anyone else sticking to windows 7?

Looks like 10 and 11 got more security issues than 7.

Unlike 7 they do get patched, unlike 7 they never seem to stop coming out of the woodwork - so it makes me laugh when people tout security as a reason to move off 7 to 10/11 and bonus every time they patch one flaw in 10/11 they seem to expose another one :s

CVE-2023-21674 for instance is a patch for a pretty serious one (and known to have been exploited), MS haven't even disclosed half of just how bad it is in a multi-user environment and there are nearly 100 recent ones rated as high risk vulnerabilities.

EDIT: Again I have no idea why anyone would cut MS any slack when it comes to Windows development let alone defend them.
 
Last edited:
Unlike 7 they do get patched, unlike 7 they never seem to stop coming out of the woodwork - so it makes me laugh when people tout security as a reason to move off 7 to 10/11 and bonus every time they patch one flaw in 10/11 they seem to expose another one :s

CVE-2023-21674 for instance is a patch for a pretty serious one (and known to have been exploited), MS haven't even disclosed half of just how bad it is in a multi-user environment and there are nearly 100 recent ones rated as high risk vulnerabilities.

EDIT: Again I have no idea why anyone would cut MS any slack when it comes to Windows development let alone defend them.
How do you know that a vulnerability like that doesn't also affect Windows 7, given that they only list OS versions which are currently supported in their article (which is why a number of Windows 10 versions which will also be vulnerable if you were still running them are absent from the list of affected versions).

It's very likely that if the vulnerability existed as far back as 8.1 (the oldest in support OS they list on this one) that it also existed in earlier out of support versions.

Observations like "Looks like 10 and 11 got more security issues than 7." make little sense.
 
How do you know that a vulnerability like that doesn't also affect Windows 7, given that they only list OS versions which are currently supported in their article (which is why a number of Windows 10 versions which will also be vulnerable if you were still running them are absent from the list of affected versions).

It's very likely that if the vulnerability existed as far back as 8.1 (the oldest in support OS they list on this one) that it also existed in earlier out of support versions.

Observations like "Looks like 10 and 11 got more security issues than 7." make little sense.

MS generally still list all affected OS versions for a vulnerability for instance https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21773 though no guarantees. (This might no longer be the case going forward as MS is winding down testing for 8 and older).

While I'm not sure "Looks like 10 and 11 got more security issues than 7." makes much sense Windows 10/11 are so riddled with security issues touting security as a reason to upgrade is in some ways a bit of a sick joke - people gave Intel a lot of stick over their vulnerabilities but Windows 10/11 are just as bad if not worse.

EDIT: Additionally as long as you have a decent firewall, systems behind a NAT or similar and use an up to date web browser there aren't many remote vulnerabilities almost regardless of what OS you run which can actually compromise systems, those that do exist largely take a lot of effort to exploit so are unlikely to be used outside of nation state sponsored attacks. The fun and games begin if a system inside your network becomes infected with malware or in a multi-user environment where the attacker has one foot inside the door (which can include compromised remote desktop, etc.). With several EternalBlue like vulnerabilities found recently such as https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37958 once an attacker does have one foot inside the door all bets are off regardless of what Windows OS you are running - there are almost certainly more variants of those kind of exploits yet to be discovered/patched in 10/11.
 
Last edited:
Mrk, back to some previous comments, I do agree that change comes along and I need to adapt. I’m not overly bitter about win11, but just that I’ve noticed that it’s way of working has caused me more pauses to consider how things are different compared to the previous windows version jumps.

I recently installed win 7 on a machine and when you take off the rose tinted memory and actually use it, you see how far things have come for the better.
 
Agreed there yep! There's been massive progress but it does take a motion to take that step forwards and see it amongst all the chatter.
 
I recently installed win 7 on a machine and when you take off the rose tinted memory and actually use it, you see how far things have come for the better.

