A pre-concern on Win. 7 and End of Life 2020

Topic

New Reply

From a pretty good article i was reading about today on this site about what the Group A&B was, a part in it was that Win. 7 would not be supported as of 2020. So, like XP and earlier versions, then what will windows 7 users do, just end of life using computer or go with opt-in windows 10 or in the alternative, would Linux be compatible in terms of less AI and telemetry because obviously, i’m not a fan of either and that’s almost difficult to avoid as far as kicking back and let AI do the driving. (Nah).

Reply | Quote

Replies

There are a lot of people pondering their options on Win7 machines, once EOL hits. Some will air-gap theirs (use them offline only, where that’s possible), some will continue to use them unpatched (same as so many are still doing with WinXP, Vista etc.). As you say, some will migrate to Linux or Win10, and others are decamping over to Mac-based hardware.

I think there are a lot of people (myself included) that are hoping that by January 2020, Win10 (should that still be the current OS, as it is expected to be) will have morphed into a user-friendly OS that doesn’t have some holding their noses as now. I think Win8 could be considered to have morphed into the more usable 8.1.

I’m also hoping my hardware survives long enough not to need to be forced onto a new Win10 machine before they have it “house-trained”, that’s for sure! I’m put off changing to Mac hardware, due to cost (among other reasons).

This certainly isn’t a new discussion (cf. 2013 thread on pcper.com) 🙂

7 users thanked author for this post.

BrianL, Joulia.S, Elly, leis, Myst, walker, HiFlyer

Reply | Quote

Kirsty – I completely understand what you’re saying. Switching to Mac has drained my pocketbook in the past and as “extras” become extinct with my particular Mac, I’m right back where I started. Holding onto Win7 until the end with a Mac backup is my choice right now, but as we all know, change is gonna come baby. Just be prepared. Would be great if Win10 proved to be a viable source for all users down the road.

MacOS iPadOS and sometimes SOS

4 users thanked author for this post.

Bill C., Elly, leis, Kirsty

Reply | Quote

” but as we all know, change is gonna come baby. ”

I would add to that quote from  willygirl  that, in my opinion, the change is already here, has already started. Slow at the moment, to be sure, but it is going to accelerate. For different people, in different ways and to different destinations. But, like it or not, a move as big as anything we have been through in the past forty years, since the first large-scale appearance of IBM clones, DOS, Windows and Mac PCs, is already in the works and unlikely to stop. And I really doubt that its last port of call is ‘Azure’. Thanks, MS!

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Myst

Reply | Quote

When Win7 EOL draws near I am pondering doing a Topic on a SYSPREP creation of a Win7 image fully updated or updated to taste for apres EOL, its not hard but its long winded typically about 4 Hours from start to finish but doesent req. you to sit staring at the screen for anything like that, depending on what you wish to do with your copy going forward. As there are many “uncharted update waters” between then and now as well as exploits. I probably will do it closer to the time. Mercifully the Home user can do it with out using Win. SIM in WAIK tools (trust me that’s a nightmare) and wont cost a cent as the tools are all in Windows already, Disk imaging Software is another good solution and certainly the user friendly GUI eases the process. There’s even a DISM option fully updated, drivers etc that is not Machine specific (like SYSPREP) that can ease the pain, the downside is that they will require some CMD prompt work, however most of the utils are out there on the Net to ease the pain of an aversion to working with a CMD prompt WinPe etc.

4 users thanked author for this post.

Myst, GoneToPlaid, Elly, leis

Reply | Quote

I think that this a Topic which is worth creating. I have always wanted to learn about Sysprep and the other methods which you describe. The cool thing would be to do not only a Group B which is fully updated to EOL, but also to avoid some things.

Here is my partial list of things to avoid:

• Aside from avoiding all telemetry updates, also avoid other known bad Win7 updates which cause issues.
• Don’t include the Windows Genuine Advantage update.
• Avoid updates which, once installed, can not be removed.
• Avoid updates for .NET to anything above .NET 4.5.x, as updating .NET to higher versions should be up to the user.
• Do not integrate any Visual C++ Redistributables above 2005 and 2008. Installing later versions should be up to the user since the 2013 and later versions can gather telemetry, and since there are supersedence issues. Leave it up to the user to install later versions.
• Do not integrate any later versions of the Windows Update Agent. Long story.

Here is my partial list of some things to include:

• A “touched” build which legally allows anyone to install Win7 Pro, if SLIP keys exist in BIOS (as is the case with most OEM laptop and desktops) and even if the computer originally came with Win7 Home.
• REG or FixIt files or instructions to fix some Event log errors, such as Event IDs 2 and 10.
• Win7 Help for older programs.
• Windows Essentials Installer. This is no longer available from MS, yet I have the originally downloaded wlsetup-all.exe direct from MS.
• XP Mode Virtual Machine (clean install, fully updated to EOL, and with the built-in activation key which MS absolutely has to accept since this key is in every WinXP CD).
• REG files (user can optionally run these) to always boot with NumLock on, Don’t Pretty Path (one should ALWAYS be able to see the true file type), disable Folder Type Detection, Remove OneDrive, change Shortcut icons to XP style Shortcut icons, remove Shortcut extensions (visibly annoying), Take Ownership, and God Mode.
• My Windows XP Gray Theme which uses all gray colors. This is especially useful for graphics artists who need a color neutral display when working with images, and for users who desire Windows 7 to look like Windows XP (my preference for my work environment).

These are my thoughts for what they are worth.

6 users thanked author for this post.

