Woody’s Windows Watch: Preparing for the Windows 7 winter

Topic

New Reply

Yes, winter is coming, but there are steps you can take now to prepare. Even if you’re the kind of Win7 user who figures they’ll have to pull it from
[See the full post at: Woody’s Windows Watch: Preparing for the Windows 7 winter]

12 users thanked author for this post.

Lori, jburk07, cesmart4125, abbodi86, HH33, Morty, SueW, Elly, wdburt1, Pepsiboy, PhotM, Myst

Reply | Quote

Replies

Some of us need something more powerful than a Chromebook because:

(1) We do things that involve large-scale number crunching, requiring fast processors, very large amounts of random access and disk storage, and certain terminals that might or might not work with a Chromebook.

(2) The work we do with our machines cannot be done, for security, business confidentiality, and other reasons, on the “Cloud”.

(3) Even if we wanted to, we could not do some necessary things on the cloud, because the software for doing it does not exist, so we have to write and debug it ourselves (as in my case and those of many others doing work related to scientific research, for example).

(4) We do not depend to any significant extent on any MS software, besides Windows and maybe Office, and both can be replaced with equivalent software for a Mac or a Linux PC (and Office is also available for Macs).

A Mac or a Linux-running PC for the kind of use described above is more expensive than a Chromebook, but people who need those machines usually are getting paid for the work they do with them, so the solution to their cost problem can be summed up as: “that’s what money is for.”

For many people who do not use their machines the way I have described above, Chromebooks might be the way to go, if they prefer not to switch to Windows 10 after January of next year.

I am writing this to complete the picture presented by Woody here. He is most likely right that 80% of people might be OK with Chromebooks, as he is surely very familiar with what those needs are. What I am writing here is about a significant part of the other 20%, a part which also includes me. To make clearer, I hope, who may benefit from Woody’s advice and who may not.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

5 users thanked author for this post.

cesmart4125, Myst, lurks about, woody, wdburt1

Reply | Quote

Oscar, if you need something more powerful than a Chromebook, I suggest you upgrade your current computer to Windows 8.1, and install Classic Shell or some other similar product. I know from the comments that you have made for a long time that you would like to continue with Windows 7. Windows 8.1 with Classic Shell will look and feel just like Windows 7, and you will be able to run all of your Windows 7 software. Best of all, you will have added three years to the time that you will be supported with security patches from Microsoft.

This will be the least disruptive option for you; it will require the least amount of change on your part.

Doing a clean install of Windows 8.1 will make your computer run like new, because Windows slows down over time. The clean install clears out all of the junk that is slowing you down.

Be sure to do a backup of your computer before starting any of the above.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

2 users thanked author for this post.

cesmart4125, Karlston

Reply | Quote

MrJimPhelps,

Thanks for the friendly advice. I already have an Windows 8.1 ISO disk for its possible future installation.

My problem with going ahead and replacing Windows 7 with 8.1 in my 7-year old PC, is that I get all antsy when it comes to doing things involving changes to the whole OS. Or even some part of it. I have some expensive third party software (a couple of compilers) that I use quite frequently and would be very sad, and also out of pocket, if they no longer worked with 8.1. As to spending some hundreds of dollars on 8.1 compatible versions, for use on a old machine with the number of years of life left in it unclear, but probably not those many, well…

So, if decide not to switch to 8.1, then I am thinking of this as a possible alternative (other  than joining Group W and continue using the Internet without patching):

(1) Disconnect completely the machine from the Internet, other than, now and then, for updating the anti virus software (for as long as it remains available for Windows 7, that is, and longer, if I can find a good replacement that still works with Win 7).

(2) Use my Mac laptop for all communications, including to the Web, and transfer (after scanning with the AV on the Mac) files I might need to have on the Windows 7 machine using a USB flash drive.

(3) Scan again those files, while still on the USB, with the Windows 7 PC antivirus, and import them to the PC only if they test negative for malware.

Another possibility would be, just in case, to back up first all my important files to an external hard disk and then (with the help of my friends) install Linux on dual boot, and use the Linux side to communicate with the rest of the world, while applying the same antimalware measures already described to the files downloaded on the Linux side before using them on the Windows side.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

2 users thanked author for this post.

cesmart4125, wdburt1

Reply | Quote

Oscar, if you want to run a Windows computer offline, you can update your AV offline by going to majorgeeks.com and checking for offline AV update files about 1-2 times a month, you will just connect to the AV websites through them, they all offer offline updating, but doing it this way makes it easier.

Get a third party firewall so that if you do go online you will be protected, just download one with an installer and transfer it to the computer, using a second computer to do this, although you will need to make sure you get Windows AV updates not Mac ones – if you use Linux you can do this with the Linux computer.

You can also install Firefox offline, so can keep that up to date in case you do go online. Possible to run the computer offline for years, and will save going backwards and forwards with your scanning.

1 user thanked author for this post.

wdburt1

Reply | Quote

OscarCP wrote:

My problem with going ahead and replacing Windows 7 with 8.1 in my 7-year old PC, is that I get all antsy when it comes to doing things involving changes to the whole OS. Or even some part of it. I have some expensive third party software (a couple of compilers) that I use quite frequently and would be very sad, and also out of pocket, if they no longer worked with 8.1. As to spending some hundreds of dollars on 8.1 compatible versions, for use on a old machine with the number of years of life left in it unclear, but probably not those many, well…

Oscar, here’s an idea. Your PC is seven years old; if you’ve never replaced the hard drive, you could install a new hard drive and do a clean install of Windows 8.1 on the new hard drive. Then install all of your software onto the new hard drive in Windows 8.1. If you can’t get it all working, you can always reinstall the old hard drive and be right back in business with Windows 7.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

2 users thanked author for this post.

cesmart4125, OscarCP

Reply | Quote

Thanks, MrJimPhelps. I am still thinking about installing another OS in dual boot with Windows 7, but now it could be Windows 8.1 instead of Linux. The problem with those compilers I’ve mentioned and other useful software I would need to reinstall in Windows 8.1, is that they are old versions no longer available, but that still work just fine for my own purposes. So I much rather keep them in the Windows 7 partitions and boot to Win 7 to use them, with the machine off the Internet (no WiFi, no Ethernet connections), then (if necessary) transfer them to the 8.1 partitions directly (if possible with 8.1). Or indirectly, by logging off, logging in to Win 8.1, and copying any important files produced when using that old software in Win 7, with the help of an USB thumb drive. Or, if they are not too big files, emailing them, as attachments, to myself and picking up the emails while logged in 8.1.