That is something I can't say I see - I do have Windows 10 booted up most days alongside Windows 7. There are some improvements, but often let down by downgrading of other features or just being more awkward to use, etc. The only thing I would say there is that Windows 7 can take a bit of tweaking out the box to get the best out of it - but unlike 10 once you do that it stays that way - you don't have silly updates changing things around, etc. or worse removing a bunch of stuff it shouldn't like one recent update :s

I'm all for adapting to change when it is an actual improvement over the older thing.
 
Last edited:
EDIT: Additionally as long as you have a decent firewall, systems behind a NAT or similar and use an up to date web browser there aren't many remote vulnerabilities almost regardless of what OS you run which can actually compromise systems, those that do exist largely take a lot of effort to exploit so are unlikely to be used outside of nation state sponsored attacks. The fun and games begin if a system inside your network becomes infected with malware or in a multi-user environment where the attacker has one foot inside the door (which can include compromised remote desktop, etc.). With several EternalBlue like vulnerabilities found recently such as https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37958 once an attacker does have one foot inside the door all bets are off regardless of what Windows OS you are running - there are almost certainly more variants of those kind of exploits yet to be discovered/patched in 10/11.
While true to an extent, this is a bit of short sighted view to where the risk of using an end of life OS is coming from. As a regular user a entirely remote attack is unlikely regardless of what OS you're using (although that's assuming you're not running a router which hasn't received a firmware update for 10 years, you aren't using uPnP and that you haven't badly misconfigured your network such as placing your device in the DMZ).

The real risk has always come from the applications that you're running, and the web services that you're accessing. Having an up to date web browser is all very well but the sandboxes they use to try and minimise the risk of malicious code accessing your system are only as strong as the underlying operating system that is orchestrating those processes. If you look at the Chromium sandbox they're very clear that "The sandbox cannot provide any protection against bugs in system components such as the kernel it is running on.", and additionally if you look at the description of the features you'll note that the effectiveness of the sandbox only continues to increase as you move to more recent OS versions which have added functionality their sandbox can leverage.

Whatever you use - Windows, Linux, Mac - you're always going to be at the risk of vulnerabilities in the OS. By using a supported OS version and keeping it up to date you're doing everything that you can reasonably be expected to do in order to minimise that risk to your system and to your personal data. If you use an end of life OS that risk is only ever going to continue to grow month by month. If you're happy to take that risk then good luck I guess.
 
While true to an extent, this is a bit of short sighted view to where the risk of using an end of life OS is coming from. As a regular user a entirely remote attack is unlikely regardless of what OS you're using (although that's assuming you're not running a router which hasn't received a firmware update for 10 years, you aren't using uPnP and that you haven't badly misconfigured your network such as placing your device in the DMZ).

The real risk has always come from the applications that you're running, and the web services that you're accessing. Having an up to date web browser is all very well but the sandboxes they use to try and minimise the risk of malicious code accessing your system are only as strong as the underlying operating system that is orchestrating those processes. If you look at the Chromium sandbox they're very clear that "The sandbox cannot provide any protection against bugs in system components such as the kernel it is running on.", and additionally if you look at the description of the features you'll note that the effectiveness of the sandbox only continues to increase as you move to more recent OS versions which have added functionality their sandbox can leverage.

Whatever you use - Windows, Linux, Mac - you're always going to be at the risk of vulnerabilities in the OS. By using a supported OS version and keeping it up to date you're doing everything that you can reasonably be expected to do in order to minimise that risk to your system and to your personal data. If you use an end of life OS that risk is only ever going to continue to grow month by month. If you're happy to take that risk then good luck I guess.

End of the day you are always going to be somewhat reliant on how much you trust your software source and anti-virus when it comes to local threats and once an attacker or piece of software gets one foot in the door all bets are off when it comes to any version of Windows.