kiwisolutionz, leis, walker, AlexEiffel, Elly, Myst

Reply | Quote

@gonetoplaid most if not all is easy to do the Golden rule is that Programmes Utils. even Office and updates etc must reside on the C:\ drive of the image your creating, as you Mentioned Desktop themes creations Tweaks as default yeah that’s entirely doable. Updates etc for Office, Windows well you just connect to the net and pick and choose as you would a new installation, I sort of cheat and use KB3125574 and precursor KB3020369, there was a 5 update combo that preinstalled IE11 or 3 updates (or .CAB’s) plus KB3125574 that enabled IE11 from the get go, lost some time ago from the MDL pages and it worked good. AV I use MSE, which has the curious effect of going in to Setup mode when you fire up your image first time, 3 mins and your done again.
I might even couple it with DISM as well as it will give people a few options, You mentioned Key for none specific install media on machines without a SLIP key etc in BIOS, it can be done. Basically maybe better for a none specific image where you can add drivers, Windows updates, Keys, however after install stuff .net greater than 3.5 and up nearly always Req. Manual install from the Desktop or WUD.
Basically for Home use SYSPREP is good for dedicated Machine use and DISM for General Machine use, SYSPREP allows the same amount of Customisation that the OEMS’s use to put the “Crud ware” in a new Machine and charge you $40-$50 bucks for Recovery media. Flip side to SYSPREP is using WAIK windows SIM, ADK (both big downloads WAIK over 1 gb, ADK 4gb but free from M$) in later editions to do the Job professionally, but even I have to pull out a Manual for that, without getting overboard with the Tech stuff you really don’t need to delve in to the mysterious world of unattend.xml ‘s or Synchronomous or Asyncronomous cmds, its doable but ponderous and time consuming. I’ll list a few links at the end you’ll see what I mean there’s plenty to read but don’t let it put you off you can produce an image without all that. Any time you spend before will pay dividends after, only reason I haven’t done it before now is 1. Don’t know what’s coming down the old update chute. 2. will they issue another KB3125574 (the unofficial SP2) say an SP3 (doubtful but hey I didn’t see KB3125574 coming) 3. Will all the updates and drivers still be around after EOL?I sort of think so as the other day I found some Win2k drivers in the Catalogue to my surprise. Anyways its on the cards as i’ll try and get some self explanatory images together, for the CMD prompt work, mercifully not to much, GIMAGEX (free) can take care of a lot of stuff, nice one this as it can run in WINRE/PE environment using a GUI, to speed up capture, 7zip can extract drivers from folders and Zips, DISM GUI free desktop only) can take care of adding drivers and Updates from the Desktop negating the CMD prompt. Alas I think you know you may have to try it out afterwards as I always do in a Partition or for Win7 Ent and Ult can be applied with DISM to a VHD or clean installed to a VHD from boot with a USB installer, and those are the only versions that can.
http://theitbros.com/sysprep-a-windows-7-machine-%E2%80%93-start-to-finish/
http://theitbros.com/sysprep-a-windows-7-machine-start-to-finish-v2/
http://sybaspot.com/the-complete-guide-to-preparing-a-windows-7-deployment-image-using-audit-mode-and-sysprep-with-an-unattend-xml-answer-file/
https://www.tenforums.com/tutorials/3020-customize-windows-10-image-audit-mode-sysprep.html
The last ones about Win10 most of the principles if not all are the same, from Win8/8.1? onwards to SYSPREP you cant select Audit Mode without a user being setup, M$ Reason believe it or not, the Machine starts to upgrade! well Duh? and one more wrinkle you create a user account, update customise, put in AUDIT MODE then delete the original USER/TEMP account bizzare ehh? quite a few perils and pitfalls but worth while when it works It has over the years enabled installation of Win7 on Machines never intended ever to run Win7 and even in UEFI. its a handy thing for the future. 🙂

3 users thanked author for this post.

leis, AlexEiffel, GoneToPlaid

Reply | Quote

Leis, One can find quite a bit of discussion on this here in Woody’s, as well as on the installation of a different operating system to be used along with Windows, on a Windows 7 or 8.1 machine, including doing it using virtual machines (VMs). Look, for example, in “macOS for Windows Wonks” and “Linux for Windows Wonks”. The links are near the bottom of those listed in the right bar of this page.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

Elly, leis

Reply | Quote

If one really wants to stay with Windows after 2020, there is the option of W8.1.  With the installation of Classic Shell and a few easy to adjust settings in the OS itself, W8.1 is as good as W7.  It buys you 3 more years until one has to make a decision.

You can disable or even uninstall all the metro apps, Microsoft even suggests it if you want to free up disk space.

Here is a screen shot of the center display of my 3 monitor W8.1/Classic Shell machine.  As you can see I like a clean desktop, don’t even like the recycle been there.  Everything is on the start menu.

I’m using the classic mode, and have tweaked it to suit me with internet links and a link to a spreadsheet file.

9 users thanked author for this post.

MrJimPhelps, SueW, Joulia.S, Myst, OscarCP, BobbyB, the_Unforgiven, Elly, leis

Reply | Quote

To answer your question in terms of what you can do with your current machine past 2020:

Run it unpatched for a while without using Microsoft browser and having a third party antivirus. I don’t recommend it but it might be an acceptable risk depending on your context.

Microsoft might extend support, maybe not at first, but after the enterprises backlash that will arrive comes 2020, maybe they will for a little while while trying to make 10 more acceptable.

Install Linux for free on top of your machine to turn it into a pretty good fast no telemetry computer to browse the net and do many of the things you do in Windows except maybe you will have to adapt to some new free alternatives to the current third party programs you use in Windows, if any.

You might still be able to update to 10 for free to get a supported Windows OS, but you might not be happy with it.

5 users thanked author for this post.

Heavenly, leis, SueW, Elly, OscarCP

Reply | Quote

Personally, I will probably continue using Windows 7 without being concerned at all about being updated. For me, Windows 7 has been “EOL” since July of last year and I am now at 52 consecutive days of up-time with no issues.

I’ve never really feared EOL. I ran XP for three years past EOL and didn’t have any major issues as a result of it, so I’m long past the point of caring about EOL and that goes for programs as well.

My current security setup is similar to Noel Carboni’s and I am very satisfied with it, but didn’t have a security setup anywhere near this on XP and still didn’t have issues. Using a high quality browser (Pale Moon for me) with uBlock and uMatrix as well as a DNS blacklisting server means that known malicious sites are blocked simultaneously using multiple methods. Nothing gets through. The browser is the most likely entry point, so having that secure goes a long way. I also have EMET adding security to the browser and a great application-level firewall (EOL) that has served me well for a long time.

The only way anything would likely get in to my system is if I am carefree about what I run on it which I am not… and that includes Windows Updates at this point. My computer just works and is completely stable.

However, I still mess with Linux Mint in a VM and will be giving it a try on it’s own SSD when I get around to it. I really think Mint is ready for the big time. Based on what I have seen, it’s a very good OS and exciting that it actually has a chance of replacing Windows for me. I may still run Windows 7 in a VM if I need it, but I hope not to HAVE to do that. I still have to work out a couple more things with Mint, though. It’s better than people think it is.. for sure.

6 users thanked author for this post.

columbia2011, leis, AlexEiffel, Elly, Joulia.S, GoneToPlaid

Reply | Quote

Anonymous wrote:

… there is the option of W8.1

This thread may be of interest, and was started by @Ascaris on February 9, 2017.

