Windows 7 and Internet Use

[dblack]

dg1261
Thanks for providing all that information.
I have to point out that I can't engage with you into the merits of subjects like forked versions, supermium, thorium, r3dfox etc. for I have never even heard of them. Those topics I have to leave to the computer geeks.

I have said that I use Firefox/Startpage for the reasons given, and I will continue to use them for the foreseeable future. I notice you said Firefox and Chrome have dropped support for Windows 7. That is not strictly true, I cannot comment on Google Chrome for I have never had the slightest notion to ever install it but Windows 7 users should be using the ESR version of Firefox. Here is a quote from Mozilla:

" Mozilla will provide security updates for Firefox 115 ESR until at least March 2025, when the position will be re-evaluated."

Now the security updates might stop later but that in itself will not stop me using Firefox/Startpage, after all when I discovered Microsoft Updates for W7 were being used to install W10 telemetry into W7 users PC's, sometimes hidden in "Security Updates", I removed them and have had their updates switched off for years.

I do have Firefox Portable on a USB memory stick but it is only used as a "Get out of Jail" card when required.

- - - Updated - - -

VPNs don't protect your computers at all.
They actually act as proxies to websites, possibly from a different location from your real one. Their main usefulness is to bypass censorship and those pesky "geo-locked" things (think per-country Netflix series). But about security, the don't help in this day and age. In fact, it's not difficult to think that they are detrimental to security and privacy..

Would that not depend on the interpretation of "protect"
Everyone should know that your ISP is able to see everything you do on the internet. A VPN encrypts your traffic so that it is unreadable, even to your ISP. That would apply to "Hackers" as well and at the very least make it extremely difficult for them, especially if the encryption was the strongest available. (AES-256) as used by government departments.

Could you elaborate a bit on how they are detrimental to security and privacy.

 

[michael diemer]

I'm curious. If one thinks that Windows 7, fully patched and using an up-to-date browser and antivirus, is safe for everyday internet use, would Vista then also be safe? It is possible to use R3dfox, an up-to-date fork of Firefox, on Vista, and Avast Free supposedly still works on it (although an older version, but it still gets updates). So, if one practices safe browsing habits, and perhaps has a VPN (there is obviously disagreement about whether that is really helpful or necessary), why would Vista also not be safe? It's basically the same system as Seven. One could even argue that Vista might actually be safer, since very few people are still using it (the same argument that applies to Linux: why waste time going after an OS that less than 5% of people are using).

If, as many say, safe browsing is almost entirely the result of user behavior, then potentially any OS could be used safely. Then the choice would come down more to usability (drivers, software etc.). There would be a limit, of course, to how far back you could go. Although people still use XP and even 98, they tend to be retro-gamers, and probably don't go online much.

Just wondering what folks might think about this.

 

[dblack]

Michael,
You will have seen my previous posts so I am not the most knowledgeable person to advise on r3dfox, one of the posters who introduced it would be. However when something is posted here I do carry out research and although I have not finished yet things are looking very promising. The r3dfox for W7 is using the updated security levels as used in W10. It also mentions Vista and XP although that is reduced a bit.

Here is a review of it by a user, a bit longish but I have included it all:

Awesome! The very latest Firefox in Windows 7 Firefox itself is a really fantastic browser. Firefox doesn't mine your data like Google Chrome. Google are also planning to phase out ad blocker UBlock in their new "Manifest V3" extensions system, starting June 2024. The V3 extensions make thing hards for ad blockers, and will only have a Lite version of UBlock with limited functionality, as Google are clamping down on the ability to filter ads in Chrome. Google have a conflict of interest since their business model involves deceiving users by marketing through Google Ads. That's a terrible business model for an internet information search and browser company. Google are basically selling their users to ad companies. There's really no reason for Google to even bother making a browser since open-source Firefox has it covered, and Google can just help make Firefox instead of re-inventing the wheel. Firefox is made by a non-profit, the Mozilla Foundation. The only issue they have is currently they are partially reliant on money from Google and search or social media companies, for adding search options and links in the drop down in Firefox. Hopefully Mozilla find better alternatives, or use more effective direct funding like Wikipedia does. UBlock works great in Firefox. Firefox has lots of useful extensions in it's privacy and security section. It's got extensions to make popular social media sites better too. In Windows 7 you can use open-source Sandboxie or Sandboxie Plus with browsers and other programs for added security, the free option is sufficient. As well as isolating programs, Sandboxie stores changes made to files separately to be only visible to programs inside the sandbox, so no files are changed outside the sandbox.
[h=2][/h]

 

[dg1261]

I'm curious. If one thinks that Windows 7, fully patched and using an up-to-date browser and antivirus, is safe for everyday internet use, would Vista then also be safe?
[...]
If, as many say, safe browsing is almost entirely the result of user behavior, then potentially any OS could be used safely.
[...]
Just wondering what folks might think about this.

