Boris_yo

Limp Gawd
Joined
Oct 22, 2011
Messages
224
Hi,

I know that Windows 7 support has ended back in January this year. I saw a comment that said if you keep using it still you will get hacked.

How true is that comment?
How will I get hacked if I don't go to malicious websites and use NOD32?

Also, can my PC get hacked just by being on idle? Will someone be able to do remote code execution on my PC?
 
Well, is your computer direct on the internet, or is it behind a router?

Is that router secure and blocking all inbound traffic by default and has no NAT rules to your windows 7 machine? If so being hacked directly from someone is slim and not as likely. Make sure your routers firmware is updated and if it does not get any updates and has not for a year or more, you may want to buy a new one, as many top brand routers have all had exploits allowing attackers to get in and do what ever they want.

The issue is, there is no more patching for windows 7, so if a new exploit comes out, you are not protected. And yes, even though you have NOD32, you can still get infected by visiting a compromised website. Many legit websites get compromised every day and have bad code injected into them to infect and exploit users. and most AV while effective, against truye 0-day exploits, do very poorly.
 
Bots scan ip ranges all day long. it is not that they are really looking for you specifically, they are scanning the "internet" looking for holes to exploit and get in. 99% of it is all automated bots and scripts that just run all night and day. When they find something that can be exploit, most of that is scripted as well to try the basics. Tries to exploit it and go from there. Eventually an actual person could will be the one doing the work to see if it is anything useful, try to get in, and go from there.

For websites, again, just random. who ever goes to the exploited site could get infected / compromised / ransomware...
 
I'm still using 7 on one of my desktops. I have ESET Internet Security and Malwarebytes Pro version. Am I concerned? NO! You can do a quick check here at GRC Sheilds Up: https://www.grc.com/x/ne.dll?bh0bkyd2
My results:
THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
 
Remember folks that there is no such thing as a 'safe' website. Any site you visit may serve you a hacked advertisement that sends a payload to your computer. The site owner has zero knowledge of this happening... Browsing is moderately safe if you keep noscript active and stop any javascript, flash etc. from loading in the first place. Windows can be hacked just by viewing an image so even noscript can't provide 100% immunity. It's advisable to not to enter the internet at all with Windows 7. I wouldn't use any version of Windows for surfing.
 
Executioner Thats good, you do not have an ports open into your network that is all that tells you. What is your router you are using? When was the last time it had a firmware update? Is it one of the many DLink / NetGear / Asus routers that have had firmware exploits over the last year and several of those models they are not updating because they are EOL and they want you to buy a new model?

AV and Malware Bytes are great, good steps to stay secure, but they do not stop 0-day exploits and viruses. Testing by credible security industry people have found that AV is only about 20-30% effective on average for stopping newly discovered items because most AV and Malware bytes rely on signature based lists. While good AV is moving to "usage patterns" and tying AI into it, most are not doing it very well yet unless you get into enterprise level AV products.
 
The problem with Windows 7 is that it doesn't have the protections of newer windows to make exploiting harder, as well if there is a patch for vuln for supported windows, it's trivial to reverse engineer and try it on Windows 7. Not being direct connect to the internet prevents people coming from the internet from exploiting you, but does nothing to prevent you from going to them and being exploited....

(Compromised Web Ad servers, clicking on an email with an exploit, etc)

As I guy who does Incident Response for the last 10 years, my advice is to get on supported platforms, either Windows 10, Mac, or supported Linux. It raises the bar for attackers. (Obviously, I'd recommend Windows 10 off that list)

This posting is provided "AS IS" with no warranties, and confers no rights.
 
It's pretty hard to protect yourself from malicious ads with an old OS. If you surf the interwebs with that box you can have trouble unless you update that OS.
 
I have an AT&T router. The machine on 7 is connected to the internet, but I hardly ever use a browser on it. It's mainly my home server.
 
Nothing stops 0-day, that's how it's defined, unknown vulnerability that can be exploited. Won't matter how up to date Windows, your router or AV is.
Some 0-days will use existing exploits and thus can some times fall under similar trends and may get blocked. You are right, 0-day by definition, but with AV makers promising they can stop everything these days, too bad the marketing machines miss-lead so many people.
 
Nothing stops 0-day, that's how it's defined, unknown vulnerability that can be exploited. Won't matter how up to date Windows, your router or AV is.
Heuristic analysis may stop some 0-day attacks but not all. Running full heuristics usually means a performance penalty bigger than from the infection :ROFLMAO:
 
There is "Jim Browning" channel on YouTube. I wonder how this guy hacks into scammers' PCs...
 
There is "Jim Browning" channel on YouTube. I wonder how this guy hacks into scammers' PCs...
Most likely he uses voice actors and pretends. It's really funny, people are scammed watching videos of scammers getting scammed. There are many videos like this on Youtube and they perform things which are simply not possible using the tools they use. An ancient version of Anydesk had a dll injection flaw allowing the guest to take over the host but these videos claim to do it with teamviewer and the likes. They're 99,9% probably fakes.

