Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

FBI warning against Windows 7 use.


Recommended Posts

The FBI is warning about Windows 7. being used to hack into company systems and set up ransomware. Since MSFN provides information about using old operating systems online I think we need to change our security advice. Especially since Windows Update no longer works on many systems. I think older operating systems should now be used offline only or on airgapped local network at most. The situation will only get worse once ESUs expire. The security issue is much bigger now that serious amounts of money is involved. 

  • Like 1
Link to post
Share on other sites

24 minutes ago, Xack said:

Since MSFN provides information about using old operating systems online I think we need to change our security advice.

Who's "we"? MSFN's policy is simple: we do not propagate FUD. Period.

  • Like 2
  • Upvote 4
Link to post
Share on other sites

Technically the original FBI advise it is not FUD in itself, it is much more standard, boiler plate warning:
http://www.documentcloud.org/documents/7013778-FBI-PIN-alert-on-Windows-7-End-of-Life.html

Quote

Recommendations

Defending against cyber criminals requires a multilayered approach, including validation of current software employed on the computer network and validation of access controls and network configurations.

Consideration should be given to: 

  • Upgrading operating systems to the latest supported version. 
  • Ensuring anti-virus, spam filters, and firewalls are up to date, properly configured, and secure. 
  • Auditing network configurations and isolate computer systems that cannot be updated. 
  • Auditing your network for systems using RDP, closing unused RDP ports, applying twofactor authentication wherever possible, and logging RDP login attempts.

What would you expect them to say?

Brought to you by the same culture that produced:
https://en.wikipedia.org/wiki/Objects_in_mirror_are_closer_than_they_appear

Quote

U.S, PART 571 Federal Motor Vehicle Safety Standards, Section 571.111 S5.4.2 "Each convex mirror shall have permanently and indelibly marked at the lower edge of the mirror's reflective surface, in letters not less than 4.8 mm nor more than 6.4 mm high the words “Objects in Mirror Are Closer Than They Appear.”

and of course toothpick intructions.

jaclaz

 

 

  • Like 1
  • Upvote 1
Link to post
Share on other sites
  • 1 month later...
On 10/1/2020 at 11:27 AM, Gansangriff said:

I'd rather recommend than listening to the FBI but to upgrade your very unique Brain.exe instead. It's the best anti-virus out there. The only downside is, that Brain.exe can't be bought for money and downloading it is impossible, too. It must be fed proper knowledge to grow. And then one day, you will be capable of using the old operating systems online without running into a wall.

Would I recommend to average users who use their brain on other things than computers to use Windows XP and Windows 7 for example? No, because that would put them easily in danger. But if you know, what you are doing, then you'll be able to avoid the problems. Use a hardware firewall, that you can configure. Block unwanted Javascripts. Block everything, you didn't ask for. Don't click on everything that sounds like a promising help to your problems. Learn to read links before clicking on them. These things.

Also consider that something like Windows XP got more secure over time, as less and less people were using it. Windows 7 is still a very attractive target for mean hackers with circa 15% market share (2020).

This is easily one of the best forum posts I have read in a long time, can I just say that now.

WannaCrypt didn't even run on XP, remember: but all the ISPs and other tech sites just used it as an excuse to spread FUD about NT 5.x and 6.0 to scare people into upgrade to Windows 10. Also the whole thing of Microsoft trying to kill CPUs by lagging out Windows Update on Vista the day Win10 released (due to the free upgrade being exempt for Vista THANKFULLY, so let's try to make less smart users throw their devices away!)

Edited by MintChocAero
  • Like 1
  • Upvote 2
Link to post
Share on other sites
  • 2 months later...

on windows xp one can enable IPV6 support and generally I recommend using an ISP supporting IPV6 IPV4 is so crowded its easy for it to be exploited by fly by hackers.

Vista and seven I got hacked over IPV4 and ISP's aren't angels they use tracking 3rd party corporations for revenue on their customers account portals they're sometimes abused by corporations and authorities but where do people think news comes from about celebrity hacks? theres one of several answers.

Using browser extensions such as script filtering and ad blocking: surf facebook and others long enough they have scripts to inject that screw 'em up.

Facebooks partners can get dirty and will script you a comma into your peerblock app's blocklist as well effectively voiding your blocklists ability to filter anything even when read only access. Peerblock has a backdoor too sends statistics and leaves a closed port on your firewall effectively making your stealth status ruined.

Ever since XP Microsoft's share holders have been served revenue from its app store and yuou get video ads over your ad funded apps now.

Through these ad serving corporations hackers are found and even rogue government employed hackers but china's hackers are ugly as hell just block china if your not Chinese. same as Russians. They use methods such as tricking kernels with simulated hardware errors to pry into the system security layers. Such crap causes hardware failures sometimes fatal and expensive. Don't go thinking meltdown and Spectre are anything new age. Older less depth style hacks have been emerging from government agencies since Cavalari core was invented only governments can craft that level of hack intelligence.

  • Like 3
Link to post
Share on other sites

I'm intrigued by this hardware firewall thing — I just use the standard Windows Firewall, and I'm curious what the benefit of a physical one is!

Edited by ThomasW
  • Like 1
Link to post
Share on other sites

Well, for one, you can easily change the firewall rules from the OS. For example, in Windows you can create/modify/delete rules in the Windows Adv Firewall with netsh, or using an API call.

Certainly a hardware firewall isn't some magic foolproof thing, but a virus or malicious actor is less likely to be able to change rules on a dedicated firewall vs the one that is just a program on your computer.

  • Like 3
Link to post
Share on other sites

A "hardware" firewall is a misnomer. What is usually meant by this is an embedded computer running some software for network routing, often linux. It's no more hardware than another PC. A shortcoming of such a device is that it can only differentiate between computers and port numbers, not applications. It is convenient for setting up filters that apply to all computers on the network where configuring a firewall would be impractical, fresh installations, guests, portable devices.

