Using Windows 7 beyond MS support expiration in Jan 2020

@ddoctor,

Welcome to the Webroot Community. That’s a great question and one I’ve dealt with for many years. We have a business and technology front end to our business, but we are also a manufacturing plant as a printing company. We have manufacturing equipment that still uses Windows XP PCs that would cost $1.5+ mil to replace the press, just to upgrade the OS on the computer. Obviously, this isn’t something that we are going to do on a normal schedule, especially since we have a working press that’s 50+ years old. FYI, we’re a 75+ year old company. We also cater to customers who submit files from just about any design program, including older versions of those programs. So, I have to maintain systems that span from the 90’s till now. I still have a Mac OS 8 desktop in use and I finally retired my last Windows NT4 server in 2018.

So, to answer your question, you need to protect yourself in other ways.

• Make sure that the user logged into the system doesn’t have Admin rights. Hopefully this will keep something from being able to install anything, but no guarantees.
• Use anti-virus software that will support the OS for as long as possible.
• Make sure that the OS firewall is on and blocking as much as possible.
• If you’re on a network, make sure that you have a physical firewall between the PC and outside world that is properly configured to block as much as possible. Here’s a site to check for open ports on your firewall. This isn’t an ad, just a security expert’s site that I find useful. https://www.grc.com/x/ne.dll?bh0bkyd2
• If you can segment the PC from the rest of your network using something like VLANs, this is suggested. This is usually set at the switch layer. Having it segmented from the rest of your network will protect your other systems safe, in case it does get infected. However, if it needs to communicate with other network resources this approach becomes problematic.
• If you can’t segment the PC, remove the default gateway from the Static IP Address settings. This will block them from having access to the internet. There are other ways to block internet access if you use DHCP. Your physical firewall might have this functionality and there might be local or domain Group Policy’s you can set. Blocking them from the internet doesn’t guarantee anything, but is a step you can implement to help make it harder for users to accidentally do something harmful.
• If the user is connected to the network and the internet, here’s two ideas. Keep them on a browser that will stay up-to-date for as long as possible and is blocking as much as possible. I suggest Firefox because Internet Explorer won’t get updates after January and Chrome will probably stop supporting it sooner if they follow the same model as Windows XP. The other thing you’ll want to do is train the user not to use the internet unless they need to. That means for work only and when doing searches, what types of links to stay away from in the results.
• I’ll make this suggestion because everyone does. However, as I pointed out in my first paragraph, this isn’t always possible. You can always upgrade your OS. However, I would highly suggest you look at the system requirements for the latest version of Windows 10 1909. Windows 10 comes out with new “Feature Updates” twice a year and each has a set of system requirements and extends the EOL of Windows 10. Unfortunately Windows 10 Home doesn’t allow you to turn off Windows Update, you need Windows 10 Pro for that. Microsoft wants as many people on the latest version of Windows 10 as possible so their numbers look good to investors. However, this will lead to a Windows 10 Home system eventually being overwhelmed by the OS due to these “Feature Updates”. This has already been proven by Windows 7 systems that took advantage of the free upgrade when Windows 10 first launched. Basically Microsoft built in system depreciation even if it wasn’t needed, just to force PC sales because PC sales have become stagnate.

These are all just general ideas and they don’t all work together. However, picking the ones that work for your environment will help protect you from threats after a products EOL. I wish you the best of luck!

Sincerely,

NicCrockett

Ok thanks for that very detailed response. Just to clarify are you saying Webroot Secure Anywhere is not supporting Windows 7 after the MS support expires?

