UK Govt Warns Not To Access Online Banking on Windows 7 (ibsintelligence.com) 80
The UK's National Cyber Security Centre (NCSC) is warning people of using online banking or accessing sensitive accounts from devices running Windows 7 from Tuesday, 14 January, when Microsoft ends support for the operating system. From a report: The NCSC, the government body for cybersecurity, is encouraging people to upgrade from Windows 7 as soon as possible, due to Microsoft's 2019 decision to stop providing technical support for the software. "The NCSC would encourage people to upgrade devices currently running Windows 7, allowing them to continue receiving software updates which help protect their devices," the NCSC spokesperson said. "We would urge those using the software after the deadline to replace unsupported devices as soon as possible, to move sensitive data to a supported device and not to use them for tasks like accessing bank and other sensitive accounts. They should also consider accessing email from a different device."
Re: (Score:2)
Re: Don't bank online, period. (Score:1)
They aren't.
Re: Don't bank online, period. (Score:2)
Totally safe
It is as long as major payments are made by money order or cashiers check. Carry only enough cash to get by for a day or two. If you really need ready access to cash at a moments notice, I recommend an ATM card connected to a different account at a different bank. Always limit access to your depositing bank account. Never, ever bank on line.
Re: (Score:2)
The problem is that half the time they don't know if you even have any money on you, they plan to rob you regardless, and often they'll shoot you whether they get any money or not.
Re: (Score:3)
Especially when they're waiting for you outside the bank for all that juicy cash. Totally safe...
I'm okay with a little shootout in the bank's parking lot.
Seeing as how these kinds of scumbags will often shoot or stab you whether you hand over the money or not, I may as well go out emptying a full mag at them.
Half the time they don't even know if you have any money on you, they're just playing the odds. I like to make the odds as uneven as I can, usually in increments of 9mm.
Re: (Score:2)
That all seems normal to you?
Re: (Score:2)
That all seems normal to you?
Shooting people? No, not at all. In 35+ years of EDC I've never had to shoot anyone and I hope I never do. That's NOT my goal.
On a similar note, I've carried an emergency medical kit for the same amount of time and never had to use that either. It's just good to be prepared.
Unfortunately, one or two bad experiences will color one's outlook and make you think, "Hmmm, maybe I should be ready for that" whether "that" is an injury or an assault. Or an injury from an assault.
Re: Don't bank online, period. (Score:4, Interesting)
All well and good so long as the greedy banksters haven't closed your local branch because of "lack of demand" - ie saving money so they can have bigger bonus payouts and screw the customer especially if they're elderly.
Re:Don't bank online, period. (Score:4, Interesting)
Worked for me since before the internet. I take security seriously and compartment my dealings. Were my phone lost or stolen there's nothing on it to lose.
Re: (Score:1)
Please Upgrade (Score:5, Insightful)
from an OS that you might get compromised in to and OS where the compromises are all built-in by the manufacturer! It's better for everybody... except you of course but individuals do not matter... only the groups.
Re:Please Upgrade (Score:5, Insightful)
Exactly. I'll consider using Windows 10 for important and sensitive work once it no longer includes mandatory telemetry and I can fully control my own system.
Re:Please Upgrade (Score:5, Insightful)
> once it no longer includes mandatory telemetry
You need to get the right corporate edition, or use one of the scripts on Github to strip out the crapware.
> and I can fully control my own system.
Oh, man - this is Windows, not Gentoo - that ain't gonna happen.
Re:Please Upgrade (Score:5, Insightful)
Can't they just re-enable it with the next update?
Re: Please Upgrade (Score:1)
Hahaha!
This is meant funny. It has to be. Why is this modded Insightful?
Re: (Score:3)
that's how I gave up on windows 10 (Score:1)
I made my own "no bloat" edition from LTSB too. You have to install updates manually (dism) because they fail on removed components. Since this is a big pain in the ass I figured that I might as well just use 7 or 8.1 while software supports it.
You'll be missing patches all the same and 10 has a way larger attack surface than the other ones.
Re: (Score:2)
IT breaks Windows Store though. Believe it or not in the past year or so many corporate apps are moving to the Windows App Store. It is problem for us as we disabled it for security and not having hte power to monitor stuff. Now it is biting us in the ass as we need to re-image the PC to get the Windows Store back on to run them.