Win 7 SP1 Home Premium 64-bit; Office 2010; Group B (SaS); Former 'Tech Weenie'

3 users thanked author for this post.

leis, OscarCP, Kirsty

Reply | Quote

Wow! Mega-THANKS for what I thought at the time of typing up this idea of what happens at end-of-life support to Windows 7 may be an out-dated kind of question and everyone probably has their plan B packed and ready. Either way, though, it makes for good discussion it looks like and a lot of good ideas from a lot of other people here and shows intelligence & alertness too. 🙂

The good thing about all the responses I can save and see this in the future and select from a number of ideas at the ‘time of.’ 🙂 AlexEiffel, I like the idea of what you’re describing of running Linux & instructions on unpatched, etc…! I think that that is what I want to do.

Sue W. Thanks for the link you include, i like finding new info. and sites to see and learn, etc…it’s kind of funny part of where you put Former ‘Tech Weenie.’ 🙂

Sessh’s info. i thank ya for too, because I have an SSD and it looks like from your own experience the Mint-Linux, may be of interest to me. That term ‘virtual machine’ still has me a little bit wondering or that is, like a mirror image of my machine or software is what i’m drawing in to whenever i see VM.
MW that’s cool screen shot of your computer and 8.1 is excellent like as an alternative and has a little more mileage of its own end-o-life support that meantime, if all else…gives time to think a little more of ideas from that point on…(:))
Oscar CP you’re so right from reading yours the other night, i stayed around on Woody’s and looked and like a mall shopper there’s a lot to be found right here! Well, hel-loh (i mean-sorry) but look at all of you as a Grand Start as I mentioned already 🙂

The technical details of this SysPrep (Bobby B. & GoneToPlaid) is a whole other ball game that makes for some very interesting reading, if for nothing else (for me-right now :)) & kind of is like watching a video game or something that may make sense of later 🙂 but really, i’ll take a good look and read-up on soon and I like it that just may be right on target or time at a time of or just when, etc… 🙂

Yeh, I’ve liked Win. 7 the Best, I think. At first or earlier-on (way-earlier or a little bit way-early (BEEP-sorry) but I thought Windows XP was extra spectac when my friends made an Essential XP (copy) and that lasted up to about the time i finally got more with the times and Windows 7 was already played at the movies and out on DVD and by the time i got it everyone was well-versed. 🙂  Just a little joke but you know.

All the Thanks to any and ev’one including Kristy (where I followed your link & you’re right-isn’t a new question :)) and it looks like your specialty or as for and far as computers etc…is hardware(?) and i hope you’re right about Windows 10 or for your kind of hinting about that maybe windows 10 would be more presentable as a choice to select at that time in the near future rather than when it first came on the scene initially-that’s for real, huh! And WillyGirl’s yes indeed Baby-change’s always a’coming (i guess):)  Whether or not we like or are ready or not, but in this one, maybe Windows 10 will be more readily suitable for us, if nothing else, ya know it!(?).

Take Care***

8 users thanked author for this post.

Bill C., SueW, walker, AlexEiffel, Elly, Kirsty, BobbyB, OscarCP

Reply | Quote

it was interesting to read all the comments.  as for me, i have zero concerns about win7 end of life.  after much reading and researching, i bought a brand new win7pro pc two months ago.  and it runs perfectly.  updates are off and current only to 2017.  any bs updates have been removed. all telemetry that i could find is shut off. almost zero contact with MS.   i do weekly images with macrium.  have all my data on a separate drive.  run my browsers as portable and off a flash drive and sandboxed.  they work amazingly well like that and no contact with my system.  two computers like this and both doing tons of stuff for 8 hours a day and zero problems.  so no, no concerns about win7 eol at all.  i dont think about it or worry about it or waste my time with it.  good luck to all…Clas

Clas

3 users thanked author for this post.

SueW, HiFlyer, Elly

Reply | Quote

I think you need to be deciding now what you will do when Windows 7 arrives at end of life in January 2020, rather than waiting until it is at EOL to decide. Deciding now will allow you to begin making preparations for that day.

I decided to switch to Linux. And I decided to go ahead and make the switch, and run Windows in a virtual machine inside of Linux. In this way, when Windows 7 EOL arrives, I won’t even notice it. And I can still use Windows 7 right now, simply by opening the Windows 7 VM.

If you decide to move to Linux, it will take you some time to decide which Linux distro you want to move to, and also to learn how to do everything in Linux that you have been doing in Windows. Therefore, my advice is, don’t wait till the last minute to make the move.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

6 users thanked author for this post.

walker, SueW, HiFlyer, BobbyB, Elly, johnf

Reply | Quote

I’ve also gone Linux (with Windows in a VM).  Forgive me if you’ve read this before, but I think it’s pertinent here, and probably not everyone reading this thread has seen my posts about it before.

I started the migration to Linux in 2015, when I realized that my previous belief/hope that Windows 10, like other versions of Windows before it, would get better in response to customer feedback, was mistaken.  The things I disliked about 10 were intentional “features” by MS, and they were not willing to compromise on them, no matter how much their customers complained.  Windows 10 was not for me, and since Windows 10 is the future of Windows, I guess my choice has been made for me by Microsoft.  It’s like they say about so many things now: I didn’t leave Windows… Windows left me.

I set up my main desktop PC and my laptop as dual-boot Linux Mint/Windows 7, with the goal of using Linux for as much as possible, so I would acclimate to it and be able to gradually move my data and as much functionality as I could to the new OS, with plenty of time to accomplish all of it.

I started off using Windows a lot after setting up the dual boot, but that’s tapered down to the point that it’s been weeks since I booted Windows now (not counting VMs), and I try to avoid it the best I can.  If you don’t have a “must have” program that won’t work at all in Linux, you might (like me) be surprised at how comfortable you can get without using Windows natively.  I wish I could be completely free of it, even in VMs, but there are things that I need to do that are Windows only, for the time being at least.

My favorite distro in general (and especially when recommending one to Linux beginners) remains Linux Mint, but I have to say that since I realized that Cinnamon, my desktop of choice on Mint for the last few years, is a pig when it comes to battery life on laptops, I’ve really begun to warm to KDE, which (despite its past reputation as a huge, heavyweight desktop) has only a slightly larger RAM footprint than the notoriously and intentionally lightweight Xfce (and about the same as Cinnamon), and it slightly bested Xfce in my battery life tests too.

