Seven: your days are numbered

[pyf]

As a friendly reminder:

Microsoft will discontinue Windows 7 SP1 extended support next year, on January 14, 2020. After that, technical assistance and automatic updates will no longer be made available for the product.

For Windows 7 SP1, the end of mainstream support had already been reached on January 13, 2015.


After January 14, 2020, if your PC is running Windows 7 SP1, it will no longer receive software updates, including security updates, from Microsoft. In addition, Microsoft customer service will no longer be available to provide Windows 7 technical support.

After support has ended, Windows will continue to start and run. Also, Windows 7 can still be installed and activated after end of support, Microsoft says.


Microsoft will offer paid Windows 7 Extended Security Updates (ESU) through January 2023. The Windows 7 ESU will be sold on a per-device basis and the price will increase each year. Windows 7 ESUs will be available to all Windows 7 Professional and Windows 7 Enterprise customers in Volume Licensing, with a discount to customers with Windows software assurance, Windows 10 Enterprise or Windows 10 Education subscriptions. In addition, Office 365 ProPlus will be supported on devices with active Windows 7 Extended Security Updates (ESU) through January 2023. This means that customers who purchase the Windows 7 ESU will be able to continue to run Office 365 ProPlus.


Windows for embedded devices (such as ATMs or gas pumps) have lifecycle dates that sometimes differ from versions of Windows that are used on PC devices. *cough!*



Sources:

- Windows 7 support will end on January 14, 2020 - Windows Support
- Helping customers shift to a modern desktop - Microsoft 365 Blog
- Windows lifecycle fact sheet - Windows Support

 

[Sieben]

Dammit! I like my Windows 7

 

[pyf]

Nothing prevents you from still liking (and using) it, even after 7's End of Service. Except a critical hardware failure, of course.

 

[Sieben]

Yes, I might do that for a while, but eventually I'll have to switch to a more reliable version of Windows, with fewer security issues.

 

[WhiteFang]

more reliable? such as?

 

[pyf]

@Sieben: I trust there will be no 7pocalypse in 2020, just like there has not been any XPocalypse in 2014 (and counting!), nor any "whatever"pocalypse to begin with (remember the Y2K bug that supposedly would have sent us back in time? Or the Cobol bug?).

[...] eventually I'll have to switch to a more reliable version of Windows, with fewer security issues.

Windows 7 is as reliable as any other OS, and maybe a bit more.


Regarding security issues, please have a look at this first, and then despair:
Bulletins | US-CERT

(courtesy of US-CERT)

Therefore, maybe you are counting too much on the security updates provided by Microsoft alone, to "protect" your PC. As for me who is using Windows XP, I am surfing as admin, my OS is patched up to April 2014, and I am facing no such issues. Where is the XPocalypse I was promised by web journalists, dammit?


To better secure his/her PC, what one needs to do is imho to install a few no-nonsense third-party programs, configure a few settings here and there, and not do any stupid stuff. Period.

Windows for embedded devices (such as ATMs or gas pumps) have lifecycle dates that sometimes differ from versions of Windows that are used on PC devices. *cough!*

Maybe it is worth pointing out here that despite the end of extended support for Windows XP on April 2014, its POSReady 2009 variant (which is the one embedded into devices) is still updated up to this day in January 2019. For reference and documentation purposes, I am providing below a list of recent patches (all of them being served through Windows Update on a regular monthly basis) for these embedded versions of the OS:

Spoiler: Recent Windows POSReady 2009 updates

June 2018 - July 2018 - August 2018 - September 2018 - October 2018 - November 2018 - December 2018 - January 2019


Of course these updates include security ones, but also at least one major *feature* update. Feature updates are theoretically dropped after the end of mainstream support (which for the record was in... 2009 for Windows XP iirc).

As you can also see, EoL software (like Office 2003 / 2007) is still alive and well, and the news of its death have been greatly exaggerated.

Of course, the main variants of officially unsupported OSes might also still get security updates one day or another regardless (here as downloadable hotfixes only).


Also, keep in mind that development plans for Microsoft software may change without notice (nor an official explanation afaik). As an example, who remembers that Microsoft was supposed to stop releasing virus protection for Windows XP through its Security Essentials application since... July 14, 2015?

Latest definition updates for Windows Defender Antivirus and other Microsoft antimalware - Windows Defender Security Intelligence

With the Malware Definition updates (as well as with Microsoft Update), one will eventually notice that owners of a Retail licence are not served equally when compared to owners of an OEM licence, or to owners of a Volume one.