On the other hand, I am interested in trying out Linux Mint, and having it in dual boot will simplify (if I understand this correctly) the transfer of files from Win 7, and back since they should be accessible to Mint and vice versa.

For “going dual boot” the plan is to dragoon a friend of mine who knows how to do it and owes me big time…

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Great article.

I would maybe add using a Windows 7 cut out from networking inside a virtual machine as a good option to be able to use some software from Windows while using another OS to browse the web/manage emails.

Of course, although it works in practice to clone your running machine to a VM file, in theory, you need a retail license to run Windows 7 in a VM, not an OEM one.

This transition will be really hard for me, as my main productivity machine is still on Windows 7 and I will miss its stability and I really don’t feel like spending time tweaking Windows 10 over and over. Plus, I would have preferred to have side-channel potential issues more thoroughly analyzed and fixed in processor design before being forced to buy a new CPU. I am sure we haven’t seen the end of those vulnerabilities.

 

1 user thanked author for this post.

jburk07

Reply | Quote

Well, theoretically you can use an OEM license in a VM, it just needs to be the right kind of OEM license – NOT the kind that’s included from the factory usually…

I mean, the “box OEM” licenses could be bought for VMs, and still can for Windows 10 and server editions. Downgrade rights apply too.

Very rare on desktops, more common on servers.

I believe the same thing might apply to refurbisher program too… anyone know a MAR who does servers, they should know?

 

1 user thanked author for this post.

AlexEiffel

Reply | Quote

winter? or Freedom REGAINED?
Depends on the perspective and your intention of ownership of self-responsibility to your own device and data.

Reply | Quote

Woody – I’m very interested in a Chromebook and would gladly give up my Windows 7 laptop.  One question for you – it has been brought up here that Google issues updates for Chromebooks for 6.5 years after the introduction of the CPU on which the device is based.  Doesn’t matter how new the Chromebook is or when it was bought  – it’s all based on the age of the chip.  Is this correct and if so, how does one go about figuring out the “age of the chip” so you can maximize the life of a new Chromebook?

Reply | Quote

The 6.5 year limitation is an estimate, but (in spite of what Google says) the end of life date varies according to the model of the Chromebook.

There’s a list here: https://support.google.com/chrome/a/answer/6220366?hl=en

My beloved original Chromebook Pixel hit EOL last June, but I only started receiving notifications in the past month. I’ll continue to use it for… oh, I dunno, another decade or two. Wonderful machine.

ChromeOS patches for old machines aren’t as critical as their Windows counterparts, simply because ChromeOS is much more secure (and simpler). When Win7 hits EOL, expect a flood of malware.

2 users thanked author for this post.

jburk07, pkoryn

Reply | Quote

The problem with sticking with a Chromebook that doesn’t get updated, is that most web developers assume that everyone is using the latest versions of Chrome and Firefox, and built their sites accordingly.  Eventually, dependencies will be taken on new features.

Take the new CSS env() stuff as an example.  Apple quietly introduced it in mid-2017 in order to support the iPhone X’s notch.  W3C standardization efforts started in April.  Firefox 65, due out next week, is the last major browser to implement it, meaning 85%+ of all users will have this capability.

With Microsoft getting out of the game, and the rise of Webassembly in the next couple of years, I think we’re going to see less tolerance for old browser versions, not more.

3 users thanked author for this post.

jburk07, AlexEiffel, Microfix

Reply | Quote

For my purposes and the purposes of my 130 client win7 machines. Windows 7 has reached perfection and will not change. For the average person it does everything we want it to do and well.

We expect to be using these machines for the next 5 years or better. We have not applied a single WU since May 2017. NADA, not a single problem. We are protected with BitDefender Antivirus + and Use Chrome.

I explain it in detail and how to set up the machine for “final state” here:

https://answers.microsoft.com/en-us/windows/forum/windows_7-update/windows-7-updating-in-2018/291a9582-17a7-4942-8145-8d9f68265189?messageId=2f46cef5-da27-431d-8c6f-b5e7b2b89246

CT

18 users thanked author for this post.

mulletback, TJ, HH33, Myst, Nibbled To Death By Ducks, OscarCP, Geo, Karlston, lurks about, SueW, Elly, David F, Seff, Sessh, Charlie, Microfix, woody, wdburt1

Reply | Quote

Indeed, CT. I skimmed Woody’s article and I can’t help but cringe when I read things that imply that as soon as Windows 7 hits EOL, it immediately becomes a cesspool of insecure or that people who have stopped updating are just getting lucky (dodging bullets) because it’s simply not true.

Even back when I used XP and faithfully had WU set to automatically install updates, I still had issues here and there with malware. Why? Simple, because I hadn’t yet learned the safe computing habits I use now. All of those infections were things I inflicted on myself by being careless in what I clicked on and ran on my computer. I learned the hard way through error, but that was a long time ago. Windows updates did not protect me from myself nor would they now, either. Now, they cause more issues than they fix and the fixes are all too often fixes for the “fixes”; patches that didn’t work properly and broke something. Doesn’t sound all that secure to me.

So, all these “attacks” require people to do something stupid in order for them to get into your system at all. A secure browser with uBlock and uMatrix are more than enough to protect most people from most of the bad stuff. A DNS blacklisting server on top of that is even better. EMET on top of that is even better. A solid firewall is on top of that is even better. Disabling Windows services that you don’t need or use is even better. Layered protection is the way to go and not hysteria like “EOL makes software completely useless and insecure immediately” because that’s just scare tactics IMO and is flatly untrue. Why would I take Windows 7 off the internet? I browse heavily with my Windows 7 PC and it’s been “EOL” for over a year and a half. Nothing has gotten through my security measures, not even a PUP. Nothing.

Perhaps instead of hysteria measures, we should be trying to get people to use security measures that will protect them in ways that patching cannot? I would argue that such measures are more important and more effective than patching. Stories like those of CT and his customers, myself and many others prove that this is not a direction that is inherently paved with insecurities and increased risk.  It can actually be a MORE secure strategy when coupled with smart computing habits.

Nothing is foolproof when it comes to computer security, but I’m so tired of this propaganda (that’s what it is) that software immediately becomes a huge security risk as soon as it hits EOL and there’s nothing you can do to keep your security profile at a top notch level. That is just plain FALSE on both counts. It’s not even close to being true. Period.