The results of my battery life tests (playing a 1080p h.264 video on loop until the battery is used up) is about 4 hours and I don’t remember how many minutes for Cinnamon on Mint 19; 5h 50m Xfce on Mint 19, ~6h 10m or so KDE Plasma on Ubuntu (Kubuntu).  I’ve since managed to get a bit more out of KDE, with current estimates of about 6h 30m… quite close to the 7h result I got in Windows 10.

I only wish Mint had kept their KDE version.  Mint is pretty closely related to Ubuntu, but all of the areas where it differs are the areas where I much prefer Mint.  Still, KDE, suitably modified (to fix the desktop icon layout and re-enable root on the file manager and text editor), is really striking my fancy these last few weeks, so Kubuntu it is, on my Swift laptop at least.

Even though my main PC is a desktop and doesn’t suffer at all because of the power consumption of Cinnamon (which, on this desktop, is such a trivial amount of power that I’d never notice it… it’s only important on a laptop where one extra watt of power consumption over time means more than an hour loss in battery life), I am thinking of migrating to Kubuntu on the desktop too.

Anyway, I digress. Often.

Ya know, a lot of people say they’re going to go Linux when Windows 7’s time runs out, and I would love to think they all will, but my gut tells me most won’t.  If you are thinking of Linux for the post-Windows 7 era, even a little bit, I’d suggest giving it a try now, before the pressure is on.  It’s free, and you can boot into a live session and try it out a little and see that it’s not the scary thing that a lot of people make it out to be.

Most of the popular desktop environments should feel quite familiar to Windows users (GNOME probably the least so among the big ones).  It seems like a scary thing to even get started on something new like this, but it’s not if you just break it down into baby steps and take it one little bit at a time.  When you’re ready, take the next one. If you get frustrated (and you probably will… we’re talking about computers here, and they’re just frustrating in general a lot of the time), take a step back, relax, realize that you can always return to Windows if you want… but try not to decide to give up on Linux (or anything else) while in that frustrated state.

Maybe you will like it after the frustration passes and you get familiar with it, or , maybe not… but at least you will know.

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

Cybertooth

Reply | Quote

Here’s something I’ve wondered about regarding running Windows in a virtual machine (VM): isn’t Windows running in a VM subject to all the same risks and vulnerabilities as Windows running directly off a disk, and (if it gets infected) aren’t the solutions the same?

Let’s say that I’m running Windows 7 on a VM inside Linux (or whatever). If it gets infected by malware or otherwise corrupted, the document and other data files that live on it could be at risk. Any disk or folder that Windows in the VM has access to, the malware should also have access to. How is that different from running Windows directly?

If things get bad enough, I can replace the VM with a clean image. OK, but how is that different from keeping a recovery image of Windows to replace an infected or corrupted one?

I must be misunderstanding something about VMs, for otherwise I can’t tell what is better about them in terms of security: you have just as much repair work to do if things go bad.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

+1

Yep, sounds about right.

When Win7 is EOL, and newly-discovered security vulnerabilities are not being patched, then continued use of that no-longer-updated rapidly-aging increasingly-insecure OS will put all data at serious risk – all communications communicated, all transactions transacted, all files filed, etc.

1 user thanked author for this post.

Cybertooth

Reply | Quote

My perspective is that running a VM doesn’t seem to add any security benefits, but that it should/will be possible to run a secure Windows 7 installation for as long as third-party software vendors continue to patch and update their applications.

First thing I’d do is to run as a Standard user instead of Administrator. According to the figures I’ve seen, that alone will prevent or mitigate around 90 percent of threats related to Windows patches. (That is, 90 percent of the vulnerabilities would be closed or mitigated simply by running as Standard.)

I would then make sure to use a browser that’s kept up to date with security fixes, and generally as much as possible use other applications that get regularly patched.

I would run a good AV security program, and supplement it with an anti-malware application such as HitmanPro.Alert or Malwarebytes Anti-Exploit.

I would use a comprehensive ad blocker on my browsers such as uBlock Origin, and supplement that with an extensive hosts file for good measure.

Finally, I would change my DNS settings to rely on a security-minded DNS server.

I would also look into a firewall that’s easy to understand and use, such as the old ZoneAlarm (don’t know what it’s like nowadays) that would ask your permission the first time any program wanted to connect to the Internet. Others may be more expert with such things, but my eyes glaze over when the talk turns to things such as rules to “Block–DefaultDeny,” iptables, and similar arcana.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Cybertooth wrote:

isn’t Windows running in a VM subject to all the same risks and vulnerabilities as Windows running directly off a disk, and (if it gets infected) aren’t the solutions the same?

You should be able to configure your VM to be disconnected from the web. That will greatly improve its security.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

1 user thanked author for this post.

Cybertooth

Reply | Quote

OK, that makes sense. “Virtually” 🙂 every possible vector of infection would be eliminated that way.

@oscarcp was also interested in knowing whether he could continue to send/receive email from within the EOL OS. If the VM were precluded from connecting to the ‘Net, then he could not do that; email communications would need to take place via the host OS. Not that this would have to be a deal-breaker of course; it’s just something he would need to take into account in his own planning for Windows 7 EOL.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

OscarCP

Reply | Quote

Cybertooth  #215200  :

As you wrote, doing email while Win 7 is hosted in a VM should be no deal breaker, because  the host OS (macOS, Linux) will be the one to connect with the outside world and run the communications software, including its own email client (or else another client installed on it by me).

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Cybertooth wrote:

Here’s something I’ve wondered about regarding running Windows in a virtual machine (VM): isn’t Windows running in a VM subject to all the same risks and vulnerabilities as Windows running directly off a disk, and (if it gets infected) aren’t the solutions the same?

Windows running in a VM will be more secure than Windows on bare-metal by virtue of the amount of time spent in Windows. If you’re running Windows bare metal, it’s exposed all the time you’re browsing, reading email, or doing anything at all with the PC, all the time.

If you’re running Windows in a VM, you’d only use it for things you need Windows for, while letting the fully-updated host OS take the rest of it. Your browsing (the riskiest task, generally) would be done in the more secure host OS.  Anything that can be done natively should be, leaving the VM to only the tasks you can’t do in the host OS.

A VM is in a window, just like any other program, so it’s no harder to switch out of the Windows guest to browse with Firefox or Chrome in Linux, then return to whatever you’re doing in the VM, than it would be to switch from your Windows browser to (or from) that same Windows program in bare-metal Windows.  If you wish, you can set up the VM to allow shared clipboards, so you can cut and paste from Windows to Linux or vice-versa.

