![]() |
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
Keep Running Windows 7 Safely for Years to Come
Home › Forums › AskWoody support › Windows › Windows 7 › Win7 beyond End-of-life › Keep Running Windows 7 Safely for Years to Come
Tagged: Malwarebytes anti-exploit
This topic contains 25 replies, has 11 voices, and was last updated by
Pierre77 2 days, 15 hours ago.
-
AuthorPosts
-
As Windows 7 approaches the expected end of monthly security patching next January, Windows 7 users who have hesitated to switch to Windows 10 face the critical choice of whether to accept Microsoft’s newest operating system; to switch to an altogether different platform such as Linux, Mac, or Chrome OS; or to look for a way to protect their favorite OS into 2020 and beyond.
In my case, I have decided to implement a multi-layered defense strategy which, I am confident, will make it possible to use Windows 7 without worries while I continue the slow transition to Linux (Kubuntu). The defensive layers include, in no particular order:
* Resident anti-virus software. My main Windows 7 machine is currently on BitDefender Free, but there are many other good free and paid AV solutions out there.
* Resident anti-exploit software. Several choices are available, such as Malwarebytes Anti-Exploit (MBAE) and Microsoft’s own EMET, but I use HitmanPro.Alert as it also offers keystroke encryption.
* On-demand scanners to catch any baddies that might have gotten past the main defenders. I cycle a variety of free scanners including Malwarebytes Anti-Malware Free (MBAM), Sophos Virus Removal Tool, F-Secure Online Scanner, Norton Power Eraser, and ESET Online Scanner. (Once again, there are others, free and paid.) At least occasionally, run the rootkit scanning feature, if available (usually requires a reboot).
* Use a Web traffic-filtering browser extension such as Norton Safe Web or Bitdefender TrafficLight, and/or a security-oriented public DNS resolver such as Quad9, for your Web browsing.
* Keep your router firmware updated, if possible, and consider increasing the router’s hardware firewall settings (it may come set to a medium level that’s less hassle, but offers lower protection). Learn how to block websites and URLs at the router.
* Use a software firewall that will explicitly ask your permission when new programs try to access the Internet for any reason. Over time, you will train the firewall to allow trusted programs and the number of notifications will fall to just new (and possibly unknown) programs. ZoneAlarm Free Firewall is set to ask you “out of the box.”
* Keep your browsers (plus their extensions/plugins) and other programs updated.
* Use ad-blocking extensions on your browsers, as malvertising is one of the main sources of infection nowadays. My main choice for this is uBlock Origin, although I’ve also used Ghostery.
* Change your Windows account from the default administrator account to a standard user account, which has fewer rights to install software and make changes to the system. (You will have to enter a password to do those sorts of things.) This prevents malware from exploiting your administrator status to make changes behind your back, and research suggests that this one measure alone prevents upward of 90% of attacks.
* Use an extensive Hosts file to stop your computer from being led to sites that serve up malware. I also use it to block Facebook, which some researchers claim follows you around the Web even if you don’t have a Facebook account. You can obtain ample Hosts files from here or here.
* Additional protections: I have installed OSArmor by NoVirusThanks and have had a good experience with it. The program, over time, builds a whitelist of programs that you have approved to run on your PC. I am also considering BlackFog Privacy and VoodooShield as useful, supplemental layers of defense; reports on the security community Wilders Security indicates a high degree of compatibility and satisfaction for both of these products.
* I am evaluating 0patch, by Acros Security. This is a service that injects on-the-fly patches to software that no longer receives updates from its vendor. I am currently using it on a Vista test machine and have experienced no problems, although I’m not sure yet how useful it might be as it has rarely kicked in to do its thing. For a more thorough test, I may need to install 0patch on my main Vista PC, but for now at least I’ve determined that it doesn’t make Vista crash or slow down. When Windows 7 goes EOS, 0patch could conceivably fill in for the bulk of security patches that Win7 will not receive.
* Finally, back up the PC (data and programs) regularly. If all else fails and you get infected, you will then have a reasonably current copy of your computer that you can install over the infected system. There are numerous image backup solutions out there; I use the free version of Macrium Reflect.
* * * * *
You might think that there is considerable overlap in the kinds of protection offered by the above set of measures. And you would be right: the defenses feature a moat, trenches, walls, minefields, sentries, snipers, archers, machine-gun nests, early-warning systems, Patriot missiles, deflector shields, and an escape tunnel. I have deliberately built redundancy into the strategy, so that whatever one misses another one will stop. I’ve neither experienced nor heard of any incompatibilities affecting computer usability. (The only caution is to avoid using multiple resident AV programs at the same time, for example BitDefender and Kaspersky.)Is this paranoid? No more so than the folks who tell us that you must patch right now or you’re doomed, or that you must upgrade to Windows 10 when Win7 goes EOS or you’re doomed.