Dave

I’m not suggesting anything about Webroot’s support lifecycle. In fact that’s why we chose Webroot about 5 years ago. I was looking for a good anti-virus that was going to support Windows XP for as long as possible. At that time they ranked well on this site, https://www.av-comparatives.org/ . I say well because they weren’t amazing, but they were well balanced with virus protection and system resource usage. The system resource usage was a big deal for us because our hardware was old and couldn’t run something resource intensive. I took a look at the site and Webroot doesn’t even appear in tests for Mac since 2018 and Windows since 2016. I’ve also seen other threads in the Community stating that they aren’t ranking well, but I personally don’t have data on this. My personal experience is that they support an OS if they see enough need to support it. I suggest that you always find out if they are going to support something for another year before buying a year subscription. I do this every year because they don’t offer a refund if they stop supporting an OS part way through the year. Here’s my recent thread asking this very question, feel free to add to it asking about their support plans for Windows 7.

https://community.webroot.com/got-a-question-10/windows-xp-and-windows-server-2003-support-341408

Sincerely,

NicCrockett

@ddoctor ,

I’ve spoken with our Product Managers about this and to our knowledge, we have no plans of discontinuing support for Windows 7 any time in the near future. 

Hope that helps!

-Keenan

Thanks for the update @khumphrey!

Is Webroot alone enough to keep my computer safe/secure (running Windows 7 Home) if I decide not to get a new computer with Windows 10?  My current laptop won’t support Windows 10 upgrade so I would have to invest in a new computer and start over. 

That depends on how much you lock down, how careful you are, and how much risk you are willing to accept. Personally, I can use an old OS without an anti-virus and be okay. However, I disable more things than I can write about here. Here’s some things to think about:

1. One thing I do is either stay off the internet or if I’m on it, I use a browser that still gets updates. For example, Firefox 52.9 supported Windows XP longer than any other major browser. I also suggest Firefox now because of their push for data privacy when on the web. Windows 7 supports the latest version (71.0) with these new improvements, but I don’t know how long they plan on supporting it. If they do like they did for Windows XP, they’ll get to a version of Firefox ESR (Extended Support Release) and stop upgrading then. They’ll continue pushing security updates to a ESR release for longer than other releases. So, even though you stop at the current ESR version 68, you’ll probably get updates for another year. However, given the amount of users still on Windows 7 and what they did with Windows XP, I have a feeling a newer ESR version will be released specifically for Windows 7 in 1 or 2 years. This means they will probably support it for 2 or 3 years. FYI, I’m not affiliated with Mozilla Firefox, I am just a fan. These concepts can be used for other browsers, I’m just using my experience from post Windows XP EOL and applying it to Windows 7. It may or may not play out the same. Here’s a few Firefox links that you might find useful:
   1. About ESR: https://support.mozilla.org/en-US/kb/firefox-esr-release-cycle
   2. Downloads: https://ftp.mozilla.org/pub/firefox/releases/
2. Even if you have a supported browser and even if you upgraded to Windows 10 and it was supported too, search smart! This simple means to go to trusted websites, when using a search engine don’t click links that you can’t trust, and use a browser that promotes data privacy by blocking ads and trackers.
3. If you don’t need something installed on your system, uninstall it! Especially programs like Adobe Flash Player (Adobe is discontinuing in 2020 anyway) and Java. You’ll have to decide if you need a program or not. If you keep a program installed, see if it will continue to get updates. If it isn’t going to get updates, lock it down by disabling update checking, cloud functions, and other program integrations you don’t need. Anything you can disable and keep from talking to the internet will help protect you and you might see your PC’s performance improve.
4. I would also check your router to make sure that it’s secure. Make sure it has the latest firmware and updates installed. Make sure any settings that can be turned on to protect your network are also being used. In particular, you might want to check that all ports that shouldn’t be open are actually closed. Here’s a site that can help you check your network’s ports. Again, I’m not affiliated with them, it’s just a useful site.
   1. GRC Shields Up: https://www.grc.com/x/ne.dll?bh0bkyd2
5. Make sure the Windows protective services, like the firewall, are running. You might need to make changes to these settings based on your needs.
6. You might want to turn certain services off. One might be Windows Update services, including BITS. If Windows 7 isn’t going to get updates anymore, why does it need to continue running these services? There is one reason you might want to leave them running for now. It’s unlikely, but possible they’ll continue supporting Windows 7 like they did Windows XP. I have heard conflicting reports that they won’t and they will be supporting Windows Defender for longer. Windows Defender might protect you, but I can’t guarantee that or that they will continue supporting it.
7. Be careful of emails and attachments, no matter what version of any OS you are on.
8. If you don’t have a backup set-up for your files, I suggest you set one up. Since you’re at home you have a few options that I can easily suggest. Both use FreeFileSync to do the backup process. This isn’t an ad and I’m not affiliated with them. This is just what I use and can suggest for free non-commercial use. Feel free to use any backup software you prefer. I know Windows 8 and up had File History, but I don’t know if it was in Windows 7. I know older versions of Windows had a built-in backup software, but I always hated it.
   1. Buy one USB external hard drive that is at least a little larger than your PC’s hard drive(s). When you plug it in, change the drive letter to a specific drive letter lower in the alphabet in Computer Management → Disk Management. Use FreeFileSync to set-up backup jobs to “mirror” your files on the external hard drive. This will keep the latest version of the file/folder structure on the external hard drive. Eject the external hard drive from your PC. Reconnect it at least once a week to run the backup. Just remember to only connect it when the PC is in a safe state and disconnect it afterwards. This will hopefully keep ransomware from taking over your backups.
   2. Buy two USB external hard drives that are each at least a little larger than your PC’s hard drive(s). When you plug them in, change the drive letters to two distinct drive letters lower in the alphabet in Computer Management → Disk Management. Use FreeFileSync to set-up two backup jobs to “mirror” your files on each of the external hard drives. This will keep the latest version of the file/folder structure on each external hard drive. Here’s the reason for having two external hard drives. One you keep connected to the PC and the other you disconnect from your PC. The disconnected one you will want to reconnect maybe once a week to run that backup job. Just remember to only connect it when the PC is in a safe state and disconnect it afterwards. This will hopefully keep ransomware from taking over your backups. If ransomware does you can clean your PC and then restore your files when you know the PC is safe. However, if the PC’s hard drive dies, you can use the connected external hard drive to restore from because these files will be more up-to-date.
   3. Recap: Option one is cheaper and will work well. However, if your PC goes for any reason, you’ll lose whatever changed since your last backup. Option two costs more, but lowers (doesn’t eliminate) the risk factor of losing your most recent files.

