News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • FBI Private Industry Notification: Win7 is a leaky boat

    Home Forums AskWoody blog FBI Private Industry Notification: Win7 is a leaky boat

    Tagged: 

    Viewing 19 reply threads
    • Author
      Posts
      • #2286477 Reply
        woody
        Da Boss

        The US Federal Bureau of Investigation released PIN number 20200803-002 which says, inter alia, The FBI has observed cyber criminals targeting compute
        [See the full post at: FBI Private Industry Notification: Win7 is a leaky boat]

        6 users thanked author for this post.
      • #2286490 Reply
        Canadian Tech
        AskWoody_MVP

        Sorry to say this:  I think there is a lot of paranoia on this topic.

        First, it is critical to understand that there are two very clearly different situations:  Enterprise and Home.  

        Enterprise installations have all sorts of risks attached to them and are almost always the targets.  Home installations have few if any risks and are rarely targeted.  There are seldom any real cash payoffs to attacking the average Aunt Tilly.

        I advise enterprise installations to take all and every step possible to protect themselves. The potential damage can be devastating. Not just because they have private information that is of great value of thousands if not millions of customers, but also because their business could be devastated

        Home users seldom have anything of great value stored on their computers. Worst case scenario for the vast majority of home users is the need to re-install the OS and restore a backup. Because home installations have a much more limited risk, it is not unreasonable for them to trade off care and attention, as well as the installation of a top-notch AV to diminish their risk to a level they can tolerate.

        MS Windows Update is a risky proposition in itself.  QC in that department went out the window a few years ago.  The vast majority of the updates being driven are not to fix security problems.  MS no longer allows the home user to select which updates to apply.  So, the home user must weigh the risks between update or not at all — the only options open to them.

        I must once again tell this story.  I discontinued ALL MS updating on 120 Win7 client systems (Home installs only) May 2017.  Stopped using IE.  Removed Adobe Flash, Adobe Reader and Java.  Installed Bit Defender Antivirus + in every one of them.  In all those months (39), there has not been a single instance of any kind of problem — NONE.  That is 4680 computer months.  You just can’t ignore this.

        CT

        Total of 30 users thanked author for this post. Here are last 20 listed.
      • #2286509 Reply
        gborn
        AskWoody_MVP

        With respect to Catalin Ciampanu – and the FBI warning – it’s a lot of what we call in Germany ‘eine Binse’ (A bulrush). Microsoft offers the ESU program – and then enterprises receive updates as well as Win 8.1 or Win 10.

        Win 10 have some improvements – but many things are what we call ‘weiße Salbe’ (white cream). Have a look from a security view at some Win 10 feature – their code & foundations are more than a decade old.

        We have a lot of libraries (run times) shipped from Microsoft, that are brewed with terrible old tools (MS has bought sometimes), that has known security flaws.

         

        We have several dozends of DLL hijacking applications shipped with Windows …

        I’m not the expert, but from time to time security researcher allow me to have a look into the abyss …

        And ‘upgrading to a more powerful system like Windows 10’ is just transportation of marketing b*****t. If my hard- and software environment isn’t ready for Win 10, there is nothing ‘more powerful’. If I don’t have the resources to manage semi-annual upgrades with all it’s whistle and bells and compatibility issues, there is nothing powerful – it’s just a night mare.

        What’s true in the light of the FBI warning: Running an unpatched Windows 7 isn’t the best idea. But if an enterprise has booked ESU licenses, they receive patches untill Jan. 2023.

        Just my opinion.

        Microsoft Windows Insider MVP, Microsoft Answers Community Moderator, Blogger, Book author

        https://www.borncity.com/win/

        • #2286609 Reply
          Ascaris
          AskWoody_MVP

          And ‘upgrading to a more powerful system like Windows 10’ is just transportation of marketing b*****t.