... but anyway, back to Windows 7:

It is therefore unlikely that Microsoft will end the development / support of Windows 7 SP1 even after January 2023.

 

[Sieben]

@Sieben: I trust there will be no 7pocalypse in 2020, just like there has not been any XPocalypse in 2014 (and counting!)

I'm not foreseeing an apocalypse, but as an average user of Windows, I am not aware of all the subtleties of computer security.

Therefore, maybe you are counting too much on the security updates provided by Microsoft alone, to "protect" your PC.

I don't But I assumed updating Windows was part of the protection, at least.

To better secure his/her PC, what one needs to do is imho to install a few no-nonsense third-party programs, configure a few settings here and there, and not do any stupid stuff. Period.

I try to do that. I mainly use CCleaner, uBlock, Malwarebytes, and I don't visit fishy websites. I've never had any issue so far. I don't know if it's enough though, any suggestion?

It is therefore unlikely that Microsoft will end the development / support of Windows 7 SP1 even after January 2023.

...which gives me time. I'll have changed my computer by then

more reliable? such as?

Any recent up-to-date Windows without security issues. I don't know what Windows will be available in 2020-2023!

 

[pyf]

(note: this post is unfinished and must be posted as-is for now)

I'm not foreseeing an apocalypse

'XPocalypse' was a portmanteau word widely used around 2014. It was devised to scare non tech savvy Windows XP users. Typing it in 2019 in your favorite search engine brings so many fun links (for me, that is).

I assumed updating Windows was part of the protection, at least.

Any recent up-to-date Windows without security issues.

Yes and no. Because no code can be bullet-proof.

Again:
Bulletins | US-CERT

Computer security is an illusion.

I mainly use CCleaner, uBlock, Malwarebytes, and I don't visit fishy websites. I've never had any issue so far. I don't know if it's enough though, any suggestion?

CCleaner will not harden Windows, but its Registry scan can be effective for troubleshooting. It is also a good way to find out quickly if your Restore points are still there. Never let CCleaner do *any* automatic scan/cleaning/fixing of whatever.


For a bit more OS hardening, I suggest using:

- SpywareBlaster (+ the file 'SB customblocking.txt' from pattaya1.mbnet.fi for extra IE protection against ActiveX-based adwares)

- the most current version of an anti-exploit software. I myself use Malwarebytes Anti-Exploit as a standalone download, because contrary to you I never installed Malwarebytes 3. If the telemetry in the recent versions of MBAE is an issue, then stick to v1.12.1.90. Should MBAE fail someday, I would then decide to give HitmanPro Alert a try.

- install a good Hosts Manager, to create your own concatenated blocking host list. I personally use HostsMan v4.7.105 (link to archive.org) for that. Very important: if you decide to use a blocking host list, then you first absolutely must disable the DNS Client service built in Windows.

- install Ad Muncher v4.94 (last advert list update: 03/12/2018, does not filter HTTPS traffic, one can create his own rules) - changelog here

- if Ad Muncher does not do the trick, then maybe give AdFender a try? (its rules should still be customizable - may also help with some instant messengers and also some P2P software iirc) - changelog here

A blocking Hosts List + Ad Muncher / AdFender combo make filtering browser extensions like uBlock Origin more or less redundant. That, plus these browser extensions do *not* block connections at OS level.

- For hopefully safer P2P, I suggest giving PeerBlock a try (download v1.2 (r693) here on Google Code). Some paid (and outdated?) lists can be found at i-Blocklist.com. There was the Omegle filter list (note: project officially shut down on February 20, 2017,... or maybe not). There are other lists at peerblocklist.com. Of course, the reliability of such blocking lists can not be guaranteed. I am pointing out here that PeerBlock is about safety, and *not* about anonymity.



In Windows,

- please create additional User Account. You may use the controversial Comodo Leaktests software from November 2008, to find out how User Account settings may add more security to your OS.

- disable the services Remote Registry and Telnet (you may use the portable version of Microsoft Fixit Utilities for that)
- enable DEP for IE if it is not already activated (you may use the portable version of Microsoft Fixit Utilities for that)

- disable the service Avertissement


Geeky stuff:

- install DNSSEC Trigger, which is the easiest way to use DNSSEC. Caveat: be sure you know how to change back manually your DNS settings, because DNSSEC Trigger will change them to 127.0.0.1. Note: DNSSEC Trigger does not do any DNS encryption out of the box.