CT and his customers aren’t problem free because they are “getting lucky” or “dodging bullets”, no, they are problem free because they have adopted a layered security approach that prevents problems from getting into their computer in the first place. THAT is the best strategy and it’s way better than the mine field known as patching.

I have not regretted my decision to stop patching for a second. As a matter of fact, I have run the majority of the last 5+ years of Windows use, between XP and 7, unpatched and problem free. It’s not luck. The only time I had problems with Windows over that span was when I was patching when I first got Windows 7. That’s WU patching, not manual patching btw. So, yeah. Sorry for the rant.

13 users thanked author for this post.

HH33, Myst, OscarCP, Geo, Karlston, lurks about, SueW, Elly, Cybertooth, wdburt1, Canadian Tech, Seff

Reply | Quote

Beberren, The sky is not falling, nor will it! I have 130 client win7 systems that I have been looking after for years and years. Mine is very close service. They call me with any problem at all and I use TeamViewer to remotely work.

Those 130 systems are used by ordinary people, not businesses. They have not had a single Microsoft update of any kind for the last 20 months. That’s 2600 machine months. My support work has fallen off quite dramatically to maybe 25 to 50% of what it used to be. These systems run and run with no problem whatsoever.

I have to conclude that the urgency to update is not what people think it is. WU has become so messed up that the risk of updating is vastly greater than not.

CT

6 users thanked author for this post.

HH33, Myst, Geo, SueW, Elly, Cybertooth

Reply | Quote

Do you also manage their firewalls? I assume you’re monitoring the site for unexpected egress traffic?

1 user thanked author for this post.

AlexEiffel

Reply | Quote

ja, these are very ordinary installations. Just plain win7; BitDefender antivirus +; Windows built-in firewall; Chrome; Adobe reader, Adobe Flash and Java removed. The only other security product used is an occasional application of ADWcleaner. Common sense is the most important security and my clients are well versed in that.

CT

6 users thanked author for this post.

jburk07, Myst, Geo, Karlston, SueW, Elly

Reply | Quote

CT, you hit the biggest problem for security, user stupidity and carelessness. Users who consistently are stupid or careless are the ones continually getting infected. Those are that are careful and practice good email and surfing habits rarely get infected. With a proper setup, like you outline, the ordinary user is relatively safe if they are careful.

3 users thanked author for this post.

Myst, Canadian Tech, Karlston

Reply | Quote

Sessh: I agree with you that user “stupidity” can be an important reason why some people get their OS infected with malware. But is not the only reason. Take me as an example: I often search the Web for information relevant to my work, and so I get to use Google quite a bit. When it gives me a list of entries with some promising links, I would click on them. For all I know, some might have been infiltrated at a later date by some black hats with some serious malware, so that is a risk I must take. Using Chrome with some other security measures, such as having Java disabled, does offer some protection, but not in all cases.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

wdburt1

Reply | Quote

Although your arguments are valid up to a point and that for many users that practice safe computing the risk of issues could be more than acceptable if everything else is good, I would just point out that I stopped counting a long time ago how many times people came to me for help saying they never got issues or virus only for me to find their computer riddled with malware, sometimes hidden deep when I took a look at it.

I’m not saying it is the case here, and many users practice much safer usage than others, but lots of people think they aren’t infected when they actually are. A lot of malware hides themselves very well now, too. Once, I discovered one indirectly by seeing the computer was trying to connect to a bad IP through a file in a temp folder, while the antivirus didn’t see anything. The virus got through a tainted pdf file.

Not seeing issues is not the same as not having malware.

I would add that it seems a significant portion of people just want their computer to work and don’t seem to care that much about anything else when it does… Also, many think it is normal their computer is slow because it is 2 years old and don’t think they might have something stealing their CPU cycles. Lastly, I don’t often meet people who describe themselves as not very good at keeping their PC safe.

Yes, there might be a bit of paranoia about the end of life of Windows, but there is a bit of truth behind some of it, even if safe computing habits can mitigate a lot of the common risks. For a casual user, you never know when a worm is going to hit you on your laptop at a coffee shop because a vulnerability has been discovered in a network protocol that you probably didn’t disable. Those are not found often, but you can’t just ignore the fact that it happens on occasion if you are serious about security. There are also buffer overflows in some Windows dll that can be used by internet facing software. This could also pose a significant risk, once the out-of-support 7 doesn’t get fixes if a new one of those is found.

At the end of the day, people can decide it is worth it to run an unpatched version of Windows with the mitigations they choose. We can debate about the risk and yes, maybe the real world risk can be acceptable to many, but I wouldn’t say that warnings are unwarranted and way too loud. Maybe the many who already run infected computers won’t see a difference, though, because it doesn’t make a difference in their already not secure at all situation…

4 users thanked author for this post.

jburk07, johnf, wdburt1, ch100

Reply | Quote

This is very true, also worrying: computers riddled with malware and their users do not know — because their anti virus software has failed to find it.

Questions to be asked by just about everyone here: Then, how about my PC? And if I have malware hidden somewhere, what is it doing there?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Alex, trust me, my clients’ Win7 machines are clean and free of malware. I test them whenever I get on line with them, which is at least once per year and more often than that usually.

FYI, I have been doing this for 17 years now. The first 13 I used Norton Antivirus exclusively. I dropped Norton when they no longer sold their antivirus product. I switched to BitDefendeer antivirus +. Best move I ever made. Dramatically fewer problems. I have yet to have a machine (up to 150 of them) become infected. It is that good. Really.

I also routinely use ADWcleaner at any opportunity and only rarely find more than a few insignificant pieces of malware.

CT

1 user thanked author for this post.

AlexEiffel

Reply | Quote

Why does BitDefender have this page?

https://www.bitdefender.com/support/what-to-do-when-bitdefender-does-not-detect-malware-(false-negative)-1203.html

Reply | Quote

No security software will catch 100% of all possible malware, every single time. (That’s why a multi-layered defense strategy is recommended.) It’s a good thing that BD makes it possible to report malware that their software missed.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

jabetty, I have never seen that BitDefender page before. The purpose of the page is to help if you find an infection that BD did not clear itself. In 4 years on all those machines, I have yet to see that happen.

CT

Reply | Quote

Your experience certainly adds value, Canadian Tech. I respect your practical approach that might be suitable for your clients. You probably have good clients. They don’t want to waste time with their computer, they like what 7 provided and they want nothing to do about “improvements” every 6 months. They just want to be left alone and if patching was safe, for security only and didn’t break anything or introduced mandatory telemetry, they would gladly patch.

