What will you do after January 14, 2020?

[Keullo-e]

Been using Windows 10 Pro since its release date, so no drama here. My HTPC can still run Win7, not connected to the Internet 24/7.

 

[ManGupta]

https://youtu.be/eJuvKn5j_kE

 

[lexluthermiester]

That video was complete crap! No insult to you of course.

 

[birdie]

As a Zen 2 user I had no option of using Windows 7 anyways (the hack which allows to use updates on unsupported CPUs for some reasons kinda didn't work for me), so it's Windows 10 LTSC for me + OpenShell + close to 10 GPO changes + several services disabled (telemetry, superfetch) + three dozen PC settings changes and it's almost good.

I still absolutely hate how it looks, behaves and that I can't get Windows 7 UI back.

BTW, Windows 10 users may want to delete the entire C:\Windows\servicing\LCU\ directory which Windows 10 fails to clean up and which is a byproduct of updates installation.

I've discovered over a dozen other directories where Windows shlts but at least they are not huge. You can find them by this mask *.etl

 

[delshay]

I have top-of-the-line protection from Norton (very expensive) which I have had for more than 10 years. Will this be enough to protect win 7?

 

[birdie]

I have top-of-the-line protection from Norton (very expensive) which I have had for more than 10 years. Will this be enough to protect win 7?

So, here's the deal. An OS is not just the applications that you run.

No AV will protect your against:

• Vulnerabilities in core OS libraries/DLLs, e.g. image/documents parsers which means if you open an image from a hacker using a built-in Windows viewer, the hacker may get full access to your PC in spite of you running an AV. There are many other types of files which Windows handles and you don't even think about that: video containers (avi, mp4, mkv, etc), audio files (wav, mp3, wma, aac, etc.), documents (e.g. zip files). Even when you don't open them, Windows Explorer still might have some handlers to show information about them. And it's not just about files on your disks, it's goes further to even game assets (3D textures) or fonts (browsers download them and parse them).
• If you have any core Windows network services listening (e.g. Windows File sharing) and if you have a hacker on your network (not necessarily a hacker - it might be your friend with his p0wned Android phone), you might get hacked.
• Sooner or later web browsers and AV will stop being released/updated. Nowadays in Windows XP you cannot run neither modern up to date Chrome, nor Firefox. Most if not all current AVs also can't be installed in XP.

Also news Windows components will soon become incompatible (sometimes it's not even real incompatibility - just certain checks not to run in it) with Windows 7, e.g. new versions of .Net.

 

[Frick]

So, here's the deal. An OS is not just the applications that you run.

No AV will protect your against:

• Vulnerabilities in core OS libraries/DLLs, e.g. image/documents parsers which means if you open an image from a hacker using a built-in Windows viewer, the hacker may get full access to your PC in spite of you running an AV. There are many other types of files which Windows handles and you don't even think about that: video containers (avi, mp4, mkv, etc), audio files (wav, mp3, wma, aac, etc.), documents (e.g. zip files). Even when you don't open them, Windows Explorer still might have some handlers to show information about them. And it's not just about files on your disks, it's goes further to even game assets (3D textures) or fonts (browsers download them and parse them).
• If you have any core Windows network services listening (e.g. Windows File sharing) and if you have a hacker on your network (not necessarily a hacker - it might be your friend with his p0wned Android phone), you might get hacked.
• Sooner or later web browsers and AV will stop being released/updated. Nowadays in Windows XP you cannot run neither modern up to date Chrome, nor Firefox. Most if not current AVs also can't be installed in XP.

It also doesn't protect againstsomeone calling and asking you to do stuff "because Windows somethingsomething".

Also I have a hard time with the term "Norton top-of-the-line". Flashback from MS support days when a large number of issues was resolved with simply removing Norton, and other AVS, but Norton was definitely the biggest troublemaker.

 

[Bones]

With year's end upon us I took the time to clearly state how this affects me.
I'm not gonna worry about it.

 

[delshay]

So, here's the deal. An OS is not just the applications that you run.

