Patch Lady – Windows 7 FAQs

Topic

New Reply

This is a preview of the content in the next Patch Watch. Windows 7 is coming to the end of life.  What does that mean?  Here’s some “Patch Lady” answ
[See the full post at: Patch Lady – Windows 7 FAQs]

Susan Bradley Patch Lady

17 users thanked author for this post.

Morty, Win7and10, OldBiddy, Bluetrix, Lars220, OscarCP, GreatAndPowerfulTech, LH, LHiggins, SueW, woody, abbodi86, Pepsiboy, Pim, AJNorth, Pierre77, satrow

Reply | Quote

Replies

Hi, I normally go security-only for patches to my old x64 Win7Ent HP workstation. Can anyone tell me if the regular rollup contains anything of longer-term benefit this time around, given the eol circumstances?

Reply | Quote

My answer: as far as I know, the installation of the Rollup before EOL benefits only those that install rollups (Group A) and those who don’t (Group B), but plan to buy extended support from either MS, or from a non-MS service, for example “0patch.” In such a case, the installation of the Rollup is a requirement, in order to make all PCs “the same” from the point of view of those coding the patches to be provided.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Everything online appears to be stressing going from Windows 7 to windows 10 and some folks with business grade laptops that shipped with Windows 7 Pro that are actually business grade laptops that came with Windows 8/8.1 Pro licenses. So what about support and information to your readers that targets those business grade laptop, and business grade PC, owners that may have systems that are legally licensed for Window’s 8/8.1 Pro where the laptop’s/PC’s end users and the Laptop’s OEM have always had Windows Pro OS version downgrade rights from 8/8.1 Pro to 7 Pro. And that pro version downgrade rights was true for 7 Pro to XP Pro well at 7’s (Pro Version) time of release.

I have a business grade Laptop (HP Probook) and that laptop shipped factory downgraded from Windows 8 Pro to Windows 7 Pro and the laptop’s UEFI/BIOS settings configured to disable Windows Secure Boot and run the Laptop in Legacy (Pre Windows 8) OS mode. So HP shipped my Probook with 2 sets of recovery DVD’s, one for Win 7 Pro and one for Windows 8 Pro.

I have always, as a consumer, considered business grade laptops the best option for even consumers because of the years of extra business grade support from the laptop OEMs and those laptops always ship with Windows pro versions and with pro version downgrade rights and there are millions of business grade laptops that shipped with 8/8.1 Pro where the OEM factory downgraded the PC from Windows 8/8.1 pro to Windows 7 pro and the end users able to use 2 generations of Windows to their end of life.

Reply | Quote

Same boat. Win7 Pro x64 on Zbook 17 workstation. Two programs which don’t run on Win10. One can be replaced at $$$. With XP, Firefox supported for 3+ years on ESR. My AV is Kaspersky Internet Security which also supported XP for 3+ years. Frankly, who trusts M$ to keep their boxes safe?! Kaspersky finds bad stuff long before M$. KIS blocks system changes, etc, etc. and provides a browser which is invisible to the O/S for financial transactions and updates hourly. Even Google will…. https://www.ghacks.net/2020/01/10/google-chrome-will-support-windows-7-until-at-least-july-2021/

Who do you trust? ALL my traffic runs through Kaspersky servers in Massachusetts or Switzerland and no state secrets on this machine. Also run Firefox with Noscript on a tight rein. YMMV

IMHO, Win7 went EOL when M$ pushed nagware to Security Only patches. For that matter, the only two bad crashes ever on this box were caused by M$ updates. Whenever I’ve had a glitch with Kaspersky, phone support was decent after moving up to Level 2 and even manually updated some things remotely to fix a safe money issue. Sound like M$? 🙂 Pity Win10 barely trusts hardware owners. Eventually I’ll have to spend big $$$, but not quite yet.

