VOGONS

Common searches


Windows 7 Risk

Topic actions

Reply 20 of 31, by Fr0ns

User metadata
Rank Newbie
Rank
Newbie
dr_st wrote on 2024-12-28, 09:48:
Fr0ns wrote on 2024-12-27, 15:15:

However, when something happens with an online transaction / you get phished / "hacked" and your bank or the store in question notices you run an OS that no longer is supported they might have the right to deny paying you any damages (even when your outdated OS isn't to blame).

No, they don't. Quit making stuff up.

We can go into debate whether this is fearmongering and real life cases have not happened but I have also carefully worded my earlier statements not as hard facts but something to take into account. I'm no lawyer though and the debate is on if I can even walk around without a helmet.

First, my bank does not see Windows 7 as a supported operating system:
https://www.rabobank.nl/toegankelijkheid/best … men-en-browsers

The Dutch civil book of law says the following:
Artikel 529 https://maxius.nl/burgerlijk-wetboek-boek-7/artikel529
2. De betaler draagt alle verliezen die uit niet-toegestane betalingstransacties voortvloeien, indien deze zich hebben voorgedaan doordat hij frauduleus heeft gehandeld of opzettelijk of met grove nalatigheid een of meer verplichtingen uit hoofde van artikel 524 niet is nagekomen. In dergelijke gevallen is het in het eerste lid bedoelde maximumbedrag niet van toepassing.

Freely translated as: "The payer" carries all loss resulting from unwanted transactions when they are the result from fraudulent actions, intent, gross negligence or not complying with one or more terms from article 524.

Arcticle 524 https://maxius.nl/burgerlijk-wetboek-boek-7/artikel524/
1.De betaaldienstgebruiker die gemachtigd is om een betaalinstrument te gebruiken,
a. gebruikt het betaalinstrument overeenkomstig de voorwaarden die op de uitgifte en het gebruik van het betaalinstrument van toepassing zijn

Freely translates to: The user who is lawfully auhtorized to use the payment method, used the payment method in according to the TOS that applies to it.

https://media.rabobank.com/m/3dfd0c240d29ff7/ … ensten-2022.pdf
61. Welke regels gelden voor apparaten, software en verbinding?
1. Wij stellen eisen aan de apparaten, software en verbinding. U betaalt zelf de
kosten van deze apparaten, software en verbinding.

Now this again is very open to interpretation in my book but it translates to: We have requirements regarding devices, software and the used connection.

So the wording is pretty fuzzy in my opinion and not to come of as a Covcit freely quoting passages from law books I can see the framework on a lot of banking sites is also there. At least here in the Netherlands. They don't say strongly what they won't do but word it like: "we will always pay out in x days when you fully comply with our TOS (https://www.ing.nl/de-ing/veilig-bankieren/wa … vergoed-krijgen)" and examples like that. With internet fraud running rampant, I do not suspect these rules will become less restrictive over the years.

Seeing as I can easily order anything from our Amazon equivalent, transfer all of my money, change my mortgage, do my taxes, shitpost on Vogons and my Steam account is old enough to legally drink I would personally not take this risk, especially because the alternatives are not that expensive.

Written from my probably very unsupported Linux shitbox..

Dell Dimension 4100
Intel P3 1GHz 133MHz
512MB SDRam 133MHz
Geforce 3 Ti 200 64MB
Soundblaster 16 PCI

Reply 21 of 31, by soggi

User metadata
Rank Member
Rank
Member
theelf wrote on 2024-12-28, 11:32:
About security, was funny to me have a good surprise last year. I get a call from a small company i worked 10 years ago, bac […]
Show full quote

About security, was funny to me have a good surprise last year. I get a call from a small company i worked 10 years ago, back on time i set up a NT4 server for controlling and doing software updates to some old robots they still have working in factory, like Italtech Alfa robots that still use floppy disk

Anyways, back on time, i write a script that every sunday the NT4 server will do a full backup on a external HDD raid 1 and in a tape drive

Well, they callme totally desperate, because they have a virus that encript everything, and only leave a txt with a instructions to send money to russian thieves. They ask for a insane amount of money nobody can pay, and finally they remember i was working there, and just callme to know if i can do something

I went there just to discover, every desktop computer that was running windows 10 was affected, two win11 laptop, and even a windows 8.1 tablet. freebsd server was not affected, but sadly all data that was shared on samba drive was encripted

The only windows machine was not affected... the old NT4 server, and because they call me the same week before sunday, almost if not all data can be recovered from HDD and Tapes. I was totally surprised my old backup script was still working... and running...

