|
Upgrade to a newer version of Windows. Use Unix or Linux.
This is my opinion, which is definitely not based on any experience.
|
|
|
|
|
1. As OG said, run it in a VM. Easy to back up, just copy the directory.
2. On a host running Linux server. Smaller footprint.
3. Get yourself a router/firewall that includes gateway AV, Intrusion protection, App control, SSL control, etc, etc.
(these are spendy).
4. Bury a dead chicken in the back yard daily.
Good luck.
>64
Some days the dragon wins. Suck it up.
|
|
|
|
|
Glad you specified "dead" chicken. The idea of burying a live chicken daily gives me two thoughts
1. Creepy.
2. You're doing a crappy job if the chicken can get out of the grave every day.
I’ve given up trying to be calm. However, I am open to feeling slightly less agitated.
|
|
|
|
|
MarkTJohnson wrote: You're doing a crappy job if the chicken can get out of the grave every day.
... or you hail from the Caribbean.
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
Microsoft released a patch for Windows 7 for WannaCry, even though it was past the normal expiration date.
|
|
|
|
|
Member 15078716 wrote: I am looking for a (if possible) 100% effective way to block those trojans while being able to surf the net (with Windows 7) and view any page therein.
Let us know when you can do that even on the most up to date and fully patched OS. You'll be the first.
Windows 7 still has its uses. Being on the net is not one of them.
As others have pointed out, if you insist on using it on the net anyway, do it in a VM isolated from the rest of the world. Assume it's always compromised - don't do any monetary transaction with it, aka don't buy anything or do your banking using it. Heck, don't even provide any credentials to any site, even just for browsing, if that site has anything on you that you wouldn't want to be leaked out. Roll back to a clean checkpoint when turning the VM off.
Don't tell anyone you can put together a system that'll keep them safe on the net if it's built on something that's obsolete and not getting any updates. Because then you're misrepresenting the facts. End of story.
|
|
|
|
|
As far is I know, WannaCry was patched for Windows 7 by Microsoft, as well as for Windows XP.
If you really have to, ask yourself how to protect the operating system as best as you can from attacks.
1.) Put the machine behind a NAT on IPv4 (by using a separate router), or a virtual machine. Attacks on the network card from outside of the NAT or virtual machine are impossible (blocked by the router).
2.) Use a Rasperry Pi or similar for adblocking (Google -> PiHole). It's an excellent blocker. It's a as good as it gets blocking bad sites.
3.) Use a secure DNS Server (for example Adguard DNS - Google it). Configure it to use it in Firefox, or in the Rasperry Pi. That option blocks more bad sites.
4.) Use Firefox only. Google Chrome and Microsoft Edge end support for updates this month as far as I know. By using a current browser, you greatly reduce the attack surface. With using a current browser "Firefox", you greatly reduce the attack surface when browsing.
5.) Virus Scan, see what you can find for Windows 7. Old stuff. Not sure what is available.
6.) Don't go to random sites and visit mostly known sites only. Don't try to download stuff.
That's probably as good it gets, when you don't have other possibilities.
Another tip: With CCleaner (Crap Cleaner) you can investigate all startup programs and services. Once a month check for any bad startup entries.
You won't be 100% safe, but by using the Internet by not calling up "bad", random sites, you probably will be fine. Try using the computer mostly on known sites, use another computer with a current operating system for trying out new sites. Don't randomly click on stuff.
And now let the shitstorm start how to give that advice.
|
|
|
|
|
Member 15861385 wrote: Try using the computer mostly on known sites
Don't forget that a common problem here is that even known, trusted sites can get compromised and start serving malware. A patched OS might not be susceptible to this...but nobody can say the same for 7.
|
|
|
|
|
Ask not how but why.
See OG post, VM.
If because need to access 1 site with an older version of firefox, VM windows 7 for that 1 site, and use main OS for ALL other activity.
If because need to run an application that only works in Windows 7. Use VM of windows 7, and do ALL other activity on the main OS.
both minimise need for extended security complexities beyond windows defended.
Other guesses, machine only runs windows 7. If critical enough that needs a such security, then things like life expectancy of components more important then running windows 7. Replace HD, if CPU gonna konk out in 2 months.
If doing any extra activity stuff, dark web/torrenting, do not use windows 7.
|
|
|
|
|
I mostly still run Windows 7 here. I just retired a Windows 2000 machine and shifted it over to a new dedicated Windows 7 machine.
Up until recently, I HAD been running Avast as my antivurus on all machines. But Avast didn't want to install on that latest Windows 7 machine, so I switched to the antivirus I was using on the Windows 2000 machine: an open source antivirus called 'ClamWin'.
Some web content absolutely can't be accessed with Firefox, i.e. many videos. The only success I've had is with Chrome, which I hate. I just watched my Firefox update itself to version 108.0.2, which was a surprise as everytime I open it, there's been a banner that says I will need at least Windows 10 for future updates, so updates could halt at any time. Best advice: many forks of Firefox have also announced an end of support for Windows 7, so be prepared to clone the repository and compile it yourself, taking out the trap that prevents the compilation from running on a Windows 7 box. Probably have to keep cloning with every change.
Watching web videos is frequently important for me as I access video tutorials that I haven't found an equivalent textual answer. And sometimes I have to sort through multiple videos for the same issue because I can't understand the narrator due to the thick accent.
As for WannaCry protection: disable SMB level 1 access. Also a good idea to disable remote desktop access on all systems. This caused me a headache a few years ago when I spun-up some Linux boxes to use as my NAS, and I had to get them all on the same level to talk with each other.
