Windows 7 after the Supportend

This post was flagged by the community and is temporarily hidden.

1 Like

Sorry to break it to you but this is just really bad advice.
Doing as you say will result in a lot of additional risk, I dislike Windows 10 too but if that is your problem then you better switch to a different OS.
End users should definitely switch to Win 10 and this the sane thing to do.

Some software vendors already dropped support for Windows 7 and many if not all will follow pretty soon, this means that not only your OS is vulnerable but other software will be so permanently.
Not to mention drivers and other attack vectors.
However, Micrsoft will patch critical bugs in the next couple years as they did with Windows XP, even if they say they won’t.

Also I think this is the wrong subforum, mod?

2 Likes

I am also a fun of windows 7. I have tried 8 and 10 but I have to go back to 7.Ultimate is my base and more likely I prefer 86 rather than 64 bits. Don’t know but will try all sorts of stuff to the end.

Yeah, please, no one do this. If you must use Windows, just fucking upgrade. I have a hard time believing there’s actually anything you need Win7 for.

1 Like

Actually you would be surprised. Large companies today still use Win 7. Last company I pentested, half of the company was using Win XP and Win 7. I’ve seen people use them for testing environments on windows machines legit just to see if they can get through a win machine. Not everyone’s computers are as updated as 0x00sec’s are. But yes agreed it is very much preferred to just use completely updated Windows 10 and secure that, mainly because of all the CVE’s. If you use a Mac, expect hardware challenges. Plus once Quantum computing comes out first top 3 layers of encryption in the world are going to be outdated at the least, maybe even obsolete.
-Archangel

I’ve engaged companies using legacy Windows installations as well, but never in any of their followup audits can they provide actual justification for not migrating.

2 Likes

You will find a lot of integrated applications still run on windows 7.

Things like door controls, coffee machine, booking systems, meeting room VC’s (more *nix based thinking about it) and security barrier controls run on windows 7 OS. What’s worse is that in most situations the security team cant touch these systems as the land lords control them. As a tenant you can of course make a request but would take along time to resolve, in most cases you just need to airgap them where possible.

Although Windows 7 is going out of support, I think SMB 2.1 worries me more, it has a very poor track record with security issues and you see the same version in Windows Server 2008 R2…

Also to mimic the comment above, both bluekeep and eternalblue were patched by microsoft on 2003 and xp machines so i think major concerns would be covered.

Any way… essay and over long story short, Don’t use Windows 7 and let Microsoft spy on you on Win10.

3 Likes

This is massively underrated - landlords or building owners devices.

We accidentally scanned a vendor device once and the horror that was uncovered was immense.

Yup, we found an unpatched XP machine… ms08-067 worked. What a joke…

1 Like

@W4K3Y How about getting Win 10, but disabling everything Microsoft/Google related and using alternatives, (even if it requires soldering in hardware to the motherboard)?

@yeezi
Yes they can. The last one I scanned the reason for not mitigating was because it took up too much bandwidth on their metered network and they were just going to upgrade all the work computers at once, instead of continually upgrading unsecure computers. Another one I scanned, the Windows XP computers were being used for Accounting and Marketing, while the Win 10’s were being used for practically everything else. End game (from my observation): All companies want to save money.

BTW, It is actually really shocking to me how many people today still trust Google even after knowing the net neutrality issues and censorships sigh.

Or just use *nix alternatives… and not game or run VMs… (ok you can run vm’s its just a little clunky)

1 Like

As @Archangel9 stated many companies still use versions of MS Windows XP/Vista/7 for embedded devices. One such device, among the lot, is a PoS (not piece of shit) system. With MS Windows POSReady variants companies still hold onto older versions of MS Windows and it’s scary how many businesses in just, for example, the food industry uses outdated MS Operating Systems.

Let’s be clear here - I haven’t come across good reasons for not migrating machines that aren’t air-gapped or behind multiple levels of access control measures. This does not mean that good reasons don’t exist. If a legacy device is air-gapped/walled off properly and the controls around the physical access area are strong, for example, then nearly everything that can be done to mitigate the risk has been done.

But I’m not talking about those. I’m talking about the legacy infrastructure that has been neglected due to a lack of expertise/budget or out of abject laziness. If legacy systems are secured properly, and I’m attacking you, I shouldn’t be able to find them or get to them, which makes legacy retention mostly a non-issue.

We can come up with exceptions all day, but doing so is only restating the obvious: legacy infrastructure is sometimes necessary. But the original post suggested some of the worst mitigation tactics around its use that I’ve ever seen, suggesting that legacy infra can be secured with a few programs, which is patently incorrect.

Again, no client of mine has ever had a good reason for putting vulnerable endpoints or servers within my reach and allowing them to stay that way. Just as with client engagements, this conversation requires realistic context.

3 Likes