With this combination of defensive measures, I have every confidence that my Win7 box will remain well protected for as long as I care to use it. So long as security vendors continue to support Windows 7, and Win7 browsers continue to load websites, I don’t see any great impediment to keeping this Windows 7 system connected to the Internet for the foreseeable future.
-
anonymousOn the assumption that you/we are most likely to have problems when browsing online, you could also consider running your browser in a sandbox (most of the time).
I have long used Sandboxie for this and there was an introductory guide on the gHacks site recently if you are interested: https://www.ghacks.net/2019/10/29/how-to-use-sandboxie-for-browsing-downloading-and-installing-programs/
You will need to run your browser outside the sandbox occasionally to pick up and keep browser updates and any extension updates. I normally use Firebox and have its update setting to inform me when there is an update, but not to actually download and update, so that I can update after leaving the sandbox. I also have uBlockOrigin (uBO) automatic updates switched off, but start Firefox and manually update uBO every few days. For convenience I allow bookmarks saved in the sandbox to be retained on leaving the sandbox. I run Thunderbird for e-mail in a similar way.
I have no experience using Sandboxie to try out programs as the article suggests.
My only slight doubt mentioning Sandboxie is that after several changes of ownership its future development is unclear (see https://www.ghacks.net/2019/09/10/sandbox-program-sandboxie-is-now-freeware-soon-open-source/ ), particularly as I believe that Sophos itself is/may be changing ownership.
Some security products e.g. Comodo have their own sandbox features.
HTH. Garbo.
3 users thanked author for this post.
-
Thanks, Garbo. I have to admit that I haven’t given sandboxing a lot of thought. Maybe my logic is flawed, but the way I see it is that whatever I’m doing in the sandbox, sooner or later I’ll be saving or printing something, which means it has to come out of the sandbox (right?) and if that’s infected then it will try to attack my computer at that point anyway. I do a lot of saving of Web articles to PDF, so it’s not an unusual scenario for me.
Probably I don’t have an adequate understanding of sandboxing technology, but the above logic (for what it’s worth) is the reason I haven’t looked at it very hard.
-
anonymousA more complete guide, and what was my tutorial to Sandboxie when I started with it, can be found at: https://www.techsupportalert.com/content/introduction-and-quick-guide-sandboxie.htm
It is true that you will want some downloaded files and data printed to PDF files to be recovered out of the sandbox, but you are in control of what these are. I download to the “Downloads” folder and always print (using CutePDF) to this folder (even if I’ll move the PDF file later). I have Sandboxie immediately prompt me whenever something is “downloaded” in this way so I can immediately decide what to do with it (recover/leave/delete) before I forget what I’ve been doing (at the end of session). Other stuff downloaded beyond what I have explicitly downloaded can be seen and filtered out before reaching the real PC. On exit anything left is deleted. (You can overwrite whatever is deleted for a more secure deletion e.g. using Sysinternals “sdelete”.)
Other changes the webpage may try to make to the system do not get outside of the sandbox unless you have allowed it in the settings. Beyond the default settings I have allowed bookmarks to be added/deleted, but this is a compromise. There are lists of possibilities for common programs in the settings.
I have been using it since 2013, so I no longer really think about it 🙂
HTH. Garbo.
1 user thanked author for this post.
-
That does look like it would make a valuable addition to post-EOS Windows 7 computing. It’s a little work, but surely not more than using a standard Windows account instead of an administrator account.
I knew that Sophos might be bought by another company, but I didn’t know that Sophos had bought Sandboxie.
-
-
I don’t think the biggest threat is the pdfs you download.
Sandboxing would be useful to help prevent some unrecognized threats, 0-days, drive-by downloads that automatically infect a vulnerable system without needing you to download anything. Fileless malware is a tricky one and sandboxing could add a layer of protection that would supplement what you already have. The anti-exploit is already a great step-up, but sandboxing is another useful tool to your arsenal that brings a different type of protection.
I use Firefox to read downloaded pdfs most of the time when it works, so it reduces the risk of being infected by some malware that would need some of Adobe’s capabilities or vulnerabilities to be triggered. Another little step to reduce the risk of being infected. Firefox could have different vulnerabilities of course, but the capabilities are limited and it is probably not the first target for pdf injected malware.
1 user thanked author for this post.
-
-
-
On the topic of browsing being the biggest risk, I have found that the comprehensive filter lists in uBlock Origin seem to be effective in preventing me from accidentally connecting to potentially dodgy website domains, when clicking on links in web pages or emails.
