What will you do after January 14, 2020?

[lexluthermiester]

Unless, of course, a kernel vulnerability is found at the networking level where it takes no interaction from the user to be exploited.

This statement implies you might misunderstand how a firewall works. If you can't access the kernel, any vulnerabilities are a moot point.

Some of you may not be old enough to remember the dark old days of Windows 9x in which there was a TCP/IP stack vulnerability that could be triggered with a malformed packet which would cause the system to instantly crash.

Oh, that is very well remembered. While it was a bit more complicated than that, you summed it up well. That problem is what started my interest in firewalls. Started using one shortly there after. Tiny Personal Firewall was a good one until Kerio Personal Firewall arrived.

Now, this could be mitigated but would have to be mitigated at the router level before it even hits your Windows 7 system with the use of a full stateful packet inspection in which all packets that come in are analyzed for content and source.

That is incorrect. Most routers have packet inspection built into their firewalls. Additionally, I have yet to find a software firewall that does not also include said feature.

Unfortunately, most home routers don't do this

Yes, they do.

Incoming port 2354 is sent to the machine with an internal IP of 192.168.1.68 on the same port, there's no source check so if a bad guy were to be able to know exactly when to strike, they could sneak in a packet to that port and it would slip through and hit your internal system and the router would just be happy to pass it.

All competent firewalls close ports that are not in use, stealth them and will reject packets for ports that are not open. Additionally, most firewalls will reject packets not expected by the system, IE unsolicited packets.

So with that being said, if a kernel vulnerability was found and the TCP/IP stack is at risk you could, in theory, be vulnerable no matter what you do if you continue to stay on Windows 7.

If you are not using a firewall(the one built into Windows itself does not count), that would be true.

 

[trparky]

Most home routers are mainly dumb NAT devices. They simply forward stuff from the WAN side to the LAN side with an entry in the NAT table. Anything coming in on port 2354 would then be forwarded to the LAN side based upon the entry in the NAT table. Yes, if a port is not open and thus not having an entry in the NAT table that port would show up as closed and/or stealth. However, if a port has been opened anything from the WAN side could, in theory, send stuff to port 2354 and that data would be forwarded onto the system on the LAN side. Again, most home routers are purely dumb NAT devices; there's no stateful packet inspection going on since for the most part this would require a whole lot more computing resources than most home routers have which usually consist of some low power ARM SoC. We're not talking Cisco routers here, we're talking about pretty much dumb devices.

 

[FinneousPJ]

The same thing I always do...

Try to take over the world.

 

[lexluthermiester]

So I've decided to try out Win10 Pro 1903 for a month on my personal internet system(the system I'm typing from) and so far it's manageable, but more importantly, securable. Cortana, Internet Explorer, Edge, Windows Defender, all of the bloat Apps and a few select services have been removed(deleted). A solid firewall has been installed and tested. While getting it to a usable/securable state was akin to pulling teeth from an uncooperative rhino, it can be done..

 

[trparky]

Why remove Windows Defender? Didn't you see the news article about Windows Defender beating out the big-name AVs?

 

[lexluthermiester]

Why remove Windows Defender? Didn't you see the news article about Windows Defender beating out the big-name AVs?

I did, even commented on it. Something along the lines of "it's annoying", "I don't trust it" and "Microsoft can eat dog feces for forcing it and all the other crap on us". I want an installation of Windows that is lean, clean, bare bones with no extras. I can take care of my own security, utility and entertainment needs, thank you very much.

 

[trparky]

I want an installation of Windows that is lean, clean, bare bones with no extra. I can take care of my own security and utility needs, thank you very much.

You seem to forget that we mostly live in a computing world dominated by dumbasses that need all the hand-holding that they can get and a metric fuckton more. In other words, Windows needs to come with stuff built-in lest we'll have an Internet filled with slithering worms.

 

[lexluthermiester]

You seem to forget that we mostly live in a computing world dominated by dumbasses that need all the hand-holding that they can get and a metric fuckton more.

No I didn't.

In other words, Windows needs to come with stuff built-in lest we'll have an Internet filled with slithering worms.

What we need is for people to be taught a good computing ethic and the option for those of us power users to do our own thing without all the aforementioned rhino teeth pulling rigmarole.

 

[trparky]

What we need is for people to be taught a good computing ethic

Good luck with that, I'm afraid you'll need it.

 

[biffzinker]

Why remove Windows Defender?

Because the Realtime Scanner Service is always scanning slowing down apps?

 

[trparky]

Because the Realtime Scanner Service is always scanning slowing down apps?

Yeah, if you have a potato for a PC then yes... I can see that. However, those of us who have... a modern system it's barely a blip on the processor usage charts.

