No more security patches from Microsoft after 01/10/2023

[lostgreycells]

https://lifehacker.com/windows-7-is-off ... 1849966248

I'm one of the 11% of computers still running Win 7 solely because, for TV programming I've refused to give up WMC and Gary's EPG123! It's reliable and awesome! There are no alternatives to that software that even comes close! Thanks Gary!!

Anyone out there have tips on how I can avoid being hacked?

[Space]

Don't use the PC for anything other than WMC, or at least not for web surfing new/strange websites.

[SalmonSurprise]

First off, Windows 7 updates ended Jan 14, 2020. Their ESU program provided enterprises a few years of updates if they paid extra. This was not available to home users. That is what is about to end. The only updates still being pushed to Win7 are AV/MRT related, not actual security updates.

That being said, if you want to avoid security vulnerabilities, one option you have is 0patch (0patch.com). They provide micropatches for the most severe flaws for $25/year. I have used them on many PCs I manage, without issue.

Lastly, if you want to be extra safe, you should only be using Windows 7 for WMC use. Do not use it for web browsing, and for heaven's sake, do not expose it directly to the internet. (Make sure it is behind a router/firewall/NAT). This will minimize your attack surface, and you can safely operate the machine until it is ready to be retired.

[lostgreycells]

Thanks! Your answer is reassuring! I'll check out Opatch.

My setup: My WMC PC is dedicated to WMC and KODI, both of which require internet access for services. I also use it for backups and storage via the network. The network is set up so I have access to the WMC PC from my primary computer, but the WMC PC has no access to my primary PC.

Primary PC: running Win10, luckily my hardware won't allow them to force 11 on me. Set to "local" computer.

All computer access is via cat 6 from Comcast/Xfinity, HDHomerun cable card, and two routers: one at source and the other at destination for WMC computer. (no wi-fi access to either computer)

I use the Firefox browser and it's set up to sync bookmarks between computers. (is this a hole?)

Oddly enough, even with Windows 7 Home, I've been getting regular updates until now (mostly malicious software removal )

Thanks again! Just trying to make myself as secure as possible

[SalmonSurprise]

Like I said, I wouldn't use Windows 7 for web browsing (shared bookmarks or not) if you want to be safe. If you absolutely must use it for web browsing, definitely invest in 0patch. That is a zero not an oh btw. Also, in regards to the updates you are receiving for win7, as I said before, those are only Defender/MSRT related and are NOT security updates, don't be fooled.

[lostgreycells]

Thanks again! Will definitely check out 0patch!!

[Joram]

This discussion may come in handy: https://www.askwoody.com/forums/topic/k ... s-to-come/

[lostgreycells]

Thanks Joram! A very interesting site with a lot of knowledgeable information!

[lostgreycells]

Just now 1-11-2023, (A DAY AFTER THE DEADLINE for all windows 7 updates to cease according to the Lifehacker article which prompted my post) I got flagged by windows update that there were two updates available. So I downloaded "Security Intelligence Update for Microsoft Security essentials KB232-10138 (version 1.381.1081.0)" and Windows Malicious Software removal tool v.5.109 (KB8990830) So I looked them up and they're legit. ????????????

[Joram]

Just now 1-11-2023, (A DAY AFTER THE DEADLINE for all windows 7 updates to cease according to the Lifehacker article which prompted my post) I got flagged by windows update that there were two updates available. So I downloaded "Security Intelligence Update for Microsoft Security essentials KB232-10138 (version 1.381.1081.0)" and Windows Malicious Software removal tool v.5.109 (KB8990830) So I looked them up and they're legit. ????????????

Yes, those are virus definitions for their anti-virus programs (Windows Defender, MSRT) and they are still coming out for Windows 7. What Microsoft is no longer issuing is fixes for the security holes that keep getting found in Windows. That's where 0patch comes in.

It'll be interesting to see for how much longer MS continues to send virus definitions to Win7 machines.

[lostgreycells]

Thanks again, Joram! Your explanation is so very clear even I now understand.

I've been at risk for a security hole breach in Win 7 since January of 2020.

Best solution is to completely cut off using my browser. Continue to allow EPG123, Win7 update, and Macrium Reflect to fetch their own updates.

Just now downloaded the free version of 0Patch on another computer to install on Win7 box. (If I want a paid version I have to sign up before knowing what service handles the transaction) ??

[SalmonSurprise]

FYI the free version of 0patch will not do the Win7 updates for the last 3 years. That is only for paid. Again, I highly recommend it if you keep Win7 machines in service, but it is your call. In regards to what "service" they use for payment, I'm not sure what you are referring to. They charge my CC once a year. They are widely considered to be a reputable company. I'm not intending to shill for them, but I believe they have a valuable service, and I am grateful they do it.

[lostgreycells]

Thanks! I'll get the paid version of 0Patch. I try to limit the number of vendors who bill via credit card, use PayPal service whenever I can. But assume since they're in the business of providing hacker prevention, they're definitely up to date on their own site security.