No AV will protect your against:

• Vulnerabilities in core OS libraries/DLLs, e.g. image/documents parsers which means if you open an image from a hacker using a built-in Windows viewer, the hacker may get full access to your PC in spite of you running an AV. There are many other types of files which Windows handles and you don't even think about that: video containers (avi, mp4, mkv, etc), audio files (wav, mp3, wma, aac, etc.), documents (e.g. zip files). Even when you don't open them, Windows Explorer still might have some handlers to show information about them. And it's not just about files on your disks, it's goes further to even game assets (3D textures) or fonts (browsers download them and parse them).
• If you have any core Windows network services listening (e.g. Windows File sharing) and if you have a hacker on your network (not necessarily a hacker - it might be your friend with his p0wned Android phone), you might get hacked.
• Sooner or later web browsers and AV will stop being released/updated. Nowadays in Windows XP you cannot run neither modern up to date Chrome, nor Firefox. Most if not all current AVs also can't be installed in XP.

Also news Windows components will soon become incompatible (sometimes it's not even real incompatibility - just certain checks not to run in it) with Windows 7, e.g. new versions of .Net.

Well I have never had a virus since using Norton, at lease not that I know of. I don't go to strange websites, I always go to trusted well known common websites & I always do downloads from the original source .

It also doesn't protect againstsomeone calling and asking you to do stuff "because Windows somethingsomething".

Also I have a hard time with the term "Norton top-of-the-line". Flashback from MS support days when a large number of issues was resolved with simply removing Norton, and other AVS, but Norton was definitely the biggest troublemaker.

It was Norton top product when I started many years ago. It cost a lot per year, see top left hand corner.

 

[birdie]

You clearly didn't understand a word I said.

Norton is not a panacea. It might be if you're an average user who visits a couple of websites and doesn't do more than this. But in this case Windows Defender will do the job for you completely for free and without any hassles.

If someone decided to target your specificially, you'd be powned and stay none the wiser.

 

[delshay]

You clearly didn't understand a word I said.

Norton is not a panacea. It might be if you're an average user who visits a couple of websites and doesn't do more than this. But in this case Windows Defender will do the job for you completely for free and without any hassles.

If someone decided to target your specificially, you'd be powned and stay none the wiser.

I do understand what you are saying "line by line". You have pointed out what looks like most if not all the venerability. I'v never had any problems whatsoever in the ten years plus i'v been with Norton. What you are saying is, this is certain to change as there will be no more security updates.
This holds true & nothing can change that unless somehow user(s) can get hold of the security updates.

Windows defender is disabled by default here by the Norton protection software as both can not run at the same time.

A few years back around two years ago British warship computer got hacked as it was still using win XP.

 

[lexluthermiester]

So, here's the deal. An OS is not just the applications that you run.

True.

No AV will protect your against:

Not true, and I'll take them one at a time.

Vulnerabilities in core OS libraries/DLLs, e.g. image/documents parsers which means if you open an image from a hacker using a built-in Windows viewer, the hacker may get full access to your PC in spite of you running an AV. There are many other types of files which Windows handles and you don't even think about that: video containers (avi, mp4, mkv, etc), audio files (wav, mp3, wma, aac, etc.), documents (e.g. zip files). Even when you don't open them, Windows Explorer still might have some handlers to show information about them. And it's not just about files on your disks, it's goes further to even game assets (3D textures) or fonts (browsers download them and parse them).

Incorrect. Most AV suites scan for and detect most known vulnerabilities.

If you have any core Windows network services listening (e.g. Windows File sharing) and if you have a hacker on your network (not necessarily a hacker - it might be your friend with his p0wned Android phone), you might get hacked.

That solution is simple, either disable said services or use a firewall to deny them access to network connections.

Sooner or later web browsers and AV will stop being released/updated. Nowadays in Windows XP you cannot run neither modern up to date Chrome, nor Firefox. Most if not all current AVs also can't be installed in XP.

This one can not be avoided. However, browsers and other programs supported XP until 2017/2018. Some still do. Similar extended support outside of Microsoft can be expected with Windows 7, especially with 7's continued popularity and the public's resistance to let go of it.