 

[theFOoL]

I'm pretty sure regardless when MS says it'll stop updates, they'll keep updating with security updates and with more .NET Frame patches

 

[lexluthermiester]

Yeah, if you have a potato for a PC then yes...

It does that on brand new PC's...

 

[trparky]

It does that on brand new PC's...

What? I need some proof of that because I'm using Windows Defender right now on my 8700K equipped system and I barely notice it when compared to what I was using before (Avast). In fact, I'd go so far as to say that my system is running faster with Windows Defender as versus the boat anchor that is Avast.

 

[biffzinker]

It does that on brand new PC's...

Temporarily disabling the service shows a stark difference even with a Samsung 970 EVO NVMe. Also slows down the system during Windows Updates.

 

[lexluthermiester]

What? I need some proof of that

No thanks. If you don't agree, carry on.

What? I need some proof of that that my system is running faster with Windows Defender as versus the boat anchor that is Avast.

Well there's half your problem, your comparing it to Avast. Yikes! You can do better.

 

[trparky]

Well there's half your problem, your comparing it to Avast. Yikes! You can do better.

Uh... any recommendations?

 

[lexluthermiester]

Temporarily disabling the service

What was your method for doing so? I used WinAeroTweaker before deleting it.

Uh... any recommendations?

Oh easy, Comodo.

Best Internet Security Software | Antivirus Total Security

Comodo's internet security software is an advanced antivirus total security for web threats. Get the best internet security and Computer security software.

www.comodo.com

I actively promote this suite to all of my clients. The premium version is only $5 a year. Anyone can afford that.
The firewall side of it is currently second to none.

I also promote the very excellent browsers they have.
If you have a preference for Firefox;

Comodo IceDragon Browser | Download Free Internet Browser

IceDragon Browser from Comodo. Get free private browser which is compatible with all add-ons & plugins for all-around performance. Download now!

icedragon.comodo.com

100% compatible with all plugins.

If you have a preference for Chrome;

Web Browser Download | Free and Secure Internet Browser

Best Internet Browser Download, Comodo Dragon offers a chromium-based, fast, secure best internet browser. Download Free and Secure Browser.

www.comodo.com

Again, 100% compatible with all plugins, but without the limitations imposed by Google.

 

[biffzinker]

No thanks. If you don't agree, carry on.

Well there's half your problem, your comparing it to Avast. Yikes! You can do better.

I tried to leave Windows Defender alone when installing updates but when the installing process goes faster with the Realtime Scanner service disabled well.

What was your method for doing so? I used WinAeroTweaker before deleting it.

Windows Security then toggle the button from on to off. Currently Windows Defender is disabled with WinAero Tweaker.

 

[lexluthermiester]

Currently Windows Defender is disabled with WinAero Tweaker.

Great minds think alike?

 

[biffzinker]

Great minds think alike?

I'd leave defender on and alone if it wasn't inconveniencing me.

 

[Liquid Cool]

What am I going to do on January 14, 2020? Probably be running around upgrading pc's because everyone likes to wait until the last minute. Every single person that I've warned...which is quite a few...haven't heard a single word out of any of them.

From my experience...pc's have been catching a lot more dust in the last few years. Most people are busy staring into their phones. I haven't done a single full upgrade in the last three years. A few repairs, memory/ssd upgrades etc...but zero full upgrades. People are either buying HP/Dell pre-builts or just sitting on their old machines.

For my own rigs...I've already converted my systems over to Linux. Best move I've ever made.

Best,

Liquid Cool

 

[FinneousPJ]

I did, even commented on it. Something along the lines of "it's annoying", "I don't trust it" and "Microsoft can eat dog feces for forcing it and all the other crap on us". I want an installation of Windows that is lean, clean, bare bones with no extras. I can take care of my own security, utility and entertainment needs, thank you very much.

Bruh. Linux.

 

[lexluthermiester]

Bruh. Linux.

Bruh? You clearly don't know who you're saying "Bruh" to. I love Linux. Mint is my personal goto distro. However, there are some things I can't do, or do as easily, on Linux as opposed to Windows. As much as I detest Windows 10, it's worth the effort to try to make it work the way I want it to. If such an effort fails, I'll use 7 until it's not possible to do so and then migrate to Linux.

 

[FinneousPJ]

Bruh? You clearly don't know who you're saying "Bruh" to. I love Linux. Mint is my personal goto distro. However, there are some things I can't do, or do as easily, on Linux as opposed to Windows. As much as I detest Windows 10, it's worth the effort to try to make it work the way I want it to. If such an effort fails, I'll use 7 until it's not possible to do so and then migrate to Linux.

I still run a dual-boot, but I'm using Windows less and less. Nowadays the migration is very easy, and the reasons not to do so are fading fast. "As easily," is an issue of getting used to a new way of doing things

If I may, what makes Win10 worth the effort?