I always like stories like that. They also show that updates and fixes are important but never could totally save you from such attacks. It is always said that security by obscurity isn't a good idea...but it is often proved right to be on the obscure side.

kind regards
soggi

Vintage BIOSes, firmware, drivers, tools, manuals and (3dfx) game patches -> soggi's BIOS & Firmware Page

soggi.org on Twitter - inactive at the moment

Reply 22 of 31, by DoZator

User metadata
Rank Member
Rank
Member

As far as I know, Windows 7 is still "dangerous" today, because the tools that viruses write today still affect it. You can significantly expand the attack surface by installing applications such as .NET Framework 4.5+, which are also actively used for writing viruses these days. Choosing a 64-bit version also increases the risk of infection (Since many virus EXE files today are compiled only for the x64-bit architecture). So I would not recommend Windows 7 x64 without an antivirus, until the virus creators update their tools and all the already common viruses are caught on the network and get into the databases (This may take, according to my conservative estimates, at least 10 years or more). So Windows 7 is still at high risk.

Reply 23 of 31, by Greywolf1

User metadata
Rank Member
Rank
Member

Tbh I’m to this day reluctant to do online banking I just feel there are too many things that can go wrong specially with all the so called “legal” companies that data mine your whole life or online presence is tracked by something or somebody.
Not to mention terms and conditions are so long winded the majority of people don’t read them and just agree to whatever was in them.

Reply 24 of 31, by theelf

User metadata
Rank Oldbie
Rank
Oldbie
soggi wrote on 2024-12-29, 03:43:

I always like stories like that. They also show that updates and fixes are important but never could totally save you from such attacks. It is always said that security by obscurity isn't a good idea...but it is often proved right to be on the obscure side.

kind regards
soggi

I was working for many years in security areas, specially in Cobol servers and mainframes, and of course you can guess i need to deal with a LOT of outdated hardware and software. I think, and this is a personal opinion, security is about how much the maintainer knows about the computer/soft is dealing with

Of course, 99.99% of population that use computer/phones etc every day know NOTHING about their own hardware/software use everyday because they dont care and of course they dont need to care. I want a doctor use time to read medical papers to save my life , not waste his time in secure is android phone. A fully updated windows/android etc system can help

In my case i dont trust in microsoft for example, i dont know what the hell they provide in every update, i trust in myself to do whatever i feel i need to keep my OS working without trouble

Greywolf1 wrote on 2024-12-29, 08:35:

Tbh I’m to this day reluctant to do online banking I just feel there are too many things that can go wrong specially with all the so called “legal” companies that data mine your whole life or online presence is tracked by something or somebody.
Not to mention terms and conditions are so long winded the majority of people don’t read them and just agree to whatever was in them.

I was working for bank and government security before, and sadly most of problems/security breachs came from real world tricks, mistakes, etc for example card duplicated in shops, lost wallets with codes writen in back of card or paper, fake links in mail or sms, etc

In fact until i was working on this area, 2019, one bank i will not say name, was using windows 2000 in many cash machines and this machines have internet connection... yes, limited and very controlled but they have. Funny because you can feel secure with your very updated windows 11 PC or your fully updated iphone/android to do online stuff, but you are tiping your passcode in a win2k PC ....

Reply 26 of 31, by Jo22

User metadata
Rank l33t++
Rank
l33t++
soggi wrote on 2024-12-29, 03:43:

I always like stories like that. They also show that updates and fixes are important but never could totally save you from such attacks.
It is always said that security by obscurity isn't a good idea...but it is often proved right to be on the obscure

theelf wrote on 2024-12-29, 10:17:

In fact until i was working on this area, 2019, one bank i will not say name, was using windows 2000 in many cash machines and this machines have internet connection...
yes, limited and very controlled but they have. Funny because you can feel secure with your very updated windows 11 PC or your fully updated iphone/android to do online stuff, but you are tiping your passcode in a win2k PC ....

