I'm with you.
My TL;DR on this one is "Security research is esoteric and irrelevant,
let's release another version of Windows".
There's definitely a degree to which - ok, unless you really want to
write your own operating system, language runtimes, and browser, and
build your own hardware, and have a lot of time - you can probably get
by if you apply patches for known vulnerabilities, attempt security
best practices like using a password manager and an unguessable
password, firewalls, and minimising the amount of code that you run
from untrustworthy sources. But this is very much an arms race, and I
feel that if you weren't completely mortified by the Snowden
revelations then you weren't listening. In the latest move in this
arms race to potentially impact me, the federal government where I
live has passed a law permitting law enforcement to, among other
things, break into the machines of those they suspect of being
involved in a crime and even plant evidence on said machines. At the
same time, I hear reports that those in Russia who do as I do on the
weekend are beaten and thrown into prison for six years. What exactly
are /my/ government are up to? No idea. Just because a group are not
the FSB today does not mean that they will still not be tomorrow.
While they may lock me up at some point - most likely after some
manipulation of public opinion - how easy should it be for them to
gain access to my contacts and movements? Right now, it's almost
There is no reason for it to be technically possible to gain control
over someone's machine via bugs in the browser or office suite. We
know how to build secure systems, and to make them usable; it's just
effort. Suggesting that it's enough to simply keep up to date with
your patches and use a good password is imagining that these threats
won't keep growing, and is perhaps dangerously irresponsible advice.
But perhaps I'm not the target audience, or Microsoft is just an
environment I don't comprehend.
Q: What is your boss's password?
A: "Authentication", clearly
Likely much of this email is, by the nature of copyright, covered
under copyright law. You absolutely MAY reproduce any part of it in
accordance with the copyright law of the nation you are reading this
in. Any attempt to DENY YOU THOSE RIGHTS would be illegal without
prior contractual agreement.