Microsoft ends free support for Windows 7

Unless you are on a closed network with absolutely no computers connected to the outside (even for updates), it is a huge vulnerability. Not only that, but if you are connecting any updated devices, they could also require updates which is difficult (not impossible) with a completely closed network.

 

Those are not connected directly to the internet per se, however, they do connect to equipment offsite which is considered a vulnerability as well.

 

These are mostly touch screen machine control devices and associated back-end servers. Many still running Windows 2000 or Windows NT. They have no access to the internet, nor do they need any updates. They are working fine just as they are. They are on a physically disconnected (from the internet) network.

I do not subscribe to the notion that every computer running a Microsoft OS needs to install every update that Microsoft releases. I tend to read about what the individual updates address, and only install them if they are relevant to the situation, and solve a problem that I am actually seeing or foresee. For instance, I don't care about IE security updates for machines that do not use IE and/or have no access to the internet.

One of Microsoft's methods to drive OS upgrades (because driving people to upgrade is what they necessarily focus most of their attention on) is 'continually degrading performance'. The Windows Update cycle, and particularly, their insistence that people install every single update, is part of that effort. Their refusal to address the malware problem, which is an easy problem to solve if they really wanted to, is also part of that effort, IMO. Malware plays to Microsoft's advantage by driving people to upgrade.

 

Yea, and the next time your car is run by Windows with any kind of wireless or cellular network with some form of NVM and a buffer to hold the NVM changes prior to flash, I will be concerned.

Those are turnkey systems, and do not really count since they only perform a specific function and no other. ATM machines also fall into this category, as do things like cash registers and the machine that prints up tickets at my local pawn shop (it is an old DOS machine running 20 year old software).

You can not really count these, since they are not "desktop" systems that people actually use. The systems at my last job were the same way, Linux systems running special software operating off of a tunneled IP network firewalled through the Internet (VOIP). But security patches and updates are still required if they are networked to anything, since an insider (or skilled hacker through a network vulnerability) would still be able to get to them if their security has been compromised.

Then the hackers of the world will thank you I am sure.

IE is more then your browser. For XP IE was actually your file manager. And the two are still closely linked in the OS. Most of the security patches for IE involve protecting it from "back door" attacks. If I can get a CLI into a remote machine I can do all kinds of amazing things. While I can understand deciding to not upgrade certain applications (say your current calculator or paint program with a newer program), I see it as absolute insanity to not install all security patches, if you use the program or not.

Some day if you have a friend use your computer and they decide to use IE to go to "this super cool website", you may be kicking yourself for not allowing those patches to be installed.

 

Any machine running a Microsoft OS and has internet access gets all the relevant security patches. Most machines in my shop don't fall under that category.

Will never happen. I don't run Windows on any machine I own because Windows cannot be made to be secure, and Microsoft is always a step behind the hackers. The only Windows desktop machines I have to deal with are corporate.

 

Microsoft has so munch money they could afford to give all their employees a ten year paid vacation. But no, they keep buying a company every day and have no knowledge of the service or product that the company produces. In return we see quality control plummet and soon more garbage on the shelves or on E-Bay.

I have little respect for Microsoft, Apple, Google, etc. They are responsible for the dumbing down of America and the world.

Do you think a community organiser could have ever been elected as POTUS without the internet ? So much misinformation on the web. Everyone today think they are a news journalist. "If it's on the internet, it must be true."

Last year I watched an interview of two old geezers who worked for DARPA during the 60's, 70's and 80's who were responsible for creating the internet for the Air Force. Both said in hindsight, they wished that the U.S. military would have kept the internet classified.

 

OK, let me know when I can stop laughing, please.

Here is the dirty secret most do not want you to know. OSX, Linux (pick your flavor), all operating systems are insecure. In fact, OSX and Linux are generally the most insecure operating systems out there.

The only thing that "keeps them safe" is that there are so damned many varieties and they are a minor OS in the marketplace that it is not worth the trouble of hackers to attack. An exploit for Mint likely will not work for Mandrake. And an exploit for Safari will not work for Opera.

And hackers, both being lazy and wanting to hit the maximum number of systems possible, attack the biggest and most common systems in the world. Windows and IE.

