Windows 10 to 11

[Deleted User]

Deleted_User said:

Deleted_User said:

JustAnotherSaver said:

J_B said:

Ain't broke = don't fix? 

That's why I'm still on Windows 7.

MSE folk don't like that though.

It's not that MSE folk don't like it. This forum is for good advice and running Windows 7 in 2022 is seriously poor advice and I can't understand why anybody would want to promote that advice to people.

It is in your best interests to upgrade to a supported operating system if you value your personal and financial data, privacy and security. And that doesn't mean you need to use the latest Windows version either, there are lots of free Linux based choices that are more secure if you don't fancy that new fangled start menu on Windows 10 or 11.

There have been 639 security vulnerabilities since Windows 7 last had a security update in Jan 2020 that haven't been patched unlike the supported version of Windows.

If you think I'm just trying to scare you with big numbers, look at the WannaCry ransomware attack in 2017 and how this affected 70,000 NHS computers, mostly Windows 7.

• All the NHS organisations affected by WannaCry had not applied the latest Microsoft patches
• The NHS have professional IT services including firewalls, email filtering and malware detection beyond anything a home user would have yet they were still affected
• The ransomware infection was NOT caused by users clicking on malicious links in emails or internet browsers, just simply having the computer switched on and connected to a network was enough
• Antivirus products provided no protection against the attack

More recently in May 2021 whilst we were all consumed by pandemic news, another ransomware called Conti brought Ireland's public health system to its knees - again Windows 7 was the weak link. In this case a link was clicked on an email on the 18th March but nothing untoward happened until 2 months later when the hacker had managed to infiltrate thousands of computers and servers before executing the ransom demands.

EDIT:
And that TPM module that everyone is moaning about for Windows 11 compatibility - that in itself would have prevented the WannaCry and Conti ransomware I've mentioned above. There is a very good reason why Windows 11 needs the TPM.

EDIT2:

Ibrahim5 said:

OMG support for Windows 7 finished last year. Such a security risk I am amazed you are still alive.

Until you have been hit by ransomware or lost all of your personal data it is quite an amusing topic. Read some of the real stories of people losing precious photos of deceased loved ones through ransomware and then come back and make some jokes about it.

As long as you don't go downloading dodgy files and clicking on dodgy links you're more or less covered.

Did you read what I said about WannaCry?

Nobody clicked anything, nobody downloaded anything.

It was a worm that scans for vulnerabilities on networked computers - just simply being online caused the infection.

Most people have no idea how many speculative attempts are made to infect connected computers, you won't realise it but your home broadband right now is being scanned by malicious people trying to find a weakness - normally routers don't log this, here is an example from the last few minutes of random attempts blocked by my firewall after I turn on logging:




The key information is in the last column - the SRC is the source IP, here are some of the locations of the IP address attempting to make connections to my home broadband - each one probing a random port number.

45.146.164.204 - Moscow / Russia
104.248.236.232 - New Jersey / USA
58.53.69.157 Hubei / China
34.77.162.3 Brussels / Belgium
185.94.111.1 Russia
117.201.200.138 Kerala / India

25 attempts in less than 5 minutes = 7,000 attempts per day to scan for vulnerabilities on my home broadband - it doesn't matter what you click on when that many attempts are being made to connect to your computers.

[Deleted User]

[Deleted User] said:

Deleted_User said:

[Deleted User] said:

JustAnotherSaver said:

J_B said:

Ain't broke = don't fix? 

That's why I'm still on Windows 7.

MSE folk don't like that though.

It's not that MSE folk don't like it. This forum is for good advice and running Windows 7 in 2022 is seriously poor advice and I can't understand why anybody would want to promote that advice to people.

It is in your best interests to upgrade to a supported operating system if you value your personal and financial data, privacy and security. And that doesn't mean you need to use the latest Windows version either, there are lots of free Linux based choices that are more secure if you don't fancy that new fangled start menu on Windows 10 or 11.

There have been 639 security vulnerabilities since Windows 7 last had a security update in Jan 2020 that haven't been patched unlike the supported version of Windows.

If you think I'm just trying to scare you with big numbers, look at the WannaCry ransomware attack in 2017 and how this affected 70,000 NHS computers, mostly Windows 7.

