Windows 7 users will begin to see a interactive full-screen warning that their OS is no longer supported

[Deleted member 185158]

Ill never see the warning haha.

 

[lexluthermiester]

The average user doesn't lock down their system

Your estimation of the average user needs adjustment. The general public is getting much better at proper PC security and the one that aren't are wise enough to ask for help in doing so.

this why a corporate network will kill a port you plug an xp or Vista computer into.

That is a rarity, an exception rather that the rule because...

And yes one machine can compromise a network.

only if said network is improperly and/or poorly secured.

Let's say that you have file sharing turned on

That depends greatly on how file-sharing is used, how it's provisioned and what permissions are configured.

Do a course on information security it's spelled out clearly.

Thanks for the advice. However, I've been working on and securing PC's, LAN's, WAN's and the such for nearly 30 years and am very good at it. I think I'm going to continue to rely on my experience where it comes to how, when and why to secure a system and a network. Thank You.

 

[candle_86]

Your estimation of the average user needs adjustment. The general public is getting much better at proper PC security and the one that aren't are wise enough to ask for help in doing so.

That is a rarity, an exception rather that the rule because...

only if said network is improperly and/or poorly secured.

That depends greatly on how file-sharing is used, how it's provisioned and what permissions are configured.

Thanks for the advice. However, I've been working on and securing PC's, LAN's, WAN's and the such for nearly 30 years and am very good at it. I think I'm going to continue to rely on my experience where it comes to how, when and why to secure a system and a network. Thank You.

Your welcome to follow your flawed knowledge, it's the guys stuck in their ways that have caused the biggest problems for companies, and yes every company I've worked for will kill a port if you plug in a system that has an outdated OS that gets no support, and will refuse guest wifi for the same reason, it's seen as smart and removes risks. Also the average user is the same as they have always been, can they use it better yes, but they still can't wrap their head around security, there is a reason information security is the fastest growing sector in IT, it's because the average person is clueless. I'm just glad your not incharge of info sec where i work, I'd hate to keep cleaning up the mess such policies would cause.

 

[R-T-B]

For those of us who manually control our services, we will not see such prompts.

As long as you do not install the update and/or track down the service and/or scheduled task it installs, sure.

 

[lexluthermiester]

As long as you do not install the update and/or track down the service and/or scheduled task it installs, sure.

Not difficult really. I selectively do manual installs of updates.

 

[R-T-B]

Your welcome to follow your flawed knowledge, it's the guys stuck in their ways that have caused the biggest problems for companies, and yes every company I've worked for will kill a port if you plug in a system that has an outdated OS that gets no support, and will refuse guest wifi for the same reason, it's seen as smart and removes risks. Also the average user is the same as they have always been, can they use it better yes, but they still can't wrap their head around security, there is a reason information security is the fastest growing sector in IT, it's because the average person is clueless. I'm just glad your not incharge of info sec where i work, I'd hate to keep cleaning up the mess such policies would cause.

It's two different mindsets, prevention and immunity. One is much harder to maintain and really easy to screw up, especially with zero days. But if you really can pull off immunity, it's honestly better.

In a high security environment, I preach both. Most cases can do with one though.

Not difficult really. I selectively do manual installs of updates.

Me too. God, WSUS has saved us from so much W10 rollout pain.

 

[lexluthermiester]

Your welcome to follow your flawed knowledge

Thank You, and you.

it's the guys stuck in their ways that have caused the biggest problems for companies

Incorrect, it is the ignorant or incompetent network admins who fail to properly configure networks that allow for network problems.

and yes every company I've worked for will kill a port if you plug in a system that has an outdated OS that gets no support

I regularly travel and have only seen this kind of thing on poorly configured networks.

Also the average user is the same as they have always been, can they use it better yes, but they still can't wrap their head around security, there is a reason information security is the fastest growing sector in IT, it's because the average person is clueless.

Again, that estimation of the average user needs adjustment.

I'm just glad your not incharge of info sec where i work, I'd hate to keep cleaning up the mess such policies would cause.

Just an FYI, if I were working at your company, it would likely be as the director of IT services and you would get proper training in short order.