There are so many fishy things such as how do they manage to get repeatedly hit by these scammers to produce several videos when most of the planet never gets the contact...
 
Simply install windows 10 with the latest updates , use a good antivirus and avoid suspicious apps
 
Viruses aren't much of an issue. Its unpatched vulnerabilities that are the issue. You don't need a virus to install malicious code if you can just get direct access to a computer using a common port that your firewall isn't blocking and leverage that vulnerability to do what you need. If you have direct admin access and the ability to execute code you are all set with just about anything you would ever want on that computer. Its actually a huge issue for people who run old versions of Windows 7 and Windows XP since they never got the fixes needed to patch up vulnerabilities that bot nets use to add that computer to the farm.

I mean you can run Windows 7, but it's good practice to use something that is under support. Meaning there are people finding and patching known vulnerabilities. Linux distributions that are still under support, Windows 10, or Mac OS are all safer alternatives.
 
You can "get hacked" on any OS. The software environment and apps are all vunerable. Mitigation is the only option we have, firewalls, active monitoring through AV software, DEP, etc...

Windowe 7 has some unpatched vulerabilities that other modern environments do not. Your usage habits will have more to do with your security than the OS, generally. If you know the system is vulnerable to certain exploits, avoid those situations, or use apps to protect the system.

If you are a typical user, who just browses the web, with default browser settings, and email clients, I suggest using Win10 over 7, or if not gaming, Linux. In any case, you should look into router security and browser extensions, they will go a long way. But be aware, almost nothing can protect a machine from a neglegant user running maliciuos code through ignorance, so know where your downloads are coming from, and avoid suspicious links. Use a seperate "disposable" machine or VM, if you feel the need to be "frisky".
 
Most likely he uses voice actors and pretends. It's really funny, people are scammed watching videos of scammers getting scammed. There are many videos like this on Youtube and they perform things which are simply not possible using the tools they use. An ancient version of Anydesk had a dll injection flaw allowing the guest to take over the host but these videos claim to do it with teamviewer and the likes. They're 99,9% probably fakes.

There are so many fishy things such as how do they manage to get repeatedly hit by these scammers to produce several videos when most of the planet never gets the contact...
Jim is legit.

He is using other exploits than Team Viewer, and does not disclose them for obviuos reasons.
 
Jim is legit.

He is using other exploits than Team Viewer, and does not disclose them for obviuos reasons.
Well then Jim seems to know and use an awful lot of 0-day exploits and not sharing them with Microsoft. A criminal in essence.
 
Well then Jim seems to know and use an awful lot of 0-day exploits and not sharing them with Microsoft. A criminal in essence.
The remote connection initiated by the scammer, through Team Viewer, allows other exploits that are known by the security community to be executed.
 
The remote connection initiated by the scammer, through Team Viewer, allows other exploits that are known by the security community to be executed.
Still a criminal if he uses exploits and doesn't report them forward. By the way, any examples of such exploits? They're hidden from Google searches at least :)
 
Still a criminal if he uses exploits and doesn't report them forward. By the way, any examples of such exploits? They're hidden from Google searches at least :)
White hats are criminals? Only to the true criminals. I will not proliferate the software he or others use for this purpose, not in public or private communication. You won't find them on a surface search engine, not without knowing what terms to use.
 
Still a criminal if he uses exploits and doesn't report them forward. By the way, any examples of such exploits? They're hidden from Google searches at least :)

This is kind of like someone who steals drugs off of a drug dealer. Are the dealers going to go to the police to report the theft? Do you have a crime if you don't have a victim?
 
White hats are criminals? Only to the true criminals. I will not proliferate the software he or others use for this purpose, not in public or private communication. You won't find them on a surface search engine, not without knowing what terms to use.
A white hat sends his exploits to be fixed. If this guy uses the exploits without releasing them, he's a black hat that makes money off it.
 
A white hat sends his exploits to be fixed. If this guy uses the exploits without releasing them, he's a black hat that makes money off it.
The exploits are known, the scammers are just too greedy and stupid. White hats use their skills to help people by bringing down criminals, in most cases, those the law will not persue.
 
A white hat sends his exploits to be fixed. If this guy uses the exploits without releasing them, he's a black hat that makes money off it.
We should all cry ourselves to sleep in moral outrage that Jim is exploiting Indian scammers with his black hat h4x0r skillz.

As for the OP, it's what you find more important. There is a higher chance of Win 7 getting compromised than Win 10, but probably not too much higher with all the Internet facing software being updated. On the other hand, I found the 100% chance of suffering the abomination that is Win 10 to be much less acceptable. I have been on the Internet practically since its beginning and have only suffered one exploit on a single XP box, so I consider the personal risk tradeoff acceptable.
 
As one long time user has said if you need to run Windows 10 to use specific software just disconnect that PC from the internet and don't reconnect it. I personally have no clue what data Microsoft will send out if you reconnect it to the internet to update it but I'm sure there are others that do.

