On 2020-01-15 at 01:29, Alexander V. Makartsev wrote: > On 15.01.2020 10:25, john doe wrote: > >> Hi, >> >> I have a Debian server serving/doing DHCP/DNS/firewall/..., as of >> today, Microsoft stops supporting Windows7. >> >> Is there anything that I could do to protect those Windows7 hosts >> that are behind this server? >> >> P.S. >> >> For the sake of this question, upgrading to W10 /buying new >> Windows devices is not an option. > > End of support for Windows 7 means that you won't get OS updates, or > any kind of support anymore. True. (Unless you have a paid extended-support contract with Microsoft, in which case - as long as you keep paying, I think per-computer - you have something like another two years.) > It also means Microsoft will now change many downloadable support > packages so they won't run anymore on Windows 7 Possible, although I wouldn't expect them to bother to go and make changes en-masse. It's more likely that they just won't bother to make sure that future changes to such packages remain compatible with Windows 7. > and delete TechNet articles about Windows 7, Are you sure? I've never seen them do that with previous releases; at the least, I'm fairly sure I keep running across Technet articles (and other support documents) marked as being for older Windows versions, when I'm looking for ones that apply to something newer. > and also 3rd party software developers now have rights to deny any > support for Windows 7. They had that before; it just wasn't a particularly good idea in many cases. Some of them will probably start doing this, while others will probably continue offering as much support as they did before, at least for a good while. > If Windows 7 is unsupported it doesn't means it will stop function, > it means, in terms of support and maintenance, you're on your own. It > will stay as secure as it is to this day Modulo the discovery of new security vulnerabilities, which currently exist but aren't yet known about, anyway. So technically true, but doesn't mean what it might appear to mean at first glance. Personally, I'm half-expecting one or more previously unknown zero-day vulnerabilities to be revealed and start being actively exploited today, now that the only people who will be getting patches for them are the ones who have paid extended-support contracts with Microsoft. > and it doesn't really depend on firewall, if you won't open > (port-forward) high risk service ports (like RDP, SMB, etc) to the > internet, of course. I'm not really sure what you're talking about here. While yes, if you wall a Windows 7 computer off from access to the Internet any security vulnerabilities it may have will become far closer to irrelevant than otherwise be the case, anything short of that will still leave ways by which it could get infected (especially assuming less-than-perfect security behavior on the part of users) - and the full wall-off would most likely be impractical for real-world use. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
Attachment:
signature.asc
Description: OpenPGP digital signature