EDIT: Personally I don't recommend people continue using an end of life OS especially online but Windows 10 for instance had nearly 50 security patches in December, several of them severe and known to be being exploited (a few of them do affect Windows 7), followed by nearly 100 in January - many of them privilege escalation or bypassing local security exploits - many of them rated high, severe or critical. The real kicker being that many of these exploits should not have even existed in the first place and there is almost certainly many more - don't forget this is the kind of quality of development going on for Windows: https://www.theregister.com/2023/01/13/happy_friday_13th_microsoft_defender/

When my brother was working in IT for the NHS his team found a severe privilege escalation vulnerability in the language toolbar on Windows 10 - took MS 9 months to patch it.

So when people start going on about Windows 7 and Windows 10 in terms of security all I can really do is roll my eyes as MS have undone all the advantages of using a newer, supported OS on the security front.
 
Last edited:
Windows 7 is the new Windows XP for many people.

That said, no OS it bullet proof. But if an major vulnerability comes out and targets Windows 7 as its end of life. Then you cant blame Microsoft as they have given the option to upgrade which doesn't cost a penny.

There is only so long you can use "ah, it just works!" Until it doesn't and by that time its usually too late when you have ignored all the options. Seen that happen plenty of times working in IT.:D
 
Last edited:
Windows 7 is the new Windows XP for many people.

That said, no OS it bullet proof. But if an major vulnerability comes out and targets Windows 7 as its end of life. Then you cant blame Microsoft as they have given the option to upgrade which doesn't cost a penny.

There is only so long you can use "ah, it just works!" Until it doesn't and by that time its usually too late when you have ignored all the options. Seen that happen plenty of times working in IT.:D

You say that but it isn't like Windows 10/11 is an equal or better quality replacement when it comes to "just works" - for instance when we had 10/11 installed on a specific group of systems at work there was an unacceptable impact on serviceability due to updates and SCCM (technically now MECM apparently) causing far too many instances where an hour or more of work was lost to interruptions*. I don't know what the situation/policy will be going forward as I don't work in IT but I'm guessing the company will end up hiring people to move more software to *nix in the longer run with ESU for 7 ended.

* Certain amount of human element to that as people earlier in the day would use up the snooze allowance, but the system behaviour was outside of what was intended by IT as well.
 
You say that but it isn't like Windows 10/11 is an equal or better quality replacement when it comes to "just works" - for instance when we had 10/11 installed on a specific group of systems at work there was an unacceptable impact on serviceability due to updates and SCCM (technically now MECM apparently) causing far too many instances where an hour or more of work was lost to interruptions*. I don't know what the situation/policy will be going forward as I don't work in IT but I'm guessing the company will end up hiring people to move more software to *nix in the longer run with ESU for 7 ended.

* Certain amount of human element to that as people earlier in the day would use up the snooze allowance, but the system behaviour was outside of what was intended by IT as well.

I don't quite understand this, unless you mean you're dealing with users who refuse to accept that a Windows computer has to restart at some point once a month to install updates?

Speaking from my experience as an SCCM administrator, Windows 10 is trivially easy to service each month via it in a non-disruptive way. If the end user is going to ignore several days of notifications that this months update needs to be installed, and then ignore the final count down when the installation being required has passed the deadline then it is entirely on them if they still lose work. This is functionally no different to how servicing Windows has behaved all the way back to XP when you manage updates via SCCM. Until something like MS's Azure exclusive hotpatching makes its way to the desktop there is no getting away from at least a monthly reboot for a Windows PC.

If your IT was deploying updates with - for example - an hours notice before a forced install and very short reboot windows then that's on them if it's upsetting their end users.
 
Last edited:
I don't quite understand this, unless you mean you're dealing with users who refuse to accept that a Windows computer has to restart at some point once a month to install updates?