Me too. God, WSUS has saved us from so much W10 rollout pain.

Exactly right.

 

[Vayra86]

Does that mean I should think about updating my WinXP machines?

Not at all

XP might actually get safer again because the market share is so low, nobody cares. Just be careful for the drive by's when visiting sites and you're good.

As for security and the OS... to each their own really, but let's be clear about one thing. The VAST MAJORITY of people who still use 7 or XP beyond expiry dates are clueless as hell. The extreme minority, and I do count several people on this forum among them (far from all..., but who am I) are indeed knowledgeable enough and up to date enough to be able to maintain immunity.

Everyone else should just mitigate, and the best mitigation is being up to date. Mitigation also means you will never stop every single thing always. Accept that. Its the same idea as being able to get run over by a car every day. It just rarely, if ever, happens. But those who dó stay on 7 without proper knowledge (almost everyone)... you're now crossing the street with your eyes closed. Good luck with that. Its just a matter of time.

For perspective. I'm an IT consultant for some years now, have a natural affinity for this stuff, and am thoroughly interested in all facets of computing... but I still do not have the arrogance to say I know my way around perfect security. Could I achieve it? Maybe. Could I maintain it? Maybe. But thats as much certainty as I can get with mitigation, and the latter is far less effort. Just some food for thought to those who feel safe under 7. I do know what proper enterprise security looks like, and its no joke; and the necessity of being entirely up to date is very, very clear.

 

[lexluthermiester]

It's two different mindsets, prevention and immunity. One is much harder to maintain and really easy to screw up, especially with zero days. But if you really can pull off immunity, it's honestly better.

Making a system immune is, admittedly, a much more involved process. However once implemented, the system in question is far easier to maintain. When you apply such methods to an entire network, keeping things in order is much less troublesome.

XP might actually get safer again because the market share is so low, nobody cares.

Very true. Most security suites that still support it are doing so more effectively as of late. Third party software firewalls are also proving to still be very effective.

 

[Bill_Bright]

I've got mixed feelings here that, as time marches on, will tilt more and more to one side, just as it did when support for XP went away.

For now, I agree with lexluthermiester and W7 is still, and likely will remain secure. But I emphasize, "for now".

No one is doing that. Just because Microsoft has ended support doesn't mean everyone else making security suites will. As mentioned elsewhere, many have stated they will continue support on 7 for the next few years. Additionally, 7 isn't going to fall apart.

I agree that no one is encouraging people to compromise security. But more should be done to encourage folks to let W7 go and move to the more secure operating system. It is not like Microsoft has not given us enough time.

Anyone who claims W7 is inherently more secure than W10 is ignoring the facts and sticking their heads in the sand. And it is those people who I believe who condoning potential compromised security, or at least spreading false hope. And that's just wrong because the bad guys will capitalize on that. It is also wrong to pretend privacy and security are the same thing. They are totally different.

I also agree with Lex that security program developers are not going to suddenly stop supporting W7 - at least not as long as folks are willing to pay for their products. But just like XP, the ability of an antimalware solution to effectively secure a W7 system depends on the actual vulnerability and "IF" it can be protected. It is not a given that all future vulnerabilities can be protected. And that's the problem - the unknown.

Rubbish. That is a flawed conclusion based on fear-mongering and little else. One compromised system does not automatically compromise every other system. System vulnerabilities are based as much on secure computing methodologies as it does well structured code.

It is not really a flawed conclusion but it is being sensationalized and blown out of proportion with fear-mongering and exaggerated claims. I agree with that you 100% that a compromised W7 computer does mean my computer will soon be compromised. It won't. But a compromised W7 computer (just like a compromised XP computer) can and likely will be used to attack me, our banks and our institutions. Those compromised systems are likely to be used to distribute spam, malware (including ransomware), or used as zombies in bot armies conducting DDoS attacks on our government networks, power grids, banks, hospitals, facebook and others. With some of those attacks backed by Russia, China, N. Korea, Iran and other very malicious state sponsored players.

Fear mongering? No. It should be a slap in the face look at reality.

We can't just look at the threat as a threat just against our own personal computers. We must look at the big picture and view the threat as a threat against society and our very way of life.