You provide a data point that those people are at least as satisfied as before, if not more without the patching, and you can make the case that many of those users with their own priorities would judge they benefit more from this than running Windows 10 and the annoyances it provides to those type of users (and me!).

My comment was more directed to Sessh, in a respectful way, that although I understand his point and there is some validity to it, I just think we need to be careful not to say that the fear is induced on purpose to invite people to go to 10 while there is not much behind. I think that for any person that is serious about security, this approach is unfortunately not appropriate. But a lot of people are not even that serious about security in the first place, so… I think we can’t just say patching is useless because you can protect yourself from a lot of bad things using alternative means and quite safe computing practices.

And I think it is perfectly ok for Microsoft to warn everyone and be loud about it that Windows 7 won’t get patched and you should move on. What I find not ok is the solution they provide as a replacement and not supporting 7 longer when clearly a lot of people are not happy with changing to 10.

2 users thanked author for this post.

jburk07, Canadian Tech

Reply | Quote

For all practical purposes I have been in Group W for a year now, and I recently put in service a stored Win7 computer essentially following Canadian Tech’s game plan.  But when it comes to something like WannaCry (which Woody mentioned), it seems to me that we in Group W are just whistling by the graveyard.  If something like that threat materializes, and Microsoft offers a patch, are we going to turn it down?  What if the patch is useless without all the previous patches that we never installed?  Good internet hygiene can minimize but not eliminate the risks.

Group W avoids the train wreck that patching has become.  Practically every month brings new issues.  But it’s the old issue in statistics: a 50% chance of a $1,000 hit equates to a 5% chance of a $10,000 hit, but can you afford them equally?

Because I want to continue to use two desktop computers–one online, one offline–I think that I am probably headed toward using a Linux machine for the web, rather than a Chromebook.  If MS Office, PDF, and image files downloaded on that computer can be copied to a flash drive and opened on the other computer, then I don’t really need Windows on the internet computer.  I would want to continue virus-scanning files on both machines, using different programs.

2 users thanked author for this post.

jburk07, AlexEiffel

Reply | Quote

My stand-alone Win7 Pro x64 Group B pc functions as a business tool but also for private stuff. My co-worker’s laptop is used the same way. (We’re a two guy small business with a very small budget.)
Chromebook is a no no for me. Aside from not being able to run certain Windows-specific software, Crookle’s phone home aspect seems to be of the same level as Win10, if not worse.

I also have been running Mint for years on an external drive. I wanted to like Mint/Linux, but it has a too steep learning curve for me – if you want to know all the ins and outs of an OS like I do.
One of the main reasons I have always loved Windows, is the ability to tweak it. I’m no genuine techie, but over the years I learned to manipulate Windows to my and other people’s liking by reading a lot, and trying and trying and trying while failing or succeeding. (And I am considered a specialist among friends and family, who I help with Windows and other hard- and software matters. We have a saying: “In the land of the blind One-eye is king” 🙂 ).
Crashes, BSOD’s, unwanted update horrors, MBRs messed up, wrongly altering or deleting a registry string: been there, done that. And call me a masochist, but being able -after hours and hours of grumping and swearing- to successfully repairing them: I LOVE it!
You can criticize Windows a lot, but it’s definitely NOT boring.

So remain Windows 8.1 and 10. There’s a lot going for Win8.1, but since the great majority of the people around me are/will be running Win10 and kind of expect me to support them in the coming years, and having to upgrade Win8.1 in a few years, it’s better to go for Win10.
But which version? That’s what I am asking you to tell me in my topic Windows 10 new install: Which version? And how to handle very first updates?

Eagerly awaiting your wise, peculiar and even ridiculous advices,
Yours truly

LMDE is my daily driver now. Old friend Win10 keeps spinning in the background

3 users thanked author for this post.

Seff, BobbyB, Charlie

Reply | Quote

I love my Win 7 and the 2012 machine it’s on.  I also still have an old 2003 IBM T40 laptop with a docking station and Win XP Pro that I still use and like a lot (I use the XP classic mode).  It still runs very well!  I also have a 2000 machine with Win 98 SE on it which I mainly use to play those great old games I really like. It still runs good too!  Wow, can you imagine that.

Recently in the past year I started to dabble in Linux.  I like Linux Mint which I put on a  laptop and I think if things go well with it I’ll eventually be using Linux to go on the web.  My wife won’t like it at first, but with a couple of clicks she’ll be on the web with Firefox which she knows well doing her thing.  We are Borg, we will adapt!

To sum up, Win 10 would be the absolute last resort for me judging by all the moans, groans, and bad things I’ve heard about it.  I definitely don’t want to reward MS for making my life miserable.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

Charlie wrote:

Win 10 would be the absolute last resort for me judging by all the moans, groans, and bad things I’ve heard about it

You really won’t know until you try 10. I thought I wouldn’t like 10, based on all of the things I heard about it. In fact, I don’t want it on my home computer. But I have it on my work computer; and one of my customers has about 16 Windows 10 computers.

I have found 10 to be pretty nice if I have Windows 10 Pro, and if I use Group Policy to lock it down the way I want it. Here’s what I have done:
* Delayed (not blocked) updates.
* Turned off auto-sleep and auto-hibernate.
* Blocked all preview updates.
* Turned off driver updates.
* Set telemetry to the lowest level (to where it sends the least amount of information).

I am upgrading my customer from 1709 to 1809, one computer at a time. Each one is a clean install rather than a simple upgrade. Each machine has an SSD and 8 GB of RAM. The ones I have upgraded to 1809 are really fast, faster, I think, than 1709.

If your computer is old, and you want to put Linux on it, I suggest that you give Elementary OS a try. Elementary OS is very lightweight; therefore it runs pretty decently on an old computer. The interface is like the MAC interface, so it may take some getting used to. But it is really stable.

If you have a relatively new computer with at least 8 GB of RAM, you could install Linux as the host OS, then install Windows 7 in a virtual machine. Block the virtual machine from getting on the internet; use Linux when you surf the web. If you do this, you can run Windows 7 all you want, for as long as you want, because it won’t be connecting to the internet; therefore, you don’t have to worry about patches.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

1 user thanked author for this post.

Charlie

Reply | Quote

I haven’t completely ruled out Win 10, it’s just that I have to think which OS would be more trouble to learn, modify, configure, protect, and update.  Linux wins hands down except for the learning, but I’ll get there to where I can do what I want, and I won’t be nervous every month when I do updates.