Trust me, at the corporate level we are constantly fighting to keep out servers patched and updated. Even throwing firmware patches onto our routers and switches (something maybe 5% of home and SOHO users do). This is because we are a target and have to keep systems secure. We probably spent 3-4 hours patching and plugging holes in every Linux box we sent out. Of course we were also 90% of the time on fixed IP addresses so it was much easier for a hacker to try and attack us.

I love it whenever somebody tries that "Microsoft is so insecure and XXX is secure" line, it only goes to show that they really have no idea what they are talking about. MS sends out patches literally every week, sometimes every day if a serious vulnerability is found. When was the last time most people updated their Linux box or software?

I can tell you the answer to that, probably never. I admit myself that I have not patched my Linux server at home in over a year. Of course, it is also not actually connected to the Internet at all, running through a VPN at home purely as a media server in a closed network with a completely different IP scheme then the rest of my network.

Windows in reality is one of the most secure operating systems there is. If Linux was so much better, then why are there thousands of hacks and data breaches of Linux systems almost daily? You would think that was impossible if Linux was as bombproof as many try to pretend it is.

And yea, I am no question a "multiple OS" user. Just some of the systems I run at home are on Dos/3.11, XP, Vista, 7, 8, OSX, Chrome, Mint Maya, MS Server 2012, SCO, and a few others (even a Netware 3.12 I have not fired up since I moved from Texas in 2012).

But anybody making claims like yours obviously is not really working IT. Otherwise you would know all of the security issues with Linux, and how long it typically takes to get them fixed (sometimes months).

http://www.lmgtfy.com/?q=linux+security+flaw

 

You're kidding me, right? Linux is the most exposed operating system on the net. For instance, fully 52% of the million most active web servers on the net are Apache/linux, as opposed to second runner up, a mere 12% for IIS. You would think large web services (like google, amazon, etc) would be the biggest targets and would choose the most secure platform, no? (They are, and they do.) The server that THIS FORUM on is running is Apache on linux. In the 30 years I've spent in IT, I have never once had a virus to squash on a linux box. Not one time. I've never had one of my servers, which necessarily have open ports exposed directly to the internet, and are being hammered on by script kiddies all day and night, compromised. Not one time.

Whereas probably 99.999999% of windows boxes are completely isolated from the internet via at LEAST one firewall (usually two or more), and even so, probably 99% of windows boxes are currently compromised. (Microsoft could fix this if they wanted to.) This isn't due to popularity, this is due to inherent insecurity.

As to linux updates, most mainstream distributions have a utility that updates them, and notifies the user when updates are available. There is nearly not a day that goes by that linux isn't wanting me to update this or that. I'm surprised you don't know about this; it's been common to every distribution I've used for years. (Red Hat and Debian-based, mostly)

I will agree that no OS is 100% secure, but I maintain that, of the mainstream OSs, Windows is, by far, the least secure.

(BTW: Netware 3.12 was awesome, back in the day, but Netware 4X and NDS really raised the bar. I am still running a Netware 6.5 box with Groupwise, today.)

 

Go back to what I had said before. Most hackers (especially the script kiddies or those out for profit) go for Windows and IE simply because they have the lionshare of the market. When you want to infect in some way a bunch of computers to conduct a DDoS or some other brute force hack are you going to go after say Mint or OSX which has 15% (maybe) of the computer market, or Windows-IE which has 75+% of the market?

It is simply a game of numbers. And back in the early-mid 1990's we were having a huge virus problem on the Macintosh side. Mac virus were rampant and there was little we could do about it. On the PC it was easy to install an antivirus and we were mostly safe. But on a Mac running System OS, it was a nightmare. No way to force use of an antivirus, they were rarely updated, and many actually disabled the software or replaced the definition table with their own bogus one.

But Linux is not immune, as I said it is just a numbers game. Having spent years as a "Grey Hat" (and planning on getting my CEH next year), it is not that it is not possible, it generally is not worth their while. Today most virus are written either as a takeover tool (DDoS bot), or as a way to make money (identity theft through keylogging, pop-ups, hijacking, etc). For this a hacker wants to target the #1 system and browser, and as I said that is Windows and IE. If for some reason Apple became #1 again, then you will see the hackers dumping the hacks of MS and IE and going after OSX and Safari. Or Mint and Opera. Whoever is #1.

Do not confuse the fact you have not gotten a virus or hacked with it not being possible. They simply do not care because you are a small segment of the marketplace.