Not only that, but it’s really easy to discard all changes in a VM and return to the same point you started with each time. If you picked up any malware, even if you haven’t detected it yet, it would be eliminated the next time the VM is shut down and returned to its previous state.  The guest OS in the VM (being out of support) isn’t constantly changing anymore, so there’s no need to worry about accidentally rolling back security updates, and for other software inside the VM that does need to be updated, you can just start from the known-good point, immediately install the update (and do nothing else), then save the state once again, and use that saved state as your go-to VM from then on.

Let’s say that I’m running Windows 7 on a VM inside Linux (or whatever). If it gets infected by malware or otherwise corrupted, the document and other data files that live on it could be at risk.

I wouldn’t let any important data live in a VM.  For one thing, it prevents you from rolling back to a known state each time.  As I see it, the VM is a tool, like a drill press.  Once you’re done drilling the hole, you don’t leave the work clamped into the drill press!  Once you’re done with the task in the VM, don’t leave the data in it… let the real (host) OS take care of the data from that point forward, unless/until you need to use the VM to make some changes again.

Hopefully, you’re not using data files that have the ability to accept executable payloads (MS Office macros, for one), so the data files themselves have a good chance of getting through a hypothetical Windows malware infection without being infected themselves.  If you do (or have to) use risky data file types like that, an infected file can reinfect your next Windows VM session the next time you open the file, and the next, and the next.  Each VM will start malware-free until you re-re-reintroduce the malware from the infected file, and anyone else you send the file to will also be at risk (this bit is the same as bare-metal Windows).

The host (Linux) will be safe, since it doesn’t have the ability to run MS Office macros anyway, and so will be all the files that were not accessible to the VM during the time it was infected.

If you don’t need these risky functions like Office macros, disable them in the software within the VM… data files should be safe from malware just by virtue of being data files.  That’s not always the case, but even then, you’re better off if the bad stuff is confined to the VM and not able to infect the entire (host) OS and all the files on it.

Of course, you can still run antimalware software within the guest Windows machine to catch any such things, with all the caveats and limitations that entails on a Windows bare-metal installation.  The good news is that it won’t slow browsing within Linux, etc. (obviously), like it could in a bare-metal Windows installation.

Any disk or folder that Windows in the VM has access to, the malware should also have access to. How is that different from running Windows directly?

Running Windows directly puts all data files on that PC at risk of a potential Windows malware infection.  Running Windows in a VM means that the data files that are not handled by Windows at all (IOW, the stuff that you work on only in Linux natively) are not at risk.  Also, there’s no need to let the VM have access to ALL your Windows data files at once… let it have only the one you’re about to work on, do what you need to do, then transfer it back to the host OS for safekeeping (which can be as easy as drag and drop or cut and paste, depending on your particular preferences).  You could also use cloud services for this task, if that’s your preference.

If things get bad enough, I can replace the VM with a clean image. OK, but how is that different from keeping a recovery image of Windows to replace an infected or corrupted one?

Because it takes about five seconds to roll back a VM, without requiring a reboot of the host OS or anything else that interrupts your workflow, so it is really easy to do not just when things get bad, but every single time you use the VM, thus preventing things from ever getting that bad.  You can even have the saved state of the VM be with all your programs you need in that VM running and ready to go, so each time you start or restart the VM, you’re ready to go with as little prep work as possible.  Rolling back the VM doesn’t mean you have to start from a freshly-booted state if you don’t want to.

I must be misunderstanding something about VMs, for otherwise I can’t tell what is better about them in terms of security: you have just as much repair work to do if things go bad.

It’s far, far less work to repair a VM… so much so that you can do it preventatively and without really having to think much about it.  In Virtualbox, when I want to close a VM session, I hit the “X” for close, and it gives me three options:  Save machine state, send shutdown signal, or turn off.  If you select turn off, a grayed out checkbox becomes active, saying “Restore (whatever) machine state,” which will be the machine state (snapshot) you started from when you opened that VM.  Check the box, hit OK, and the VM software closes (it takes only a few seconds).  The next time you start the VM, which takes about 5 seconds on my PC, it’s back to the same point as before when you started it.

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

3 users thanked author for this post.

AlexEiffel, Elly, Cybertooth

Reply | Quote

@ascaris, an extensive and in-depth post as usual. Thank you.

The way you describe it, you envision using a Windows EOL VM principally for functions that can’t be done (or not as well) in the host OS. I understand that.

This point needs to be understood by anyone considering running a VM: for most practical purposes, you would no longer be using Windows 7. It’s not like you would be running Windows 7 just as before, “except” that it would be protected by the host OS. No, you would be running Linux (or whichever host OS you picked) and using Windows only for specific, limited purposes.

For anyone thinking about going the VM route so that they can keep using Windows 7 as their daily driver, this may come as a disappointment. OTOH, for those who need Windows for a critical application and choose not to use a newer version of Windows, then a VM could be a lifesaver.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Cybertooth wrote:

This point needs to be understood by anyone considering running a VM: for most practical purposes, you would no longer be using Windows 7. It’s not like you would be running Windows 7 just as before, “except” that it would be protected by the host OS. No, you would be running Linux (or whichever host OS you picked) and using Windows only for specific, limited purposes.

Quite right, though it sounds scarier than it really is.  No matter what else you do, the OS you are using will be Linux, or whatever other host OS you may choose.  Windows 7 running on a VM becomes an application within that OS.

That doesn’t mean that using the VM can’t be a great way to ease the transition.  A nervous user can stay within the VM as much as they want, doing as much or as little within native Linux as they wish.  The more you do outside of an unsupported version of Windows, the more secure it will be, but you don’t have to do it all at once.

If you’re using Chrome, Firefox, Waterfox, Opera, etc. (essentially, all the browsers except IE and Edge), you can run the same browser you already know in Linux natively.  I’ve never used Chrome (in any OS) except while fixing other people’s PCs that only had Chrome on them, but I’ve used Firefox and Waterfox extensively in Windows and Linux, and other than one change (the settings are under Tools in Windows and under Edit in Linux), they’re identical down to the smallest detail in day to day use.

Even if you just used two applications within Linux, one being the Win 7 VM containing whatever programs you wish to run there and the other being your browser, you’d still be doing a lot to shield the Windows 7 installation within the VM from the biggest malware vector, which is the browser.