Personally I just installed Windows 10 because of the recommendation of many others including a friend that works for Microsoft. I have had nothing but problems and currently have my regular PC disconnected from the internet and pondering how I'm going to approach all my issues including privacy. Goggle Windows 10 telemetry and pick a few articles to read. I also have issues with my hardware which are 2 PC's - one with a 9th generation Intel processor and the other with a 10th generation processor. Did anyone here realize that Windows 10 has had issue with hot swapping your drives since it's release?

If you are not going to questionable websites and don't want to use Linux there will be some risks with Windows 7 but as already said - take precautions and read about the issues. If you value your privacy install an earlier release of Windows 7 because updates added both telemetry and installation on PC's with the more recent processors.

That is my 1/2 cents worth and if any disagree - please educate me. I didn't realize the scope of the issues with Windows 10 until I installed it. I knew of some issues but I agree with Meeho it is an abomination.
 
I don't trust any version of Windows on the internet. It's best to work with them offline and use other OSes for internet browsing.
 
I didn't realize the scope of the issues with Windows 10 until I installed it. I knew of some issues but I agree with Meeho it is an abomination.
The majority of those issues can be traced to hardware issues or misconfigs. Windows 10, largely, has been the easiest, most stable version of Windows 10 to set up. Is it perfect? No, but no other operating system is, either. we've got it deployed to a fleet of 350 client machines, and legitimately, we have more software issues with 10 Macbook Pros than the 350 Windows PCs.

As for privacy, I'm not going to delve into that too much, as it's been beaten to death already. Windows 10 doesn't do anything out of the ordinary. Do you have a smartphone? That's doing far more nefarious tracking than any computer is doing. Simple put, seeing someone complain about Windows 10 privacy generates an eye roll. The biggest risk of any computer system right now is the user, not the operating system.

Update the BIOS on your computer. Test the memory. Install the latest Windows 10 as a clean install. Update, use the latest drivers and apps that you need, stay away from questionable sites, and enjoy life. It's honestly that easy.
 
I still use Windows 7 and have never been hacked. China and Russia haxors have switched their attention to Windows 10 and leaving me alone in peace
 
I still use Windows 7 and have never been hacked. China and Russia haxors have switched their attention to Windows 10 and leaving me alone in peace
You're sitting on a time bomb basically. But if you're fine risking all your digital possessions, by all means continue using it online.
 
You're sitting on a time bomb basically. But if you're fine risking all your digital possessions, by all means continue using it online.
Depends on what you use the PC for? A Haxor can have access to a bunch of browser data or personal files, but if you don't put anything on the PC that is harvestable, they are wasting their time. Seperate PCs for seperate tasks, has always been my motto. Dedicated boxes for gaming/ browsing, and secure net access, at a minimum.
 
Depends on what you use the PC for? A Haxor can have access to a bunch of browser data or personal files, but if you don't put anything on the PC that is harvestable, they are wasting their time. Seperate PCs for seperate tasks, has always been my motto. Dedicated boxes for gaming/ browsing, and secure net access, at a minimum.
If he games using the pc - games are in risk of being stolen. If he internet banks on the pc, his money is in risk of being stolen. If he uses the pc on his lan, all his other computers, webcams, security cams etc are in risk of being infiltrated through the pc. Endless scenarios of risks.
 
Depends on what you use the PC for? A Haxor can have access to a bunch of browser data or personal files, but if you don't put anything on the PC that is harvestable, they are wasting their time. Seperate PCs for seperate tasks, has always been my motto. Dedicated boxes for gaming/ browsing, and secure net access, at a minimum.
As long as the boxes don't share Creds, that's a good path, it follows the https://docs.microsoft.com/en-us/security/compass/overview Secure Access Workstation model. But if they share any credentials, you have broken the model.

Running with Windows 7 on the internet is a dangerous move, due to the lack of mitigations in windows 7. Control Flow Guard for example is an awesome mitigation and it's only available on windows 8.1+. As well as the sandboxing technology in windows 10 is a game changer on mitigation.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Honestly I don’t see much of a reason to run 7.

Hardware support is better on 10. I couldn’t install 7 on my last three builds. There were key hardware drivers just missing. At best making things like nvme or chipset drivers working are complete hack jobs. Are you planning on staying on 6 year old hardware?

You are limiting yourself software wise. Companies are stopping support for Windows 7. It was the same with Windows XP, pretty soon you’re going to be at the mercy of whatever vendors still support 7.

Microsoft is constantly struggling to keep their head above water keeping up with security faults. They struggle with their flagship services (we just had a major compromise last week with exchange), do you think they care about bugs on systems that they honestly don’t even want you to use?

Staying on 7 introduces compromises. At that point, since you are willing to put up with a few of those, why not just try Linux?
 
Last edited:
It's the browser you use is the gateway to your computer.
Typically yes, but not always. As long as the PC is connected to a network that has access to the internet, it is vunerable, no matter the OS or browser for that matter.
 
Back
Top