We must view the decline in W7's security as inevitable. Stop being so stubborn and move to W10, or Linux.

Not difficult really. I selectively do manual installs of updates.

Now this is flawed. You assume because it is easy for you to keep your system secure by selectively installing updates, that it is easy for anyone to do that. That's just wrong. Some folks are totally clueless when it comes this stuff, others could care less. And that's fine. NO ONE should need to be a security expert to keep their Windows computer secured.

 

[lexluthermiester]

It is not like Microsoft has not given us enough time.

This is true. What I suppose many people think is that Microsoft has not given us a worthy alternative. This is the gist of why people are hesitant to move forward, myself included.

Anyone who claims W7 is inherently more secure than W10 is ignoring the facts and sticking their heads in the sand.

No one is saying that, per se. All I'm trying to convey is that with proper effort 7 and even XP before it are securable.

I also agree with Lex that security program developers are not going to suddenly stop supporting W7

Exactly. There is a lot of money to be made in providing what Microsoft won't and as long as the money can be made, support will continue and will be effective.

It is not a given that all future vulnerabilities can be protected. And that's the problem - the unknown.

True. However history has shown that all but handful can be mitigated, and isolation efforts are very effective against those remaining few.

We must view the decline in W7's security as inevitable. Stop being so stubborn and move to W10, or Linux.

There is a difference between being stubborn and standing one's ground. Please know that the moment Windows 7 can not be properly secured, I will stop allowing it on the net. My lone XP system is only allowed on the net for short periods and then only for specific purposes. When it does, it's behind a properly configured software firewall and hardware firewall. Windows 7 will face that same fate, but that time has not come.

 

[Bill_Bright]

What I suppose many people think is that Microsoft has not given us a worthy alternative.

There is a difference between being stubborn and standing one's ground.

I think there are better battles to choose to fight (like the ridiculous prices for smart phones or even MS Office). W10 is a worthy alternative and really not that expensive. All folks need to do to realize that is to give W10 a fair shake. They need to take the time to get past their biases and the small learning curve and get used to it.

For starters, W10 is more secure out of the box. It is easy to configure to make it look and feel like W7. And - and this is a biggie - it supports current hardware and software and current hardware and software supports it.

Choosing this battle because we expect more from Microsoft is misplaced stubbornness. The hardware industry, for example, makes their own advances. Look how long it took for the software industry (including Microsoft) to catch up to 64-bit. It took years! The gaming industry is a major driving force in the advancement of hardware technologies. More and more hardware makers don't provide W7 drivers and more will follow suit. What good does being stubborn about Microsoft get anyone? All that stubbornness is doing is creating a bottleneck for users to catch up to the hardware.

Being stubborn - not liking change - is just human nature. I get that.

But standing one's ground? Against what? Microsoft? That's just silly. Windows is just the operating system. The OS is the means we use to let us use our games, applications and other programs to their full potential. And that can only happen with the latest and greatest hardware technologies our budgets allows.

 

[candle_86]

Just an FYI, if I were working at your company, it would likely be as the director of IT services and you would get proper training in short order.

Considering I'm certified I'd call any IT Director that directed us to turn off updates long term and stay on Windows 7 an idiot, matter of fact i did that to a boss once that suggested we stick on XP for a while past the end of support.

Microsoft told everyone in 2010 that Windows 7 support would end Jan 14th 2020, it's been listed on the life cycle fact sheet for quite some time, there is zero excuse for not moving to Windows 10, same as there was zero excuse to not have been ready April 14th 2014 when Windows XP expired.

As for a poorly setup network, any network that allows vulnerabilities like outdated unpatched operating systems to connect to them is already poorly configured, and I'd call into question why it's allowed, as it seems that someone without a background in actual security made the decisions.

It's two different mindsets, prevention and immunity. One is much harder to maintain and really easy to screw up, especially with zero days. But if you really can pull off immunity, it's honestly better.

In a high security environment, I preach both. Most cases can do with one though.



Me too. God, WSUS has saved us from so much W10 rollout pain.