          Indeed. How exactly is Windows 10 more powerful than Windows 7? I am not even sure what that means. With a specific tool, like (just as a random example) a partition manager, I’d say it was “powerful” if it had a lot of actions it could perform, and where those actions were of a difficult or tedious nature otherwise.  It’s not very powerful if it can do a bunch of trivial or relatively meaningless things. Being able to dynamically resize partitions with the content still intact is a powerful feature (years ago, the ability of programs like Partition Magic to do that was a real jaw-dropping wonder). With the breadth of features they have, programs like Partition Wizard (or its Linux equivalents, Gparted and KDE Partition Manager) are powerful programs.

          I don’t even know what “powerful” means in the context of an OS. In one respect, it’s less powerful, as the consumer has less power over their PC than in any previous Windows version. One used to have the power to turn updates off or to have Windows automatically not install any updates until the PC owner/user (usually the same person in the consumer market) personally approves each update. That was a powerful feature… some would say a must-have (like me).

          Group "L" (Fedora 32 Linux w/ KDE Plasma).

      • #2286522 Reply
        Seff
        AskWoody Plus

        The problem from the point of view of a home user like me is that while I upgraded my main machine (used for gaming, browsing, mail and all credit card purchases – which are covered by the bank anyway – but with no online banking or investment management which I don’t touch) to Windows 10 version 1909, and after a trial period was ready to upgrade my second machine (used a couple of times a week only for gaming, browsing and mail as well as the occasional Office 2010 document in connection with my voluntary work which has pretty well stopped under Covid anyway) similarly.

        However, the only present option to do so direct with MS (and I don’t want to install an OS through a third party download of version 1909) is by upgrading to Windows 10 version 2004 which is not a currently recommended version. I’m therefore stuck at the moment between the proverbial rock and a hard place – do I stay with an unprotected machine that gives me no problems for its limited use, or upgrade to a version of Windows 10 that is generally considered unreliable? The AV protection is still there of course, MSE being updated as usual at least for now.

        I’m staying put for the moment, but watching the situation.

        1 user thanked author for this post.
        • #2286524 Reply
          anonymous
          Guest

          1909 Home is supported until May 11, 2021 and by that time 2004 will most probably be recommended. I don’t see how would you stay with unprotected machines.

          • #2286529 Reply
            anonymous
            Guest

            Also you find all the information here in this site about how to force to update to 1909 instead of 2004 if any of your machines are currently on a release older than 1903.

            • #2286546 Reply
              anonymous
              Guest

              I am on 1903 Pro and would like to move to 1909. Please point me to the right article that has the instructions. Thanks.

              • #2286555 Reply
                PKCano
                Da Boss

                Read through Sections 3 & 4 in AKB2000016.
                When you are ready to do the upgrade, disconnect your computer from the Internet.
                Carefully make your settings as described in Section 4. (Quality deferral=0, Feature deferral=365, and the “2” in Group Policy – DO NOT use Pause)
                Then reset the Feature Update deferral pulldown under
                Windows Update\Advanced settings to 200 days.
                Reconnect to the Internet.
                The next time Windows Update checks for updates on its own, you should be offered v1909.

              • #2286578 Reply
                Seff
                AskWoody Plus

                So that’s for Pro users, I assume?

              • #2286580 Reply
                PKCano
                Da Boss

                Section 3 & 4 are for Pro users, but there is also information for Home users in that AKB.

                1 user thanked author for this post.
      • #2286531 Reply
        Geo
        AskWoody Plus

        Home Premium users should use 0patchPro which just updated their Agent platform yesterday.

        • This reply was modified 1 month, 2 weeks ago by Geo.
        4 users thanked author for this post.
      • #2286532 Reply
        bigdormouse
        AskWoody Lounger

        “to an actively supported operating system”
        In Windows 10 this scares me more then cyber criminals. Criminals attacks can be repelled in windows 7 or 10. But actively supported Windows 10 and problems caused by buggy Windows updates has no simple and logical tools to manage this update process.

        6 users thanked author for this post.
      • #2286547 Reply
        Alex5723
        AskWoody Plus

        (and I don’t want to install an OS through a third party download of version 1909)

        3rd party 1909 download like Heidoc.net downloads 1909 ISO (and other Windows, Office files) directly from Microsoft’s servers. The site doesn’t host Windows ISO files of its own.