Of course, "safe" is a relative term -- is any use of the internet truly "safe"? But that aside, it also depends on different risks factors for different people, plus an honest assessment of what you want to be protected from.

For instance, some people vociferously allege Apple products are more privacy conscious than Google products (Android and Google Chrome).

Yet, Apple totally controls your devices and experience with an iron fist. What happens to users who jailbreak their phones to set them up the way they want? Or install apps that aren't annointed by Apple's gatekeepers? Or get repairs outside Apple's approved repair channel? Or who take photos with their phone that Apple's prudes consider lewd or inappropriate? Apple can, and has (according to credible reports), deliberately bricked users' devices whenever they want. I don't believe Microsoft has the capability to brick my Windows 7 computer, even if they wanted to.

Anyone who thinks Apple can't or doesn't spy on what you're doing is fooling themselves. So if your choices are Google knowing your ad preferences (even if they were blabbing them to the world, which I would dispute) or Apple playing the role of "Big Brother" and controlling what you can and can't do with your own devices, which do you consider more privacy-invasive? Different people seem to have different points of view on that question. That's what I mean by honestly assessing what you want to be protected from.


As for the choice of OS and OS updates, there are also a number of factors. First and foremost, what is your usage environment -- business or personal?

For instance, consider the 2018 Spectre/Meltdown fiasco. The "speculative execution" vulnerability would allow a hacker in one virtual container to see into a neighboring virtual container. Uh, okay. That might be a serious issue for a web server or cloud service (who need to protect the secrecy of their clients' VMs or virtual storage repositories), but is that an issue for my personal computer?

I like to use the analogy of a suite of business offices vs. my personal home. Visitors to my home can freely go from one room to another, and don't have locked doors between them. In contrast, a business building probably needs locking doors to each suite to keep unauthorized visitors out when any given business is closed or unmanned.

That's the "speculative execution" issue in principle. I rarely have multiple VMs running, but even if I do a hacker getting into my computer doesn't need a Spectre/Meltdown exploit because he's already inside and can see into any VM I've got running. So the fact my Windows 7 is not patched for Spectre/Meltdown is irrelevant. I'll focus my efforts on keeping him out in the first place, not on worrying about him going from one room to the next.

(Aside: I ceased all updates after Dec 2017 because I didn't want to suffer the negative consequences associated with the patches. So yes, my Win7 is unpatched, but no, for me I don't think it's critical.)


Second, what's your predeliction for clicking links in emails, or visiting random sketchy websites? If you're that type of person, heaven help you, and you'll get no sympathy from me. People have been warned, ad infinitum, so if you're still doing that you haven't been listening.

Although, again, business vs. personal environment can make a difference. I can choose to ignore phone calls and texts from unknown numbers or emails from senders I don't know, but a business secretary may not have that option. A business has a higher risk profile.

(FWIW, if I do want to visit a new, unknown website, I have a linux VM specifically for that purpose so I don't have to expose my main machine. )


Third, are you using a relatively secure browser? The only real threats to my home computer have to come through the internet, so a hacker would have to come through the browser first before getting to the OS. That's why for Win7 systems I only recommend Supermium, Thorium, or r3dfox.


As for the OS, unpatched vulnerabilities are, IMHO, largely mitigated if you're behind a NAT router, so I always recommend using your own NAT router behind your ISP's gateway. That way, your computer is not directly connected to the public internet, so it would be very difficult for someone to get through without you inviting them in. Your computer may have vulnerabilities, but that won't matter if the bad guys can't get to them.

In addition, I consider the more recent OSes (Win10/11) to be no better than Win7. They have plenty of their own new vulnerabilities, partly because Microsoft keeps throwing in sketchy new junk and reinventing the wheel instead of just fixing security flaws. Also, they keep poking new holes in my internet security blanket -- why in the world do they think I want a constant connection the cloud, or OneDrive, or a Microsoft account?

And I don't doubt for a second that Microsoft's endgame is to take a page from Apple and start monitoring or censoring everything I'm doing on my own machine -- or, heaven forbid, possibly even figure out how to brick my machine if they don't like what I'm doing with it.


I have no qualms about continuing to use Windows 7, even without updates since 2018. If a hacker got far enough to take advantage of security flaws in the OS, I would have had to do multiple stupid things to let him get that far.

I'm also retired, so I don't have to use a computer for business. That makes my choices simpler.

And I'm also old, so have no patience anymore for the "hair-on-fire" environment many tech proponents think I should live in. And I don't update because at my age I've grown weary of the propensity to remove things I'm using, or add things I don't want, or constantly change icons or move a few buttons around just so something can be called "new". I just don't have enough time left to waste it fixing things that some update broke.


