Ask HN: Could vast amounts of attck vectors be mitigated by moving off MS?

6 points by morphicpro ↗ HN
China's Volt Typhoon has been all over the news this morning.

Reading over the docs on these threats it looks like the majority of these vectors are isolated to MS infrastructure.

https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_PRC_State_Sponsored_Cyber_Living_off_the_Land_v1.1.PDF

6 comments

[ 2.5 ms ] story [ 26.5 ms ] thread
Depending on what your threat profile is, if you are being targeted by nation-state actors, you do not have the best chance of coming out the other side unscathed. I don't think that switching from MS to various open source infrastructure is going to help you, especially when you consider the fairly reasonable reality that most advanced state actors probably have multiple zero days in various software projects stored in case they need to use them.
Ok ok, lets throw java in there with MS then too. :P

Bad jokes aside. From the looks of it most of these vectors are SOHO routers thus not really big corp targets as much as average people too.

I have a hunch that if you choose super legacy systems such as Novell the malware might not even recognize it.
This reminds me of a joke:

"The reason we haven't been hacked is because we still run 16‐bit POS systems, and today's hackers don't know how to fix anything is such a small address space."