Reply | Quote

You’ll probably find all the 8/8.1 discussion you want in the Windows 8.1 section of the Forums:

https://www.askwoody.com/forums/forum/askwoody-support/windows/windows-8-1/

Reply | Quote

There is one of those forums for Windows 7 as well but why the lack of Windows 8/8.1 reporting on the main thread. It’s bad enough that MS/Hardware makers  have underhandedly ended support for  Windows 8/8.1 and drivers prematurely and MS had even ended 8’s/8.1’s support for new CPU hardware, even as far back as when Windows 8/8.1 was still in its first 5 years mainstream support(first 5 years from release of the 8/8.1’s 10 year total support cycle).

So  all of AMDs Zen/Zen+ and Zen-2 CPU( Zen CPUs where first Introduced March 2017 for Zen Generation 1) generations had never had proper Windows 8.8.1,(Jan 2018 end of mainstream) support as MS was attempting to force more folks onto 10. So AMD’s Zen/Ryzen first generation of processors where released in March 2017 but that 8/8.1(Still in mainstream support in 2017) support from MS was intentionally lacking, and ditto for Intel’s processors of the same time frame.

Some folks have older PC/Laptop hardware that is at most only once ever going to be OEM vetted/certified for its OS(That first OS version that shipped with the computer, 7/8/8.1 mostly). And especially for the Pro versions of Windows that have downgrade rights to the Previous Windows OS version’s Pro  edition. So no PC/Laptop/portable workstation OEMs on that older  hardware are ever going to spend the funds necessary to re-certify any of that 7/8/8.1 vetted/certified older PC/Laptop/Portable Workstation hardware for Windows 10. Business Grade laptops/etc. have to be vetted/certified for at least 2 generations of Windows Pro owing to that Windows Pro Version Downgrade rights, from 8/8.1 Pro to 7 Pro for example.

Really more articles for windows 7 Pro to windows 8/8.1 Pro updating are in order for the millions of Business grade laptop/PC owners that are really only consumers that purchased those Business Grade PCs/Laptops. And millions of  those devices shipped with Windows 8/8.1 Pro licenses but where actually OEM/Factory Downgraded to Windows 7 Pro. So millions of consumers that purchased business grade PC/laptops that are running Windows 7 Pro are actually using PCs/Laptops that shipped with 8/8.1 Pro licenses and the rights to run 8/8.1 until 2023.

Reply | Quote

I have a retail license for Windows 7 Ultimate that I never activated. Will I still be able to use it for a Windows 10 Pro installation after Tuesday?

Reply | Quote

See Here’s how you can still get a free Windows 10 upgrade by Ed Bott.

--Joe

Reply | Quote

Windows 10 has sufficient numbers of BETA testers at that reported “900 million” devices figure but some folks want to stay on 7 or even install 8/8.1 and not be forced to become BETA testers until at least 2023.

1 user thanked author for this post.

anita.yk

Reply | Quote

(I’m the anonymous poster who posted the question to which you replied.)

Thanks. I’ve seen that article by Ed Bott before but I hadn’t checked it for updates in quite some time. So the answer is, the only way to know is to actually try it after January 14.

Reply | Quote

Legally or technically?  In my personal opinion, the free upgrade to Windows 10 offer stopped a long time ago.  However and as you can tell, it still works, and it appears Microsoft doesn’t plan to take action against anyone who does it.

Susan Bradley Patch Lady

Reply | Quote

Thank you Susan. Your advice, as summed up in those seven points, is what I was already planning to do. Also it is reassuring to know that you will continue monitoring the Win 7 patches, at least for as long as they are still being provided to those who buy extended support after EOL and, in case of some dire internet threat, to those of us still running the good old system without buying some extended patching from MS or “0patch.”

But there is one thing on which I would like to have your opinion. It is about receiving email safely after EOL:

I have both a Mac (fully supported for several more years), and Win 7 in dual boot with Linux Mint. As it is setup now, my email is received by AOL/Verizon, and sent to both the Mac and the PC. I am planning to take care of email only with the Mac and delete any dodgy-looking mails from the AOL/Verizon server, so when I run the Win 7 email client “Windows Live Mail” the deleted ones will not show up there. (N.B.: the Win 7 client is keeping my sent and received mails all the way back to 2011, and I much rather keep putting those that seem safe there, as they are ordered by date, ‘sent by/to’, and by subject; if, instead, one copies them to another folder, then they are only saved by date and identified, not with their subjects, but with some weird numbers.)