So that appears to be an excellent protection layer for keeping away from the scripted type of attacks lurking in some website code.
As a backup layer for that, anti-exploit software would be good idea for stopping an attack that was able to gain access to your system, and hopefully prevent encryption or exfiltration of your data before the damage is done.
And finally, making disk images that you can easily restore your PC from, if necessary, is a very effective way to remove a malware infestation. And get your encrypted data back.
3 users thanked author for this post.
-
+1
And as a bonus, aside from uBlock Origin serving as one of the layers of defense, ever since installing it my Web page loads have gotten a lot faster, as the pages aren’t weighted down by flashing ads, autoplay videos, and assorted other bandwidth hogs.
-
-
It seems you can’t get just the Malwarebytes Anti-Exploit alone. I went to the website in the link and the Anti-Exploit has now been built into the Malwarebytes Anti-Malware program. I’ve got Ublock Origin running in Firefox 70.0.1 and I’m not bothered by much.
Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Groups B & L
-
It’s available here as a rolling beta standalone (has been this way for several years now):
This is a full Beta version with premium features available to Free users.
4 users thanked author for this post.
-
It’s available here as a rolling beta standalone (has been this way for several years now): https://forums.malwarebytes.com/topic/205865-malwarebytes-anti-exploit-113-build-125-released-nov-11-2019/ This is a full Beta version with premium features available to Free users.
I have tried downloading this several times and can’t seem to get it working on my Win 7 laptop. Maybe I’m missing something, but I click the download link and it downloads the installer exe. When I click on that, it looks like it starts to work – asks me if I want to install it, and then nothing – no hard drive activity, nothing. I’ve let it go for a few minutes, but it never seems to install.
Any suggestions on how to install it??
Thanks!
-
Can’t imagine what’s blocking the installer. I just downloaded the latest “mbae-setup-1.13.1.127.exe” from that link, and the installer executed without any issues on my Win 7 Pro x64 machine.
Did you click through the Windows UAC prompts to the license agreement, etc.?
-
Hi John,
It never got that far – I did get to the UAC prompt, but no user agreement. I did download a trial version of Malwarebytes last week – the trial is up tomorrow. Maybe that is what is causing it not to work?
It was this one: Malwarebytes Anti-Exploit 1.13 Build 127 released – Dec 5, 2019
And the installer was only a small file – not sure exactly now, but not much. Maybe 2mb? So that isn’t the whole program, right?
I’m back in Mint now, but I will give it another try when I boot back into Windows. I also have my Win 7 desktop – I can try it there to see if it works.
Kind of strange behavior though…each time I clicked on the installer, it would give me the UAC prompt, start spinning and then nothing. I finally had to get into the Task Manager to delete the process there – but that seemed like it was tied to the browser, not to any actual program.
Thanks!
-
Malwarebytes Premium (or Premium trial) includes the Anti-Exploit module. It’s possible the MBAE installer sees that and does not continue, because it is already installed.
There are two things you could try.
- Let the trial expire and then run the MBAE installer again.
- Or force the trial to expire by going to the account details tab under “settings” (the gear icon) in the app and ending the Premium trial.
Keep the free version of MBAM installed after the trial, as it is a good on-demand scanner for free.
1 user thanked author for this post.
-
It’s possible the MBAE installer sees that and does not continue, because it is already installed.
Yes, that sounds like maybe that is what is happening.
There are two things you could try. Let the trial expire and then run the MBAE installer again. Or force the trial to expire by going to the account details tab under “settings” (the gear icon) in the app and ending the Premium trial.
I think that the trial does expire tomorrow, so I’ll check and try it again. And I do plan to keep the free version after the trial – I really wasn’t planning on downloading the trial to begin with, but that is what downloaded.
Thanks for the ideas and help!
-
-
-
-
-
* Additional protections: I have installed OSArmor by NoVirusThanks and have had a good experience with it. The program, over time, builds a whitelist of programs that you have approved to run on your PC. I am also considering BlackFog Privacy and VoodooShield as useful, supplemental layers of defense; reports on the security community Wilders Security indicates a high degree of compatibility and satisfaction for both of these products.
Since the time I wrote that paragraph, I have installed VoodooShield to get a sense of how effective and practical it is to use. I have no complaints with its effectiveness, as it asks me to either “block” or “allow” any processes that it doesn’t know about. Think of it as an enhanced User Account Control system where you get to decide if the process is something you wanted and expected (i.e. the installer for a program you just bought), or–alternatively– if it seems to have popped up out of the blue.