As others have noted, Windows 7 is not suddenly going to become a malware magnet the day after support ends, and a lot can be done to limit the threat.  Keeping the browser updated (even better if you use a script blocker or similar), using a limited account in Windows, using an antimalware program (one with host intrusion protection would be even better), and just being smart about what you do (things like not downloading files from sites you don’t have any way of trusting, not opening attachments or following links from emails that are not for sure from trusted sources, etc.), will mitigate the biggest majority of threats, whether or not Windows itself is up to date.

You could do all that AND have Windows in a VM, and even if all you do is remove the browser from the Windows picture and use the native Linux browser of your choice, it will still increase your level of security within Windows (in the VM) quite a lot. As you get more comfortable with Linux, you may wish to move more and more tasks into Linux, and the more you do, the safer you get.  You don’t have to do it all at once, or even think about it at all unless you are comfortable with the idea.

Modern Linux distros are not scary, and as you use them to run the Windows VM, familiarity and a greater level of comfort will naturally follow.  One baby step at a time… you can start with the browser, then maybe later on try moving some other tasks to Linux, like your email client, perhaps (I’ve used Thunderbird since its beginning, so moving from Windows Thunderbird to Linux Thunderbird was as painless as it was with Firefox).  Maybe it will be something as innocuous as using a Linux version of Solitaire, just to demonstrate to yourself that it’s not terribly different in day to day use.

Eventually, the natural progression will be to do as much as you can in the native OS, but you can do it at your own pace.  Not feeling that there is any pressure to “get there” is helpful… that’s why I suggest people start trying things out now, while Windows 7 is still supported, so you have all kinds of time, and you know you can return to native Windows for as long as you wish if you begin to get overwhelmed.

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

4 users thanked author for this post.

AlexEiffel, Elly, OscarCP, Cybertooth

Reply | Quote

Cybrtooth #215135 ,

“ Finally, I would change my DNS settings to rely on a security-minded DNS server. ”

How does one go about making those changes of settings? How does one recognize a security-minded DNS server?

Looking for suggestions on how to keep my Win 7 PC as safely as possible (within reason) after January 2020, I have been reading what has been posted here.  In particular about those DSN servers. I have never thought much about them, assuming that the Gods of the Internet, up there, somehow took care of choosing the right ones whenever I tried to connect to someone or something using their divine cables and servers. This discussion has sent me to Google to look up “DSN”, and now I have discovered that one can choose a DSN all by oneself — thus my two questions.

Also, this comment: running Win 7 on a virtual machine on a Mac or a Linux PC might not be an option for those home/small business users that, same as me, got Win 7 pre-installed and never received the disks, an unfortunately common practice of OEMs, I understand.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

@oscarcp, off the top of my head I can think of two possibilities for secure DNS service: Norton ConnectSafe and Heimdal PRO. The former will filter your Internet traffic for dangerous sites, while the latter does that through its own DNS service but also provides other functions.

Don’t take these two as the be-all and end-all of secure DNS services; there are others out there. Here’s the top result when I did a Web search for “secure dns servers.” Bear in mind that that post is three years old, so the links etc. may not be current, but the concepts and ideas will be much the same as today, so it’s still an informative writeup.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

OscarCP

Reply | Quote

A quick follow-up question: Would choosing a DNS server myself, different from the one I have currently assigned by my ISP, create conflicts or problems affecting my sending and receiving emails?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

@oscarcp, AFAIK switching DNS servers should not affect your ability to send or receive email. By changing the DNS address, you would be simply telling your email client (such as Outlook) which way to go, but it shouldn’t affect where you end up. As I understand it, basically what these DNS services do is to compare the Internet address that you want to go to, to their list of dangerous addresses. They will then either block your access or (more typically) give you a warning if they believe that it’s unwise to go there.

Good luck.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

OscarCP

Reply | Quote

There’s a lot of useful information in this DNS topic 🙂

2 users thanked author for this post.

OscarCP, Cybertooth

Reply | Quote

@OscarCP –

Switching is easy, only takes a couple of minutes within Windows. Good idea to change the DNS addresses on your router as well, though, to give ALL computers on the network the added “protection” of the alternate DNS service you may decide to switch to. There’s NO FEE WHATSOEVER to change DNS providers, by the way.

I’ve been using OpenDNS (#6 on the list of the article referred to above by @Cybertooth in post #215144) since 2009 or 2010 (don’t recall exactly which) and have had NO problems at all with them. When I switched, I even noticed faster access times to sites. My old service was coming from my then-ISP, Comcast, here in the U.S. OpenDNS has even protected me from a malicious site in 2010, when I wanted to access the web site of a hotel restaurant. Went to the address supplied by the restaurant on their door and got a warning from OpenDNS about the site being malicious. Did a Google search for the restaurant and found another, more recent, address which was fine. I told the restaurant’s manager about the incident and she promptly had the address removed from their front window and replaced with the newer one!

As I said above, the switching process only takes a couple of minutes within Windows, and it only takes another couple of minutes with your router to change the DNS settings to the new addresses as well. Most providers will give you at least two addresses to use for DNS service.

I hope this helps you!

2 users thanked author for this post.

Cybertooth, OscarCP

Reply | Quote

OscarCP wrote:

How does one go about making those changes of settings? How does one recognize a security-minded DNS server?

For some time now I’ve been using Quad9 for filtered public DNS, and have had no issues.

https://www.quad9.net/

For Windows setup instructions, see the following URL:
https://www.quad9.net/microsoft/

Hope this helps.

2 users thanked author for this post.

Cybertooth, OscarCP

Reply | Quote

OscarCP wrote:

running Win 7 on a virtual machine on a Mac or a Linux PC might not be an option for those home/small business users that, same as me, got Win 7 pre-installed and never received the disks, an unfortunately common practice of OEMs, I understand.

You can go here…

https://heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool

…and download the *Microsoft Windows and Office ISO Download Tool*. This tool will let you download the Windows 7 ISO file. You can then use that ISO file to set up your Windows 7 VM. If you’re running the VM on the same computer that your OEM copy of Windows 7 came with, and if you don’t have it installed elsewhere, you should be ok in using your OEM license key to activate Windows 7 in the VM.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

1 user thanked author for this post.