        • This reply was modified 1 month, 2 weeks ago by Alex5723.
        2 users thanked author for this post.
      • #2286596 Reply
        T
        AskWoody Plus

        I fully expected to be treated like a digital leper at some point for continuing to use an end-of-life OS but i didn’t quite expect it to happen so soon. For instance, i visit the Steam forums a fair bit and if someone dare question whether such and such a game works on Win7 you can guarantee there will be several immediate responses shaming or making fun of that person and i’m fed up with it. There are a myriad reasons we can’t or don’t want to downgrade to Win10 and people should respect that, i understand that’s not the point of this article and i agree that business users need to take stricter precautions but it speaks to the wider FUD that gets thrown about whenever this topic comes up.

        • #2286639 Reply
          anonymous
          Guest

          That’s a standard response from the gamer crowd. I’m a gamer myself, though I’m also staying on Win7 for as long as possible. But for many gamers, if gaming is the primary (or sometimes the only!) use case for their system, they’re always thinking in terms of maximum compatibility. And because of the way Microsoft arbitrarily restricts new versions of DirectX to the latest version of Windows – another way to artifically force people to ugprade – many gamers have been kind of brainwashed into thinking they need to be running the latest version at all costs. Most games can still fall back to earlier versions of DirectX though, so even if a game supports DirectX 12 (which is Windows 10 only) it usually still runs on DirectX 11 (which also works in Win7/Win8). Though this will eventually change. With XP, DirectX 9 was the cutoff point and eventually new games stopped supporting it.

          1 user thanked author for this post.
          • #2286649 Reply
            Ascaris
            AskWoody_MVP

            And because of the way Microsoft arbitrarily restricts new versions of DirectX to the latest version of Windows –

            Only when the latest version of Windows is Windows 10.

            DirectX 11 was introduced with Windows 7, and was then backported to Vista.

            Prior to that, Windows 2000 came with DirectX 7, but it received 8 and 9 as backports.

            Windows 98, even though it was a full Windows generation earlier than Win ME, the consumer companion to Windows 2000 (Pro), also received DX9.

            Sometimes, MS did not backport older DX versions, as with Vista’s DX10. I think the architectural changes that made Windows Aero possible (like the WDDM, Windows Display Driver Model, and the DWM compositor) were part of that, and it was too big a change for XP. In other words, not arbitrary.

            Back in the day, MS used to do a lot of things to support users of their older products. They could have chosen to sabotage XP with Windows Updates to prevent it from working properly with Core 2 or newer architectures, but they didn’t.  XP worked fine with the next generation after Core 2, which was the first generation of the i-series, and it worked fine with Sandy and Ivy (second and third gen i-series) too. That was the latest I tried on it

            I wonder how the Steam people would react to those of us who are not using Windows at all, including when we play our Windows games!

            DirectX 12? Game devs, why bother with that when Vulkan is around, and works on everything, Windows included? Being locked into proprietary MS junk is so old school, man.

            DirectX 12 is not, though, a more advanced, drop-in replacement for DX11. It’s much more low level, and it’s a different kind of development that goes with it. I know that for a long while, you only would see substantial performance gains with AMD GPUs with DX12, with nVidia posting the same or sometimes better results with the higher-level (and supposedly easier to develop for) DX11.  I don’t know much about writing for any of the graphics APIs (ok, really, I know nothing about it).

            I can see if you see a PC as an overgrown console how you might view things like control over the PC, having a decent UI, and such things as irrelevant, but for those of us who use them also as computers, well… that stuff matters.  It’s important enough to me that I consider not being able to run some Windows games (and non-games) to be an acceptable trade-off. Sticking with 7 or even 8.1 would have been temporarily workable, but it just punts the problem into the future. There will come a time that 7 (and 8.1) is more than just a leaky boat, but will in fact be unable to run a lot of important software for lack of necessary APIs and OS features. MS abandoned 8.1 and put it into de facto extended support while it still had a couple of years of mainstream support left, so it was clear that it was going to be like 7, stuck in time at 2015, for better or worse.