And don't forget that, above all, social engineering is your biggest exposure surface, anyway. It's not tech vulnerabilities, so your choice of browser, OS, or patching has a much lesser impact, if at all.

Just my two cents, and everyone should evaluate their own risk profile. But for me, if it's a choice between a fully patched Win11 or my unpatched Win7, I'm sticking with my Win7.

 

[Aardvarkly]

Thanks for that post DG. I am someone who is also unwilling to accept change for the sake of change and dislike having entities like Microsoft brainwashing me to waste my money riding the "update train". My existing home built desktops are giving excellent service with W7 and have done since day one. If for some reason beyond my control I have to abandon W7 I already have a hard drive in place prepared with Linux Mint that can be ready to go in less than half an hour.

One question comes to mind and I would value your comments. I have had no particular concerns with my current setup and how I use it. I have four browsers installed that are used in order of preference: Opera, Firefox esr, Brave, and Chrome. Opera I use daily, Firefox occasionally, Brave (only rarely because my favourite download manager works on it), And Chrome is almost never used but is a fallback in case nothing else will work on a website. Opera and Firefox are kept updated but the last two are no longer sending updates for W7. I am thinking about installing MSE after seeing it mentioned favourably here and on other forums. I currently have Avira free handling the antivirus duties and have so far had no problems. Is it possible to have both installed at the same time or are there likely to be conflicts?

 

[dg1261]

One question comes to mind and I would value your comments. I have had no particular concerns with my current setup and how I use it. I have four browsers installed that are used in order of preference: Opera, Firefox esr, Brave, and Chrome. Opera I use daily, Firefox occasionally, Brave (only rarely because my favourite download manager works on it), And Chrome is almost never used but is a fallback in case nothing else will work on a website. Opera and Firefox are kept updated but the last two are no longer sending updates for W7.

(Note that Mozilla has committed only to supporting Firefox on Win7 for one more month, so perhaps you should deem only one of your four may continue to be updated.)

I would suggest users consider the User-Agent environment variable the browser sends to get a clue how committed the developers may be to maintaining Win7 compatability on the web. All browsers send a UA string in their request headers to tell websites what OS, browser, and browser version you're using. Many websites will use this to nag you or outright block access if the UA string makes them think your OS or browser is too old for their tastes. (See webbrowsertools.com to check your browser's UA string.)

For instance, the current Firefox ESR version will show "Windows NT 6.1; Firefox/115" in its UA string, even though the actual security updates may be consistent with Firefox 134. Websites will know you're using Windows 7, but will also think you're using Firefox version 115, when to them "current" would be version 134. So websites may complain that you're not only using an outdated OS but an outdated browser as well, even though the security level is up to date (at least for one more month).

Compare that to r3dfox. The version 131 I have (I see he's released v133 now) was released contemporaneous to Firefox 131, and shows "Windows NT 6.1; Firefox/131.0 r3dfox/131.0.3". Websites will still know I'm on Win7, but will think my browser is Firefox 131. That suggests r3dfox may be more amenable to websites than even the official Firefox ESR.

Over in the Chromium world, Google ceased support for Win7 with Chrome 109, so the old Chrome you have will show "Windows NT 6.1; Chrome/109". Chrome official is now on v133. And remember, with no updates, your security level is also back at v109. I see no reason for anyone to be using Chrome.

Brave 1.47, the last to support Win7, will show "Windows NT 6.1; Chrome/109.0.0.0". With no updates since Chrome 109, it's in the same boat, security-wise, as official Google Chrome.

Opera 95 Legacy, which still supports Win7, has security updates consistent with Chrome 131, but the UA string shows "Windows NT 6.1; Chrome/109.0.0.0 OPR/95.0.0.0". It is telling websites you're on Win7 Chrome 109, although you're security level is actually more current than that.

My Thorium 122 version shows "Windows NT 10.0; Chrome/122.0.0.0". (I see they have a 126 version now, so that UA string will presumably show Chrome/126.) The Chrome project is officially on v133 now, so Thorium may be a tad behind, but is a far cry better than the last official Chrome version.

Even better, note that Thorium is pretending you're on Windows 10! So instead of Chrome 109 on Win7, Thorium is masquerading as Chrome 122 on Win10. Nice.

Finally, there's Supermium 126, which was released contemporaneous to Chrome 132. Supermium's UA string shows "Windows NT 10.0; Chrome/132.0.0.0". I think the version number may imply the security level is consistent with Chrome 126, but nevertheless Supermium is masquerading as Chrome 132 on Win10. That should help keep a lot of websites off your back.