That still leaves room for some risks, of course, because my assessment of what is ‘dodgy’ and what is ‘OK’ is not exactly perfect. But I think I might be able to live safely enough with that. What do you, and those kind enough to comment, make of this?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

OscarCP wrote:

That still leaves room for some risks, of course, because my assessment of what is ‘dodgy’ and what is ‘OK’ is not exactly perfect. But I think I might be able to live safely enough with that. What do you, and those kind enough to comment, make of this?

My sense of it would be that, so long as you have instituted multiple other layers of protection, in all likelihood you will be fine. If your AV includes an e-mail filter that works on your e-mail client, and if you have also installed an anti-exploit and an anti-executable, a successful penetration of your PC will probably require something on the order of a state-level actor targeting your system for the goodies that you might have stored on it.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

wdburt1, OscarCP

Reply | Quote

“You’ll want to be very careful and not do random surfing on any device that no longer receives patches.”

I know people that have not updated their win7  in a year or longer.

They have router, updated browser and antivirus and have not mentioned any bad things yet so why should they stop surfing new things now?

And last 6 months the updates, what I read seems not 100% good (now with telemetry in the Security-only patches). So is there really that much big difference from now on, not updating when everything else updated?

Some win10 machines(with slow harddrive) is still on 1803 because they can not update of microsoft own bad update system, and people does not even know about that. I think that is a bigger security problem than 8 years of updates to win7.

1 user thanked author for this post.

wdburt1

Reply | Quote

Whether patching or not, one must always be careful of where one goes on the Web and what one does there, as well as how one deals with email. As it is generally true in life, the need for being both careful and thoughtful includes what one does when on the Web, or when connected to others over a local network.

I am one of those who tries to be careful and thoughtful, for the most part, but also patches regularly on a “just in case” basis when, after watching what is going on for a while, it seems probably safe to do so. Until now, I’ve never had problems that could be traced to bad patches I may have installed. Would have I been equally trouble-free had I never patched (simplifying my life somewhat), except under some truly and obviously dire circumstances? Perhaps, who can say?

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Got two factor on any sensitive log in accounts?  I would add that to your list of paranoia techniques.

Susan Bradley Patch Lady

Reply | Quote

Everyone should have a security mindset whether they run Windows 7, 10 or even Linux.

I don’t see any issue in using Windows 7 after EOL. I would recommend people to setup their browser securely before worrying about the OS. There are also add-ons like HTTPS everywhere and NoScript.

Locking down your OS with something like SysHardner can help and don’t download anything from suspect sites and be careful of those addons they throw into the package.

Thunderbird is a good option for emails and as a rule don’t click on emails or open attachments unless you are certain they are safe

2 users thanked author for this post.

Chessie, Cybertooth

Reply | Quote

about Question number 3 (Will Microsoft release patches if there is some huge worm to unprotected machines?)

remember WannaCry?

I saw this on Softpedia news a few days ago:

https://news.softpedia.com/news/wannacry-was-the-top-ransomware-infection-in-2019-528789.shtml

Reply | Quote

Also in #3:

So historically, yes, when they think customers are at risk, they will release public patches.

It is unfortunate this will be construed by many as, “see, if something really does come along, Microsoft will cover me.”

Obviously this thinking is seriously flawed, at best a patch happens way after the fact. Over two thirds of WannaCry victims in 2019 possibly had the opportunity to protect themselves due to Microsoft’s generosity, yet didn’t.

Thx @EP for link.

Great Post Susan!

 

1 user thanked author for this post.

OscarCP

Reply | Quote

Just so I don’t misunderstand (because it would be easy for me to misunderstand) the meaning of “Windows 7 updates won’t go away, you just won’t get any new patches on that Windows 7 after next Tuesday” from the article:

Presumably DEFCON will go back down (e.g., to 2) before the January Windows 7 patches are released on Tuesday. Will there be a point about a month from now where (barring some problem) DEFCON will ease up again and Win7 users will be encouraged on here to update their machines for the “final” time? Moreover, does that mean there won’t be the usual limited time for us to run Windows Update/install patches since there won’t any February releases for Win7 users to avoid? Is the answer different if we’re talking about Group B patches?