Speaking from my experience as an SCCM administrator, Windows 10 is trivially easy to service each month via it in a non-disruptive way. If the end user is going to ignore several days of notifications that this months update needs to be installed, and then ignore the final count down when the installation being required has passed the deadline then it is entirely on them if they still lose work. This is functionally no different to how servicing Windows has behaved all the way back to XP when you manage updates via SCCM. Until something like MS's Azure exclusive hotpatching makes its way to the desktop there is no getting away from at least a monthly reboot for a Windows PC.

If your IT was deploying updates with - for example - an hours notice before a forced install and very short reboot windows then that's on them if it's upsetting their end users.

Problem is we operate very demand and season lead - which can involve sudden changes to and from 24x7 operation, etc. not like a 9-5 where you can consistently schedule maintenance out of hours. I can't really say how much is a MS problem and how much is an IT problem palmed off as a MS problem when we complain but we never have those issues with Windows 7 on the systems.
 
For personal use for power users and gamers I actually see no reason to upgrade the OS beside specific game requirements.

Efficiency and performance is going backwards more than it is going forward. I only upgraded to win 10 for dx12 in games and windows store for specific games.
In hindsight at work for kiosks I learned about LTSB/LTSC builds, since then I swear by them on my personal laptops (but PC is win 10 pro but with killed windows updates).

I hate feature upgrades, **** them, **** breaking what works, **** a UI that needs more clicks or ticks to do the same that you used to or fixing what isn't broken, control panel is superior to the new windows settings. I've had WIN 10 for so many builds, but every update brought more pains than gains and after a while I just killed windows update. So my personal PC is stuck on v18362, and I only upgraded to that because Nvidia driver had an incompatibility on HDMI (after coming out of standby) with my previous version. And I had to upgrade my gfx driver for RDR2. On my personal gaming pc meltdown and spectre mitigations are off, because I prefer more IOPS and the mitigations notiably kill performance there. I've not run an active antivirus on my own personal gaming pc now for over 10 years I think as that also is a killer for iops on higher end PC's, whiled a huge cpu hog on poorer pc's...

At work obviously I'm updating because of security policy, but at home, no thank you... Laptops do get security updates though, but at LTSC builds they're less annoying.

Only the office365 updates are a pain, they take forever on lower end notebooks (cpu wise), if you use your lappy once per month they are a HUGE pain...


Obviously for work and anywhere with security regulations, it's a whole different story.
 
Last edited:
I was a staunch Windows 7 holdout and still to this day I think it's a far better operating system than 8, 10 or 11. But I had to give it up in the end, sadly running with no security patches isn't something i'm willing to do.

So now I run dual partitions of Ubuntu and Windows 11. Actually the newest Windows is alright, except that it's loaded with bloat and spyware to the point of ridiculousness and there's no way to absolutely remove crap like Cortana and the Store, you can only disable them.

If Microsoft decided tomorrow they were going to start re-supporting 7 with patches i'd ditch 11 in a heartbeat.
 
So now I run dual partitions of Ubuntu and Windows 11. Actually the newest Windows is alright, except that it's loaded with bloat and spyware to the point of ridiculousness and there's no way to absolutely remove crap like Cortana and the Store, you can only disable them.
No need to dual boot Ubuntu and Windows 11. You can boot and run Ubuntu and Android 13 inside Windows 11. :)

You can install Windows 11 without all the bloat and spyware and able to download updates from Windows Update with Ghost Spectre Windows 11 Superlite.


You can uninstall Cortana and Microsoft Store, open Terminal (Admin) paste below and press enter:

Get-AppxPackage -allusers Microsoft.549981C3F5F10 | Remove-AppxPackage
Get-Appxpackage -allusers windowsstore | Remove-AppxPackage
 
No need to dual boot Ubuntu and Windows 11. You can boot and run Ubuntu and Android 13 inside Windows 11. :)

You can install Windows 11 without all the bloat and spyware and able to download updates from Windows Update with Ghost Spectre Windows 11 Superlite.