            WINE, by contrast, keeps moving and evolving, and now that Steam is on board, it’s got momentum like never before. DirectX12 for WINE/Proton is being worked on… how hilarious would that be if Linux got DirectX12 when 7 and 8.1 didn’t? Not to mention, of course, that it has Vulkan right now, not to mention the nearly lossless (in frame rate) implementation of DX11 that relies on Vulkan for the backend.

             

             

            Group "L" (Fedora 32 Linux w/ KDE Plasma).

      • #2286597 Reply
        anonymous
        Guest

        That ZDNet article gets an F for failure to mention 7/ESU and I did do a full page search for ESU and Extended. So no mention there and that’s making me suspect this article’s credibility.

        And Maybe the FBI has a cash grant program for any Businesses still on 7 to fund their costly vetting and re-certification processes for those Businesses’  expensive bespoke mission critical software to run as flawlessly as possible under Windows 10’s moving target of an OS/Ecosystem.  That Mission Critical software that cost a lot to be vetted/certified for 7 when that was the latest OS taking over from XP, and the same Businesses taking XP Extended Updates because they needed to get their Bespoke Mission Critical Software’s OS Vetting/Certification costs fully amortized over a longer period of time than MS OS Updating Schedule allowed for.

        So some Businesses have different Mission Critical Software($$$$) timelines that do not necessarily mesh exactly with MS’s  OS update timelines.  And the real money is in the Mission Critical Software’s creation and Vetting/Certification process and that needs to only happen maybe once every 10 years if possible! And depending on when that Mission Critical Software was first commissioned and vetted and certified for any OS to begin with that timeline may not sync up with any OS’s release schedule/timeline.

        1 user thanked author for this post.
      • #2286603 Reply
        Seff
        AskWoody Plus

        Thanks to those who’ve replied to my earlier comment with various suggestions. There is one other option I am considering in terms of the dilemma between having an unsupported Win7 and an unreliable version of Win10 (although I’m sympathetic to the view that the latter is more risky than the former) and that is to make the official upgrade to Win10 version 2004 and then if problems are encountered in the first couple of weeks rolling back the upgrade. My recollection is that such a rollback is generally successful, but does anyone have any experience of rolling back the upgrade?

        • #2286612 Reply
          Ascaris
          AskWoody_MVP

          Backups!

          If you’re at all concerned about the way Windows runs, or how it will run after an update, you need to have solid backups. If you do, you can try 2004 and not worry… if it messes up or is not to your liking, just restore the backup and be right back where you want to be.

          Updates are one source of potential trouble, but there are also user errors, hardware failures, malware attacks, theft, and any of them can mess you up.

          There are a bunch of threads about which backup programs people prefer on this site. With a decent backup, you don’t need to be as afraid of what could happen. It’s like an “undo” button.

          Group "L" (Fedora 32 Linux w/ KDE Plasma).

      • #2286605 Reply
        Alex5723
        AskWoody Plus

        such a rollback is generally successful, but does anyone have any experience of rolling back the upgrade?

        I have rolled back a PC to Windows 7 within a hour after the PC has been forced to Windows 10 ~5 years ago.
        This W7 PC is blocked from Microsoft’s update since then. It is in use every day, for long hours, as a business PC.
        This W7 runs critical apps not compatible with W10.

        You have 10 days to revert to previous OS after upgrading to Windows 10, or you can restore from full image backup whenever you want.

        4 users thanked author for this post.
      • #2286615 Reply
        OscarCP
        AskWoody Plus

        My option has been:

        (1) Not to move to Windows 10.

        (2) To keep Windows 7, but without connecting to the Internet with it.

        (3) To install Linux (Mint) in dual-boot with Win 7 and boot Linux when I need to connect to the Internet and use the email and browsers installed there.

        One can easily move files between Linux and Win 7, so any files I download using Linux and then check there for malware infestation, I can then move to Windows if I need to have them there.