I know a lot more about MS and Windows than Linux, but there is also that thing that in the past five or six years I’ve lost trust in MS to do what’s right by me or even care what I want. I’m not going to hold my breath that things will improve, and I’m liking Linux more all the time.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

I quit using Edge and switched to FireFox because of Microsoft’s intention to gut Edge and insert Chrome into an Edge wrapper.  I don’t use Google search at all, other than through StartPage, which anonymizes my ISP so that Google cannot do any tracking.  I also don’t use Bing, for all the same reasons.  I won’t use Chrome, and I won’t be buying a Chromebook.

I’m running Windows 10 Pro 1809 with StartIsBack++ as my Start Menu, with the XP-Style flyout menus enabled.  It looks, feels and acts like Windows 7.  I still use the Windows 7 Bootmgr, so even doing a restart still looks like Windows 7.

For me Windows 10 looks and feels like Windows 7.  When I was still running Windows 8 with StartIsBack Start Menu and dual booting Windows 7, I frequently didn’t know which OS I was running.  When I was in the Windows Insider Program, I had some hiccups with Windows 10, but I got out of the Insiders Program after 1703.

I’ve read the horror stories about Windows 10, but I haven’t really experienced any.  Most of my Windows problems are self-inflicted.  I have drive imaging automated through Task Scheduler, so my oldest image is never more than a week old.  I have a Robocopy task scheduled, as well, so my data is copied in three places plus OneDrive daily.

Windows 10 1809 is extremely stable for me, and I don’t put off any updates.  If something gets munged, I’ll restore a drive image and keep on truckin’.  I still have Windows 7 on a Dell Latitude D800 that’s 15 years old, and the CPU won’t allow an upgrade to Windows 10.  But I’ll keep it around for sentimental reasons, and keep using it from time to time, such as firing it up to peruse and hopefully answer a Windows 7 question for someone.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

5 users thanked author for this post.

jburk07, ch100, Barry, TJ, BobbyB

Reply | Quote

I am so glad that Woody’s latest article is about Win 7 EOL, and this discussion, too.  Win 7 EOLis been something I am very interested in. I have posted questions about it in a few of the discussions here, and have been doing quite a bit of “research” on the topic, and wanted to post my accumulated thoughts for after Jan 2020.

I have 2 win 7 computers – a desktop and a laptop. Neither are candidates for an upgrade to Win 10 – or even probably win 8.1 IF I could find a license key – but both are perfectly fine and can probably be used for some time yet. So – I have been trying to see how I can make them safe and continue to use them after the EOL.

I am planning to get a new Win 10 laptop in the next few months, and that will be used for the most “secure” online things – banking, shopping, online statements, etc. – since I do understand the security concerns.

My thoughts to keep the Win 7 machines running are these. I welcome any ideas or a heads up on dangers in any of this – or if this seems like it might be a viable plan:

• Create a Standard User Account on each computer to do everyday things – including some browsing and email. Keep the Admin account just for possible downloads. I only have one Admin account on each now and am planning to change that very soon.
• Raise the User Access Control to the highest settings.
• Keep my antivirus up to date – and look into something like BitDefender. I use Norton now – not sure if it will be sufficient or what might be better.
• Keep my browsers up to date and only use ones that support Win 7. Right now I use Opera, but FF or Chrome are also alternatives. Also be sure that the browser’s security settings are adequate.
• Consider a sandbox program and run my browser, email (WLM right now and Thunderbird) through the sandbox. Also – be cautious when downloading and keep the files within the sandbox – not sure yet how that all will work.
• Also look into running the browser and Thunderbird from a thumb drive (or external drive?) and keep downloaded files off of my hard drive and on an external drive.
• Run weekly backups.
• No Facebook etc.

Also – I use an internet hotspot device from Verizon – connects like a cell phone to each computer so there is no router involved. No choice where I live – limited options. And the computers are not networked – each stands alone and each accesses the internet device separately. I also use a USB wired printer, even though it could connect wirelessly.

That’s my thinking so far. I know in the future, I’ll need to replace both of these computers with something else – but I am hoping to put some measures into place to extend their usability beyond Jan 2020 if possible.

So, I’m interested to know if this “plan” sounds like it might mitigate some of the risks that will exists after Jan 2020.

Thanks for any input – this is sort of new to me – being a fairly casual user!

 

2 users thanked author for this post.

Cybertooth, OscarCP

Reply | Quote

It mitigates the risk up to a point. There are pretty good ideas there. It is still not the best scenario, but depending on your tolerance for casualness about security, it might be perfectly acceptable to you.

You could add a third-party firewall since Windows firewall won’t be patched, especially with no router to protect you from the external world.

Maybe run EMET?

I don’t see the point about the thumb drive Firefox and Thunderbird. You don’t lower the risk and will you be able to patch them as easily as a normal install? I prefer the idea to run a sandboxed patched Firefox. You could also do like MrBrian suggested here and run a low-integrity Firefox. Downloading a file on your hard disk doesn’t make it less secure than on an external hard disk. Running bad files is bad, running bad files from external hard disk is bad.

I disable lots of things not needed in Windows. One could argue disabling unused protocols reduces the attack surface.

Still, anything that you can easily do to reduce your risk is better than nothing. Running a fully patched browser in a sandbox under a standard user account is probably close to the top of your ideas.

2 users thanked author for this post.

jburk07, LHiggins

Reply | Quote

Hello Alex and thanks for the reply! This is what I am looking for – ideas on what things in my list might work. Thanks!

Not really sure about that thumb drive thing – that was one of the ideas I had seen in various discussions, but I really don’t have much info on that.

“You could add a third-party firewall since Windows firewall won’t be patched, especially with no router to protect you from the external world.”

I believe right now I have the firewall provided by Norton – is that would you mean? And post #315585 below mentions a router that would work with my hotspot. How important is that for security issues?

“Still, anything that you can easily do to reduce your risk is better than nothing. Running a fully patched browser in a sandbox under a standard user account is probably close to the top of your ideas.”

That is what I think, too. I’m going to look into the sandbox idea more and see if that is workable for my systems.

Thanks for the help and ideas!

 

 

Reply | Quote

Yes, Norton firewall is a third-party firewall.