You can uninstall Cortana and Microsoft Store, open Terminal (Admin) paste below and press enter:

Get-AppxPackage -allusers Microsoft.549981C3F5F10 | Remove-AppxPackage
Get-Appxpackage -allusers windowsstore | Remove-AppxPackage

Problem there though is you are relying on a relatively unknown 3rd party modified version of the OS with the potential security implications of that and how often they keep it updated and you definitely want to be applying security updates on 10/11 as some of the vulnerabilities are quite bad.

Which is why MS needs to pull their heads out their rears and make a better OS, with proper control over background maintenance tasks and updates instead of the clumsy, problem prone, disruptive implementation they have.
 
Nope, glad to be rid of it. We were still using it on desktops at work until just over a year ago and going between 7 at work and 10 at home (or on my work laptop) really showed how outdated and clunky a lot of aspects of Win7 are.

I am still on Windows 10 though, largely because if I do a Win11 install on my PC I'd probably want to do a clean install and I just don't have the energy for that!
 
Problem there though is you are relying on a relatively unknown 3rd party modified version of the OS with the potential security implications of that...
Indeed. In the 30min i spent investigating it threw up so many red flags i didn't even bother installing it on a VM, they've gone to great extents to obfuscate things so I'd be more surprised if it didn't contain some sort of virus, malware, or something dodgy.

For starters they've renamed the extension from .zip to .x006 something done by ne'er-do-well in an attempt to evade virus scanners that look inside archives, they've passworded it again possibly done to avoid virus scanners. Then there's the question of why you'd distribute an entire ISO when it's pretty trivial to write a few scripts to apply any changes you want to Windows ISO from a legitimate source, seemed like more obfuscation to me especially when, from what i could tell, they've only added some sort of .exe along with a command line download tool, 7zip, and a few .bat, .vbs, .dll files that probably amount to less than 5MB.

If you want a lesson in what sort of files to avoid on the internet then that's it.
 
Last edited:
Indeed. In the 30min i spent investigating it threw up so many red flags i didn't even bother installing it on a VM, they've gone to great extents to obfuscate things so I'd be more surprised if it didn't contain some sort of virus, malware, or something dodgy.

For starters they've renamed the extension from .zip to .x006 something done by ne'er-do-well in an attempt to evade virus scanners that look inside archives, they've passworded it again possibly done to avoid virus scanners. Then there's the question of why you'd distribute an entire ISO when it's pretty trivial to write a few scripts to apply any changes you want to Windows ISO from a legitimate source, seemed like more obfuscation to me especially when, from what i could tell, they've only added some sort of .exe along with a command line download tool, 7zip, and a few .bat, .vbs, .dll files that probably amount to less than 5MB.

If you want a lesson in what sort of files to avoid on the internet then that's it.
I was curious installed Windows 11 Superlite Ghost Spectre a year ago on VMWare Workstation, it did not contained virus, malware or something dodgy.

I figured out why Ghost Spectre generated mediafire link with extension to x005, x006, x007 etc is an attempt to evade mediafire free account 10GB download limit a month, not virus scanners. Ghost Toolbox contained exe tool with wget command line to download and install 7zip, Microsoft Store, browsers, drivereasy etc from Ghost Spectre toolbox menu.

Both JKLW11SV2WPE%252BU6X64.X006 and Ghost toolbox files was been scanned on VirusTotal all total clean by virus scanners.

https://www.virustotal.com/gui/url/a715b3980ac0e43cd55f0c305cc253e28486e527b3f679c750339a79119d3894 0/90
https://www.virustotal.com/gui/url/02b76bb22c8278855e44173c4839dafc65ed2d774af8cffb7dc0a3ce271171ac 0/94

If you want a lesson in what sort of files to avoid on the internet, you can use below link to get virustotal to scan files to see if it clean or flagged as malicious from many virus scanners before download the files.


If people are uncomfortable about download Ghost Spectre iso then that fine then they can use NTLite or MSMG Tool kit to do debloat themselves instead.
 
Last edited:
Back
Top Bottom