23% of Windows in Use is Old, Insecure Win7 or XP

[steven36]

Windows 7 and XP are obsolete, but that hasn’t stopped almost a quarter of Windows users using them. It’s a security nightmare waiting to happen.

 

 

Friends don’t let friends use insecure Windows. Microsoft’s stopped issuing security patches for those ancient versions, so it’s a bit of a worry.

 

It’s not 2015 any more, let alone 1605. But it is 11/05. In today’s SB Blogwatch, we’re a vaudevillian veteran, cast vicariously as both victim and villain.

 

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: vichyssoise of verbiage.

 

Remember, Remember

What’s the craic? Mark Anthony Ramirez reports—“It’s time to upgrade Nana’s computer”:

 

 Although Windows 10’s market share has grown to 64.04% … the 11-year-old Windows 7 operating system still retains a market share of 20.41%. … It is still good enough for second place in overall operating system market share followed by Mac OS X 10.15.
…
This is a problem, because Microsoft stopped supporting Windows 7, which means the OS will no longer receive crucial security updates. … Fortunately, users can still upgrade from Windows 7 to Windows 10 for free by simply using Microsoft Media Creation Tool.
…
Windows XP still holds a 0.87% market share. Windows XP is … old enough to vote, having been released on October 25, 2001.

 

 

Yikes. Bogdan Popa cuts to the chase—“Windows 10 Sets New Personal Record as Adoption Skyrockets”:

 

 Windows 7 is now considered an unsupported platform, and it only receives security patches as part of the ESU program released by Microsoft for paying enterprises. Consumers whose devices are still running Windows 7 aren’t getting any new updates.

 

Where are the numbers from? Surur says simply—“Netmarketshare”:

 

Netmarketshare has released its market share report for October 2020. The report shows a significant increase in market share of Windows 10 [and] Linux.
…
This will be the last report from Netmarketshare’s numbers, as the company says they have been struggling with battling bots, which distort the stats, and that changes to browser user agent strings will make it impossible to get accurate data in the future.

 

O RLY? The company wrings its metaphorical corporate hands—“Important Notice”:

 After 14 years of service and being used as a primary source in tens of thousands of articles and publications, we are retiring NetMarketShare. … October 2020 is the last month of data.
…
An upcoming change in browsers [to defeat user-agent fingerprinting] will break our device detection technology and will cause inaccuracies for a long period of time. In addition, we have focused on bot detection and removal as a key part of the quality control process.
…
As time has gone on, it has become increasingly difficult to manage this process. So, instead of accepting increasing levels of inaccuracy, we thought it would be a good time to call it a day.

Just who are these people running Win7? FuegoFuerte is just one of them:

 It was the last version of Windows with a decent UI that didn’t **** me off every time I turned around with stupid notifications I don’t care about (no matter how many times I try to turn them off) and other rubbish.

And Nginx487 is another:

 Windows 7 is objectively the best operating system MS has ever done, the most stable, secure and having the most comfortable user experience. … Windows 10 leaves a rotten smell for every technically educated user.

But what’s the next shoe to drop? Athanasius looks ahead:

 It doesn’t matter if Windows 7 use drops to literally zero. We’ll still have people on now-unsupported releases of Windows 10. … In the end it just means they’re users with unpatched Windows … running against known security issues, and have a high probability of their machine becoming part of a botnet at some point.

Some of the holdouts won’t use Win10 because of “spy telemetry.” But WorldMaker says that’s daft:

 Most of the same telemetry is in Windows 7. … A lot of the telemetry systems were added in Vista or XP. The biggest change was Windows 10 turned on a lot more of it on by default rather than nagging people to join the various “Customer Experience Improvement Programs” and consolidating all those opt-in/opt-out “improvement programs” from a half-dozen different nag dialogs to a single privacy settings panel.
…
I think it’s very similar what macOS collects and what Windows does these days. … There’s a ton of documentation at this point on everything Windows collects.

Meanwhile, everyone agrees which Windows version was the real enemy—including Camel Pilot:

 Win8 on the other hand was a confusing mess. … I wonder if all those UI designers were micro-dosing something back in those dark days?

And Finally:

It’s November 5th, and V is just this Guy

 

 

 

Source

[Karlston]

Decent Security software and practising good Internet hygeine will keep Windows 7 users safe.

 

6 hours ago, steven36 said:

Win8 on the other hand was a confusing mess. … I wonder if all those UI designers were micro-dosing something back in those dark days?

 

Windows 8 was indeed a mess, but 8.1 is much better. Replace the tile-infested Start Menu with a 3rd party product, disable the charms bar and it's fine and IME more stable than the great Windows 7. And it still has plenty of support time left.

 

I wonder what the UI designers are micro-dosing on now, the once-dated rounded corners and colour seem to be returning to replace the "modern" square corners and bland  lack of colour.

[steven36]

20 minutes ago, Karlston said:

Decent Security software and practising good Internet hygeine will keep Windows 7 users safe.

After Microsoft discontinue security updates for a version of Windows there is not a safe way to run that version of Windows.

 

Some people will promote Virtual Patching where you have a external firewall scan all your traffic looking for patterns of traffic that look malicious. I would not trust that, and it requires a seperate non-vulnerable computer.