As WIndows 7 goes EOL the last holdouts will start to go to UWP as it cuts support costs drastically.
Re: (Score:2)
Looks like they removed more than just the crap though.
No Windows Defender. I'd rather have that than some 3rd party crapware anti-virus software.
Also System Restore is gone. Now when you get a bad update it will hose your system and there is no way to recover it because you can't roll back to before it was installed.
They removed the calculator app. Sound Recorder. The VP9 codec. Why? Saving a few megabytes of disk space that I'll have to turn over to some alternative calculator app anyway.
I'd be amazed if
Re: (Score:2)
W7 has some telemetries too. :(
Re: (Score:2)
In Windows 7, there was a radical concept that the owner or administrator of a system could choose which updates they wanted to install, and thus decline to make changes to their system that were not in their interests.
Re: (Score:2)
I'm more comfortable giving my neighbour a key to my house than leaving the house unlocked. The compromises in this case only give access to a specific entity. The advice to upgrade stands.
If you care about your security then your upgrade may include a change of OS, but in any case sticking with Windows 7 for "privacy" reasons would be bordering insanity.
Re: (Score:3)
> from an OS that you might get compromised in to and OS where the compromises are all built-in by the manufacturer!
It's like taking a bomb with you onto a plane for safety's sake; What are the odds that there will be TWO bombs on any given plane, right? If you bring your own you're practically guaranteed to be safe!
=Smidge=
Re: (Score:2)
What a bunch of biased horsecrap. Note I am not saying it is right or ok that God forbid consumers should gulp have an expectation of privacy that technology ignores and abuses for corporate benefit.
But your phone, TV, and every new appliance spies on you. There is even a company that puts out hidden sounds outside your hearing range from your TV that your phone apps listen to and respond to spy on what you are watching. Creepy stuff.
This is not the same as being dangerous by running an unpatched system wit
Typo Warning (Score:5, Funny)
Re: (Score:1)
Seriously? (Score:2)
Isnâ(TM)t this the same government whose healthcare system to this day (January 2020) still has Windows XP machines? They paid Microsoft enormous amounts of money to keep XP alive until at least recently. Not sure if they are still paying.
Re: (Score:1)
It would seem they MAY have completed their upgrade. Unlikely.
https://www.theinquirer.net/in... [theinquirer.net]
Darn those popular operating systems. Every few iterations, we find one.
Re: (Score:2)
Today, 14 January 2020, is indeed the release date of the final public Windows 7 patch. Tomorrow, computer intruders are free to use and release exploits for zero-day vulnerabilities that they have been saving for years, knowing that homes and small offices that rely on applications and peripherals exclusive to Windows will have no defense other than retirement of Windows 7 devices entirely.
Government biggest user of Windows 7. (Score:2)
People warned that Microsoft made Windows 10 an unviable operating system, and now we will see real word fallout from Microsoft's malice.
So Magic??? (Score:4, Insightful)
Re: (Score:2)
Re: (Score:3)
Didn't Microsoft issue a security fix [microsoft.com] for XP a few months back? If it is really critical, I'm sure they'll weigh up the PR impact and do the right thing.
Re: (Score:2)
Re:So Magic??? (Score:5, Insightful)
From January 14th until the end of time, every single exploit that gets discovered for Win7 will remain unpatched for systems without extended updates (unless MS caves for some really severe ones like they did with XP). That means that within a year, you'll have potentially hundreds of exploits of every type and severity affecting Windows 7. What's more, the CVEs disclosing these vulnerabilities will basically tell people who don't already know exactly where to start looking.
Now, most home users are behind a NAT firewall, so they don't usually need to worry about just getting compromised sitting around doing nothing. However, if another compromised device gets on the network, if they decide to run a public-facing service (e.g. run a website), etc., they're at a huge risk. Also, the various software packages on their computer will eventually stop receiving updates. This might not matter for, say, Game 2019, but other random software like (just as an example) 7zip might stop getting updates, which makes it a target, which means they're likely to encounter drive-bys trying to get them to run exploits with those things (e.g. email from granny "hey open this zip file!" designed to exploit 7zip to compromise the rest of the system). And once Chrome or Firefox stops pushing updates to Win7, it'll be open season for drive-by attacks.