Regardless of the nay-saying, like XP, 7 can and will continue to be securable if important precautions are observed.

 

[delshay]

lexluthermiester

I use Microsoft Edge as my default browser, but there's also AMD browser built into the Radeon software. It's just a matter how long their are maintained, which will cease at some point.

 

[birdie]

Incorrect. Most AV suites scan for and detect most known vulnerabilities.

God damn it. Install Windows 7 SP1 without any updates on top of it and tell me how many vulnerabilities your favourite AV will report. It's not like a lot of them even have this feature built-in.

I'll give you a hint. That will be a big fat zero. I'm a fuqing security engineer among all other things that I do. There are AV which will tell you you're missing this and that update but it's not because they know which DLLs are indeed vulnerable and what an attack vector is, it's because they just check a DLL version/date. That's fuqing it.

Now, here's the biggest fuqing issue: when you're past a support cut-off date, how an AV is supposed to know which DLLs are vulnerable if Microsoft no longer releases any updates at all?

That solution is simple, either disable said services or use a firewall to deny them access to network connections.

God damn it. Some people have Windows File Sharing enabled because they absolutely need it. Almost all of them also have a home WiFi router and have their IP addresses assigned randomly which means you cannot firewall local devices (unless you filter by MAC address which Windows firewall cannot do), which means an intruder on your WiFi network, and it may be your pal who uses your WiFi connection and his phone is infected, becomes a threat.

WTF is wrong with you people? When you're trying to argue at least become a little bit more educated.

 

[eidairaman1]

MS will continue W7 ESU.

 

[lexluthermiester]

God damn it.

Calm down.

Install Windows 7 SP1 without any updates on top of it and tell me how many vulnerabilities your favourite AV will report. I'll give you a hint. That will be a BIG FAT ZERO.

Perhaps you need to experience a better AV suite.

I'm a fuqing security engineer among all other things that I do.

Good for you. Your experience doesn't mean you know everything, nor does it mean that methods of securing older operating systems are unknown to others or are not possible.

Some people have Windows File Sharing enabled because they absolutely need it.

They'll have to learn to live without it, or learn to use a firewall properly.

Almost all of them also have a home WiFi router and have their IP addresses assigned randomly which means you cannot firewall local devices (unless you filter by MAC address which Windows firewall cannot do)

Incorrect. You claim to be a security engineer and yet do not seem to understand that firewalls can be configured dynamically, whether hardware based through a router or software based through an OS/security suite. People are not limited to the inbuilt Windows Firewall. There are many well designed and competent third party firewalls available.

WTF is wrong with you people? When you're trying to argue at least become a little bit more educated.

Again, calm down. The insults are not welcome.

 

[Ahhzz]

Rant...

Birdie, we appreciate all constructive input here, but you need to calm down, or your posting privileges will be curtailed.

Everyone, keep this in mind, keep it civil, and keep it on topic. Thanks!

 

[trparky]

superfetch

Why disable Superfetch though?

Superfetch shows up as “Service Host: Superfetch” in the Windows Task Manager. It sits quietly in the background, constantly analyzing RAM usage patterns and learning what kinds of apps you run most often. Over time, Superfetch marks these apps as “frequently used” and preloads them into RAM ahead of time.

The idea is that when you do want to run the app, it will launch much faster because it’s already preloaded in memory.

I don't know about you but that's a good thing.

 

[birdie]

Why disable Superfetch though?

Pretty useless for people with SSD disks. Also kinda useless for the spinning rust as well 'cause it creates background activity which still affects how fast your system boots.

In short, it was created to speed up the launch of applications but I've never seen anyone who's actually benefitted from it.

 

[lexluthermiester]

Pretty useless for people with SSD disks.

This is true. Superfetch is not really all that effective for systems with SSD's. Even slower SSD's render bandwidth that makes for very speedy load times.

Also kinda useless for the spinning rust as well 'cause it creates background activity which still affects how fast your system boots.