 

A number of vulnerabilities patched by Microsoft are not the sort that anti-virus are good at catching. In the most recent example Google announced a Chrome Bug plus Windows 7 bug that caused visiting a site to remotely execute arbitrary code, this was being used in the wild. After end-of-life Microsoft will not patch this type of bug. (https://www.zdnet.com/article/google-chrome-zero-day-was-used-together-with-a-windows-7-zero-day/)

 

Source: https://security.stackexchange.com/a/205195

 

 

No, anti-malware is not a replacement for security updates

 

WannaCry and NotPetya targeted a vulnerability that had been patched by Microsoft a few months earlier.

 

But it’s not just these high-profile attacks that target recent vulnerabilities that are the problem. During Q2, 90% of organizations recorded exploits against vulnerabilities that were three or more years old. And 60% of firms experienced successful attacks targeting devices for which a patch had been available for ten or more years!

You hate Windows 10's forced updates and telemetry, but there are methods to change their operation. For example, using gpedit.msc on Professional editions you can:

• Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates. It's still possible to choose 2 = Notify before downloading and installing any updates.

• It's possible to get the feature updates only after they are actually ready (i.e. tested and complained by the end users). ... > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are received:

  When Selecting Semi-Annual Channel (Targeted) or Semi-Annual Channel:

  • You can defer receiving Feature Updates for up to 365 days.

• Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds. Allow Telemetry = 0 Security sends only a minimal amount of data to Microsoft. Too much? You can disable the DiagTrack: Connected User Experiences and Telemetry service.

Windows 10 was the first Windows with cumulative updates, which actually means less updates. Since October 2016 there has been no difference as Microsoft stopped individual updates for every supported Windows and currently all updates are in rollup model. (You can read more about servicing differences).

 

Source https://security.stackexchange.com/a/205196

 

There is no realistic substitute for software patches.

There are additional security measures one can take, but all of them have their limitations.

• Antiviruses will not do a thing against attacks that do not write to disk. If an attacker hijacks a legitimate process in memory, it's open-season on your data. These kinds of attacks are becoming more and more common.

• Firewalls and IDSes (of either the software and hardware variety) can catch malicious traffic that matches a signature. The slightest bit of customisation will defeat this.

• All software measures rely on your core operating system being trustworthy. A core OS with security holes like Swiss cheese cannot be trusted.

• Hardware measures rely on you having a spare machine with software that has a supported OS anyway.

Source https://security.stackexchange.com/a/205225

 

Windows 7 was released 10 years ago. Wanting to use win 7 now is the same as wanting to use win xp in 2013 (the year windows 8.1 was released), or wanting to use windows 95 in 2004. There were such guys in that era too, and we made fun of them at the time¹. Technology is changing, you should learn to adapt if you want to succeed in this field. If you want to schedule your own update times or prevent some updates to install completely you can spend some more bucks for the pro version of windows 10, regarding telemetry I have bad news for you: there's also in windows 7, and the quantity of information can't be configured as in windows 10 so you keep the defaults, whether you like that or not.

 

To answer your question: there is no way an external small software house can patch vulnerabilities of a closed source operating system with the same efficacy as the operating system developer, the best they can do is work around known bugs by blocking features or scanning your activity for malicious patterns. This will slow your computer, and has bigger privacy concerns that the telemetry Microsoft gathers². Also, as someone already said, there are vulnerabilities which can't be worked around outside of the operating system, so you'll keep them all.

 

Relying on external protection for your outdated OS may lure you into a false sense of security and may work without issues for years (it is not like the operating system becomes insecure the exact day its support ends) but would require you to keep yourself informed on new security issues, whether they are severe, whether they affect your OS, whether they will stay unpatched and eventually determine whether you should finally leave your OS at one point. If you can afford that much time managing your installed OS just for privacy concerns you can definitely use it to install Linux and solve the issues you may encounter to the lack of certain apps in your usual workflow, it will pay off more in the future.

 

Another thing that has not been said in other answers and I think affects security of an old operating system is that external app developers will eventually stop supporting it and releasing new version for it, so you may end up having old and buggy versions of apps such as browsers, which may be another surface of attack for exploiters.

 

TLDR, only hassle comes with staying with Windows 7. The problems you thought Windows 10 has also affect Windows 7, and while up until now it may have been a preference choice for the old UI to justify using that operating system, from now on the technical problems which come with it will keep increasing, so stay away: either go to Win 10 or move to Linux

---

¹ there was arguably a reason for people to stay in an older operating system at the time, and that was the increased demand of computing power of the newer operating systems which prevented them to be installed on older machines. This is not true anymore, since Windows 10 requirements are exactly the same as the 10 year old windows 7.

² concern being data leakage and server vulnerabilities are more likely on a small company and more likely to be severe, because Microsoft has a much more experience in security gathered from failures accumulated along its 40 year of activity and enmity to various revolutionary hacker groups

 

Source: https://security.stackexchange.com/a/205221

 

I agree with these guys because I run  Linux with  no realtime security software  just  patching  no Antimalware  can replace patching.