As for Apache, it has security holes so big you can drive an aircraft carrier through them. That is why today the vast majority of websites are run by 3rd party hosting companies that have a team that specializes in security as a full time job. And as far as the compromised user boxes, most of those are due to "operator error". Visiting torrent and porn sites, installing a bit of software because some pop-up told them to do it, not running current antivirus software, the list is endless.

I worked from 2003-2007 in a small computer store, primarily repairing and selling systems. Every computer that went out the door had not only antivirus on it (Norton or AVG), but also at least 2 spyware programs and the Windows Update icon right on the desktop (and a few other security goodies). And in literally every single case that one came back with a virus issue, it was normally 2 or more of the following reasons:

Antivirus turned off or never updated ("it slows down my system" - this was the single biggest problem).
1 or more Torrent/Share program (LimeWire-Kazaa was huge - this was the most common virus portal).
Spyware software never updated or run.
OS never updated.

Literally one guy brought his computer back within 5 days and it was infested badly. Complete wipe and reload. Week later he is back, exact same thing. The 3rd time was when we modified our "1 year warranty" to only include 1 free reload due to virus. He just could not stay away from LimeWire, Kazaa and BearShare. Finally in 2005 I made up a 1 page "Disclaimer" that went out with each computer we sold or reloaded, stating that any programs like that, gambling, hacker, or porn sites voided the warranty for our virus service.

Myself, I have not had a virus in over 15 years. Then again, I also do not go to sites like that so I am mostly safe. I do not download hacked programs, all patches come from the programmers, and anything even remotely questionable is performed in a VM environment where if things go bad I can just dump it.

http://www.linux.com/learn/tutorials/284124-myth-busting-is-linux-immune-to-viruses

 

I feel your pain. I ran a multi-line BBS from '82 to '92. I saw it all. I spoke to John McAfee on the phone during that time, who helped me integrate his anti-virus software into my BBS to automatically scan files that were uploaded. He graciously made his anti-virus software available for free to BBS operators, and it wasn't long before they started supporting it natively. First virus I ever saw was "cascade". Made the letters in DOS based word processing software fall off and pile up at the bottom of the screen. Fun!

But, I am not convinced it's ALL about numbers. Like I eluded to before, Microsoft, being the defacto-standard desktop, directly benefits from malware and from bloated anti-malware. They could stop malware, but they won't. Not until other OSs begin to eat into their market share in a more meaningful way. Malware AND anti-malware contributes to the 'continually degrading performance' strategy of driving people to abandon and upgrade. Enumerating badness is a losers game. Compiling lists of existing badware after the damage is done is a losers game. By the time AVG knows how to detect the latest, and pushes an update out to the users, it's already run its course and done its damage. The inevitable lag between release and a detection pattern is an insurmountable problem. Fixing malware is a multi-billion dollar industry that's not gonna go down quietly.

Linux is much, much better at isolating the core operating system and associated files from anything the end user (or programs that run as him) can do (unless he stupidly logs in as root, then all bets are off). Windows could do this, but they won't. Enumerating a SHORT list of programs that are allowed, instead of a LONG and ever growing list of malware that's NOT, makes more sense. Windows could do this, but they won't. Linux's 'software repository' model is vastly superior anything Windows can currently approach.

Based on all this, I maintain that Linux is the best choice, from a security standpoint, for both desktop and server applications. This truth is evidenced by the wide margin linux holds against microsoft in the web server market. Windows will be really hard to unseat in the enterprise, though. My predicition is that, if Linux or OSX ever do become the hackers favorites, that they will have a much more difficult time exploiting them than they have had from Windows.

But, like you said, there's no fixing stupid. End users will ALWAYS answer "Install 'Cat Riding a ROOMBA!' viewer?" with 'OK', every time. And they'll log in as Administrator to do it. Then you get to reload their OS (again).

 

Yea, the good old days, when SCAN and CLEAN were 2 different programs. Myself, I used a door to scan all inbound files and convert them to ARJ. One great thing about McAfee back then, his software was probably the best at the time, and free. There really was no "real time" antivirus in those days, it was all run stand-alone.

I was one of the McAfee distribution points back in the day, getting the new releases the day they came out. That was often a major draw to get in new users (that and that every computer I sold had a modem and dialer with only one number in it, mine).