This makes me miss the times when ATMs ran OS/2 or had online connections that weren't related to the internet.
Like, for example, ISDN, which had another X.25 link available on the D channel (national ISDN; Euro ISDN didn't have it).

In my home country the commercial and university sector had used Datex-P service (X.25, since 1970s) for such serious things.
Hacking into the traffic in the modern sense or injecting malware wasn't possible.

Tapping the analogue phone line was best that could be done to steal information.
That's because Datex-P was available via PADs on landline, too. For modem/accoustic coupler users, in plain ASCII.

https://en.wikipedia.org/wiki/ISDN

https://de.wikipedia.org/wiki/Datex-P

"X.25 networks are still in use throughout the world. A variant called AX.25 is used widely by amateur packet radio.
Racal Paknet, now known as Widanet, remains in operation in many regions of the world, running on an X.25 protocol base.
In some countries, like the Netherlands or Germany, it is possible to use a stripped version of X.25 via the D-channel of an
ISDN-2 (or ISDN BRI) connection for low-volume applications such as point-of-sale terminals; but, the future of this service in the Netherlands is uncertain. "

"X.25 was developed in the era of computer terminals connecting to host computers, although it also can be used for communications between computers.
Instead of dialing directly “into” the host computer – which would require the host to have its own pool of modems and phone lines,
and require non-local callers to make long-distance calls – the host could have an X.25 connection to a network service provider.
Now dumb-terminal users could dial into the network's local “PAD” (packet assembly/disassembly facility),
a gateway device connecting modems and serial lines to the X.25 link as defined by the X.29 and X.3 standards."

https://en.wikipedia.org/wiki/X.25

Personally, I think it's really sad that the internet has come to be the way it did. It's so unprofessional, careless and irresponsible.
The old networks/infrastructures had been created in times of war and were no "sunshine technology" yet.
They also had been made independent from each others, whereas the internet assimilates everything it touches.

For example, both ISDN and the analogue landline could provide power to the end devices.
A phone, a hand set, was still working when there was a black-out.

Same goes for AM/FM and shortwave radios and transmitters vs web "radio".
The analogue version (or rather -on the air- version) was independent from internet.

Edit: What I think IT sector is missing these days is discipline.
Back in the early days of computing, things used to be designed thoughtfully and for a given purpose.
And this was being reflected by the users, who had to sit down, think and learn to operate things.
The early internet was a research and military project and that it should have had remained, I think.
But even if not, users who would wanted to participate should have had at least required to undergo a training, like for a driver's license.
Like this one, but with more depth: https://en.wikipedia.org/wiki/International_C … Driving_Licence
To learn the basics, including media competency. An IQ and character test would have been useful, too, but difficult to realize.

Edit: Yes, I know, the 90s internet was chaotic and offered freedom. And that was okay, as well, considering the "hippie" background of the internet.
But the users back then had manners, still. Usenet users had used real names, for example and communicated very polite.
On other hand, eccentric geeks had also existed. Flame wars had been a thing already, etc. It wasn't all rainbows and sunshine for sure.
But in general, users had more discipline and anti-social media hadn't happened.
Users of AOL, CompuServe and other online services had their chat rooms, too.

Edit: My apologies for me thinking out loud, but looking back I think it's just sad how things have developed.
The internet essentially was an academic domain and turned into a mass medium the population using it doesn't even understand.
All schools in the world should teach about the history of the internet (or telecommunication in general) and its basic functioning.
Considering how much impact it has in our daily life, it's not being asked too much for.
I mean, back in the 80s, schools still teached Basic/Pascal or Logo programming. What went wrong?

"Time, it seems, doesn't flow. For some it's fast, for some it's slow.
In what to one race is no time at all, another race can rise and fall..." - The Minstrel

//My video channel//

Reply 27 of 31, by UCyborg

User metadata
Rank Oldbie
Rank
Oldbie
Greywolf1 wrote on 2024-12-29, 12:17:

Windows 11 is no more secure than all it’s predecessors nor its competitors just keep your fingers crossed and hope for the best.