OscarCP

Reply | Quote

Oscar,

You mentioned heidoc and i’m familiar with his website and the unfamiliarity I’m having questions on, is here’s my deal: I have corruption in my sfc /scannow   CBS logs, that cannot be repaired. On this very computer i’m on tonight, the components parts in the cbs log is all that I know, have started affecting the computer with (specially) the sound and when Dell assistant online testing (since this is optiplex (Dell) PC, the DVD optical drive’s been tweeked or what I suspect is really going on, is again, part of the corruption that is in motion as i type this to you. Finally, what i’m trying to get to is, i need to obtain a Win. 7 OS (now) because the shop where I purchased this computer about a year ago, the owner told me today (and he’s honest guy, Mircosoft Certified) he doesn’t have a licensed copy of Win. 7 that he can “give me” or that is, since he installed the OS upon purchae, he had windows 10 installed and my bid and demand was 7 and so they reinstalled 7 and he insists i need to go ahead and he gave me the windows 10 online “free” lead and I’d have a glorious new beginning and etc….Well since I can’t use this windows 7 obviously product key, i have to resort to purchasing a new windows 7 aside of having this very OS in operation, but i’m not equipped or prepared and I’ll admit it right here and up front, I wasn’t preapred for having repair disc. So, is it better to download the version of Win 7 Ultimate from heidoc and then attach or purchase the product key from Microsoft? Because it’s kind of confusing and all i know is that I’m sooner or later going to be needy for a new repair or installation.

Well thanks a lot for your time in this regard if you get to it and can provide any information on Jan K’s heidoc. I’ve read a lot of it in the meantime, i understand it’s free if you provide idle resources of your device as a trade off? Otherwise, I’m just probably going to establish purchasing a new Win 7 and not be bogged down by trying to learn how to even make an ISO or something like that when in the time of corrupt files that doesn’t pass scan tests i’m getting antsy.

 

Reply | Quote

Try the link from a topic posted a while back in here, these are Official M$ images and a fairly fast download as well, grab your key make a USB or Burn a disk and “off to the Races” and no “Crypto Mining” in the background>
https://www.askwoody.com/forums/topic/how-and-where-to-find-isos-for-old-versions-of-windows-10/#post-192456
If you have a BIOS key likely with a Dell the following will pull your key out of the BIOS or any so Embedded OEM keys. Write it down for activation later.
https://neosmart.net/OemKey/
If you have activated Win10, I am guessing Pro, with a key there’s absolutely no reason why it still wont activate Win7 Ultimate as well at the same time, I do here on a “Dual Boot” with Win7 Professional and Win10 Pro.

Reply | Quote

“What will users do” is essentially the same as asking what the lottery numbers are tomorrow. No one knows.

I think the odds are that most people will continue using 7, as many of the random anonymous comments I’ve seen online say just that, and that they refused to use 10.

The more technically inclined may switch to Linux or dual boot Linux + 7, using 7 only for what is critical but nothing online.

IMHO, 7 will be supported by 3rd party apps until at least 2022 and by that I mean browser + antivirus. As long as those 2 things are patched, the ugly truth is who gives a heck what MS does or does not do with it, since the attack vectors on any OS in this day and age are browser + antivirus. Patch those, the underlying OS will be fine. What people have to really legitimately worry about is when Chrome and Firefox are no longer updated to work with and support 7, and some of the more popular AV’s out there like BitDefender, Kaspersky, and Trend. I quit using MSE in my 7 VM’s because it’ll be any time now before MSE starts alerting people that the OS is almost EOL (same thing they did with XP and the EOL notification). It’ll happen, just you wait.

Some people, myself included, don’t mind 10. I have 2 beefs with 10: the forced updating (which can be disabled and circumvented), and the fact that there’s still both a Control Panel and a Settings section (which is slowly being phased out/in).

1 user thanked author for this post.

Ascaris

Reply | Quote

zero2dash wrote:

IMHO, 7 will be supported by 3rd party apps until at least 2022 and by that I mean browser + antivirus. As long as those 2 things are patched, the ugly truth is who gives a heck what MS does or does not do with it

Businesses.

Businesses give a heck.

Regulated businesses give an expecially huge heckuva heck.

Reply | Quote

WSUS and SCCM make them not give a heck, because they can update when they want, not when MS wants them to.

That’s the power of business. Business is not going to make Windows 7 stay; sorry to burst your bubble (if that’s your bubble).

I’ve worked for the 2 largest corporations in my state; well over 5,000 workstations total and approximately another 1,000 servers both physical and virtual. 1 company (1/2 that figure) has already upgraded 2500 workstations from 7 to 10 1703. Company 2 (the other 2500 workstations) has started the initial staging of their rollout from 7 to 10. Company 2 is also a healthcare company where they have to adhere to HIPAA regulations.

You may say this is anecdotal, but again, this is 2 of the largest companies in my state; Fortune 500 companies. MS cares about what they’re doing, the Enterprise customers who use Enterprise SKU’s in their environment. They don’t care about the onesie twosie companies who stick with Pro and don’t spend more $$$ in their environment and run SCCM and SCOM instead of WSUS.

I’m sure there are some out there that are not in any hurry to upgrade, but my experience thus far has been, that the companies that matter to MS have already upgraded and the party is over. Unfortunately, this is the way it is now. Adapt or move on. Some companies may move on, but I doubt it. No one is dumping Exchange (on prem, cloud, or hosted) for email, short of those who can get by on GSuite and that’s (again) a drop in the bucket comparatively, to MS. For all their bad, all their wrongdoings, MS knows they have big biz by the big ones. Exchange, SQL, Active Directory….MS knows they can ride those until the tires fall off.

Reply | Quote

@YP  (Group B with 3 win7 machines, XP doing nothing and a cheap Chromebook)

I was a Unix user for over 10 years at a larger computer company 20 years ago, and I have tried live boot versions of Ubuntu (~15 years ago), currently Mint.  I think installing applications is not that straight forward on Linux.  I have been using a chrome book for almost 2 years.  My understanding is the newer ones at some point, perhaps within 6 months, will run Linux apps natively.  My interpretation is LibreOffice will be available, gimp, and others that I use on windows.  Additionally, you are suppose to be able to run windows applications on the newer Chromebook.  I am hopeful and waiting for the availability of high end chrome books, due out in the next few months.  Personally, I like this better than messing with another OS.  It very different being a user vs administrator.  Nowadays, I just want to be a user and not having to update OS.

Reply | Quote

Hi anonymous, please help me to know whom you address here. I know that as anonymous you are not able to go back and fix a simple typographical error. Do you intend a reply to the OP-original poster, that is @leis; or maybe to the post directly above yours on the left margin, that is @zero2dash.
Please forgive my ignorance of another meaning. I’ve seen this often enough to wonder if there is a common jargon intended that I do not know.

Reply | Quote

anonymous wrote:

I think installing applications is not that straight forward on Linux.