If you're not using Windows 7 for anything particularly sensitive and you're not an attractive target and you're not running any common public-facing services and you isolate the system on its own vlan, you can probably secure Windows 7 to the point where it'll be mostly OK to use for the next few years. I wouldn't recommend it, but it's an option.
However, the UK government's not talking to people capable of doing that, because those people wouldn't be getting tech advice from their government. The UK government is addressing the vast majority of people who don't understand any of this and maybe just heard this thing about Windows 7 being unsafe but don't know why. And to those people, the UK government's advice is very, very sound.
Re: (Score:2)
Now, most home users are behind a NAT firewall, so they don't usually need to worry about just getting compromised sitting around doing nothing.
What generally comes along with MS not supporting an OS is MS not providing updates to OS apps, and 3rd parties dropping support for upgrades to their software as well.
NAT protects against a lot of things but the reality is the most likely attack vector remains access via browser / other internet facing software. People using IE should consider themselves exploited on day zero.
Re: (Score:2)
They issued an update for XP after the official end date.
Re: (Score:2)
NATs aren't true firewalls.
Re: (Score:2)
might just be, hackers might be holding onto exploits until after the 14th.
knowing MS will not patch the system while they'll still have access to millions unupgraded pc's that stay vulnerable with no immenent fix.
MS moving to a subscription model (Score:5, Insightful)
Re: (Score:2)
I have been pondering how they will start the subscription. Will there be a one year/something free after you buy the PC or will they try to make the subscription setup part of the purchase process at the shop where you buy your PC? This is relevant to me as most laptops come with MS Windows installed ... it does not survive long as I will upgrade to Linux, but I don't want an argument when I buy the thing.
Maybe good advice for tech-unsavvy (Score:5, Interesting)
Re: (Score:2)
Which is understandable because, lets face it, your average 2007 car is probably more secure than today's models cos it can't be unlocked by any random person with a phone!
Now tell granny its different for her laptop that took her 5 years to learn to use, and she is going to have to learn everything all over again - while grandad screams "you ain't gonna take my W
Re: (Score:3)
Grandma will be best served with an Ipad or Android tablet in such a case. Simple, easy to use once learned, can go to facebook and upload cat photos and view pics of her grandson dressed in bee outfits just fine.
Windows was a shitty OS and overly complex and obsolete for all but business oriented legacy stuff these days.
When XP went EOL many went to ipads and support issues went away.
Part of me feels this is why Microsoft wants the WIndows App Store so they can be simpler to operate with less security, bug
Re: (Score:2)
When XP went EOL many went to ipads and support issues went away
My experience was the opposite. People announced they were getting ipads, I said don't bother, you'll use it for a short time, get bored and annoyed at its limitations and then be asking about laptops. The bit I didn't predict was how much tech support I was expected to do to get things first onto, then off of these surprisingly consumer hostile iDevices.
Empty threats (Score:3)
Microsoft is still publically releasing patches for Windows XP. For example RDP remote exploit patches were released in May of 2019.
True (Score:2)
Re: (Score:2)
No, not "only if".
MS has released several patches for XP out to ALL, not just the special extended extended extended support versions.
Tomorrow has a VERY IMPORTANT patch, and if they fuck it up (or someone finds out that it's incomplete) I fully expect a fixed patch for Windows 7 (for everyone) at a later date to replug the hole.
But yes, you can make Windows 7 continue to get updates in general.
Re: (Score:3)
At this point, any patches XP gets are mainly to head off things that MS thinks will turn into a big deal and compromi
Re: (Score:2)
Re: (Score:2)
They've only released a handful of patches for very severe "wormable" remote exploits as far as I know. The RDP patch was for Bluekeep I think. They want to head off Bluekeep because of its severity, but you could combine a number of less severe exploits to get the same end result and those exploits would each have lower individual severity scores and therefore wouldn't have been patched.
If the same exact outcome could be achieved by chaining exploits do you seriously believe Microsoft would have made a different calculation that didn't involve taking action to prevent the same exact outcome from occurring?
People (customers, press...etc) don't care even a little bit about underlying modalities that enabled an attack they only care about real world results.