I guess I’m asking because I thought I had only these few days to make certain decisions, but now it seems it might still be possible to make them a month from now—unless, of course, I am misunderstanding.

I’m not asking for a guarantee, I just want to make sure of the general concept. Sorry if the question has been answered in one of the many other discussion threads here.

Reply | Quote

As I understand it the W7 updates will remain available after January, as the previous updates are still available. This give you plenty of time to update.

cheers, Paul

Reply | Quote

anonymous wrote:

So what about support and information to your readers that targets those business grade laptops

We have plenty of threads on remaining on W7 or moving to W10 (e.g. this very thread).

The main form of protection IMO is an image backup to an external hard disk.

cheers, Paul

1 user thanked author for this post.

Kranium

Reply | Quote

Sooo…. I’ve been reading the AskWoody blog for a while, as it’s helpful to be able to know when it’s safe to patch… my main laptop is a Windows 7 Professional machine, and it’s perfectly operational… if I want to get the ESU support, all I have to do is fill out the form linked to in the blog to get that started?  I’m not a business, but is that ok?  I do use machine to create media for my job, is that good enough?  Do I need to be a Woody Plus subscriber?

Reply | Quote

You are a small business or work for a small business?

Susan Bradley Patch Lady

Reply | Quote

anonymous wrote:

if I want to get the ESU support, all I have to do is fill out the form

You may not need to buy the ESU to remain safe.

What do you do with the machine that requires internet access?
Do you have a recent anti virus program?
Do you have a backup?
Do you have a router to connect to the internet? Which one?
Are you considering replacing the machine in the next 6 months? How old is the machine?

cheers, Paul

Reply | Quote

In regard to Question 4. If I rebuild my computer after January 15, what’s the best way to get fully patched?

Your answer advised to “Follow this guidance and manually download certain patches first.”

I clicked on that link within “this guidance” and noticed the content hasn’t been updated in 10 months.

I know we recently had to manually install a SSU, (Security Update for Windows (KB4531786)), which never never came to my machine in Windows Updates. Do you have a better source for OOB patches and patch sequencing?

Reply | Quote

There are several threads where I helped people update Win7 and Win8.1 here, here and here. You might read through them.

Reply | Quote

That’s the bare minimum you have to get on the box to then use Windows update.  Without installing those pieces, windows update will scan for updates forrrrrreeeeevvvverrrrr.

Susan Bradley Patch Lady

Reply | Quote

“Remember that you will run into the slow scanning issue with Windows 7”.

May I suggest to remember this topic?

https://www.askwoody.com/forums/topic/has-microsoft-finally-solved-the-windows-7-slow-update-problem/

Reply | Quote

Thank you Susan for this FAQ and any that follow.

DO you know if the post EOL ESU patches will be on the MS Update Catalog? I suspect not, or at least not for free.

Reply | Quote

Though not a definitive answer, I suspect that they will be available & they’ll be free but the patches (updates) will be coded in such a way that’ll make them “Not Applicable to your System” unless you’ve previously purchased & activated your system with the appropriate “ESU” key.

Win7 - PRO & Ultimate, x64 & x86
Win8.1 - PRO, x64 & x86
Groups A, B & ABS

Reply | Quote

Patch Lady wrote “Yes, Windows 7 updates won’t go away, you just won’t get any new patches on that Windows 7 after next Tuesday.”

This statement sounds like a contradiction without the qualification that follows.  Do I understand correctly that only business users who subscribe to receive post ESU patches will receive Windows 7 patches and that non-business users cannot subscribe to receive post ESU patches?

Reply | Quote

I just bought a new PC with Windows 10 Pro which I will use as my main PC in the future, including for on-line browsing and financial transactions.