• All the NHS organisations affected by WannaCry had not applied the latest Microsoft patches
• The NHS have professional IT services including firewalls, email filtering and malware detection beyond anything a home user would have yet they were still affected
• The ransomware infection was NOT caused by users clicking on malicious links in emails or internet browsers, just simply having the computer switched on and connected to a network was enough
• Antivirus products provided no protection against the attack

More recently in May 2021 whilst we were all consumed by pandemic news, another ransomware called Conti brought Ireland's public health system to its knees - again Windows 7 was the weak link. In this case a link was clicked on an email on the 18th March but nothing untoward happened until 2 months later when the hacker had managed to infiltrate thousands of computers and servers before executing the ransom demands.

EDIT:
And that TPM module that everyone is moaning about for Windows 11 compatibility - that in itself would have prevented the WannaCry and Conti ransomware I've mentioned above. There is a very good reason why Windows 11 needs the TPM.

EDIT2:

Ibrahim5 said:

OMG support for Windows 7 finished last year. Such a security risk I am amazed you are still alive.

Until you have been hit by ransomware or lost all of your personal data it is quite an amusing topic. Read some of the real stories of people losing precious photos of deceased loved ones through ransomware and then come back and make some jokes about it.

As long as you don't go downloading dodgy files and clicking on dodgy links you're more or less covered.

Did you read what I said about WannaCry?

Nobody clicked anything, nobody downloaded anything.

It was a worm that scans for vulnerabilities on networked computers - just simply being online caused the infection.

Most people have no idea how many speculative attempts are made to infect connected computers, you won't realise it but your home broadband right now is being scanned by malicious people trying to find a weakness - normally routers don't log this, here is an example from the last few minutes of random attempts blocked by my firewall after I turn on logging:




The key information is in the last column - the SRC is the source IP, here are some of the locations of the IP address attempting to make connections to my home broadband - each one probing a random port number.

45.146.164.204 - Moscow / Russia
104.248.236.232 - New Jersey / USA
58.53.69.157 Hubei / China
34.77.162.3 Brussels / Belgium
185.94.111.1 Russia
117.201.200.138 Kerala / India

25 attempts in less than 5 minutes = 7,000 attempts per day to scan for vulnerabilities on my home broadband - it doesn't matter what you click on when that many attempts are being made to connect to your computers.

I have a very could home network with very good switch and very good firewall. I also use a very good ISP (Zen) not your average bargain bucket consumer brands which are touted around these parts. Microsoft Security Essentials updated and I regularly scan with SuperAntiSpyware and Malwarebytes too. Browser is always up to date also. I've never had any concerns.

[Deleted User]

Deleted_User said:

I have a very could home network with very good switch and very good firewall.

Care to name the "very good firewall / switch" that you use to help other MSE's with choices in purchasing them?

Happy to name my Asus router with AiProtection from TrendMicro that blocks many things that the devices in my house don't already.

It is only basic compared to running something like pfSense which is my next planned firewall upgrade but much better than a free ISP router. It has blocked 200 events not caught my firewall / antivirus etc in the last 2 weeks since I reset the statistics:

Deleted_User said:

I also use a very good ISP (Zen) not your average bargain bucket consumer brands which are touted around these parts.

ISP makes no difference at all, your public IP address is accessible to everyone in the world regardless of your choice of ISP.

Do you use anything like an antimalware DNS service or your default ISP DNS?

Deleted_User said:

 Microsoft Security Essentials updated and I regularly scan with SuperAntiSpyware and Malwarebytes too. Browser is always up to date also. I've never had any concerns.

Microsoft security essentials has not been updated since 2016. Windows 7 users will receive definition updates until 2023 but the basic engine is no longer supported or updated and is fairly useless compared to the latest Windows Security app.

Earlier this year I decommissioned my father Windows 7 PC running Microsoft security essentials, within minutes of plugging the SSD into a dock to my Windows 11 PC there was a detection of 3 different malware that had not been picked up when it was installed in his PC. I wouldn't trust it.

Scanning only picks up infections after the event, it doesn't prevent them. Running supported, secure and patched OS does help prevent infections.

Deleted_User said:. I've never had any concerns.

That is meaningless. I've never had my car stolen or my house broken into, doesn't mean I neglect security and use outdated techniques. Maybe it is because I've got up to date locks on my windows and doors and CCTV or maybe it is just good luck, who knows?

