Securing Windows 7

[Emp55t]

I recently bought a windows 7 PC since my current machine cant run wine and I like windows 7.
Any software that can help secure my win7 since it lost support?

Also Before You Comment:
The PC is not good enough to run VM'S.
No im not changing the OS.

 

[Trump's Chosen]

You don't need software. Just remove all network adapters from the PC.

 

[BlueSpark]

Install Sandboxie and set all your web browsers to automatically launch inside it (apparently Sophos wants a bunch of bullshit info to allow you to download, just type some random crap in there).

Install Super Antispyware (there's a free version if you don't want to pay)

Use an ad blocker extension for your web browsers.

You might also consider installing script blocking extensions for your browsers as well, but bear in mind that this will break a lot of websites and you'll have to whitelist a lot of stuff.

Don't install sketchy warez shit.


Consider using Windows 10 Pro instead, it's as good as W7 IMO after you use programs like Shut Up 10 to disable most of the spyware.

 

[Dreamland]

While Trump's answer is by far the most foolproof, it's not likely to be a satisfactory one for the average 7-boo.
For reducing (but not eliminating) the chances of getting rekt by the dangers of the internet there are some things you can use for protection that doesn't get in the way really.
Tinywall: Makes the windows firewall actually work for it's keep, only uses a few megs of ram and disk, and has a learning mode to initially train the firewall. it's not a firewall app in itself but it makes the windows firewall smarter. https://tinywall.pados.hu/
EMET: (deprecated since being built into W10's app secure) Microsoft's answer to polkit and apparmour. Lets you set expected and acceptable behaviour per app, set triggers for boundary violations (address filtering, stack pivot canaries etc.) in addition to enforcements of both DEP and ASLR. Great for hardening applications that are open to exploitation through injections (browsers, mailclients, discord). https://www.microsoft.com/en-us/download/details.aspx?id=54264

These two should give you a start i believe, while EMET has templates they aged badly, refer to my EMET template below for FF, Tor, Brave, and Chrome:

Spoiler

For Chromium based browsers: Control flow guard, Forced ASLR (bottom-up, high entropy), Simexec, IAF, EAF, Heap integrity, Callercheck, DEP, Stackpivot, entry validation, SEHOP.
For FF based browsers: Use Chrome's template EXCEPT entry validation.
For electron apps (freetube/discord/riot.im): use the FF template EXCEPT for riot.im which will not tolerate ASLR under most circumstances.

Now you have shielded a lot of apps that communicate with untrusted sources and (hopefully) prevented them from misbehaving.

 

[(not) y2k compliant]

OS Armor

Prevent Malware and Ransomware with OSArmor | NoVirusThanks

Windows OS application that focuses on preventing a malware infection by applying smart rules that block bad processes behaviors. An additional layer of defense!

www.novirusthanks.org

Supports Win7 and does a fair amount of block common vectors for malware+ransomware. Betwene this and "Common Sense 2020", you should be fine.

Don't forget that you can still get Win7 extended security updates for the next 3 years yet. So really, Win7 is still supported for a while yet.

https://forums.mydigitallife.net/threads/bypass-windows-7-extended-security-updates-eligibility.80606/

Note: You'll need to be signed in to Mydigitallife to see the post, but its worth getting an account there since there are many useful tools and utilities there.

 

[Emp55t]

Thanks for all the links and suggestions,

So what i'll do is :

(1)Install Sandboxie
(2)Use TOR only
(3)Only have internet on when needs to be
(4)Use MalwareBytes

Thank you all for the suggestions.

 

[Ruin]

Thanks for all the links and suggestions,

So what i'll do is :

(1)Install Sandboxie
(2)Use TOR only
(3)Only have internet on when needs to be
(4)Use MalwareBytes

Thank you all for the suggestions.

Malwarebytes is an absolutely colossal memory hog. Don't keep it on your machine. Have it on a USB for emergency infections.

 

[Emp55t]

Malwarebytes is an absolutely colossal memory hog. Don't keep it on your machine. Have it on a USB for emergency infections.

