How to Secure Operating Systems which don't get Security Updates?
-
It's not good to use operating systems which no longer receive security updates (such as Windows 7) on Internet-connected computers. But for those of us who must: How can we keep those computers relatively secure, how can we mitigate the security risks of not receiving updates?
-
@Eggcorn Some things:
-
Disable all unnecessary services that open network ports. If necessary use tools to find listening ports and what processes are keeping them open and disable the associated service (unless you absolutely need it).
-
Read some hardening guides (although most of them are targeted at enterprise IT depts). I'm sure there are scripts out there, but I'm generally sceptical of using scripts, better to know exactly what you're changing.
-
Run a good anti-malware and make sure it's updated regularly. I would think most AV vendors still support Win7.
-
If your machine is directly connected to the internet get a router in front. However, it's rare these days to have a direct internet IP. Routers offer security just from NAT as an attacker can't directly connect to your machine without it first opening an outbound connection.
-
Make sure your router firmware is updated, if it can't be updated consider getting a newer one.
-
Use a wired network - also much better for speed
-
-
You can still get security updates for Win 7.
https://0patch.comAll relevant new win 10+ patches are back ported for 7.
0patch also pushes out the fixes faster than microsoft so is worth using on Win 10 and 11You can also harden the OS by using a better firewall.
You can also lockdown parts of the OS using the tools from https://www.novirusthanks.org -
@Eggcorn , as long as you use Windows only locally, there are no problems, you can even use Windows XP if you want. But things change if you want to also use it online. Although you can use it with a good AV, which offers you some security, the problem is that you can't use an up-to-date browser, which apart from possible security gaps, also leads to compatibility problems, because many pages and services refuse access with a very outdated browser.
There is no other possibility, if you cannot or do not want to update Windows, to use it locally and use Linux in dual boot to be able to go online with an updated OS and Browser.