That's what I'm doing. I don't bother with OS updates either in recent years, I "update" when I switch the OS. I haven't changed the OS in 4 years. No anti-virus either, all it ever did was get in the way.

Most banks these days want smartphone app one way or another, I have that as well, on a 10 years old smartphone.

And I'm still fine.

Arthur Schopenhauer wrote:

A man can be himself only so long as he is alone; and if he does not love solitude, he will not love freedom; for it is only when he is alone that he is really free.

Reply 28 of 31, by Jo22

User metadata
Rank l33t++
Rank
l33t++
UCyborg wrote on 2024-12-29, 17:54:

Most banks these days want smartphone app one way or another, I have that as well, on a 10 years old smartphone.

True. I for one still have nightmares about using one (Secure..something).
After months of frustration, I've switched to using ChipTAN method (chip card reader+bank card).
I'm so glad to nolonger have to use an paranoid Android app that fails when it's important.

"Time, it seems, doesn't flow. For some it's fast, for some it's slow.
In what to one race is no time at all, another race can rise and fall..." - The Minstrel

//My video channel//

Reply 29 of 31, by ncmark

User metadata
Rank Oldbie
Rank
Oldbie

Some interesting discussions here. Has broadened out past the original question.

I was talking to a friend of mine who might have a good approach. He says he has a computer that is used ONLY when when needs to do any kind of transaction online; the rest of the time it is not used and not connected to the internet. The idea being to reduce the time the computer is exposed to the internet.

Just this morning I read some news about Chinese hackers get into treasury servers. How many data breaches are we going to have? I really see only two solutions. First, disallow any connections from overseas - pull the plug. Probably more realistic, have a separate internet for any entities using personal information - period. That means banks, government, etc.

Broader subject, computers have been "ruined" in so many ways now. Controlled by a smaller number of companies, the increase in heavy-handed policies, total loss of any privacy online, etc..

My "suspicion" is that security risks are overstated to force you into buying a new computer with a new OS - and then probably have to re-buy half your software on top of that. But that is just a suspicion. Nonetheless, I still use my computer at work for anything involving sensitive information.

Side note: I work at a university, I increasingly get the feeling that the IT department can only solve problems by checking and unchecking boxes. We are getting further into microsoft's pocket. Soon to be, the only people who really know what's going on are the ones who wrote the OS - no one will know what is going on "under the hood"

Reply 30 of 31, by VivienM

User metadata
Rank Oldbie
Rank
Oldbie
ncmark wrote on 2024-12-31, 15:38:

Side note: I work at a university, I increasingly get the feeling that the IT department can only solve problems by checking and unchecking boxes. We are getting further into microsoft's pocket. Soon to be, the only people who really know what's going on are the ones who wrote the OS - no one will know what is going on "under the hood"

That's already the case in 'the cloud'. Look at something like Exchange Online vs on-prem Exchange - effectively, Exchange got too complicated and no one other than the people who wrote it have any real ability to maintain it, so you might as well have them run it on their huge environment in their huge data centres...

Reply 31 of 31, by hornet1990

User metadata
Rank Newbie
Rank
Newbie
VivienM wrote on 2024-12-31, 17:19:
ncmark wrote on 2024-12-31, 15:38:

Side note: I work at a university, I increasingly get the feeling that the IT department can only solve problems by checking and unchecking boxes. We are getting further into microsoft's pocket. Soon to be, the only people who really know what's going on are the ones who wrote the OS - no one will know what is going on "under the hood"

That's already the case in 'the cloud'. Look at something like Exchange Online vs on-prem Exchange - effectively, Exchange got too complicated and no one other than the people who wrote it have any real ability to maintain it, so you might as well have them run it on their huge environment in their huge data centres...

I work in the IT department of a university so can confirm! Increasingly my role is acting as the middle man between our service desk and the cloud service suppliers service desk. If the problem isn’t something we can resolve through the services administration console then all we can do is raise a ticket and wait for a response… which can usually be measured in days or weeks, and can even take months for a fix to actually be implemented.

But that’s supposedly better than us developing our own solutions and being in control of our destiny <shrugs>