Yea, BBS' were awesome - until around 1995 when the Internet took their place. Funny how having a 486DX-50, 8MB of RAM, a 700 MB hard drive and 3 CD-ROMs made for a "Super BBS" back in the day (and Night Owl CD was awesome). Towards the end mine was quite unique. An early Ethernet P2P program known as Web (think Lantastic but used standard Ethernet cards). And DesqView to allow for the easy running of 2 nodes per computer.

https://books.google.com/books?id=D...AQ6AEwAA#v=onepage&q=webcorp ethernet&f=false

I often times miss those days, when most in an area knew each other (other then those of us that were active in FIDO as well).

 

All far too techie for me. Bye.

 

Not really. The majority of Microsoft "money" is tied up in the capitol of the business, like any other company. Large corporate campuses, manufacturing and design departments for making things from MP3 players and keyboards to game consoles and thousands of other items. And having thousands of programmers is not cheap.

As for the "dumbing down", that is what people want. In the era of DOS and other text based systems, computers were a novelty that very few people had. it was not until Windows 3.1 that more then a small percentage of people owned computers. They were simply to complex for most people to want to bother with.

And the internet really did not take off until 1995 when getting online went from a chore (configuring a MODEM with IRQ settings and memory addresses, installing Trumpet Winsock) to something anybody could do (drop in a plug and play modem, Winsock built into Windows 95). And I have used the Internet on a text connection, that is no joke amazingly hard. I will not even get into trying to use ARCHIE or GOPHER to do searches, compared to YAHOO or GOOGLE.

And with every generation, computers have gotten "dumber". But this is not the fault of the programmers, that is what the people want. They want plug & play, install a CD-ROM and away they go. Not have to hassle with something like "Messyducks"to configure it manually. They want to take a new hard drive, plug it in and it works. Not have to go into DEBUG with G=C800:5 to low-level format the thing before they can even format it (and manually install error tables, sector counts, etc).

I have used computers for over 40 years now. And one thing I have realized, is that people want simple. They want plug and play, they want push a button and it works. Heck, places like Best Buy typically charge $50 to do something as simple as install antivirus software. I was building my own home networks in 1991 by stripping coax cable, I often do service calls where somebody just wants me to configure their printer to share on a pre-built home network.

Face it, most people are stupid. They do not want to know how computers work, they want them as simple as possible. That is why Apple can sell millions of computers where the mouse only has 1 button. 2 buttons I guess is to confusing for some people (my mouse has 5 + 2 tilt buttons on the scroll wheel, my keyboard has 122+media buttons+LCD). Ironically, I am one of the opposite, living in text mode almost as much as in the GUI. But I admit, I am not your average user. I love going into my 25 port switch manually in text mode to reconfigure ports, something 90% of users would never do.

But this is not the fault of the companies, this is what the consumers demand.

 

Bit different for sure.

 

I was referring to this. -> http://en.wikipedia.org/wiki/List_of_mergers_and_acquisitions_by_Microsoft

And that Google buys a company almost every week. -> http://en.wikipedia.org/wiki/List_of_mergers_and_acquisitions_by_Google

That's what they do when they have so much money and don't know what to do with it. There's no (*)(*)(*)(*)ing reason for these companies to be outsourcing jobs or firing American computer programmers and using H-1B work visas to bring foreigners to America to replace them.

You listen to John and Ken don't you ? You heard what Southern California Edison has been up to ?

http://www.latimes.com/business/la-fi-edison-layoffs-20150211-story.html

http://www.breitbart.com/big-govern...isas-to-replace-americans-with-guest-workers/

https://www.numbersusa.com/news/members-congress-and-union-rally-support-workers-laid-h-1b-hires

 

Yea, and often times acquisitions like that are not made with cash, but with combinations of stock-positions in the new department, as well as money invested. Not as "a $50 million check in the pocket of the founder".

And no, I have not listened to John and Ken for over a decade. Nor Bill Handel. Kind of hard to listen to them way up north, KFI signal does not travel this far.

And there is a reason much of this is outsourced. For one, generally what is outsourced is the "brute coding" aspects. It literally takes thousands of man years to write an OS, so what if some of this is sent overseas? It is literally almost nothing compared to the amounts that are coded here in the US.