That said, VoodooShield is not the easiest piece of software to use in the world. Trying to create “rules” for programs is reminiscent of the arcane and convoluted rule sets for firewalls, something that I wouldn’t touch with a 10-foot pole. Just set it on “Autopilot,” leave the settings at default value, and life will be much simpler.
Next step is to evaluate BlackFog Privacy.
-
hmm, just came across this very interesting article by Martin Brinkmann over on Ghacks
Someone discovered a way to enable Extended Security Updates on all machines running Microsoft’s Windows 7 operating system…
********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********
2 users thanked author for this post.
-
Wow, this development is certainly worth watching! From that Ghacks post:
The developers plan already to extend support to Windows Vista and to support the POSReady 7 SKU which will receive security updates until 2024.
Over the last couple of years, I’d read around the Web people wondering if there might be a POSReady version of Windows 7 as there is for XP. This is the first time I’ve seen such a version referred to as an actual fact and not just a hope.
I would even be willing to pay Microsoft a reasonable fee for these continued patches for my Home editions (but not $200 or $100 a year, forget it!).
1 user thanked author for this post.
-
MS is requiring that those users (not “Enterprise”) that want to extend the service beyond next month, must have installed the November S&Q Rollup. I can’t think of any reason that one needs to have that installed to qualify for extended support, when I have been getting the Windows 7 patches from MS, as Group B, and doing just fine that way, with no need to install the rollups. I think I smell a rat, but maybe it is just an olfactory hallucination?
Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx
-
As I understand it, these add a MAK/additional license ability hook.
Susan Bradley Patch Lady
-
Dear Susan, Patch Lady: Do you mean to say that having the November Rollup installed allows a Multiple Activation Key to be installed? Is that the whole reason?
Having a MAK, it seems to me, should be just an option. Particularly for someone like me, who dislikes rollups, among other reasons, because I have noticed that, usually, there are more complaints from those in Group A that install them than from those in Group B that don’t. There are some attendible reasons for this being so, they are just not persuasive enough to make me change my mind.
Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx
-
Having a MAK, it seems to me, should be just an option.
It IS just an option – unless, of course, you want to enable ESU on a particular PC or server.
-
jbeattyauditor: “It IS just an option – unless, of course, you want to enable ESU on a particular PC or server.”
Not entirely an option, as far as I am concerned, because it is tied to having to install the November S&Q Rollup, which is not optional. And that is my point.
Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx
1 user thanked author for this post.
-
-
-
-
-
Malwarebytes Premium (or Premium trial) includes the Anti-Exploit module. It’s possible the MBAE installer sees that and does not continue, because it is already installed.
There are two things you could try.
- Let the trial expire and then run the MBAE installer again.
- Or force the trial to expire by going to the account details tab under “settings” (the gear icon) in the app and ending the Premium trial.
Keep the free version of MBAM installed after the trial, as it is a good on-demand scanner for free.
Yes, that is the way to go. I have MBAM Free and MBAE installed on 2 PCs. There is a catch which means when MalwareBytes update their main engine you will have a choice to run another trial for 14 days. The update also removes MBAE, so after the trial expires you will have to install MBAE again. My main PC has a paid version of MBAM installed. Hope this helps.
-
This reply was modified 3 days ago by
Pierre77. Reason: TYPO
-
You are correct, based on my experience,updating MBAM removes the MBAE beta.
But you can re-install it.
FYI Malwarebytes also have Browser Guard for Firefox and Chrome available. It will also run on the new development of Microsoft new Chrome Browser. I have it running on one PC without a problem.
1 user thanked author for this post.
-
AuthorPosts
-
-
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Search The Lounge
Recent Replies
Charlie on 2 versions of firefox
18 minutes agoMicrofix on 2 versions of firefox
29 minutes agoanonymous on 2 versions of firefox
32 minutes agoTex265 on Win 10 Pro v1903 – does the "Check for updates" button now work?
1 hour, 13 minutes agoEP on December 2019 Patch Tuesday foibles and quibbles
1 hour, 21 minutes agoTex265 on NVIDIA Scheduled Tasks Necessary?