I have a 7 year-old PC with Windows 7 Home Premium which I intentionally never upgraded to Windows 10.  I want to use this old PC with Windows 7 Home Premium as my back-up off-line PC and will NOT use this PC for any internet browsing.  Is it safe for me to continue to use this old PC with Windows 7 Home Premium as my backup off-line PC provided that I NEVER use this PC for any internet browsing?

Reply | Quote

When you say offline, do you have the PC blocked at your router? If you have you PC connected to your network, it is online even if you do not open a browser, unless you have made some changes otherwise. If you can open a browser and it connects to the Internet, update a program, etc, you are not offline.

2 users thanked author for this post.

anita.yk, Mike W

Reply | Quote

Excellent Question – I will go to Control Panel > Network and Internet > Manage Wireless Networks, then change the setting for my two router networks by unchecking the box for “Connect automatically when the network is in range”. If I uncheck this setting and disable the automatic connection, then I hope that my PC will not connect to my two router networks and remain safely offline. Will this method work to keep my PC safely offline? Thank you.

Reply | Quote

As long as that setting holds. But I would check that it dowsn’t revert to turned on at least periodically.

1 user thanked author for this post.

Mike W

Reply | Quote

Do you still need it to talk to other devices on the same network?  Depending on your needs you can change the dns settings in the network card to block it from being able to resolve the web.

Susan Bradley Patch Lady

Reply | Quote

Mike W wrote:

I want to use this old PC with Windows 7 Home Premium as my back-up off-line PC and will NOT use this PC for any internet browsing

Why?

Just use the new PC and make sure you have it backed up regularly.

Donate the old PC to someone in need.

cheers, Paul

Reply | Quote

[Morty]

Happy Windows 7 Death Day.

Along with some others, I’ve been circling the wagons and holding on to Win7. (I only gave up XP when the box died.)

But, to switch metaphors, the calls have gone out to man the lifeboats.

I’ve seen a lot of good advice on how to move (I won’t say upgrade) to Win 10. But how can I check to see if my hardware can handle the load?

• This reply was modified 3 years, 4 months ago by Morty.

Reply | Quote

With your model number and the specs, look on the mfg’s website and see if it’s been tested for Win10.

1 user thanked author for this post.

Morty

Reply | Quote

The model is a Dell OptiPlex 990 and Dell is asking me to install SupportAssist. Do I want to do that?

Reply | Quote

Instead of installing SupportAssist, I tried Google. Turns out the box isn’t supported, but some people claim it works fine with Win 10:

https://www.dell.com/community/Optiplex-Desktops/Optiplex-990-Windows-10-Supported/td-p/6224701

But that page also says to update the BIOS first.

1 user thanked author for this post.

woody

Reply | Quote

Good advice.

1 user thanked author for this post.

Morty

Reply | Quote

Thank you. Will do.

Reply | Quote

I have 2 Win 7 PRO computers, and plan to take the Harbor Computer Services offer, at least for 1 year.

I accessed their License Request and Payment Form, via the link on Susan Bradley’s post. I answered Question #6 as No (Do I have Office 365 Tenant?). But I don’t know how to answer question #7: “Please provide the desired tenant name to use.” The .onmicrosoft.com link shown does not seem to exist.

So I need some guidance on how to answer this question #7.

Harry

Reply | Quote

I don’t mean to be rude, but I’m living with W7 and have no other choices. So far the only issue is Thunderbird and W7 with Yahoo (yep the yayhoos) and it’s user access. I can access the Yahoo emails directly, but can no longer receive  them through Thunderbird,

I tried to follow the directions for both and ended up with a locked out  service; aka I can no longer read my emails in Thunderbird. I can access them directly in Yayhoo. and that is OK. However, I prefer to deal with incoming and outgoing mail in Tbird,

There were some inclement requirements that made me input a new “secure mail key” that seemed to make things better..Until it didn’t – in about 5 minutes. I tried again, but received it to no avail. I cannot receive emails in Tbird; I can only see them on Yayhoo.

Moderator note Edit for content.

jimzdoats

Reply | Quote

Is your setup the same as shown on this page?

cheers, Paul

1 user thanked author for this post.

wavy

Reply | Quote