Thanks i'll do that since my PC only has 4gigs of ram

 

[NIGGER ASS PEE POOPY RAPE]

Thanks for all the links and suggestions,

So what i'll do is :

(1)Install Sandboxie
(2)Use TOR only
(3)Only have internet on when needs to be
(4)Use MalwareBytes

Thank you all for the suggestions.

getting the extended security updates as the post above yours suggests is more important than all those things combined. I recommend using the Simplix update pack which includes the extended security updates and excludes telemetry updates for you with much less hassle than any other method of updating Windows 7. it may look like russian malware at first glance but it's recommended by all the expert autists on the MDL forums so it's probably not malware.

if you decide to get Windows 10 instead, remember that the Enterprise and Enterprise LTSC editions allow you to disable more of the spyware than the Home or Pro editions.

if you don't want any software to access the internet without your permission I recommend Malwarebytes Windows Firewall Control set to medium filtering. it can be used separately from the rest of Malwarebytes and isn't a memory hog (it's also not an antivirus). this is especially useful with W10 or if you pirate games. even the fucking calculator app tries to connect to the internet in W10, and you don't want your pirated games phoning home to EA/Activision with your IP address.

edit: also you can get the Simplix Pack from the source here without making a My Digital Life account.

 

[Emp55t]

getting the extended security updates as the post above yours suggests is more important than all those things combined. I recommend using the Simplix update pack which includes the extended security updates and excludes telemetry updates for you with much less hassle than any other method of updating Windows 7. it may look like russian malware at first glance but it's recommended by all the expert autists on the MDL forums so it's probably not malware.

if you decide to get Windows 10 instead, remember that the Enterprise and Enterprise LTSC editions allow you to disable more of the spyware than the Home or Pro editions.

if you don't want any software to access the internet without your permission I recommend Malwarebytes Windows Firewall Control set to medium filtering. it can be used separately from the rest of Malwarebytes and isn't a memory hog (it's also not an antivirus). this is especially useful with W10 or if you pirate games. even the fucking calculator app tries to connect to the internet in W10, and you don't want your pirated games phoning home to EA/Activision with your IP address.

Thanks this was very insightful.

 

[GHTD]

The chad option is to just use Linux.

Windows 7 is outdated and isn't getting new updates.

 

[(not) y2k compliant]

The chad option is to just use Linux.

While I use Linux regularly for various needs (servers, imaging hardrives, etc) as a desktop OS it's dire at best.
The communities autistic stance on not wanting to statistically link libs alone makes using older software a nightmare at times on linux even if you have the source available. But I'm also someone who uses far more old software then I really should be admitting.

 

[soft kitty]

Is there a reason you can't use windows 10? Why 7? It's an obsolete OS.

 

[GHTD]

Is there a reason you can't use windows 10? Why 7? It's an obsolete OS.

Privacy reasons, which if you really were that concerned, you'd use a Linux distro that's not fucked around with by companies (looking at you Ubuntu).

 

[soft kitty]

Privacy reasons, which if you really were that concerned, you'd use a Linux distro that's not fucked around with by companies (looking at you Ubuntu).

You can disable Windows 10's "spying" quite easily, though.

 

[Looney Troons]

Can you give any more details, like, what the computer is going to be used for? Different use cases, different suggestions.

If you have servers at home, consider spinning up Nessus or Nexpose community editions to perform vulnerability analysis on your network and authenticated scans on your Windows 7 machine. Both are fairly lightweight and can assist you in finding one-time configuration issues, if any, that are easily overlooked.

Apply ACLs on your modem/router, etc.

 

[XYZpdq]

yeah I'm still dicking around on 7 but if you're really _this_ hyper about 10 then probably you should be reconsidering large amounts of your online-ing and just learn however linuxes work
I can understand "I need to interface with [gizmo] and it the program only runs on 7", though

 

[GHTD]

You can disable Windows 10's "spying" quite easily, though.

It's still well known Windows 10 does some fuckery even with adjusted settings. I honestly don't care because it's better than nothing, but some are super paranoid on here.

https://thehackernews.com/2016/02/microsoft-windows10-privacy.html

 

[Ex Cummunicated Sasser HD]

Is there a reason you can't use windows 10? Why 7? It's an obsolete OS.

From personal experience, Windows 10 runs like molasses on older hardware. I still use 7 too in my VMs, because using Win10 in the same spec VM is painful. (1 core, 3GB Ram, virtual drive on HDD, not SSD). Now running on bare metal, I do have Windows 10 but I'm a macfag, and hate having to reboot just to run some old Win32 apps that don't behave well with Wine.

 

[Smaug's Smokey Hole]

Have you considered a Kensington lock?