FTR, note you can also use a browser extension to fake your UA string, regardless of what the browser defaults to. (My favorite is "Ray's User Agent Switcher and Manager", available for both Chrome and Firefox platforms.) However, I'm just using the above discussion of browser UA strings to perhaps infer some insight into which developers may be more committed to our end goal of continued Win7 support.

This is all just my tangentially informed opinion, looking for signs between the various browser offerings. I think the r3dfox developer, [MENTION=580296]K4sum1[/MENTION], is active on this forum, and he'd undoubtedly be more knowledgeable on what it takes to develop a browser fork. If I'm off-base on any of my above inferences, hopefully he'll correct me.

 

[Aardvarkly]

Thanks for that. An understanding of this issue will be useful. I will explore the subject further.
I have read a bit about user agent spoofing before but thought it was only used to deal with websites that won't work for W7. I have yet to find a site that won't accept W7.

 

[dg1261]

I've delayed addressing the second part of your inquiry because I don't think I'm the right person to be giving anyone advice on AV programs. I haven't used any third-party AV software for 10 years.

But with no other responses and the prospect of your question fading into the ether, I'll go ahead and throw in my two cents, FWIW. So take this with a grain of salt.

I am thinking about installing MSE after seeing it mentioned favourably here and on other forums. I currently have Avira free handling the antivirus duties and have so far had no problems. Is it possible to have both installed at the same time or are there likely to be conflicts?

Ten years ago I would have said you should never install two AV programs because they would fight and bring your system to a crawl. But remember, I'm not familiar with the present state of the art.

You may want to start by honestly evaluating your own experience with Avira first. Has it actually cleaned anything? I'm not talking about cookies and inactive temp files, I mean an actual infection. Has it protected you from something actively getting through, that would have gotten through had Avira not been there?

If after honest evaluation you think it's saved you from disaster, then why look at alternatives? Stick with Avira.

OTOH, if it hasn't done much of anything, then maybe you don't need it. Maybe the kinds of things Avira is designed to catch just don't happen to be threat vectors for the type of user you are. In that case, uninstall it and switch to MSE. Third party AV is often a drag on system performance, and IIRC, MSE has a better reputation in that regard. I have test-driven MSE in the past and it seemed to work well, and IMHE it didn't slow your computer down as much as the third-party stuff seemed to do.


So why did I abandon AV software in 2015?

I had previously used Avast, Norton, and others for a couple decades. Then I happened to hear security gurus, both Steve Gibson and Bruce Schneier, off-handedly mention that neither of them used any third-party AV software at all. That sounded blasphemous, but since I felt I was as risk-averse as they were, I needed to give this some serious thought. I realized that in the prior 20 years (1995-2015) I hadn't heard a peep from my AV software, nor had I been infected by anything. It seemed to me maybe it wasn't catching anything because there was nothing to catch.

So I uninstalled my old AV programs to see what would happen. Nothing happened ... except my computer ran faster and more smoothly.

Since 2015, none of my family's computers have run anything beyond the built-in Windows Defender. It seems hard for even me to believe, so I will occasionally do a full scan with a temporary or offline AV, but nothing has ever been detected. That, plus my annual "rolling-clean install" strategy has pretty well convinced me that my systems are fine without third-party AV.

I could go on about my online safety philosophy, but that's kind of tangential to my point here. The bottom line is I don't use AV, and I'm not getting infected. One has to conclude that not everyone requires AV software.

But I wouldn't pretend others should make the same choices I have. I am definitely not your typical user, and everybody has their own threat profile, so caveat emptor.

 

[Aardvarkly]

"If after honest evaluation you think it's saved you from disaster, then why look at alternatives? Stick with Avira."

I can't remember a single event in over ten years that some virus/malware has appeared on my PC. I can't say that is because it hasn't happened. Could Avira or any of the other AV software I have used have dealt with a problem without letting me know? I don't really know. In the past I have had Norton (dreadful), AVG, Kasperky, Panda, but have settled on Avira. So, as you say, it might be that my usage doesn't put me at particular risk or that my AV is working well. In addition to the Avira free I use Malwarebytes and CCleaner as a cleanup tool after every session online.

 

[michael diemer]

I have had only one known event in my history of use, but it was not on Windows. Not even Linux. It was on BSD, which most people have never heard of. Someone definitely hacked their way in, and I nuked it immediately, ran D-Ban, the whole bit.

I feel totally comfortable running MSE, although it has never found any actual malware. Of course, it's possible that your AV is failing to find something that really is there. You don't know what you don't know, in other words.