I believe having a router, especially if configured properly, is an important security measure. It will protect you from a worm that randomly targets you from the outside of your network by blocking access to ports where there is a vulnerable service behind, if there is a vulnerability discovered in one of Windows services listening on a certain port. Those are not common, but they have the potential to replicate quickly and create big issues. You just need to be connected to be infected, no need to do anything. Other infected computers will maybe target you randomly and send the infection. With a router, you could isolate your computer from others on the network and from IoT devices, too, if you use the guest network feature.

See https://www.askwoody.com/forums/topic/patch-lady-reboot-your-routers/#post-195209 for more ideas.

If you don’t want to buy a router, at least a patched third-party firewall can help a lot. The only thing with software is sometimes it takes decision for you that you wouldn’t necessarily want if you were digging into it. I like to disable uPnP on the router so no software punch a hole easily in it. I also don’t want a user activating file sharing on a public wifi because they thought clicking on private when they have been presented with a new network looks more secure than public and they read too fast so they didn’t get that private means open the ports and activate file sharing because you are on a private network and not a public one… For this I use other means than a router, though, because people don’t carry routers around.

 

Reply | Quote

LHiggins wrote:

I have 2 win 7 computers – a desktop and a laptop. Neither are candidates for an upgrade to Win 10 – or even probably win 8.1 IF I could find a license key – but both are perfectly fine and can probably be used for some time yet.

Curious– why are they not candidates for upgrade to Windows 8.1 or 10?  I understand that one may not want Windows 10 especially, but it sounds like that’s not the case here.  Is there a technical reason, like a lack of important drivers for something?

If it’s just because the system is a few years old, don’t let that deter you… it might still work.  I ran Windows 10 on my now 10 year old Core 2 Duo laptop successfully (ran quite nicely, and I would have kept it if I didn’t dislike Windows 10), and it also ran without crashing or hanging on my ~13 year old single-core Turion laptop, though it was slow (as you might expect) and hampered badly by only having a bit less than 900 MB of RAM available after the integrated graphics takes its chunk.

So – I have been trying to see how I can make them safe and continue to use them after the EOL.

I am sure you know there’s Linux also, and I’m sure you didn’t mention for a reason, so I am guessing you’ve decided it does not meet your needs.  If you change your mind, know that there are people here that will be willing to help with any problems you may have with it.  At the very least, it would give you a free, fully updated OS for the banking and other stuff you mentioned that was security-sensitive, which you could have as a dual-boot or run as a live session from a USB drive.

Ironically, one of the few things I use my Windows 7 VM for is depositing checks in my bank’s website– the scanner driver only works with Windows.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

LHiggins

Reply | Quote

Thanks for this encouraging information on Win 10 upgrades. I don’t know if there will be driver issues, but these are my configurations:

Lenovo Laptop:

• About 6 years old
• 500 gb hard drive with about 300 gb free
• Win 7 Home/SP1 64 bit
• Core i5 processor 2.6 gHz
• 4 GB RAM – 1 free slot, so could add on

With that laptop, I run at about 70% of my usable memory most of the time. As an aside, I think I am going to need to get that to the computer guys to see what junk is running – LOL.

HP Desktop

• About 8-9 years old
• 1.5 TB hard drive with about 854 gb free
• Win 7 Home/SP1 64 bit
• i7 processor 3.07 gHz
• 9 GB ram – not sure of the configuration

That computer runs at about 15-20% of available memory.

OK – having said all of that – I guess I thought that the age of both, and for the laptop – the lack of RAM – would be drawbacks and it might just be better to try to safeguard them as is, than upgrade them. But from your info – an upgrade does seem possible if I decide to go that route.

As to Linux – I have given it thought on and off – but seems that it is a bit daunting to contemplate something so different – at least for now.

” At the very least, it would give you a free, fully updated OS for the banking and other stuff you mentioned that was security-sensitive, which you could have as a dual-boot or run as a live session from a USB drive.”

However – how would I run it as a live session from a USB? I don’t think either computer could dual boot, but that does sound interesting.

<i>”Ironically, one of the few things I use my Windows 7 VM for is depositing checks in my bank’s website– the scanner driver only works with Windows.”</i>

Yes, that is also a concern – getting my printers and scanner to work with Win 10.

Thanks so much for the help and ideas. Glad there is a lot of time before this becomes more than just speculative!

Reply | Quote

It was caught in the spam filter on too quick edit after submit. The filter thinks you are submitting multiple times (like a spammer).  Give the system a little time to catch up.

1 user thanked author for this post.

LHiggins

Reply | Quote

Yep – there now! Thanks!

Reply | Quote

Both of the machines look like they would be fine with Windows 10 as long as the drivers can be found, if Windows 10 is how you wish to go.  Based on the clock rates you gave, I would guess that the Lenovo is a Sandy Bridge with something similar to the i5-2540M CPU, and that the HP desktop is a Lynnfield with an i7-880.

I didn’t have any trouble with Windows 10 x64 drivers for my 10 year old Core 2 Duo laptop, which originally came with Vista 32-bit.  I don’t care for Windows 10, but that laptop now has a dual-boot configuration with Windows 8.1 x64 and Linux, and everything works on it nicely.  Well, the ridiculous “instant fun” and “splendid” buttons don’t do anything, but since I found both of those things to be useless, I never tried to install them after I ditched Windows Vista (which I did on day 1 of having the laptop, in favor of XP).

I can’t say whether you will find all the drivers you need, but I did set up Windows 10 on a pair of Sandy Bridge desktop PCs (one of which is still referred to as my “main” PC), and I had everything working within that installation (no dangling ! icons in the Device Manager, etc.).  One difference is likely to be that my setup did not have integrated graphics, as the P67 chipset in my board doesn’t have that ability, while your Lenovo laptop probably uses the Sandy Bridge integrated graphics, known as HD2000 or HD3000.

Intel lists a downloadable HD2000/HD3000 driver for Windows 8.1 on Sandy Bridge, but not Windows 10.  An Intel rep claimed on the Intel forum that they have provided a HD2000/3000 driver for Windows 10 to Microsoft, so that should be available through the Windows Update system.

The HP desktop, if it does use the i7-880, looks like it would require an external GPU like my Sandy Bridge motherboard does.

OK – having said all of that – I guess I thought that the age of both, and for the laptop – the lack of RAM – would be drawbacks and it might just be better to try to safeguard them as is, than upgrade them. But from your info – an upgrade does seem possible if I decide to go that route.