Jenni_D

I've never had a car stolen, but I have had someone try to break into my house before. The decent locks plus the security alarm prevented them being successful - i.e. I had Windows 11 level security rather than Windows 7 level.  

cx6

"And that TPM module that everyone is moaning about for Windows 11 compatibility - that in itself would have prevented the WannaCry and Conti ransomware I've mentioned above."

was just wondering how technically a tpm module would have prevented wannacry as I was alwsys under the impression tpm was used to store your encryption keys and for secure boot

from memory, wamnacry propogated via an insecure smb windows 'feature'

[Deleted User]

cx6 said:

"And that TPM module that everyone is moaning about for Windows 11 compatibility - that in itself would have prevented the WannaCry and Conti ransomware I've mentioned above."

was just wondering how technically a tpm module would have prevented wannacry as I was alwsys under the impression tpm was used to store your encryption keys and for secure boot

from memory, wamnacry propogated via an insecure smb windows 'feature'

Thanks cx6, it is a good question - my statement in bold above deserves criticism because the TPM alone wouldn't have prevented WannaCry but it is part of a bundle of security measures that Windows 11 uses which requires certain hardware requirements including TPM.

Windows 11 enforces what is known as virtualisation based security (VBS) that puts walls up between the operating system itself and the applications that run on the machine. The applications run in virtual machines that don't have privileges to access the secure memory in which the Windows kernel runs, which prevent them from accessing and executing code that can do malicious things without authorisation.

This feature has been around since Windows 10 but is not switched on by default because not all hardware supports it and it does cause a performance impact of up to 25%. But all new Windows 11 installations do have it switched on by default.

Here is a Microsoft article that cites VBS as protection against WannaCry. A system with the SMB vulnerability would still be safe from WannaCry if VBS was enforced.

https://www.microsoft.com/security/blog/2018/06/05/virtualization-based-security-vbs-memory-enclaves-data-protection-through-isolation/

So really VBS could prevent WannaCry because it won't allow untrusted applications to execute privileged code belonging to the system, which is exactly what WannaCry and other malware and ransomware often do.

But you are right, it wasn't the TPM that can stop WannaCry but here is how TPM fits in with the VBS that can stop WannaCry....

We need to move to the next level of security to understand how TPM fits into the story. MS explains it in more details and also highly recommends TPM:

https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs

The effectiveness of VBS relies on the master secure kernel (or hypervisor) being trusted itself because that is what decides what memory space can be accessed for executing code, and if the "master" cannot be trusted then VBS isn't effective.

If the "master" becomes infected with malware then all hell can break loose because the trust mechanisms described above are now useless.

The way the hypervisor is trusted is via the TPM which only allows trusted code to be loaded into the secure kernel - so the TPM is effectively the auditor of the main security system.

So hopefully you can see why I just shortened it all to what I did, but on reflection I would now reword as:

And that TPM module along with the other minimum hardware requirements required for mandatory VBS that everyone is moaning about for Windows 11 compatibility,  - that in itself  would have prevented the WannaCry and Conti ransomware I've mentioned above.

cx6

thank you 🙂

Ibrahim5

So everyone without a TPM module should throw their PC in the bin immediately.

[Deleted User]

Ibrahim5 said:

So everyone without a TPM module should throw their PC in the bin immediately.

Nobody said that. 

I got on my high horse from an earlier comment that tried to justify running Windows 7 and another comment about Windows 11 saying "if it ain't broke, don't fix it" which is a totally ignorant comment to make because of all the things I've said above.

PC's without a TPM are still reasonably secure as long as they have the latest OS and security patches - but running Windows 7 is just stupid in 2022.

TPM's were mandatory for "Windows 10 certified" PC's and have been since 2016 so it is hardly a new fangled thing and have been around for over 15 years..

I'm not here to coerce people into using XYZ operating system or hardware, but I'm up for educating people about the security risks that they are blissfully unaware of.

I've also said earlier that there are alternatives to Windows. People talk about Windows as if they are forced to use it but we all actually make a choice and in most cases pay for Windows, so if you don't like it, buy something else or get another free OS. All my servers run Linux, horses for courses, I'm not a Windows fanboy.

googler

Ibrahim5 said:

OMG support for Windows 7 finished last year. Such a security risk I am amazed you are still alive.

Oh, behave yersel' ... up until late last year I was using Windows XP with not a single issue.

This is not "promoting advice" as the other poster put it, just simple statement of fact.  I was online 24/7, and nothing untoward happened. Not a thing.