MSE is no drain at all on your system. All others are, some worse than others. Also, they all try to scare you into upgrading from free to paid, or to Premium from Basic, etc. On Windows 7, since MSE works so well and continues to update with the latest definitions that W10-11 use, I think it's a no-brainer to use it. I feel covered when I'm online with Seven, which isn't often (I'm writing this on Linux Mint). But to use Seven as my daily driver, I wouldn't feel secure about it. I would worry. Probably needlessly but there it is, I would worry. So my solution is Linux as the daily driver, Seven for my music composition. I worry less this way. Your mileage may vary, of course.

 

[dg1261]

I have read a bit about user agent spoofing before but thought it was only used to deal with websites that won't work for W7. I have yet to find a site that won't accept W7.

I've only run into a couple. One was a financial/investment site that flat out said on their home page that I had to upgrade my OS to Windows 10 or later before they would show me the login screen. They even thwarted UA spoofing by using a java applet that opened a separate window to sniff out the real OS. I resolved that by launching a Win10 VM and logging into the site from there. Once I downloaded my tax documents I could transfer them from the VM to my Win7 host and close the VM.

I have also run into problems with sites such as my previous bank in California that wouldn't let me login because a pop-over said my browser was out of date. Editing my UA string solved that problem.

Could Avira or any of the other AV software I have used have dealt with a problem without letting me know?

I highly doubt it. No company can stay in business if its customers don't know they've gotten any value from it. On the contrary, if they do catch something they seem to crow it from the rooftops. I've seem some that even brag about how many cookies they blocked, as if that was some real threat.

 

[Alejandro85]

Would that not depend on the interpretation of "protect"

A very good point to begin with! We can't even begin to talk about security without defining our attacker and what we want to defend against. I was thinking about a very similar threat model than you have explained just after this.

Everyone should know that your ISP is able to see everything you do on the internet.

No.
This is an already solved problem, to a great extent at least.
It's true that every single byte you send or receive goes though your ISP and they can inspect and even change anything they want without you having any chance of knowing or preventing this, they're effectively a man-in-the-middle due to how the internet is designed.

But claims like this neglect the security developments of the last 30 years when the problem was identified and possible solutions were tested. The single most important of those is the widespread adoption of HTTPS. This not only does an end-to-end encryption, but also introduces certificates allowing you to validate if the answer comes from where it should and checksums and cryptographic signatures add validations so you can detect tampering. So the ISP actually sees only ciphertext and a few other metadata (more on this latter), but nowadays has no way of knowing what you're doing in the page. And if they attempt to modify anything, the browser detects and warns you.
This was a serious issue when the web just launched and everything was plainttext, but right now, a secure connection is pretty much a must for even the most rudimentary websites. It comes as an integral part for all browsers and has become quite easy for websites to adopt HTTPS.

A probably more concerning point is that if you have reasons to distrust your ISP, you should seriously think into changing for a different one, as the possition it occupies makes attacks by it possible.

A VPN encrypts your traffic so that it is unreadable, even to your ISP. That would apply to "Hackers" as well and at the very least make it extremely difficult for them

This is the main selling point of VPNs, but as I just wrote, it's something that every single browser already does. Out of box. For free.
Adding a VPN you are effectively adding a second man-in-the-middle in addition of your ISP. Not all VPNs work the same, but it's critical to security to understand how they actually work. A possible way to make them work would be to configure their settings in your browser or they may install some software to make it redirect all your traffic though them, maybe possibly introducing their certificate in the global trust store.

HTTPS has been designed with end-to-end encryption in mind, considering that any middleman could be hostile, and it must work securely even in those conditions. So the default solution takes into account your ISP could be a bad actor, VPNs don't add anything new to the mix in this regard, and can even introduce their own vulnerabilities. Moreover, if they're designed to work as an HTTP proxy instead of just relaying bytes as they come this means they could break the end-to-end promise of HTTPS, significantly reducing security and completely breaking your privacy. For example, the worst case could be that your ISP can know you're accessing a bank's website, but they have no idea what did you do, but the VPN can even see the full page if that's the case, including your balance, every single detail you see and action you do and even sniff your password.

A good VPN will add nothing in this sense, a bad one will introduce serious problems.

if the encryption was the strongest available. (AES-256) as used by government departments.

This is another marketing promise without taking security into account.
While AES is considered safe at this time, the security of the whole solution depends greatly on how it's used and the implementation details.
You need to take modes of operations, initialization vectors and key management into account. TLS implementations in browsers and servers are among the most scrutinized pieces of software out there, and the specifications are frequently reviewed and continually tested for vulnerabilities, most often relying on well veted pieces of open source software. As for VPNs, we can't say the same and have to resort to blind faith.
To ilustrate the point, search about the ECB Penguin to see what AES can do when used improperly. This website includes an example:
GitHub - robertdavidgraham/ecb-penguin: Demonstrating the famous ECB penguin so that you can repeat the process yourself.