I’m big on upgrading rather than replacing if the hardware (in its upgraded form) does what you need.  It’s only obsolete when it no longer performs the task(s) you want it to!  My Core 2 Duo laptop is still quick enough to be useful today (though its battery life is terrible by modern standards, even with brand new batteries).  With a SSD, it’s quite responsive and usable browsing the web, playing videos, and things like that.  The fast and furious obsolescence cycle that used to be has slowed to a crawl, and PCs of advanced age are more useful now than they ever were before.

FWIW, the Core 2 Duo laptop I mentioned has been upgraded to 8GB RAM (even though Intel and Asus both specify the model and its PM965 chipset as having a max of 4GB, 8GB works flawlessly). The bad part is that the two 4GB DDR2 SoDIMMs were not cheap.  Yours should both be DDR3 setups, and that’s much cheaper.

I’d certainly look at adding more RAM, as 4GB is pretty slim, but consider this– I just bought two laptops in the past 13 months that came with Windows 10 on 4 GB of RAM (not upgradeable), and both are significantly slower than your i7 in terms of CPU speed. How well they work with 4GB under 10 is anyone’s guess, as I have only used it for performing backups of Linux (the Windows backup program can back up Linux partitions without a problem), but it’s something that they were sold that way.

As to Linux – I have given it thought on and off – but seems that it is a bit daunting to contemplate something so different – at least for now. ”

Understood.  I know a lot of people feel that way.

At the very least, it would give you a free, fully updated OS for the banking and other stuff you mentioned that was security-sensitive, which you could have as a dual-boot or run as a live session from a USB drive.” However – how would I run it as a live session from a USB? I don’t think either computer could dual boot, but that does sound interesting.

Linux install DVD or USB drives usually have a live session feature, where you can simply boot it like it was a Windows install DVD or USB drive, and instead of immediately installing Linux, you can use it as it is, for testing Linux out on your hardware, for a platform to repair a PC when it won’t boot normally, or for any specific tasks like online banking or the like.  The browser is already set up, and usually networking works right out of the box, so you can immediately start browsing as soon as the live session starts.

To create one of these, just download the installer .iso for the distro of your choice and use a program like Rufus to write it to a USB stick of your choice.  Then, just boot it and give it a go!  It won’t change anything on your hard drive unless you tell it to, so you can explore the distro and see what it is like.  I like Linux Mint for beginners, with the Cinnamon desktop, but everyone has their own preferences.

If you have any questions about the process, we can slide on over to the Linux for Windows wonks forum and continue it over there.

As for dual-boot… the Linux installers will happily set this up without a problem, leaving Windows intact, and I don’t think it would be a problem on either of your PCs (but always do a backup first before attempting something like this, just in case something goes wrong).

The list of my own PCs that I have dual-boot set up on includes the Asus F8SN Core 2 Duo laptop (the ten year old one), my main desktop (using an Asus P8P67 Deluxe motherboard and i5-2500k CPU), my gaming laptop (Dell G3 with i7-8750H), my Acer Swift 1 “out and about” laptop (to which I have added a 1TB SSD… unfortunately its 4GB of RAM isn’t upgradeable, but I still like it a lot!), and even my ancient single core HP/Compaq M2000z laptop, which dual boots Windows XP and Linux Mint Xfce 32-bit.  That one really doesn’t get any use now, as I have so many PCs (I have five more that I didn’t list here) that I don’t need one that old/slow, and I wouldn’t use XP for anything internet related, but the point is that the dual-boot works!

Yes, that is also a concern – getting my printers and scanner to work with Win 10. Thanks so much for the help and ideas. Glad there is a lot of time before this becomes more than just speculative!

You might find that the printers and scanner work with Windows 10 or 8.1 too.  My all-in-one printer/scanner, the Canon MF-3010, set itself up for printing in Windows 10 without having to do anything but plug the scanner in.  The scanner portion required a download (I have Windows Update blocked on it, so I do not know if it would have found a driver there).  A quick download from Canon got it working perfectly.  It works perfectly in Linux too, after I downloaded the printer driver from Canon.  I got lucky on that, as I was only thinking of Windows when I bought it.

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

LHiggins

Reply | Quote

Thanks so much for all of this great info! I definitely would be interested in more on the Linux USB boot – that might be the solution I am looking for – or at least a way to keep my set up and have some security for the more sensitive websites.

“If you have any questions about the process, we can slide on over to the Linux for Windows wonks forum and continue it over there.”

Yes – that would be great – should I start a discussion there on this topic?

Again – thanks so much! I really appreciate the help in figuring this all out.

Reply | Quote

Lhiggins,

Sorry I took so long to reply!

Yes, please feel free to begin a topic in the Linux for Windows Wonks forum on that or any other question or comment you may have.  I’m relatively new to Linux myself, having only started using it part-time a few years ago and as my main OS probably a year ago, but I’ve gotten over the hump of not knowing how to proceed in the new OS to having it be my main OS.

I still have Windows on most of my Linux machines, as they all have either come with Windows or, in the case of my desktop, I put it on there myself years ago before I became familiar with Linux. Before Windows 10 arrived, and before MS started pushing it down everyone’s throats while insisting that it was the last Windows ever, as in “abandon all hope, all ye who enter here,”  I had only dabbled with Linux (Ubuntu Feisty Fawn) out of curiosity.  It was a novelty to be able to use the PC without Windows, but I was happy with Windows then (XP), so the Linux explorations never went anywhere.  Even when 8 appeared and I initially was shocked by its bizarre interface, I meant to stay with Windows… just not that version of it.  I’d just wait for the next one, which was sure to be better, right?

Now Windows 8.1 is the version that is on my desktop and my Core 2 Duo laptop.  It turns out that with some aftermarket UI help, it’s quite decent, but Windows 10 and “Windows as a Service” has problems (from my perspective… to Microsoft, they are design parameters) that are too deep to be solved with a few UI mod programs.

My newer laptops, my Swift and my G3, are too new to run Windows 8.1 or 7 properly, and at this stage in the game, where I seldom even use Windows anymore, I am not about to pay actual money for another version.  These two get to keep the versions they came with, which is an added incentive for me to spend as little time on the Windows side as possible.

Computers are tools, ultimately, and since I have the space for Windows, I leave it on there in case it is needed.  I’ve come to use it to run Macrium Reflect, the Windows-based backup program I like the best, where before I used to boot from the Macrium USB drive and do it that way, since Reflect does not have a native Linux version (which I would buy instantly if they did, assuming it cost less than a typical used car).  It’s faster just to boot to Windows, where Reflect is already set up, and do the backing up from there.  Reflect images Linux volumes just as easily as it does Windows ones, so no problem there.  I’ve used it successfully to restore Linux partitions and entire disks before, and it works very well.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

3 users thanked author for this post.

jburk07, LHiggins, Cybertooth

Reply | Quote

Thanks! I did start a discussion over in the Linux forum…

https://www.askwoody.com/forums/topic/linux-live-session-on-usb/

…and appreciate your help here and over there!

