On Wed, Feb 19, 2020 at 12:14 AM, George J Molnar wrote:

KB2GCG is correct about Windows 7. 

 

https://www.forbes.com/sites/daveywinder/2020/01/14/windows-7-crazy-high-security-risk-as-crypto-exploit-found-in-audio-files/#3904db374bfe

 

Even if that exploit is targeted specifically at machines running Win 7 - my reading of the analysis documentation is that it doesn't explicitly verify that - it begs the question of how the WAV files with the hidden malware got onto the affected machines in the first place.  If users are stupid enough to import and then open a WAV file without being sure that it's from a fully-trusted source then it's hardly surprising that an infection occurred, and furthermore it might have occurred no matter what OS was being run on the machines on the affected network.  In my admittedly limited experience, most infections are caused by poor user procedures and discipline rather than being unavoidable because of the inherent flaws or vulnerabilities that are present in all OS's.

https://www.cvedetails.com/vulnerability-list.php?vendor_id=26&product_id=17153&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=1283&sha=47d29bad4e41fa72927e93dbd6b6e2cbeefa4e07

 

All very interesting, but if you compare CVE's vulnerability stats for 2019 for both Win 7 and Win 10 you'll see that there were 250 vulnerabilities identified for the former and 357 for the latter.   Also, in the entire 11-year lifetime on Win 7 from 2009 onwards there has been (according to CVE) a total of 1,283 identified vulnerabilities whereas in the 5-year lifetime of Win 10 since 2015 there are already 1,111 identified vulnerabilities, ie. there are already almost as many vulnerabilities in Win 10 as in Win 7 despite the former being less than half the age of the latter. 

Within those numbers of vulnerabilities identified in 2019 there were 100 code execution vulnerabilities for Win 7 and 124 for Win 10, so which OS is potentially the least secure???!!  Fortunately there were no public exploits identified for either OS in 2019.

It really is a good idea to move on from Windows 7. It was a good run for almost 11 years, but times have changed. Even if you aren’t concerned about your own security, maintaining a potentially vulnerable machine does put others at risk.

Whilst I agree that it would be prudent for all Win 7 users to plan for a migration path to Win 10 in the not too distant future, I can't help but feel that all the hollering about Win 7 causing the sky to fall imminently just because it fell out of Microsoft long-term support a few weeks ago is somewhat OTT.  That's just my opinion of course...  :-)

--
Martin G0HDB