Prepping for Win 7 Apocalypse

[garyan2]

Uninstall, I don't think so. You could possibly remove the TV strip on the home screen, though, using something like MCT? Basically hide it.

[d00zah]

Try 'Hide Media Center Strips', included in the archive here:

viewtopic.php?p=100628#p100628

[gary94080]

no idea what a media center strip is. are they referring to four icons on the main menu for TV?

even if that is hidden wouldn't I still get the messages about the not being able to update the guide or guide out of date?

just checked uninstall and found that WMC isn't even listed. thought I would try uninstall, then reinstalling the program.

maybe I will just bite the bullet and do a fresh installation if I can find the disks.

[d00zah]

no idea what a media center strip is. are they referring to four icons on the main menu for TV?

Yes. Each section is called a menu strip.

even if that is hidden wouldn't I still get the messages about the not being able to update the guide or guide out of date?

Have you tried unchecking 'Tasks > Settings > General > Automatic Download Options > Automatically download Windows Media Center data...'? This doesn't sound like the 'nag'.

just checked uninstall and found that WMC isn't even listed. thought I would try uninstall, then reinstalling the program.

WMC won't be in the installed Programs list. You need to select 'Turn Windows features on or off' from the left-hand column & uncheck 'Media Features > Windows Media Center' in the feature tree.

maybe I will just bite the bullet and do a fresh installation if I can find the disks.

Unnecessary if you disable the feature.

[gary94080]

I didn't want to totally disable WMC. occasionally I use the Music Library function in combination with the Slide Show function.

I know there are work-a-rounds for that but I find it convenient to have it in one program.

[d00zah]

I didn't want to totally disable WMC. occasionally I use the Music Library function in combination with the Slide Show function.

I know there are work-a-rounds for that but I find it convenient to have it in one program.

That wasn't clear.

Have you tried unchecking the 'Automatically download Windows Media Center data...' to see if you still get the messages about the not being able to update the guide or guide out of date?

If not... it's been so long since I played around with this... if you remove the TV tuner card, does the TV strip go away (along with the guide msgs)? You could try disabling the device in Device Manager' & restart WMC to test.

[gary94080]

I didn't want to totally disable WMC. occasionally I use the Music Library function in combination with the Slide Show function.

I know there are work-a-rounds for that but I find it convenient to have it in one program.

That wasn't clear.

Have you tried unchecking the 'Automatically download Windows Media Center data...' to see if you still get the messages about the not being able to update the guide or guide out of date?

If not... it's been so long since I played around with this... if you remove the TV tuner card, does the TV strip go away (along with the guide msgs)? You could try disabling the device in Device Manager' & restart WMC to test.

my original question probably got overlooked because it's at the end of the previous page of the thread.

I will have to see what happens if I turn off the Silicondust cablecard tuners. I will have to wait and coordinate that with Channels TV usage. that is one of the reasons I was looking to uninstall the TV function of WMC. I wanted to eliminate any chance that WMC would try to grab a tuner and cause conflicts with Channels TV.

[d00zah]

If another app is using the tuners, disabling them is probably ill-advised.

Again, does disabling 'Automatically download Windows Media Center data...' stop the messages about not being able to update the guide or guide out of date?

If that works, delete all scheduled recording requests, delete/clear recording history (in case there are any missed/partial recordings that could get retried) & hide the TV strip. That, I believe, should eliminate the possibility of WMC grabbing a tuner. To be absolutely certain, you could disable the 'StartRecording' scheduled task, but that might be overkill.

If later, you decide Channels TV isn't what you want, WMC is still configured. Add a guide source & setup tuners, ready to go.

[gary94080]

If another app is using the tuners, disabling them is probably ill-advised.

If later, you decide Channels TV isn't what you want, WMC is still configured. Add a guide source & setup tuners, ready to go.

I'm not suggesting disabling the tuners. I was just going to try running "Set Up TV Signal" while the Silicondust Cablecard Tuner is powered down. maybe not finding any tuners WMC will revert to no TV.

I don't think I will ever go back to WMC as a TV-DVR. once the guide is gone it's dead as far as I'm concerned. possibly Microsoft as well. for my needs the only reason I stuck with Windows was WMC.

if I don't just limp along with my Windows 7 desktops, I may look at a Chrome desktop or a Chrome box in the future.

[theGBGuy]

Absolutely nothing. Continuing to use my 7MC rig for the purpose for which it was built: Windows Media Center.

OTA and EPG123 user here. And I turned off all updates, and the updater process, years ago.

I'm doing the same, just because MS isn't supporting Win 7 any longer means nothing (you just can't pay for support any longer, who does that anyways?)... If you need to reinstall, all the updates to this point will still be there, but I do suggest you image your rig to save a bunch of time reinstalling...

[FlukieStokes]

Thanks for the advice. What is opinion on any infections if I just leave it connected? Not sure guide data would download If I block inbound connections? Thank you

Retrieving guide data is an outbound connection. An inbound connection would be connecting to the WMC computer via Remote Desktop or an extender making a connection.

Thank you for the advice Scallica, I really appreciate it. I do have two extenders connected to WMC, would blocking inbound disable these? In your opinion, would you be concerned about keeping Windows 7 connected constantly after support ends? Thanks again.

