts does not imply safety.

[stanft]

What "zero day" exploit is coming for me? How is that even possible? Where exactly does one need to "go" to have this mysterious zero day cause any issues whatsoever? [..]

This is not so easy to explain. But to put it simply: With a Zero Day Exploit, there is an unknown vulnerability in a software you use, for example, your operating system or your browser. And there is currently no patch for it.

Many large and trustworthy websites are regularly attacked, for example, via advertising networks or the Javascript-Engine and so on. If you visit such a site, the attack can exploit the vulnerability on your computer and, in the worst case, execute code on your computer. This can also happen by displaying images or videos, or just by downloading the fonts used on a website. And it can even happen "zero click", meaning you don't even have to do anything.

As @starflakeprj already wrote: "It's about asymmetry, the attacker needs to succeed once, the defender every time."

[..] To this day - still haven't seen a single attacker "in the lead" of anything. [..]

"WannaCry" (2017) is a very well-known example. Millions of Windows devices were affected. And with Zero Day Exploits, the attacker is already ahead by definition.

The chance of something like this happening is, of course, relatively low. But when it does occur, the damage is often very high.

TL;DR: You can reduce the risk i.e. by surfing only trustworthy websites. But you cannot eliminate it.

[starflakeprj]

TL;DR: You can reduce the risk i.e. by surfing only trustworthy websites. But you cannot eliminate it.

Not even trustworthy websites are always enough. Many years ago, I visited a legitimate website that had been injected with malicious code.

The site itself was trusted, but the injected script exploited a browser vulnerability and compromised my system without me clicking anything, and without my antimalware program reacting before it was too late.

But according to some people here, this is probably “fake news” and scare propaganda.

[Trancit]

...

But according to some people here, this is probably “fake news” and scare propaganda.

The question is more WHY did this happen to you??

Why does this seem only happen to people who are religiously following every "security advice - patch- measure- whatever"?

Why does this never happen to people who give a shit on any updates or virus scanner or whatever nonsense you take as appropriate to protect your system??

I once watched an interview with a former hacker who was stating very clearly that just because people use those programms, which need to open multiple ports to the network to be able to do their thing, the machine was vulnerable and easy to come in...

The pattern seem to be very clear...
people who do everything to avoid the situation are the people who claim to be affected by attacks...
people who don´t care seem to be not affected...

So my question would be: Are those measures you take perhaps the reason that you got affected??

[Vocalpoint Studios]

The question is more WHY did this happen to you? Why does this seem only happen to people who are religiously following every "security advice - patch- measure- whatever"?

This is enough for me.

The "why" can never seem to be explained by any of these folks. Especially those who preach about how protected they think they are.

Or this:

"Many years ago, I visited a legitimate website that had been injected with malicious code"

Accent on "many years ago". Yes - "many years ago" this might have been able to be pulled off but not today. Curious the poster did not reveal what this site was.

Or this:

"WannaCry" (2017) is a very well-known example. Millions of Windows devices were affected. And with Zero Day Exploits, the attacker is already ahead by definition"


Again - a decade ago. But still no impact here. Did not change my routine one bit.

Or my favorite (which still does not make any sense to me):

They scan for systems that are available and vulnerable, and exploit them automatically.


Who are "they" and what exactly are "they" scanning? There is not a single port that can be seen anywhere on my firewalls or network - so scan away. There is simply nothing to see.

Again - yes. If you really have no idea on how any of this works - AND are not familar with even the most basic protocols and places you should definitely not go to on the internet - then you will get what you get. And should probably just shut down and do something else.

The internet has changed 1000 fold since any of this by-gone crap occurred. You will never see a "wanna cry" ever again with todays tech.

For 99.99999% of us - nothing has happened and nothing will happen.

VP

[Crossinger]

Sorry guys, didn't want to derail this thread. I was only speaking of my personal preferences, and the resulting consequences (keeping the software I use on a regular basis up-to-date to avoid compatibility issues). Let's move on and discuss Studio One related topics... please!

[starflakeprj]

...

But according to some people here, this is probably “fake news” and scare propaganda.

The question is more WHY did this happen to you??

Why does this seem only happen to people who are religiously following every "security advice - patch- measure- whatever"?

Why does this never happen to people who give a shit on any updates or virus scanner or whatever nonsense you take as appropriate to protect your system??

I once watched an interview with a former hacker who was stating very clearly that just because people use those programms, which need to open multiple ports to the network to be able to do their thing, the machine was vulnerable and easy to come in...

The pattern seem to be very clear...
people who do everything to avoid the situation are the people who claim to be affected by attacks...
people who don´t care seem to be not affected...

So my question would be: Are those measures you take perhaps the reason that you got affected??

I'm only going to answer your first question. This happened 15–20 years ago, long before I became “aware”, so no, that was not the reason I started working with cybersecurity.

You have clearly misunderstood (most likely deliberately) what I've been saying. A system can be compromised without the user knowing it. I'm not saying yours is, but it absolutely can be. Once compromised, it can be abused as part of a botnet or for other malicious activity without producing any visible signs.

So let me ask you this: do you also argue with doctors about what is right or wrong when it comes to medical treatment and precautions, despite lacking the relevant expertise?

[stanft]

The question is more WHY did this happen to you??

Why does this seem only happen to people who are religiously following every "security advice - patch- measure- whatever"?

Why does this never happen to people who give a shit on any updates or virus scanner or whatever nonsense you take as appropriate to protect your system?? [..]

Hopeless...

[Vocalpoint Studios]

Let's move on and discuss Studio One related topics... please!

Agreed. Wow - we did take an offramp there. And I am just as much to blame. My apologies.

Back to S1 we go...

VP

[starflakeprj]

I promise I will do this too!