Immunity is impossible unless you airgap your network, otherwise there is also a hole, maybe it hasn't been discovered yet. This is something they teach in any class and part of any info sec certification test, there is no effective way to have a system connected to the internet and have it immune, it's impossible. The smart move is to always lesson the chance of bad actors being able to get to your network and systems. The most effective way to accomplish this is to remain fully updated, and run supported software and drivers. Mitigation of risk is the only thing anyone can do, anyone that thinks they have achieved immunity is no different that the guy that said the Titanic is unsinkable.

Then again I work in medical where HIPPA rules and our security tends to be cutting edge so we don't get hit with million dollar fines.

 

[Bill_Bright]

While I think candle_86's comments may be a bit harsh, in general, I agree with them. Businesses had lots of advanced notice this was coming. But as a business owner, even as a very small business owner, spending money on IS/IT hardware, software, training and support can be real challenging because for most businesses, none of that "makes" any money for the business. Its like paying the rent or the electric bill or buying desks and chairs and tables. Its all part of "overhead" and comes right off the top before any profits. It can be tough.

So I'm not buying "zero excuse" for all. But certainly for most. And for sure, with home users, IMO, that gets even closer to zero. Why? Because NOBODY "needs" a fancy "gaming" rig. If they "need" a computer for work or school or pay bills, Linux and LibreOffice work fine. New W10 computers can be had for less than $400. Refurbished for less than that.

 

[candle_86]

While I think candle_86's comments may be a bit harsh, in general, I agree with them. Businesses had lots of advanced notice this was coming. But as a business owner, even as a very small business owner, spending money on IS/IT hardware, software, training and support can be real challenging because for most businesses, none of that "makes" any money for the business. Its like paying the rent or the electric bill or buying desks and chairs and tables. Its all part of "overhead" and comes right off the top before any profits. It can be tough.

So I'm not buying "zero excuse" for all. But certainly for most. And for sure, with home users, IMO, that gets even closer to zero. Why? Because NOBODY "needs" a fancy "gaming" rig. If they "need" a computer for work or school or pay bills, Linux and LibreOffice work fine. New W10 computers can be had for less than $400. Refurbished for less than that.

significantly less for a home user as long as they are running Windows 7 you can still install 10 and use the 7 key to activate windows 10. There is no reason for a home user to not move to 10, unless they are still using a vista or XP computer, and then they have more issues. I recently upgraded an older couple to 10, he had to buy a 10 home key but we then upgraded his Core 2 Duo E4400 Gateway to windows 10, we also took his ram from 2 to 8gb of ram for 20 bucks. Basically if computer is from 2006 or newer it supports 10 and will run it fine, as long as they where happy with how it preformed on Vista/7/8 it will be fine on 10.

 

[lexluthermiester]

W10 is a worthy alternative and really not that expensive.

That is what is at the heart of this debate. Whether Windows 10 is a worthy replacement. Many disagree with you and the reasoning for such is legitimately worrisome. The expense is not one of those reasons.

All folks need to do to realize that is to give W10 a fair shake.

You say that like you think no one has. I have been trying to give 10 a "fair shake" since it's release. It is still only barely workable by the standards I require for my personal systems. Making it workable is like pulling teeth from a cranky rhino, it can be done, but it's a hassle.

They need to take the time to get past their biases and the small learning curve and get used to it.

The learning curve isn't the problem. It's the plethora of small but serious limitations imposed by Microsoft on how the system can and can not be configured, how it's GUI can and can not be configured and/or customized.

It is easy to configure to make it look and feel like W7.

No, it can't without serious hacks to the system files, which certain people will whine about the security of..

Considering I'm certified I'd call any IT Director that directed us to turn off updates long term and stay on Windows 7 an idiot, matter of fact i did that to a boss once that suggested we stick on XP for a while past the end of support.

Telling someone that they're an "idiot" for not upgrading is not productive. Had you said that to me, you would have been escorted off the property by security and would be brushing up on your resume. You would not get a reference. And yes, I've had to do that.