1 hour, 21 minutes agobbearren on December 2019 Patch Tuesday foibles and quibbles
1 hour, 29 minutes agoEP on Drivers hidden by WUshowhide
1 hour, 35 minutes agoabbodi86 on December 2019 Patch Tuesday running commentary
1 hour, 40 minutes agoanonymous on December 2019 Patch Tuesday running commentary
2 hours, 1 minute agoPKCano on December 2019 Patch Tuesday foibles and quibbles
2 hours, 8 minutes agoanonymous on December 2019 Patch Tuesday foibles and quibbles
2 hours, 11 minutes agoCthru on User account icon on Desktop
2 hours, 19 minutes agoPKCano on December 2019 Patch Tuesday running commentary
2 hours, 30 minutes agoanonymous on December 2019 Patch Tuesday running commentary
2 hours, 30 minutes agoPKCano on Malicious Program Removal
2 hours, 35 minutes agoanonymous on December 2019 Patch Tuesday running commentary
2 hours, 41 minutes agojabeattyauditor on December 2019 Patch Tuesday running commentary
2 hours, 41 minutes agoanonymous on December 2019 Patch Tuesday running commentary
2 hours, 46 minutes agoWildBill on December 2019 Patch Tuesday foibles and quibbles
2 hours, 48 minutes agoanonymous on 2 versions of firefox
2 hours, 50 minutes agoPKCano on December 2019 Patch Tuesday foibles and quibbles
2 hours, 52 minutes agoanonymous on December 2019 Patch Tuesday foibles and quibbles
2 hours, 53 minutes agoPaul T on Patch lady – Alexa should be on her own network
3 hours, 13 minutes agoAlex5723 on Windows 10 Update Error 0xe0000100
3 hours, 18 minutes agoanonymous on Magellan GPS – Questions, Tips and Help
3 hours, 21 minutes agoanonymous on 2 versions of firefox
3 hours, 22 minutes agoanonymous on 2 versions of firefox
3 hours, 46 minutes agoMichael432 on Patch lady – Alexa should be on her own network
3 hours, 51 minutes agoCybertooth on Worth considering: 0patch for Win7 after January 2020
3 hours, 52 minutes ago
Recent Topics
-
Malicious Program Removal
2 hours, 35 minutes ago
-
Clean Install Win10 – 2 Identical PC – When to image for 2nd PC Install?
2 hours, 59 minutes ago
-
December 2019 Patch Tuesday foibles and quibbles
1 hour, 22 minutes ago
-
Optional .Netframework Updates?
10 hours, 16 minutes ago
-
Drivers hidden by WUshowhide
1 hour, 36 minutes ago
-
Windows 10 Update Error 0xe0000100
3 hours, 18 minutes ago
-
Screen goes black
6 hours, 58 minutes ago
-
NVIDIA Scheduled Tasks Necessary?
1 hour, 22 minutes ago
-
Last Security Updates Installed October 2016
21 hours, 36 minutes ago
-
Windows 10 Insider Preview build 19041 (20H1) released to FAST & SLOW rings
22 hours, 19 minutes ago
-
MASSIVE Mac Pro + Pro Display XDR Unboxing!
13 hours, 54 minutes ago
-
New Plundervolt attack impacts Intel CPUs
23 hours, 48 minutes ago
-
December 2019 Patch Tuesday running commentary
1 hour, 40 minutes ago
-
Running a SharePoint server? Better make sure it’s patched.
1 day, 4 hours ago
-
Looks like the Office 365 server, onmicrosoft.com, is down
1 day, 4 hours ago
-
service registration is missing or corrupt
6 hours, 27 minutes ago
-
User account icon on Desktop
2 hours, 20 minutes ago
-
Patch Lady – if you use a IT consultant
1 day, 16 hours ago
-
Best way to backup Windows drivers
1 day, 6 hours ago
-
2 versions of firefox
19 minutes ago
-
Firefox 71.0 – Is it safe or not?
9 hours, 18 minutes ago
-
Is there still a forum or board for Micrsoft Access?
2 days, 2 hours ago
-
Frustration when entering postal adresses
1 day, 12 hours ago
-
EaseUS Todo backup over network causes "Critical Process Died"
2 days, 2 hours ago
-
MS-DEFCON 2: Make sure automatic update is blocked
1 day ago
-
0xc0000001 on startup
10 hours, 51 minutes ago
-
KB4524570 causes search to fail
2 days, 2 hours ago
-
The Chrome OS FAQ, Part II: Which Chromebook should you buy?
5 hours, 35 minutes ago
-
Removing bloatware and OEM mods from new machines
1 day, 4 hours ago
-
Freeware Spotlight — PrivaZer
2 days, 5 hours ago
Search for Topics
Recent blog posts
- December 2019 Patch Tuesday foibles and quibbles
- December 2019 Patch Tuesday running commentary
- Running a SharePoint server? Better make sure it’s patched.
- Patch Lady – if you use a IT consultant
- MS-DEFCON 2: Make sure automatic update is blocked
- The Chrome OS FAQ, Part II: Which Chromebook should you buy?
- Removing bloatware and OEM mods from new machines
- Freeware Spotlight — PrivaZer
Copyright © 2019 AskWoody LLC. All rights reserved.