Re: (Score:3)
Many years ago, I read a column from a security consultant/journalist where he pointed out that getti
Re: (Score:2)
It's not about the process so much as the number of people it could affect. Stringing exploits together increases complexity and decreases the chance that the whole chain will work on any given device. Something like Bluekeep is a bigger threat numerically because of its relative simplicity -- more people will try to take advantage of it and it'll probably end up in a public exploit toolkit at some point.
I was responding to the following assertion "They've only released a handful of patches for very severe "wormable" remote exploits as far as I know. The RDP patch was for Bluekeep I think. They want to head off Bluekeep because of its severity, but you could combine a number of less severe exploits to get the same end result"
What you seem to be saying now is that your original statement was incorrect. You can't in fact simply combine exploits and get the same end result.
Many years ago, I read a column from a security consultant/journalist where he pointed out that getting the basics right and making sure you're not the low-hanging fruit will immunize you to the vast majority of attacks because the vast majority of attacks are untargeted drive-bys. Immunizing your systems to those threats is necessary but not sufficient to secure your network, though. The significance of getting rid of the biggest threat shouldn't be understated, but it also shouldn't be seen as the only necessary step. That's what I'm getting at here -- Microsoft is trying to curtail the most broad and severe threats, but there's still plenty of attack surface by which an XP system could be compromised, and probably pretty easily at this point.
Here's [us-cert.gov] the vulnerability summary from just the week of January 6. Microsoft patches dozens of vulnerabilities with each of their monthly update rollups.
My only point is that earlier versio
Re: (Score:2)
Microsoft is still publically releasing patches for Windows XP. For example RDP remote exploit patches were released in May of 2019.
False. Microsoft is still publicly releasing patches for a select few truly severe exploits of Windows XP. Just because they patched the RDP remote exploit doesn't mean you're being secure. Running XP right now is like trying to stop the flood waters of malware armed only with a sieve.
Re: (Score:2)
False. Microsoft is still publicly releasing patches for a select few truly severe exploits of Windows XP. Just because they patched the RDP remote exploit doesn't mean you're being secure.
Everything I said was factually correct. This talk about "secure" has no nothing to what I actually said.
From my perspective "being secure" is a state of delusion. If people think running the latest and greatest version of Windows makes them secure they are dangerously mistaken.
Running XP right now is like trying to stop the flood waters of malware armed only with a sieve.
I remember when the time between giving a newly installed Windows XP system anywhere in the world a public IP address and the time to it being owned was measured in minutes.
To this day Microsoft still seems willing to do what is ne
Or just IE (Score:1)
Seriously? Windows 7? (Score:1)
Or, don't click on any email links to access your bank.
Or, don't even connect to the internet if you are still using Windows XP.
But, don't use Windows 7? An operating system still being patched.
Oi
user agent string to test for Windows 7? (Score:1)
I wouldn't be surprised if major UK banks started checking the user-agent string and throw up a warning to "presumed" Windows 7 users.
Yes I realize this is considered by many to be a "bad" use of the user-agent string but sometimes "doing it wrong" is worth it if there is no way to "do it right" and "doing it the least wrong way" is better than "not doing it at all."
Re: (Score:2)
You people are retarded.
Mobile (Score:1)
I'm totes fine because I only do mobile banking on my phone, and I get my 2FA through text messages. No hackers gonna get MY money.
What they meant was: (Score:3)
Wait until the banks say it (Score:2)
The only time such advice matters is when the banks start refusing connections from W7 machines. In the civilised world the banks are responsible for protecting the integrity of a banking app's connection. If it gets hacked, they are the ones that pay (although they use our money to do it) and theirs is the liability. When the banks deem that W7 is too insecure,
Big deal (Score:2)
Most security these days is done at the application level. If your browser gets hosed, your entire Home folder is ripe for the picking. It doesn't matter what OS you use. So, just use some decent 3rd-party apps instead of the crap that came with Win7.
Re: (Score:2)
Most security these days is done at the application level. [...] So, just use some decent 3rd-party apps
What steps should a user take to assess whether a particular third-party app is "decent", trustworthy, or having any other desirable soft attribute?
Limit your exposure (Score:2)
Minimum balance requirement (Score:2)
Open a secondary bank account if you want e-payments
That can cost a lot of money, especially at major banks in the United States that require an acocunt holder to park several hundred dollars in each account as a minimum balance in order to avoid a $12 per month service fee just for having an account.