[Scallica]

Thanks for the advice. What is opinion on any infections if I just leave it connected? Not sure guide data would download If I block inbound connections? Thank you

Retrieving guide data is an outbound connection. An inbound connection would be connecting to the WMC computer via Remote Desktop or an extender making a connection.

Thank you for the advice Scallica, I really appreciate it. I do have two extenders connected to WMC, would blocking inbound disable these? In your opinion, would you be concerned about keeping Windows 7 connected constantly after support ends? Thanks again.

Yes, blocking all inbound connections will break extenders. You need to make sure there is an inbound firewall allow rule for the Windows Media Center Extender service.

My media server is running Windows 7 and I have no intention of upgrading it. If you are not using the system for everyday Internet use, the security risk is minimal. As I said in my previous post, if you are very concerned about security, you can create an isolated network (DMZ or VLAN) for the WMC PC and your extenders. For example, your main home network would be 192.168.1.X and your WMC network would be 192.168.2.X. You can block all inbound traffic from the isolated network into your main network.

[FlukieStokes]

Retrieving guide data is an outbound connection. An inbound connection would be connecting to the WMC computer via Remote Desktop or an extender making a connection.

Thank you for the advice Scallica, I really appreciate it. I do have two extenders connected to WMC, would blocking inbound disable these? In your opinion, would you be concerned about keeping Windows 7 connected constantly after support ends? Thanks again.

Yes, blocking all inbound connections will break extenders. You need to make sure there is an inbound firewall allow rule for the Windows Media Center Extender service.

My media server is running Windows 7 and I have no intention of upgrading it. If you are not using the system for everyday Internet use, the security risk is minimal. As I said in my previous post, if you are very concerned about security, you can create an isolated network (DMZ or VLAN) for the WMC PC and your extenders. For example, your main home network would be 192.168.1.X and your WMC network would be 192.168.2.X. You can block all inbound traffic from the isolated network into your main network.

Thank you for your knowledgeable advice. Again, it is appreciated.

[philipt95148]

I tried out PLEX and found it superior to WMC. I am running a mix of 8 tuners (Hauppage and HDHomerun) with no issues. The PLEX guide works well and after a bit of learning I am ok with the DVR feature. I especially like the automatic commercial removal feature for recorded TV. I was comfortable with the unlimited one time license fee that includes the guide. So, I will be retiring WMC.

Can you share how to set up Plex ?
Thanks

[RedWMC]

I tried out PLEX and found it superior to WMC. I am running a mix of 8 tuners (Hauppage and HDHomerun) with no issues. The PLEX guide works well and after a bit of learning I am ok with the DVR feature. I especially like the automatic commercial removal feature for recorded TV. I was comfortable with the unlimited one time license fee that includes the guide. So, I will be retiring WMC.

Can you share how to set up Plex ?
Thanks

I posted another thread about my setup for Plex, there are several videos of using Plex, to setup, but happy to answer any questions if you want to make the switch. Good Luck!

[davidhp]

I have cut the cord with cable TV. Was still using WMC for OTA channels after I had a Rooftop antenna installed, but after a couple of days I lost 20 channels on WMC. I had to give up my Hauppauge dual Cable Card tuner when I cut the cable and hooked up my old Hauppauge single tuner (the HVR 1955 model) and get all 59 OTA channels available in my area (most are garbage channels but about 30 of them have watchable programing. I am using the WinTV software to record OTA shows (like using an old VCR - set the date, channel, start and end times) and that works fine for me for OTA channels. To make up for loosing the cable channels I subscribed to a streaming service which allows saving up to 50 hours of TV and upgraded my data usage to unlimited with my internet provider (cable). I also have software from Movavi that allows me to record anything on my computer screen in HD and save it to my hard drive. I use Titan free TV schedule to check listings to see what I want to record once a day and that works for me. I guess I will upgrade from Windows 7 to Windows 10 now.

[StinkyImp]

I am using the WinTV software to record OTA shows (like using an old VCR - set the date, channel, start and end times) and that works fine for me for OTA channels.

You can also use the programming guide at TitanTV to (point and click) schedule recordings in Hauppauge WinTV. Here's an excerpt from the WinTV user guide:

[dandeman]

Same as many here.... Continue to use Win 7 WMC for the purpose for which that computer was built: to serve my HDTV as an OTA DVR.

I've been a long time user of epg123 and just subscribed to Schedules Direct due to M$ dropping the Rovi program schedules.

So far as security......

I turned off all Win 7 updates, and the updater process a long time ago and also gutted many unused services that Windows turns on by default that are the weaknesses that are exploited..

A number of attacks make use of unnecessary windows services & protocols that default to being active whether needed or not.

I've gutted out the OS of all remote services, unused network protocols and firewalled what can't be removed on my systems.

This practice is certainly not a new idea, reference this article written 12 years ago and still good advice.. .. re: »www.nist.org/news.php?extend.204

The lateral spread of ransomware on internal subnets was by SMB v1 protocol that's ancient going back to 1985 when first written, and still active by default.

[Space]

That link to the article just gives me a blank page.