Could you elaborate a bit on how they are detrimental to security and privacy.

In short, because the browsers and the web in general already took steps to ensure privacy while maintaining security, mostly in the form of TLS in HTTPS. This makes the main promises of VPNs redundant at best, and possibly endangering sometimes depending on the concrete implementation, because they might break the end-to-end assumption of HTTPS. Adding a second man-in-the-middle is also something you need to carefully evaluate if we talk about security.
Add to the fact that many vendors of security software seem to lack some quite basic concepts of security (as demostrated by a few research papers) and I find difficult to trust a VPN operator to fulfill their promises.

Some other more recent improvements center around DNS and hiding the actual websites you're visiting, something that HTTPS alone can't do. DNS-over-TLS and DNS-over-HTTPS deal with that, by encrypting the name server requests so that your ISP don't learns them and can't possibly modify the responses (adding to both security and privacy).
TLS 1.3 also created the concept of encrypted server-hello that encrypts the server certificate so that the site name isn't even exposed there.
Both things are gradually gaining adoption, but far from a widespread usage just yet. Today your SIP could learn that you visited sevenforums, but have no idea what you did here. When fully deployed, your ISP won't even learn that you looked at sevenforums, just contacted with their server for something on it, but no idea what.
So far, VPN adds nothing here.

With a VPN (assuming it works properly) your ISP only knows you've connected to the VPN, but no idea what servers you visited, which in the best case only hiddes IP addresses and host names at most, because the web already is encrypted for the most part. If those bits of information are important to you, then a VPN is a must, otherwise you don't gain any privacy. But, take into account that the VPN operator does know that, as he effectively becomes a "second ISP" of sorts, so you trade one potential attacker for another.

What about non-HTTPS websites? Fortunately there are few of them nowadays, but they still exist. Your ISP has full access to everything you do there, because it's unencrypted, then a VPN will completely hide it from the ISP. But, the VPN operator will have that full access now, as the website still expect a plaintext connection and the VPN has no choice but to left it plaintext in the final hop. So any hackers and the VPN still can read all you do and modify what you see at will, without any way for you to detect it. But the ISP will still be blind. Again, one threat for another.

That's why VPNs don't add security overall, and only switch the privacy problem from your ISP to the VPN itself, but no real improvement.
And you've add an extra actor and software to watch, that's generally much less analyzed for problems than your average browser, driven by a company that may or may not take security seriously (despite on their claims) with no chance of assesing that they do things properly. I can think a few things that can go horribly wrong in the VPN implementation (either accidental or deliberate) but I won't bore more with this already long post (we can continue on this if you really want).

On the VPN merit, as you only connect to them and no other website ever, neither your ISP can block sites (very good to bypass government censorship) nor the sites can restrict you based on your location (very good to watch "geolocked" Netflix and the like).

 

[thedude82]

MSE works on Windows 7, at least for now. And it uses the same definitions as Defender on Windows 10 and 11.

I had to get rid of MSE after the MsMpEng process kept hogging up huge amounts of RAM even in idle (a well-known and long-running problem on Windows 7 systems and after). Switched to Avira as a daily driver AV instead without any issues, it has the same functionality and real-time protection while being a lot (!) more considerate with system resources in general. I use simplewall in conjunction with the Windows Firewall, which has been working really well.

As for browsing itself, having Ublock Origin installed is a must on the modern net in my opinion, regardless of the OS being used. With Mozilla dropping support for ESR next month, i will probably stop using this absolute resource hog of a browser as well. Already tested out the current versions of Redfox, MyPal and Supermium, all of which are working flawlessly on Windows 7 (MyPal of course even works on XP machines). These two Firefox forks also have excellent backwards-cross compatibility for the XUL addon platform, which is crucial.

Also had to say goodbye to and uninstall Waterfox, Brave and Librewolf though since their devs are anti-Windows 7 and lock these browsers out of any further development updates on purpose. Also tried out Seamonkey and Basilisk but wasn't too impressed with either of them, good to have them around as options that are running on W7 though i guess. K-Meleon also seems to be usable but basically never gets updated. Thorium is a decent chromium fork too, but its dev hasn't updated it since july of last year either. I also reinstalled good old Palemoon once again as part of the general browser overhaul on my system.

Been toying around with VxKex as well for a bit, though i only recently learned of the shady situation regarding that project and its untimely demise. If anyone wants to read about it, there are some recaps of the whole drama available over at the MSFN forums here and here. Sadly, VxKex hasn't really been working for a lot (most, actually) applications for me.

