Can a Windows PC be hacked from the Internet without any user interaction?

[rootuser39301]

Say hypothetically I have one Windows XP desktop and a Windows 10 laptop with the firewall and built in antivirus enabled. Both are connected to the Internet via VPN and I have Firefox and the VPN installed. Could a hacker find my real IP and attempt to infect either PC via the Internet without any interaction with my PCs on my part? What if I didn’t have a VPN installed? How easy would it be for a hacker to infect my PCs with ransomware and turn them into zombies for their botnet? Theoretically a PC is most safe when disconnected from the Internet. Could someone insert a USB into either PC containing viruses and infect them from the lock screen while they are locked? How trivial would it be for my Windows password to be cracked assuming it is a strong 12+ character password or a bug in Windows is exploited to bypass the login screen? What about a 4 digit pin? Is the reason why Windows 10 is continually updated daily because someone in the world is continually finding exploits in Windows or does Microsoft have an internal team that security audits their OS?

[Electronics Wizardy]

There is no way anyone here can make guarantees, but here are some thoughts.

 

A lot of the XP attacks are from people scanning the internet, seeing a service like rdp, and trying known remote exuction flaws and getting in. Without having any public services this is near impossible, and your firewall seems to be a non issue here(but you never know)

 

Also why would a hacker target you? Normally automated attacks are pretty simple, and somone has to have a reason to go after you if there putting lots of time and effort in .

 

6 minutes ago, rootuser39301 said:

Could someone insert a USB into either PC containing viruses and infect them from the lock screen while they are locked?

Does the hacker have physical access? If they do, they basically have full access to the system.

 

6 minutes ago, rootuser39301 said:

Windows 10 is continually updated daily because someone in the world is continually finding exploits in Windows or does Microsoft have an internal team that security audits their OS?

Both. They find and fix issues all internally, and also fix issues that are public and reported to them by a third party

 

7 minutes ago, rootuser39301 said:

How trivial would it be for my Windows password to be cracked assuming it is a strong 12+ character password or a bug in Windows exploited to bypass the login screen?

If someone has physical access to your pc, they can also reset the password super easy(assuming its not encrypted).

[SupaKomputa]

24 minutes ago, rootuser39301 said:

How easy would it be for a hacker to infect my PCs with ransomware and turn them into zombies for their botnet?

The hacker needs to inject the trojan / virus in your pc with any possible ways like sending you email or plugging a usb.

With windows defender enabled this will make their attempt harder, especially if you're up to date.