- change your DNS settings to another DNS provider. ChrisPC DNS Switch can do that in an easy way (tip: note all its DNS serve parameters based on all the presets on a piece of paper, and then you may uninstall this software and configure your DNS settings manually)

- scan your root certificates with RCC (discussion thread here)


Security also means backups:

- make several external backups of your Registry. You can use Windows Repair AiO for that. You can also use RegBak.

Note: ERUNT is better left for Windows XP users (even though it could work on Vista and 7 thanks to a few tricks). For doing a backup of the Registry, using the Volume Shadow Copy is always the best method and ERUNT does not use it.







Some browser-related stuff:

- In your web browser, set at least Adobe Flash to run only on demand.

- The Java plugin should not be an issue anymore, unless you are using an early version of Java 7 (or below) with an outdated web browser.

- Install the browser extension HTTPS Everywhere, because it fixes some semi-broken HTTPS sites which may still deliver mixed content. Pale Moon or Seamonkey users can use HTTPS Always instead.

- Install the CAcert root certificates? (note: but who still uses them in 2019?)

- SUPERAntispyware can be used as a tracking cookie cleaner. The number of cookies on your PC depends on how you have configured your Web browser. Tracking cookies are not a security risk (and neither are so-called "supercookies" imho).

- The browser vaccination of Spybot S&D v1.6 is imho obsolete and gives the user a false feeling of security. Never run the Teatimer, it will confuse you. Maybe SDHelper is still useful for IE8?



About the Windows Updates:

To check that you are not missing any security update, or that your Windows 7 updates are not corrupt, you can run SFC / verifyonly at a command prompt.

I suggest installing Microsoft Baseline Security Analyzer v2.3 (note: *not* designed for Windows 10), even though it has now been superseded and retired. Its current database (wsusscn2.cab) is a *huge* download (more than 500 MB, and counting!) and you only need a subset of it. But at least it will allow you to check your PC (and the one of other people) offline for any missing or corrupt updates.


Maybe I will do a few uploads, for preservation purposes.

I don't know what Windows will be available in 2020-2023!

Windows 10, build whatever.

 

[Sieben]

Thanks Pyf! There are a couple of things I've already been doing, but I'll take a look at the rest

 

[chobibo]

Man, my windows XP machine was still working 2 years ago, too bad her PSU died and thus ended my Windows XP-ing days. Anyway, @Sieben, don't worry, I'll stand (I'll sit after a few minutes My arthritis hurts my bro) with you if ever a 7pocalypse happens.

 

[BloodDrunk]

Not even using windows updates or security bullshit, so far so good

 

[Daffa]

Most of the time, security issues come from the user being dumb enough

 

[Ralle]

Re-opened!

 

[pyf]

Spoiler: Necrobump!

End of support notification for products using the Windows 7 operating system | Sony USA

 

[pyf]

How to get Extended Security Updates for eligible Windows devices - Microsoft Tech Community - 917807

 

[Feng Shui]

Nothing prevents you from still liking (and using) it, even after 7's End of Service. Except a critical hardware failure, of course.

The main problem, like always, will come in the form of backhanded deals with HW manufacturers to lock their products and push for an upgrade to W10. And some time down the line MS will likely push compatibility issues too.

 

[pyf]

The main problem, like always, will come in the form of backhanded deals with HW manufacturers to lock their products and push for an upgrade to W10. [...]

I am mentioning this kind of workaround purely for the record, as I could not possibly recommend it to the average computer user:
- p-lider/WuaCpuFix
- zeffy/wufuc

[...] And some time down the line MS will likely push compatibility issues too.

Eight months away? Naaah, not anymore:
How many days until Windows 7 End of Support Life?

 

[pyf]

Microsoft Asked to Unshackle Windows 7 From Proprietary Tyranny - Bleepingcomputer

The Free Software Foundation (FSF) is asking Microsoft to 'upcycle' Windows 7 and allow the community to continue to improve it after its end of life. [...]

[...] While Redmond says that Windows 7 reached its end of life, the company is definitely not willing to let it go for free as it still draws revenue from millions of Windows 7 enterprise users via the Extended Security Update (ESU) program. [...] To top it all off, while FSF is asking Microsoft to release Windows 7 as free software, Windows XP is still closed-source proprietary commercial software although it has been released almost two decades ago, in October 2001. [...]

Upcycle Windows 7 — Free Software Foundation — working together for free software