Something i find pretty interesting from a technical POV are the DXVK-Vulkan bypasses enabling you to do modern gaming on Windows 7, although i haven't been following this topic as closely since i've stopped playing video games a couple years ago and don't care for modern titles very much (made an exception for Half-Life: Alyx, which runs pretty well in Windows 7 within the noVR mod environment). From the examples i've seen being posted on the windows 7 subreddit and such, these types of bypasses seem to do a good job at making a sizeable amount of "current" titles playable on W7 which otherwise wouldn't launch.

Otherwise i use file tree analysis, wise disk cleaner and such to keep things tidy. Overall, Windows 7 is very much alive and kicking, the browser situation is predictably the only area where it's lacking in if you care about "mainstream" browser support and have a disdain towards community forks for some inexplicable reason. I'm very glad Redfox and MyPal exist as actively maintained alternatives to Firefox either way.

Maybe someone else will pick up where VxKex left off and develop an Extended Kernel as powerful as the one for Vista (which to my knowledge can run even the newest Firefox builds on Vista without issue), this would be a gamechanger for sure.

 

[dblack]

Reply to Alejandro85 post #32

You have shown deep knowledge and offered good advice regarding VPN's which included the following two quotes:

" and I find difficult to trust a VPN operator to fulfill their promises"

" driven by a company that may or may not take security seriously (despite on their claims)"

My previous comments to which you refer were not about VPN's per se but referring to the one originally introduced to the thread by Colour Oz, namely NordVPN.

I do trust my own ISP, much more than any other. My comments were making a general point.

Included with NordVPN are:
Double VPN
Onion Over VPN
P2P

Here is a quote from NordVPN:

"NordVPN is the most advanced VPN service currently on the market. It has all the basic VPN features you’ve come to expect while also creating and adding new functionalities that no other company offers.

"While some users only want to connect to a VPN server and get a new IP address, others enjoy the comprehensive online security NordVPN offers. Meshnet, Dark Web Monitor, and Threat Protection Pro™ — these features make us stand out from the rest."

Now I have no knowledge of the legal system over the pond as they say, but here, any claims like that put in writing for all to see that were not true would be seized upon pronto by the legal departments of their competitors.

 

[dblack]

Looking back over the replies to this topic I have came to the following conclusion:

It is as safe to continue using Windows 7 as anything else. I have been doing so for all these years and shall continue into the future. People should ignore the constant scaremongering threats from Microsoft and their disciples who constantly spout about security issues left right and centre, all designed to panic people into buying their latest expensively priced new systems and products.

Having said that, I need to point out that I have always been aware of threats using the internet and used a paid version of the basic Kaspersky AV. That I have now cancelled for the reasons given.

I could not disagree with the views put forward here that if you are only visiting safe sites then AV would not be necessary. That would not apply to myself however for I would not wish to lumber myself in that manner. In deciding what free AV to now use I looked at the latest test results carried out by the research laboratories and the AV programs that regularly came out on top were:

TotalAV : Avast : AVG : Avira : Bit Defender.

I would have been happy to use any of those but ended up installing AVG. I have been very happy with it since, particularly when internet browsing as it has live firewall protection. It also scans all my incoming e-mail in case they contain malicious links.

 

[dg1261]

People should ignore the constant scaremongering threats from Microsoft and their disciples who constantly spout about security issues left right and centre, all designed to panic people into buying their latest expensively priced new systems and products.

I occasionally peruse the descriptions of vulnerabilities and, to be charitable, my impression is most of them can be a danger to business users on a company LAN. If you're in that environment, or if you're VPN'ing into a company LAN, then I think one could argue Win 7 might be more vulnerable than other OSes to exploits moving from one machine to another across the LAN. In an office environment, threats that got in through somebody else's machine (say, an inattentive coworker) could come at you sideways, so it's not just the internet-facing security of the machine you're on that you have to worry about.

That's seldom true for home users, though. Nothing's coming at you sideways, and malware would have to get through a NAT router and modern browser first before it became a problem for the OS or any OS vulnerabilities. So I do agree with the characterization of "scaremongering" because Microsoft and the media seem to be willingly ignoring this distinction.

ended up installing AVG. I have been very happy with it since, particularly when internet browsing as it has live firewall protection. It also scans all my incoming e-mail in case they contain malicious links.

Sounds like you've got a very good handle on your own threat profile and a reasonable solution to it.

 

[wa791st]

In my personal experience, I grew up with Windows XP around & when my mother got Windows 7, that was the first operating software I used as a boy. I'm partially biased because it gives a sense of nostalgia and a longing for simpler times, but it really seems like Windows 7 was the last good operating software Microsoft released.
I understand things are far more complicated than they were in the mid to late 2000s, & there is some good with modern Windows OS like Win 11. I see pros and cons, but for practicality and ease of use, maybe it's just me but Windows 7 was and is still a go-to for me. If you can download a more modern browser, you're set. That's all it took for me. I could access my email, watch videos, study some.. I mean, in my case it's what I needed.
You keep common sense and understand that it is older software, and could be compromised easier in some ways than modern software, and you don't run in the dark alleyways talking to shady strangers, so to say.
I don't use it for video games since I don't play computer games anymore, so I can't give you an opinion on that.