I hope that helps, I realize that’s a lot to digest. Again, in the end it comes down to how much risk you’re willing to accept. I wish you the best of luck and have a Happy New Years!

Sincerely,

NicCrockett

NicCrockett - Happy New Year and thank you for all the useful information.  It IS a lot to take in. I was hoping for the short answer which is Webroot will keep me safe from spyware/malware (using my current laptop config) on the internet. 

I also have Webroot VPN - isn’t this feature meant to keep you “safe”?  I had some issues using it (related to my email) but I opened a support ticket and I am in the process of getting that resolved.   

Several years ago I had to replace the internal drive on my laptop after it fell off a coffee table (2013-2014 time frame maybe).  So I currently have a SSD in my laptop that I had to purchase and a IT friend my husband new set it up for me. 

Also for file backup - could I use the “Back up & Sync feature on my Webroot account? Does this back up to the cloud?

I don’t really want to sync with my phone as I only use my phone for calls/texting/minimal app use and occasionally looking up stuff using the the Webroot Secure Browser. 

I certainly could switch my browser from Chrome to Firefox (although I thought Chrome has improved its security features - but not so sure about data privacy regarding blocking ads and trackers.). I am conscientious when I am on the internet but you are probably much more so given your extensive knowledge! I will need to make adjustments for sure if I decide to keep using the laptop (nothing like waiting till the last minute to act).  I’m already loosing sleep worrying about this as the deadline approaches :).

Happy New Year @Jaxx!