I use Macrium as a backup – but haven’t actually used it to boot or restore. I’m still learning it!

See you over in the Linux forum and thanks again!

Reply | Quote

@lhiggins, that’s a pretty good list of security measures to keep Windows 7 safe post-EOL. Here are a few more I would add:

1. Add a new layer of defense with anti-exploit software. Three possibilities are EMET (as @alexeiffel suggested), HitmanPro.Alert, and Malwarebytes Anti-Exploit. (There are others, too.)
2. In addition to keeping your browsers up to date, install uBlock Origin on them and activate most or all of the filter lists.
3. Use an extensive hosts file to block bad sites that your PC might try to connect to bypassing your browser.
4. Periodically, run on-demand AV scanners as a second opinion for your main AV. On my Vista computer, where I’m already applying a strategy similar to what you described, I use the scanners from ESET, F-Secure, and Sophos. (There are many others, too.) The Norton Power Eraser offers a choice to restart the PC to perform a rootkit scan before Windows boots, to sniff out this kind of malware before it can hide.
5. You can also consider burning a Live DVD-based AV program, that you would then boot from occasionally to run a scan from outside your Windows installation. This could be from your favorite AV provider or from a different one.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

On the roll-out of Win 10, I held back. I’d pick it up somewhere along the way, when it was ‘sorted’. It appears to be not ‘sorted’. Might buy a new PC Christmas 2019.

A thought to Microsoft. Reissue the free upgrade, again. See how many people take it up.

Reply | Quote

Please refrain from encouraging/inviting their b****y madness!
I dont need my firewall/AV going crazy allotcating all the RAM just to deal with their pushed ‘free offer’ at random intervals for months-long… and any after-effects that may slip through…
I will swtich to Linux immediately should they try that circus show ever again – I will not give my time for their “business-profit-model” herding!
No means NO!
Thanks for your understanding.

Reply | Quote

LHiggins wrote:

Also – I use an internet hotspot device from Verizon – connects like a cell phone to each computer so there is no router involved. No choice where I live – limited options. And the computers are not networked – each stands alone and each accesses the internet device separately. I also use a USB wired printer, even though it could connect wirelessly.

You could use a router like this one to give you a more conventional setup while still keeping your MiFi in play. Depending on the model of Verizon device you have, you can either connect it directly or use the WiFi-as-WAN feature.

Enabling your wireless printer would be just a side benefit of the arrangement.

1 user thanked author for this post.

AlexEiffel

Reply | Quote

And it is a Peplink too, the company that M. Horowitz recommends as a viable alternative to the badly patched, not really supported nor secure consumer routers!

Reply | Quote

 

According to a 2016 survey ( Barkley Survey: Ransomware vs. Traditional Security):

Ransomware vs. Traditional Security Solutions
Based on survey responses from 60 successful ransomware attacks

100% of the attacks bypassed antivirus
95% of the attacks bypassed the victim’s firewall(s)
77% of the attacks bypassed email filtering
52% of the attacks bypassed anti-malware
33% of the attacks were successful even though the victim had conducted security awareness training

And yes, ransomware is declining, but only because Bitcoin mining is more profitable these days. The same (or improved) techniques are being used on systems.

Even if you’re practicing “safe” computing, if you have other PC’s or devices (Internet of Things, or IOT) on your local lan, you’re at risk. It’s not that hard to have a router infected (since most people never change passwords), or have malware go through holes punched in your firewall to play a game, or run Plex, etc.

IMO only “safe” ways to run Win7 after EOL is to keep it totally offline, or run it as a VM Snapshot (in effect, creating a safe VM, taking a snapshot, then starting the snapshot every time you want a W7 session. You don’t save anything, just go back to the original snapshot).

It really is best to upgrade to a supported/patched system, either Windows 10, Windows 8.1, Chromebooks (or install Chrome OS), Mac or a supported Linux distro. Not only are you safer, but you’re also helping keep other devices on your local network safe.

6 users thanked author for this post.

Chessie, Myst, jburk07, AlphaCharlie, AlexEiffel, wdburt1

Reply | Quote

Here’s my two cents about Windows 7 Winter (or any end of life OS). I’m in the 20% group that needs a real computer, not a netbook, etc.

I had to move on from Windows XP at its end of life, to Windows 7, 8, 10, Linux, etc.

I had accumulated some expensive (over $1000 total) 3rd party programs that will no longer install and run on the latest versions of Windows.

What to do?

So I setup Virtualbox on a couple of my current computers (both Windows and Linux hosts), and installed a OEM licensed copy of Wndows XP as a VM.  My old 3rd party programs run fine in the VM, and I can move files either way without using the network by taking advantage of shared folders (a Virtualbox feature) between the host and guest VM.

I can switch my monitor, keyboard, and mouse between host and VM guest system with one click, copy/paste from one to the other, move files back and forth, without ever needing to reboot/dual boot, etc.

As long as I don’t use a network with the XP system, I don’t need to worry about updates, AV’s, or firewalls. Any files that I import to the VM have already been scanned for malware by the host system.  So it’s pretty much locked down.

The only drawback for using VMs is the hardware requirements.  You MUST have a CPU that supports “hardware virtualization” (such as Intel VT-x).

If you have some fairly up to date hardware (within the last 5 years or so), you are probably OK with that part. You will probably want to have at least a dual core CPU, at least 8GB of RAM, and enough extra disk space to install and run a VM (it needs real disk space, but the VM is contained in a folder, and is going to need room for the OS, any applications you plan to install, and any data that you need to store).  The good news is that you can backup the entire VM by just copying that folder.

But if your system will meet those needs, you may not even notice any performance drop running Windows inside a VM.  The exception here is that gaming in a VM is a non-starter, as well as graphics acceleration. The guest OS only “sees” the hardware that the Virtualbox environment presents to it, so the guest doesn’t actually “see” the real hardware. But the good news here is that the USB ports can pass through to the guest, so you can attach external USB devices and use drivers in the guest to run them directly in the guest.

 

Windows 10 Pro 22H2

1 user thanked author for this post.

AlexEiffel

Reply | Quote