I now use Linux out of necessity (you can find that adventure in this forum, actually) and have grown to really like it. If I end up wanting a Windows OS though, I'd still choose Windows 7. To quote Todd Howard: "It just works."

 

[dblack]

Earlier in this topic dg1261 pointed out the following:
Quote
"Aside: I ceased all updates after Dec 2017 because I didn't want to suffer the negative consequences associated with the patches. So yes, my Win7 is unpatched, but no, for me I don't think it's critical."

I had previously posted that I had done something very similar with my original Win.7 Desktop. In my case I stopped all updates after 2016. I then added one or two later ones to get everything I use working properly and it has been running perfectly ever since.

Now that desktop is getting old so as a precaution I have purchased a replacement which I am setting up to take it's place if or when required in the future. That's why I have two desktops running at the moment. The new much higher spec HP Z240 Workstation machine still has to be Win.7 so I purchased from a company that refurbishes former business machines, mostly HP or Dell to a very high standard and supply at a fraction of the cost if purchased new. My machine which I believe they built from scratch is badged Win.10 Pro but they have installed Win.7 Ultimate for me.

I have been looking at the installed updates and for the most part they are dated up to 2016 which is ideal for me. There is also another four dated 2019 which seem to be SHA-2 and .NET Framework which did not worry me but then the final one is KB4539602, dated 2nd July 2020.

That update has me very, very concerned. All I can find out about it is the following:

"Preview of Monthly Quality Rollup for W.7x64"

That looks to me like it will include all the updates I have removed and blocked previously, some of them containing the same Win.10 telemetry that Microsoft introduced into their later Win7 Updates. I will take my normal precautions but intend to uninstall KB4539502 very soon.

I would welcome any advice or comments on this, particularly from the likes of dg1261, quoted at the very start who has also stopped these updates and could possibly have knowledge of what KB4539502 actually does contain.

 

[dg1261]

[Update KB4539602 [...] has me very, very concerned. All I can find out about it is the following:
"Preview of Monthly Quality Rollup for W.7x64"

That looks to me like it will include all the updates I have removed and blocked previously
[...]
I would welcome any advice or comments on this, particularly from the likes of dg1261, quoted at the very start who has also stopped these updates and could possibly have knowledge of what KB4539502 actually does contain.

Given that I don't update, people probably shouldn't be taking advice on updates from me. I don't bother to keep up with trending topics in that space. (The only updates I have applied since 2017 are the SHA2 and TLS-1.2 updates, because Win7 is becoming less functional without those.)

With that caveat, I'll make the observation that according to "support.microsoft.com/help/4539602" (there does not appear to be any ..502), update 602 "addresses an issue that might cause your wallpaper that is set to 'Stretch' to display as black." Doesn't sound like it's security related at all, so we could probably consider it as optional.

OTOH, if the builder of your HP box did install it, perhaps they determined that particular box does suffer from the issue. It sounds harmless and doesn't sound like it has anything telemetry related embedded in it, so if it were me I'd probably leave it alone.

FWIW, 602 was not a Quality Rollup, but may have been part of the contemporaneous Preview Rollup and then full Rollups thereafter. The Microsoft Update Catalog mentions 602 has been superceded by a number of subsequent KBs, all of which appear to be Monthly Rollups.

Yes, a Rollup (in contrast to a "Security Only" update) will undo your carefully made telemetry customizations, so you don't want to install a Rollup. 602 is not a Rollup, though.

Honestly, though, anyone who doesn't want the telemetry but still wants to update should seriously consider the Simplix Update Pack. He (a Ukrainian, not a Russian) starts with only the security-related updates from Microsoft and strips out anything telemetry related. See his change log to see specifically which KBs he includes, which he excludes, and which he includes but with telemetry removed. It's a useful product for those who are reluctant to abandon updating altogether.

 

[LevelBest]

In answer to the OPs question, yes, I use my W7 laptop every single day and there is nothing I have encountered that would make me switch. I keep all of my documents, music etc backed up onto three rotational hard drives, I have a monthly clear out/clean up and once happy I make a system image. I surf daily, have my emails in Livemail. The only time I encountered a problem was when I was trying to buy something and my usual brave browser wasn't working for that particular website. So I downloaded Supermium and the website worked fine. So now I use Brave for daily surfing and if I want to buy something, I use Supermium.