Microsoft is patching Windows 8 but NOT Windows 7

ThrashZone · 09 Jun 2014

It's always a risk to have open apps with a constant feed win-8 is pretty much on steroids as far as constant feeds,
I can't say windows 7 type of apps/programs/toolbars are much different security wise,
Best is to do without them and use them as a site you access like a home page or favorite ?

Sync has always I've thought to be the new biggest security hole waiting to be exploited / Onedrive desktop/ Dropbox../.....
Cloud.../ websites Share this and that

Nothing is 100% secure and the disclaimers usually point that out,
But Microsoft abandoning win-7 ?
Cheers.

A Guy · 09 Jun 2014

https://www.sevenforums.com/security-...rity-bods.html

A Guy

RoasterMen · 11 Jun 2014

They can abandon Windows 7 and loose their money and their trust from their customers or continue the updates for Windows 7 because W7's lifespan is still a bit long :\

jimbo45 · 11 Jun 2014

Hi there

You need to understand the basic difference in how security works between W7 and W8. In W8 itself it is built in to the kernel and several modules . Windows defender (confusing as this is NOT the same as Windows defender in W7) which is really a re-write of Ms Security essentials but built in to the kernel is patched daily.

Windows 7 relies more on EXTERNAL / 3rd party packages for security so it's up to the security vendor to supply patches to those. Ms will of course patch its own products such as MSE (Microsoft security essentials) and IE.

I doubt if W7 is essentially more insecure than W8.1 currently -- patches, time lines for these patches and modules to be patched cannot be equated on the whole with the same set used in W8.1

W7 being used by enterprises much more than W8.1 will certainly for the immediate future not be left vulnerable to the latest hacks - however Ms can't be responsible for any weaknesses / loopholes caused by badly written 3rd party programs.

W8 / W8.1 has types of "always active" apps (metro etc) so security for ensuring those types of things are safe operates totally differently from W7 which is in essence a "static" OS in that you rarely have loads of apps integrated into the OS which are running constantly - excluding system tasks etc.

Cheers
jimbo

Britton30 · 11 Jun 2014

MS is in fact, updating w7, I just installed 14 updates, 9 of which are security related to the OS, the rest for Office stuff.

Jimbo, can you explain "kernel" so my 3 brain cells can comprehend it? I see the word bandied about all the time.

Indianatone · 11 Jun 2014

I suspect some of the things that are being patched in Windows 8 / 8.1 and not in Windows 7 do not exist in Windows 7 or Vista. For example the metro ecosystem. The whole report is a load of tosh.

jimbo45 · 11 Jun 2014

Britton30 said:

MS is in fact, updating w7, I just installed 14 updates, 9 of which are security related to the OS, the rest for Office stuff.

Jimbo, can you explain "kernel" so my 3 brain cells can comprehend it? I see the word bandied about all the time.

Hi there.

Trying to explain Operating systems in a few words is a problem -- however an OS consists of basically a TASK manager which handles all its central functions like managing memory / paging / I/O calls etc and an interface which application programs ("apps") - things like say your DVD player software or E-mail call to execute.

The kernel is essentially the main core of the operating system which runs and controls all the processes happening in the computer.

Normally the System services and programs run in "protected mode" -- normal "User programs" (your Apps) can't run in this mode - and these programs are normally part of the kernel - or the central program which is always running in your system. For example when you type something on a keyboard the operating system has to have a program that knows exactly when the keyboard is used and what it has to do. (In technical terms this is called "an Interrupt" and the Interrupt manager in the OS will depending on the type of action required call the relevant application to handle the request - for example keyboard input / disk I/O / Screen display etc).

For example after booting Windows you can start an application -- so you must have some program running which is looking or waiting for a command to start your application. After booting you might not enter anything for 30 mins -- but there must be an underlying process running which is notified as soon as you make a mouse click / a keyboard stroke.

Your application isn't concerned with memory management / I/O etc etc. The Operating system ensures that applications run and use their own areas and data from one application isn't corrupted with data from another.

Operating systems are very COMPLEX and to describe them properly goes way beyond the scope of this post. A bit of googling should give you further info.

Cheers
jimbo

Kevin 7 · 11 Jun 2014

If you have problems installing certain updates for windows 7 operating systems, MS will try and tell you the problem is with you and your computer. Most of the time this is not true. If it's just one update or even two out of many, the problem is with MS. It's not you. It's still a good idea to to run chkdsk in cmd just to make sure and run a good full security scan with your security provider. You can fix most problems with cmd. Wait a while...a week or two and MS will eventually fix the error. Chances it's not just you but a lot of people going through the same thing. MS is now geared up for windows 8 and those of us with 7, vista or xp take a back seat.

Cr00zng · 11 Jun 2014

While the kernel does manage memory addresses for applications, the actual memory size and what's written there is controlled by the application in question. The kernel basically allocates the memory buffer, or heap, as requested by the application and the application controls what's written in this buffer. If the size of data being written is greater than the buffer allocation size, then the buffer overflow will take place. And that's not a good thing. The intentionally triggered buffer overflow can crash the system in good case. In bad case, the buffer overflow is used to execute arbitrary code that compromises the system.

Most applications are developed in C/C++ language, that has no built-in routine/function to check/restrict memory buffer boundaries. The developers are suppose to write their own routine that performs this function, but that does not happen all the times.

The Windows SDK, that includes C/C++, has built-in routines for application developers to enforce the memory buffer boundaries, so they don't need to write their own. What the article is complaining about is the difference between intsafe.h (SDK 7 for W7) and strsafe.h (SDK 8 for W8) libraries. Comparing these libraries is pretty much irrelevant, as far as the status of the security patch is concerned for the indicated OS.

As more and more buffer overflow technology utilized by hackers become known, the more "safe functions" will be added to the SDK libraries. Some of them will be forward looking only, while others may make it to the previous version to SDK libraries. This could be a decision based on compatibility and not an intent of abandoning previous OS versions, that are still supported.

The programming error resulting in buffer overflows is the main reason why I use MS EMET 5.0. EMET protects the OS, applications, and browsers against 13 known buffer overflow technologies. Will it protect against all of them? Well, no... There's nothing that programmatically can protect your system against a programmer error...