Your point is easy to understand here. Still, with mechanical HDD's superfetch can be of benefit in the long term.

 

[birdie]

@lexluthermiester

You haven't addressed the biggest concern about Windows updates - no AV vendor can detect missing updates for an OS which doesn't receive them any longer. Last time I checked no vendor is able to scan DLLs directly to find the vulnerable binary code. And then, this code is near impossible to patch 'cause only Microsoft can do that or you end up disabling secure boot and windows files [signatures] protection/verification at which point you're basically naked in terms of security.

Also, you haven't addressed the fact that MAC addresses can be easily spoofed especially when you're on a wireless network where there are no physical ports you can assign them to, so that the attacker wouldn't be able to carry out such an attack and some people prefer passwordless file sharing.

In short, you either choose security or obscurity via trying to patch your holes and having the faith you haven't missed all the attack vectors an insecure/unsupported OS opens itself to.

 

[trparky]

OK, I did not know that about Superfetch.

no AV vendor can detect missing updates for an OS which doesn't receive them any longer

Uh... nope. I've seen Avast tell me about missing updates in the past. Hell, it even tells me that a select number of third-party programs (Firefox, 7Zip, VLC, IrfanView, etc) are outdated as well and even offers to download said update to programs and install them for me.

Oh and I'm sure that most of the major AV vendors will be pestering people to upgrade to Windows 10 as well.

 

[lexluthermiester]

You haven't addressed the biggest concern about Windows updates - no AV vendor can detect missing updates for an OS which doesn't receive them any longer.

Not nessisarily. Most AV vendors have working knowledge of vulnerabilities discovered and can actively deduce how those issues will affect legacy OS's. Many did this with XP until the differences in code made such effort difficult or irrelevant.

For example, Avira was especially adept at protecting XP with unofficial signature updates up until 2017 when they ceased support for the OS entirely. In fact, they have publicly committed to support of 7 until 2022;
https://www.avira.com/en/support-product-lifecycle
That's just one vendor.
Comodo still has a free AV that works with XP, though it's functionality is limited, it still does a great job.
https://antivirus.comodo.com/security/free-antivirus-xp.html
Comodo's Personal Firewall also still has a version which runs on XP that is robust enough to protect that OS from the vast majority of threats one might encounter on the net.

I personally still run a machine with XP on it that I occasionally get on the net with. No virus attacks or hack attempts. It's one system in billions hidden behind two firewalls and I do not go to "IShouldNotBeHere.com" types of sites.

Microsoft's support for Windows 7 may soon end, but third party security suite support will likely continue for years to come and will continue to be effective. Windows 7, like XP, will not just fall to pieces overnight, or at all.

Also, you haven't addressed the fact that MAC addresses can be easily spoofed especially when you're on a wireless network where there are no physical ports you can assign them to

True, but there are ways to block such problems. For example, transfer of files manually through external storage(USB drives) or isolation of devices to specific subnet addressing.

In short, you either choose security or obscurity via trying to patch your holes and having the faith you haven't missed all the attack vectors an insecure/unsupported OS opens itself to.

The third option, I've already mentioned, is to hide the OS in question behind protective security measures and proper security methodologies.

 

[Deleted member 185158]

I am enjoying W7. Will continue to do so.

When I see reports of big time attacks on W7, then perhaps I'll switch to W10. My PC is the only one in the house that's not W10.

Can buy W10 on fleebay for 10-20 dollars (u.s.) nice fresh install and done. You can run W10 so it's more so like W7. People are just being stupid and lazy. (no offense lol)

Get into the now if your worried about your 1 in a Billion chance of actually being "Hacked" in some proverbial way, the very second M$ drops support..... lol

 

[biffzinker]

Here's an interesting app for moving to Windows 10. Somewhat similar in functionality to Shutup10.

GitHub - builtbybel/debotnet: Debotnet is a tiny portable tool for controlling Windows 10's many privacy-related settings and keep your personal data private.

Debotnet is a tiny portable tool for controlling Windows 10's many privacy-related settings and keep your personal data private. - builtbybel/debotnet

github.com