Yes, it’s a lot of info, sorry to overwhelm you. IT is my life and I’m used to dealing with outdated technology in a business environment. @khumphrey did mention that Webroot wasn’t planning on discontinuing support of Windows 7 yet. So, my suggestions are extra steps you can take to stay safe. Again, it comes down to common sense and accepting the risk of using something that is outdated. You asked several questions and I’ll try to answer them as best I can. Don’t lose a ton of sleep, all the information I’ve given in this thread is merely to help others stay safe.

1. I don’t use Webroot’s VPN, so I don’t have knowledge of its features. However, I can tell you how a standard VPN works. A basic VPN is merely a tunnel that hides your location from your ISP and the sites you visit. A simple of example of this is using a VPN that makes it look like you are in Germany, when you are in the US. This allows you to use the German version of Google Search instead of the US version. VPNs can be more complicated based on who’s providing them. Some will randomly change your location so sites you commonly visit can’t pin your location down. This confuses their algorithms for displaying ads, product placement, etc. Work VPNs allow businesses to control the flow of files and allowed ports used. RDP is commonly not allowed over the internet, but when logged in via VPN connection business employees can RDP into their PCs or System Admins can log into Servers. I’m taking a guess, but I imagine Webroot is monitoring the traffic over their VPN connections and scanning it for malware.
2. I’m not familiar with the Backup & Sync feature of Webroot. I’m guessing this was added after Carbonite acquired them around a year ago. I mention this because Carbonite was a backup solution and yes it backed up to the Cloud. If this is a feature you are comfortable using, you will need to know how much space they give you. If they give 50 GB and you have 100 GB to backup, it won’t be enough space. However, if it is enough space, you might be good. However, you still might want to do the first backup option I suggested along with this. Backups are only good if they can be restored. If your system gets locked by ransomware that locks your constantly updating backup to Webroot, you lose your hard drive and your cloud backup. Having that disconnected backup is again a security blanket in case the worst happens. I personally have a Windows 10 Pro laptop that some files backup to OneDrive, others to Google Drive, others to Dropbox, and others don’t backup to the cloud. These don’t backup to the cloud because I don’t want my accounting files in the cloud. So this raises the question, can you trust  the cloud service from being hacked. All of these files, even the ones backed up to the cloud, I also backup weekly to an external hard drive. Again, it’s about acceptable risk for your specific situation.
3. I don’t know what phone OS and version of the OS you’re using. However, I’m not a fan of the Webroot Secure Browser. I’ll admit, it’s been awhile since used it, so it’s probably improved. Again, I’m a fan of Firefox. It has the ability to sync between all your devices and you can specify what gets synced. I only sync bookmarks, However, they sync between my laptop, tablet, phone, and work desktop. Plus, they’ve really started cracking down on ads, trackers, video and audio auto-play, etc. Even on Windows 10 this push for Data Privacy means a lot to me personally. Chrome does have more security features than say Internet Explorer, Edge, Safari, or Opera. Google uses Chrome to push its agenda for how they want to shape the web since they control the larger percentage of browser space. I’ll admit that some of these pushes aren’t bad, like wanting all websites to move to SSL. Unfortunately, the implementation of this hurt business that didn’t make this move because they didn’t need SSL. It hurt them because Google changed their SEO algorithms to push sites without SSL down in the results list. A page that displays only info doesn’t require an SSL certificate, but Google destroyed businesses from showing in results or if someone visited their site Google notified them it was insecure. However, everyone has their favorite browser, so it’s a matter of opinion.

Now go get some sleep! Windows 7’s last patch Tuesday is January 14th, 2020, so you have plenty of time. Most of all, remember to have Happy New Year!

Sincerely,

NicCrockett

@NicCrockett  - Thank you so very much.  All the information is useful (even the information that’s more technical).  I’m glad I can use this as a resource whatever I decide to do going forward.  

Have a fantastic year and thank you for taking the time to respond to my questions. - Jaxx

@Jaxx,

You’re welcome and have a great New Year!

Sincerely,

NicCrockett