        I also have a Mac and use it for doing most of my work, now days. My experience with it, so far, has been remarkably trouble-free. Apple is suspect of the usual big-corporation wrongdoings, but when it comes specifically to Macs hardware and OS, its record is not bad.

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

        • #2286776 Reply
          anonymous
          Guest

          Oscar, (number 2) how are you updating the antivirus on your windows 7 if you do not connect to the internet with it? Surely you have an antivirus on the OS which needs updating, you could be inadvertantly spreading things via usb/hdd drives to other computers or operating systems.

      • #2286619 Reply
        agoldhammer
        AskWoody Plus

        Tell the elves in Redmond to bring back Windows Media Center and port it to Win 10 and I will gleefully update my PC that runs a cable card tuner to my TV set.  I guess I could pay Verizon five times as much to dump the PC and get a DVR cable box with  a monthly fee but that wouldn’t be much fun.  Since this PC is only used to watch TV and stream a couple of Internet things such as Netflix and Amazon Prime, I’m not terribly worried.

        1 user thanked author for this post.
      • #2286698 Reply
        John
        AskWoody Lounger

        Some people live in places where they simply cannot afford to replace technology as often as they would like. Windows 7 for them works on their older hardware and Windows 10 may not. Some are just nostalgic about Windows 7 or simply do not like what Microsoft has done with Windows 10. Seems to me Microsoft could provide some basic security updates for these end users without hurting their bottom line. If it was myself faced with this dilemma as a home user, I would opt for a Linux desktop OS, or try to afford a basic Chromebook that would get updates. I don’t think relying on third party security to keep you safe on a OS that is not receiving security updates is a good way to go.

        2 users thanked author for this post.
      • #2286718 Reply
        Microfix
        AskWoody MVP

        That ZDNet article gets an F for failure to mention 7/ESU and I did do a full page search for ESU and Extended. So no mention there and that’s making me suspect this article’s credibility.

        Ageed, I call the whole article scaremongering BS!
        If homeusers are using either ESU or 0Patch, they are fine however, Enterprise/ Govt related may not be so, as they are usually a target anyway.

        Some are just nostalgic about Windows 7 or simply do not like what Microsoft has done with Windows 10.

        I am one and both apply. I’m quite happy avoiding the OS completely using Linux Distro’s, Win7 and Win8.1 that serve us well with reliability, stability and virtually no MS telemetry involved.

        Win8.1 Pro x64 + Linux Hybrids x86/x64 + Win7 Pro x86/64 O/L
        4 users thanked author for this post.
        • #2286861 Reply
          anonymous
          Guest

          “Ageed, I call the whole article scaremongering BS!
          If homeusers are using either ESU or 0Patch, they are fine however, Enterprise/ Govt related may not be so, as they are usually a target anyway.”

          But one has to be an Enterprise or Volume licensing customer on 7 to qualify to purchase ESU and Consumers normally can not purchase 7/ESU. Consumers do not get ESU and can only make use of 0Patch. Windows XP Point of Sale and Enterprise customers also could get Extended XP updates while they transitioned to 7 way back then.

          The Point is that Business and Government have the Licensing agreements and the size to ask MS for some special deals on Continued 7 usage and that Author is most likely being disingenuous there by failing to inform the readers of the salient facts with regards to the differences between Consumers and the Enterprise/Government/Instutional volume Windows licensees that get to pick and choose their ESU/OS options to best support their organizations.

          • #2286870 Reply
            PKCano
            Da Boss

            But one has to be an Enterprise or Volume licensing customer on 7 to qualify to purchase ESU and Consumers normally can not purchase 7/ESU. Consumers do not get ESU and can only make use of 0Patch.

            This is not correct.
            Any Consumer with the Pro or Ultimate versions (and there are many) are eligible to purchase the ESU license.

            2 users thanked author for this post.
      • #2286729 Reply
        agoldhammer
        AskWoody Plus

        How-To Geek has an article “How to Install Windows Media Center on Windows 10” that may work.

        https://www.howtogeek.com/258695/HOW-TO-INSTALL-WINDOWS-MEDIA-CENTER-ON-WINDOWS-10/

         

         

        It doesn’t work if you have a cable card tuner for watch DRM television which is my principal need.  Also you need to constantly reinstall every time there is a Win10 new version.  I’ve looked carefully at that approach and it is a dead end for my needs.