Your router should keep out most traffic hammerinag at your location, though port forwarding to any box (computer) can be an issue.
I don't use 'Virtual Machines'. Except on the odd occasion I need to run something in the virtual XP environment that Windows 7 let's me have.
And I have a lone Windows 11 tower I put together for primarily for some programs that absolutely would not run on Windows 7 or 8 (I don't have an 8-machine) or Linux. But it has been a tough project to get it stable. It was a couple of months to figure out why the nvidia gpu driver was being disabled at every system-start, resulting in only one monitor working. That was solved by simply changing which Ryzen chip I was using. Go figure.
Good luck. I feel your pain.
|
|
|
|
|
Steve I am curious why you are using the ClamWin
ClamWin isn't the best antivirus program out there. In fact, it will be ludicrous for anyone to rate it as the best free antivirus program available to users. However, ClamWin is an effective tool for scanning your device for viruses hourly, daily, and even weekly.Feb 9, 2022
The above was a review of ClamWin
I have been running Windows 7 Pro with Firefox and ProtonMail lso Microsoft Security Essentials
My biggest fear is downloading PDF files and watching YouTube videos
Sooner or later I fear I will need to move to Windows 10
I have survived the Windows Me debacle so Windows 11 seems like a ploy to make me buy a new computer
FWW the box I have is a Dell Precision T7600 32 gig RAM 4GB Nvidia I use Cloudflair 1.1.1.1
my ISP is crap Frontier Communication only ISP available where I live Thought about StarLink but $$$
|
|
|
|
|
The box that is running ClamWin is an HP Compaq 6005 SFF.
I've been on Frontier and feel your pain. The only thing more painful is Comcast.
I don't trust 'security' products made by Microsoft.
I went with ClamWin when I spun up this particular Win7 box because the then-current Avast-free refused to install on it for some undetermined reason. So it was either ClamWin or nothing. That particular box isn't doing anything critical: it is simply my caller-ID display and logger for the call logs I've been collecting for the past 15-20 years when I had to start screen robocalls and other spam calls.
I'm open to ideas about an anti-virus solution myself. Many products have soured me to the point I no longer consider them.
|
|
|
|
|
@steve,
Microsoft security:Quote: I don't trust 'security' products made by Microsoft. I understand that. Microsoft was not always that way. Would you please supply a list of Windows 7 updates and service packs that you use? Maybe use with modifications?
ClamWin: I was reading on their site, Quote: Please note that ClamWin Free Antivirus does not include an on-access real-time scanner. You need to manually scan a file in order to detect a virus or spyware.
For Windows 7, as you use ClamWin, having to manually scan each file seems time consuming. I use malwarebytes and just tell it to scan all drives on its own, and it does it. Please explain how one at a time is better for you, if it really is one at a time.
BIOS vs UEFI:
Staying with Windows 7, not going off topic; Did you install Windows 7 via BIOS or via UEFI? Whichever you did, how do you see this choice affecting your anti-WannaCry barrier(s)?
|
|
|
|
|
|
Hi yourself! Welcome to the site.
Tell us a little about yourself if you want to, or just have a look around and see what interests you.
This area is for "chatty stuff", but you'll find articles on software development via the menu at the top of the page, and area for you to ask tech questions (or to help others by answering them) up there as well.
Just remember we don't like spam, plagiarism, or abuse and we'll all get alone fine!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Hi, and welcome.
>64
Some days the dragon wins. Suck it up.
|
|
|
|
|
Hello. This is an awesome site, stocked full of amazingly technically informed individuals. Use the resources as needed and don't be afraid to post questions or comments.
|
|
|
|
|
I'm an engineer. I like my data ORGANIZED. It used to be I could go out to usenet and talk with really smart people and get stuff done - even Microsoft tech.
Then companies realized we want to be able to control all that - and the Microsoft forums were born. But that was okay because the topics and data were still ORGANIZED.
The companies realized allowing google to cypher their data was bad, and google or any other search tools no longer delved into the microsoft forums. But it was okay - it was still ORGANIZED.
Then Microsoft created learn.microsoft.com where it's all one amorphous blob. Or maybe it's just me, but I think not. For me to learn how to use this abortion, I give you this: Microsoft Q&A Articles | Microsoft Learn[^]
I dare you to click. And if I want to ask a question? Well instead of being organized by topic, we get to use random tags, etc.
But maybe it's just me.
Charlie Gilley
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
Has never been more appropriate.
|
|
|
|
|
All of that is now obsolete and is being replaced by ChatGPT in short order.
*hides*
To err is human. Fortune favors the monsters.
|
|
|
|
|
ditto
"A little time, a little trouble, your better day"
Badfinger
|
|
|
|
|
Worse - Bing assisted by ChatGPT!
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
Ah yes more stupid answers.
Charlie Gilley
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
Has never been more appropriate.
|
|
|
|
|
I agree. Every time Microsoft "reorganizes" their support sites entropy increases. I remember being able to quickly find what I was looking for. Now it's just a mass of spaghetti.
|
|
|
|
|
The fact that 'Profile and reputation' comes before 'Asking and answering questions' tells it all...
The site is full of code samples that not even compile, a bunch that barely touch the surface of the object, or just simply does not related to the subject...
Nowadays it is next to impossible to find good documentation on new and developing technologies of MS... It reminds me the days when we learned by reading others - mostly assembly - code...
"Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid." ― Albert Einstein
|
|
|
|
|
It's not just you. Microsoft's so-called documentation is starting to resemble the late, unlamented, Novell's documentation.
This may be deliberate. Has Microsoft opened a consulting subsidiary?
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|