I am aware of these things, but never bothered to deactivate any services, but I probably should. I've always thought that I would disable a bunch of services and then a month later I'll want to do something and it doesn't work, but I'll have no idea it was due to a service being disabled, or which service it is.

Do you have a list of the services you disabled, or a link to a good site for explaining what services to disable?

Having a "gateway" PC get infected and then that PC infecting the HTPC via the LAN is the one fear I have about continuing to run Win7 past 2019.

I would like to continue using shares on my LAN, so don't want to disable that, I'm not sure if disabling SMBv1 will cause an issue with that or if the newer protocols are the ones being used and SMBv1 is just legacy and not in normal use.

[dandeman]

Looks like nist.org website has been replaced by nist.gov Tried finding the referenced paper on the new site, but looks I'm searching a virtual sea of papers on security..

Below is what I've disabled BUT there are also some major caveats to go along with this approach.

• First, disabling some services can cause the Window OS to crater and not be able to boot.. So I don't recommend this to anyone who is not prepared with a back up OS image that they know will restore...
  
  I use these removeable CRU Drive carriers https://www.cru-inc.com/products/rhinoj ... -jr-rj32t/ to make my "C" drives swapable, which as a normal back up practice, I rotate the C drive out at the end of each month and restore the backed up image to one of the next of 2 drives sitting on the shelf... So in the testing below (I think I did crater the ability to reboot on one of the changes) I simply swapped back in the good drive on the shelf..
  
  I use only the TCP/IP stack for any intranet sharing e.g. network printers and a tcp/ip based file sharing app and NO Windows OS data file sharing tools; so all that was disabled as documented below.

Below is what started out as a bit of an experiment (all systems tested ran Windows Seven Professional, most were 64bit OS, one 32bit OS), motivated by what I learned from reading about the approaches used in some heavily vetted systems, conversations with several security professionals I know, my own career in mainframe computing product development, and the (now lost) NIST article I had linked to above and other sources

and on the second recent MS security incident involving Remote Desktop Services.. here is an actual quote I found from Microsoft...

--------------------------------
quote: Mitigations
The following mitigation may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave Remote Desktop Services disabled:

1. Disable Remote Desktop Services if they are not required. If you no longer need these services on your system, consider disabling them as a security best practice. Disabling unused and unneeded services helps reduce your exposure to security vulnerabilities.
-------------------------------

It was quite a learning experience to look below the covers of the OS see what unused, historically vulnerable services could be found, and be turned off if not needed. After these changes I've found the systems run more reliably than before..You mileage may vary

The meaning of the A's, M's, D's below (example.... A>D means service initially found to be started automatically on boot was changed to Disabled) "A" stands for Automatic (on boot up activation), "M" manual start (a windows service can active (if really needed) or "D" for Disabled .... do not permit the service to run... and of course best of all "U" for Uninstalled (by me) if not needed... if it can't be uninstalled without cratering the system, then firewalling all ports the service uses is the alternative solution.

From the Change Logs:
Many of these changes were made as a result of scanning my intranet machines for open ports and tracing down what service opened the port. The machines can obviously still communicate using the only remaining protocol, TCP/IP (no windows networking, SMB, NetBeui, no file sharing allowed except by app using TCP/IP when needed, printers use TCP/IP). TCP/IP ports that can still be active by application software (have been given firewall permission) that I actually use.

Windows Firewall TCP Ports Blocked, Inbound & Outbound
135, 623, 3390, 5357, 16992, 59860 if open on specific machine.
See Windows Firewall Inbound & Outbound Rules

Uninstall SMB based Drivers
Control Panel>Network and Sharing Center>
Local Area Connection>Properties
Client for Microsoft Networks, Uninstall
File & Printer Sharing for Microsoft Networks, Uninstall
Link-Layer Topology Discovery Mapper I/O Driver, Uninstall
Link-Layer Topology Discovery Responder, Uninstall
QoS Packet Scheduler, ? Unchecked for now

Select Internet Protocol Version 4,Click Properties,
Click Advanced,Click WINS, NetBIOS Setting
Change "Default" to "Disable NetBIOS over TCP/IP
then OK

Go to Start | Control Panel, and double-click the System applet.
On the Hardware tab, click the Device Manager button.
Select Show Hidden Devices from the View menu.
Expand Non-Plug And Play Drivers.
Right-click NetBios Over Tcpip, and
select Disable.
Close all dialog boxes and applets
------------
The most dangerous and obsolete Windows Client/Server networking services (using Server Message Block-Common Internet File System (CIFS) that the ransomware is using for lateral infections

Service Name in Adminstrative Services
Server (SMB Protcol) A>D
Workstation (SMB Protocol) A>D
LanMan (Workstation) (SMB Protocol) A>D

HomeGroup Listener (receives data from "Server" A>D
HomeGroup Provider (sends data to "Server" M>D
Computer Browser M>D (local network browser..not any internet browser)
TCP/IP over NetBIOS Helper A>D
Remote Desktop Service M>D
Remote Desktop Services UserMode Port Redirector M>D
Remote Registry M>D
Routing & Remote Access M>D (local network, obsolete)