        • #2286741 Reply
          Cybertooth
          AskWoody Plus

          The last time I looked (about a year ago), SiliconDust was working on developing their own soup-to-nuts package (tuner + software) to record DRM programming on Windows 10.

          Which reminds me, it’s time to check again and see if they completed that project. Last year I was in the market for a DRM-capable tuner and ended up buying an old Ceton InfiniTV4 from a third-party vendor on Amazon because the SD hardware wasn’t yet ready and they had discontinued the previous generation of tuners. The InfiniTV4 was still sealed in its original box, and amazingly the Ceton website was still up to download the driver.

           

          • #2286774 Reply
            Alex5723
            AskWoody Plus

            I wonder if the F.B.I have read your ‘Keep Running Windows 7 Safely for Years to Come’ tutorial and the discussion 🙂

            4 users thanked author for this post.
            • #2287414 Reply
              Charlie
              AskWoody Plus

              Good point, I read somewhere not long ago that the FBI was still using Win XP.  While that might not be the case now, it makes me wonder whether they are still using Win 7.

              Win 7, Sandy Bridge 3.3GHz, Linux Mint 19.1, Klaatu barada nikto

              1 user thanked author for this post.
      • #2286808 Reply
        anonymous
        Guest

        In businesses, it still uses Windows Xp. Finally are moving to getting new Windows  7 laptops with MED-V and Windows Xp. There is no risked. My coworkers and I have been using Windows Xp safely since 2014 until 2020. Now will be getting new Windows 7 with MED-V Xp. Nothing changes since MS has made several older programs not possible to run in newer OS and developers of those programs are not moving to new OS. There is no worries for business.

      • #2286863 Reply
        anonymous
        Guest

        We are in the same boat with using Windows Xp still but we are paying MS support for extended support on Xp. No plan to move to Windows 7 until 2025 or later.

      • #2287015 Reply
        pHROZEN gHOST
        AskWoody Lounger

        I don’t deny anyone the right to stick with an OS they are comfortable with. If you love Win 7, enjoy it while you can.

        Believe it or not, I know a couple of people who are still running CP/M on OLD z80 processors and using dial-up modems. They are not on the Internet. They are using bulletin boards which are all but gone now. And that’s fine with me.

        Technology evolves … usually for the better. The Internet is part of that process. So, anyone unwilling to adapt to those changes will eventually be left behind.

        Byte me!

        • #2287438 Reply
          Charlie
          AskWoody Plus

          Technology evolves … usually for the better.

          With emphasis put on usually.

          Win 7, Sandy Bridge 3.3GHz, Linux Mint 19.1, Klaatu barada nikto

          • #2287446 Reply
            OscarCP
            AskWoody Plus

            Technology evolves … usually for the better.”

            Maybe for the better. Looking at the Internet-enabled “social media” being abused by malintentioned actors and, or misinformed individuals, as a vehicle for spreading far and wide false news, conspiracy theories, alarmist reportage, etc. (not to mention malware), I do have my doubts. Even the seriousness of those Win 7 issues mentioned in an FBI warning have been cuestioned in this very thread, with their reporting being criticized as alarmist in what I consider a rather convincing way.

            Windows 7 Professional, SP1, x64 Group W (ex B) & macOS + Linux (Mint)

      • #2287534 Reply
        FakeNinja
        AskWoody Lounger

        At this point I don’t even care who tells me to “upgrade” to Windows 10, whether that be Microsoft, the FBI or Jesus himself. I am very comfortable with my Linux Mint+Windows 7 dual boot and I doubt I will ever give in to the OS that ruins everything I love about Windows, the simplicity, the gorgeous transparent UI and the amount of control you have.

    Viewing 19 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: FBI Private Industry Notification: Win7 is a leaky boat

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.