The debates here seem to fail to take into account that people don't care about the reasons they should upgrade. So instead of calling names and telling people how wrong they are, it's better to educate them on how best to run their system of choice in the most secure way possible. This is something I am routinely required to do. For example, at one my places of work we have several multi-million dollar systems that can not be replaced without spending $64,000,000+ and can not be upgraded to a current OS. They are running XP. They need network access and limited access to the internet. They have never been breached. Even though XP is unsupported by Microsoft, everything surrounding those systems is geared toward protect them. So when I tell you all that it is possible to make an older OS secure and have network/internet access, you can take it as fact that it can be done, because it is being done, successfully. Such is easier than one might suspect.

 

[Bill_Bright]

Well, there are certainly exceptions to your post 2006 claim but that's for another discussion.

 

[candle_86]

Telling someone that they're an "idiot" for not upgrading is not productive. Had you said that to me, you would have been escorted off the property by security and would be brushing up on your resume. You would not get a reference. And yes, I've had to do that.

well that's fine, and i hope your XP system is segregated from your main network because it is a security risk, and if i was fired by someone that took risks that compromise the network I'd respond properly, as I have before and gone over there head to the CTO or CEO and told them that their guy is putting the entire network at risk by playing fast and loose. Your entire statement of it can be done tells me you take unacceptable risks, you didn't say its segregated from the rest of the network, I have seen legacy systems being in medical, those systems where kept on a specific lan segment that had zero access to the rest of the network. I've played this game for 12 years, and ive seen to many dinosaurs take to many risks, it doesn't impact the guys at the top, it impacts the guys at the bottom, the company looses 100 million due to not practicing best practices the CTO and the director don't get fired, no the guys at the bottom get laid off. There is no excuse for not following industry best practices period.

What you should be doing is telling people that no they can not stay on their system of choice if they want to be secure, work in medical just once, sure there are some legacy systems but they are highly segregated, and most of them I've run into are air gapped, data is transferred to them via removable media or are tied into a server that connects to the primary network but blocks those systems from reaching the primary by keeping the data flow separate and it acts as a bridge where you can send a file and access it from one of the legacy systems. Industry best practices are defined for a reason because they are the best way to be safe and secure. Your experience is limited compared to what 1000 people working in this field for 5 years have, best practices are a combination of knowledge and there is no excuse to not follow them. Best practice right now is install the security updates and be moving off of Windows 7 onto Windows 10 or to segregate your old systems from the main network so they can not be used to gain access to private data, be it client data, trade secrets, accounting, or employee data. It takes one breach and only one, and anyone that thinks they are secure is only fooling themselves. You can never be secure, you can mitigate the risk, you will never be secure unless you air gap your entire network and block any removable media you are always at risk from the next exploit period. To kid yourself and say your safe only shows your complacency.

 

[lexluthermiester]

There is no excuse for not following industry best practices period.

Let's just agree to disagree and call it good. Happy New Year!

 

[R-T-B]

Immunity is impossible unless you airgap your network, otherwise there is also a hole, maybe it hasn't been discovered yet. This is something they teach in any class and part of any info sec certification test, there is no effective way to have a system connected to the internet and have it immune, it's impossible.

I was speaking conceptually, not globally.

Of course that's true. It's sort of "no duh" at this point.

I would also note even airgaps aren't entirely secure.

 

[Bones]

Ill never see the warning haha.

Same here.

 

[lexluthermiester]

I would also note even airgaps aren't entirely secure.

How so?

 

[candle_86]

I was speaking conceptually, not globally.

Of course that's true. It's sort of "no duh" at this point.

I would also note even airgaps aren't entirely secure.

if your air gap is done correctly it is, disable removable media

 

[Grog6]

I keep backups of all my machines, full images of the entire boot drive.

If one gets trashed, I'll reload the backup.

I have 1 xp machine and 2 win7 machines on the net right now; I have never had issues.

I use file sharing, and am remoted into the XP machine right now, while it's transferring VHS tapes for me.

The Win 98 machines are not on a net facing network, but mostly because the don't like the Win7 machines, so it's easier to have them on a different net.

 

[biffzinker]

How so?

piezoelectric speakers.


Edit: Forgot to include the microphones.

Scientist-developed malware prototype covertly jumps air gaps using inaudible sound

Malware communicates at a distance of 65 feet using built-in mics and speakers.

arstechnica.com