I presume you’re referring to the various package management systems used by various distributions?

It can be confusing when there’s no singular “Linux” version of a program the way there often is with Windows.  Instead, you’re likely to see several versions, each representing a different package (a package is something installable, like a program, a device driver, a screensaver, a theme, a system library, or just about anything) management system.  This is part of the fragmentation of Linux that drives a lot of people nuts.

Within each package management system, though, there are advantages over Windows. Much of the time, you won’t need to search all over the internet to find a program.  All you’ll need to do is look in the distro’s repository, and there’s a good chance you will find what you need there.  All you have to do is click a button to install it.

If the program you want to use isn’t in the repository (repo for short), there’s a very good chance that an alternative repo has been set up by the software publisher, and you can add that repo to your own system fairly easily (generally cut and pasting a couple of lines into the terminal, though this process is being worked on).  These third-party repos serve the same function as the update servers that handle the update requests from all of the Windows programs out there, but from the user end, it is much easier to manage.

Once you add a program’s repository to your system, updates are handled by the package management system, the same way that OS updates arrive. The package manager will periodically check all packages it is aware of (usually all software on the system, or close to it) and see if there are any updates, and if so, it will present you with a list of things that have a newer version.  This is in contrast to the Windows way, with each program independently phoning home to its developer (often resulting in all kinds of “updater” programs running at boot time, whether you asked for it or not, and sitting in the background at all times), handling updates in their own way.   Some programs will update themselves by default, some will inform you of a new version and let you make the decision, some will nag you incessantly, and some just never bother to check at all.

That’s a form of fragmentation too, one that afflicts Windows much more than Linux, and one that seldom gets mentioned when people talk about Linux fragmentation.

While Microsoft hopes to “fix” this by centralizing everything within its own form of a repo, the Microsoft Store, there’s a big difference between that setup and the way Linux setups work.  If you want your software to be managed (including updates, installations, and uninstallations, the same kinds of things a Linux package manager handles) by the Microsoft Store, you’ve got to get your software hosted by Microsoft, and according to Microsoft’s rules (like you have to pay them 30% of sales revenue), and it has to be a UWP program or at least have a UWP wrapper.  They can impose any terms and conditions they like, and change them whenever they feel like it.

If the software developer doesn’t wish to bow to Microsoft, there’s no adding their third-party repo to the MS store and having it handle the updates as if it were part of the MS store.  You either do it Microsoft’s way or no soup for you.

In Linux, you can stick to the distro repo only (for maximum safety) if that is your wish.  You can choose to add repos only from trusted software publishers themselves (for example, you could add Oracle’s VirtualBox repo, so the software comes direct from Oracle over an authenticated, encrypted connection), or you can choose to add anything that comes along (not a good idea, but hey, it’s your PC).  That’s the point, though… it’s your PC, so you get to decide these things.  Not Microsoft, not Canonical, not Red Hat… you.

The fragmentation in Linux installation package types, long a thorn in the side of newbies, is being taken care of, gradually.  A new cross-distro installation platform called Flatpak has been developed and introduced, and is already installed by default in many distros, including the ever popular Mint.  It appears to be getting some traction, and if it catches on in a big way, Linux will end up with a simple, non-fragmented installation process (just like Windows) AND a simple, systemwide, user-controlled update management system that provides all of the user benefits of a Microsoft Store, but without all of the Microsoft restrictions and costs to developers.  Microsoft’s Store is there to serve Microsoft, but the Linux repos are there to serve the user, as defined by the user.

I have been using a chrome book for almost 2 years. My understanding is the newer ones at some point, perhaps within 6 months, will run Linux apps natively.

ChromeOS is itself a Linux distro, so that’s no surprise.  It will be the same as for any other Linux when installing programs, though– you will have to get the program packaged for the type of installer that is compatible with your distro, which is ChromeOS in this case.  If that ends up meaning you have to get all of your programs from Google (the distro maintainer) directly, that’s no different than the existing distro-maintained repositories for Ubuntu, Mint, Fedora, Manjaro, and all the others.  They all have their own official repos that are already set up and ready and that contain nearly everything you would ever want.  It’s when you want/need to go outside of that repo that things begin to get confusing for beginners.

Additionally, you are suppose to be able to run windows applications on the newer Chromebook.

As far as I know, the word was that you will be able to run Windows, not just Windows applications.  That means you’d be stuck in the Windows 10 quagmire of barely-tested updates and an OS that is centered around serving Microsoft, not the user… you’d be giving up the main benefit of a Chromebook (that is, it’s not running Windows).

Nowadays, I just want to be a user and not having to update OS.

OSes will always need to be updated as new bugs and security threats appear.  There’s no escaping it, unfortunately.  You can (and should be able to) delegate that task to the OS vendor rather than worry about it yourself, but the downside to that is that it could be handled as badly as Microsoft has handled it since the introduction of Windows 10.

Windows 10 is supposed to handle all that stuff itself without the user having to worry about it (particularly in Home versions), but it certainly hasn’t ever gotten close to the “not having to worry about it” level.  The updates are intrusive, they take far too long to install, and they result in breakage of the system far too often.

By all accounts, the way Chromebooks handle updates is far better, and far closer to the level of not having to worry about it at all as a consumer.  Hopefully it will remain so, but there’s no way to say for certain whether that will continue to be the case forever.  When it’s out of your hands, it’s out of your hands, and all you can do is hope for the best.  As long as ChromeOS keeps getting it right, people will be able to just let it take care of itself and not worry.

ChromeOS itself is proof that Linux can be that easy, because ChromeOS is a flavor of Linux.  On the other hand, I like having very fine-grained control over everything, so I might be frustrated by a product like ChromeOS, but that’s the neat thing: I have that choice.  If I don’t like the limitations of ChromeOS, I can use other flavors of Linux that suit me better, which I have.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

Elly

Reply | Quote

Well from the point of asking what people will do after windows 7, here i am typing on this new computer (Lenovo Ideacentre Desktop after my Dell just bit it and the one after that as well from a refurbished end product that just wasn’t too refurbished correctly or whatever). This pre-installed Windows 10 Home version 1809 (as in what apparently, was a moment in windows 10-time to be yet another updated event(s)). At any rate, it’s a lot to get used to I’ll tell you that! And there’s a lot of questions i could ask-out real loud!

At any rate, this is just a topic of Thanking Woody for your site (still) and what can I say, i have to start looking at the Win. 10 forums or across the fence of windows 7 🙂

 

Reply | Quote