  • Like 2
Link to post
Share on other sites

The difficulty about Windows PCs of all versions is, that you can't really trust them. They have a broken security by default (since years!). Backdoors open for the intelligence agencies can be used by the intelligent hackers, too. Therefore I wouldn't use a firewall running on my Windows PC. Please correct me, if this sounds irrational!

However routers can have backdoors too... search for it online, there are plenty of cases. Even OpenWRT can't be trusted blindly, because they are dependant on the hardware manufacturers too:

https://forum.openwrt.org/t/what-are-the-chances-theres-a-hardware-backdoor-exploit-in-many-of-these-routers/22909

I prefer the "hardware" firewall, because it saves RAM on my old machines and it's convenient to configure for all computers. But you are right, it's basically just another computer running vulnerable software. Not 100 % perfect.

  • Like 2
Link to post
Share on other sites
On 10/1/2020 at 5:27 AM, Gansangriff said:

I'd rather recommend than listening to the FBI but to upgrade your very unique Brain.exe instead. It's the best anti-virus out there.

 

I agree with the person who said this was one of the best posts on the forum in a long time.

I have used Windows for a long time and have NEVER gotten a virus except for the one time I actually tried, too, in a dev environment. If anyone else "accidentally" just rolls through a bunch of UAC prompts for unverified software from sketchy publishers, I guess they don't have brain.exe

 

On 10/1/2020 at 5:27 AM, Gansangriff said:

The only downside is, that Brain.exe can't be bought for money and downloading it is impossible, too. It must be fed proper knowledge to grow. And then one day, you will be capable of using the old operating systems online without running into a wall.

Would I recommend to average users who use their brain on other things than computers to use Windows XP and Windows 7 for example? No, because that would put them easily in danger.

 

Eh, not really. Just FUD. I recommend people stay on Windows 7, the technically inclined and very-much-not-so alike.

 

On 10/1/2020 at 5:27 AM, Gansangriff said:

But if you know, what you are doing, then you'll be able to avoid the problems. Use a hardware firewall, that you can configure. Block unwanted Javascripts.

 

This actually speeds up web browsing a fair bit!

 

On 10/1/2020 at 5:27 AM, Gansangriff said:

Block everything, you didn't ask for. Don't click on everything that sounds like a promising help to your problems. Learn to read links before clicking on them. These things.

 

Pro tip: if you see a sketchy email, and you don't already, switch to plain text mode for reading it.

Sometimes it's obvious mail is phishing mail, but sometimes I like reading it in PT mode just to see what's up. And since it's PT mode, they can't exploit any security vulnerabilities, execute anything, load anything, or track anything.

 

On 10/1/2020 at 5:27 AM, Gansangriff said:

Also consider that something like Windows XP got more secure over time, as less and less people were using it. Windows 7 is still a very attractive target for mean hackers with circa 15% market share (2020).

I wouldn't say XP is more secure... just less likely and less worthy of being exploited.

Windows 7 gets security updates for 3 or 4 more years, anyways.

  • Like 1
  • Upvote 1
Link to post
Share on other sites
On 10/1/2020 at 11:27 AM, Gansangriff said:

Would I recommend to average users who use their brain on other things than computers to use Windows XP and Windows 7 for example? ...

Would you recommend using Vista SP1 for internet on a relatively modern hardware in the nearest 10 years ? Thank you .

  • Upvote 1
Link to post
Share on other sites
15 hours ago, Dylan Cruz said:

I recommend people stay on Windows 7, the technically inclined and very-much-not-so alike.

Difficult topic! I support some users which simply aren't able to use a simple addon like NoScript. Making them understand, which servers they have to block (but only sometimes) is beyond their capabilities. These people are some crazy artists with fantastic ideas, but they would have been better off without computers at all to be honest!
And you have to block scripts, because even on the most generic websites that millions of people visit, a hacked advert can compromise your computer all of a sudden!

https://en.wikipedia.org/wiki/Malvertising

Not only through that, but these sunday drivers would destroy their online Windows 7 quickly. They use terrible webmail clients, loading spam mails full of adverts, code execution right away and they are screwed then. They need a user-friendly Linux instead (if it's just for browsing the web and no super-special software is needed). A lot less malware is possible then...

11 hours ago, D.Draker said:

Would you recommend using Vista SP1 for internet on a relatively modern hardware in the nearest 10 years ? Thank you .

I'm sorry, but I can't make any appropriate statements about Windows Vista! I haven't used it since 9 years. But it looks like, that there are a lot of current Vista users here. The question is: What did they do right to not get their old systems attacked? And what did they upgrade hardwarewise? Probably the hard drive, which has made big speed improvements in the last 15 years. Best luck with your computer setup for the next 10 years!

  • Like 1
  • Upvote 1
Link to post
Share on other sites
9 hours ago, Gansangriff said:

...I support some users which simply aren't able to use a simple addon like NoScript. Making them understand, which servers they have to block (but only sometimes) is beyond their capabilities...

A simple addon ? It's not simple for modern day users , blocking scripts ? Well good luck with that , all those modern bloated websites simply won't work , even if user knows what he's doing. Try to use NoScript here , for example . You won't even be able to leave a comment . And the majority of users won't bother themselves with figuring out what went wrong , they will simply uninstall this extension . I think the devs of  NoScript really should make it more simple-user friendly , add some templates for example , like light / mid / heavy privacy.

Even though I like your comment in general , I don't think Linux is a "user-friendly" system. And it's bloated with spying as well . Just install a fresh Linux and see the connections it's making right away . 

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...