Boris_yo

n00b
Joined
Oct 22, 2011
Messages
31
Hi,

I know that Windows 7 support has ended back in January this year. I saw a comment that said if you keep using it still you will get hacked.

How true is that comment?
How will I get hacked if I don't go to malicious websites and use NOD32?

Also, can my PC get hacked just by being on idle? Will someone be able to do remote code execution on my PC?
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
19,603
Well, is your computer direct on the internet, or is it behind a router?

Is that router secure and blocking all inbound traffic by default and has no NAT rules to your windows 7 machine? If so being hacked directly from someone is slim and not as likely. Make sure your routers firmware is updated and if it does not get any updates and has not for a year or more, you may want to buy a new one, as many top brand routers have all had exploits allowing attackers to get in and do what ever they want.

The issue is, there is no more patching for windows 7, so if a new exploit comes out, you are not protected. And yes, even though you have NOD32, you can still get infected by visiting a compromised website. Many legit websites get compromised every day and have bad code injected into them to infect and exploit users. and most AV while effective, against truye 0-day exploits, do very poorly.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
19,603
Bots scan ip ranges all day long. it is not that they are really looking for you specifically, they are scanning the "internet" looking for holes to exploit and get in. 99% of it is all automated bots and scripts that just run all night and day. When they find something that can be exploit, most of that is scripted as well to try the basics. Tries to exploit it and go from there. Eventually an actual person could will be the one doing the work to see if it is anything useful, try to get in, and go from there.

For websites, again, just random. who ever goes to the exploited site could get infected / compromised / ransomware...
 

Executioner

Limp Gawd
Joined
Apr 22, 2015
Messages
416
I'm still using 7 on one of my desktops. I have ESET Internet Security and Malwarebytes Pro version. Am I concerned? NO! You can do a quick check here at GRC Sheilds Up: https://www.grc.com/x/ne.dll?bh0bkyd2
My results:
THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
 

B00nie

[H]F Junkie
Joined
Nov 1, 2012
Messages
8,556
Remember folks that there is no such thing as a 'safe' website. Any site you visit may serve you a hacked advertisement that sends a payload to your computer. The site owner has zero knowledge of this happening... Browsing is moderately safe if you keep noscript active and stop any javascript, flash etc. from loading in the first place. Windows can be hacked just by viewing an image so even noscript can't provide 100% immunity. It's advisable to not to enter the internet at all with Windows 7. I wouldn't use any version of Windows for surfing.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
19,603
Executioner Thats good, you do not have an ports open into your network that is all that tells you. What is your router you are using? When was the last time it had a firmware update? Is it one of the many DLink / NetGear / Asus routers that have had firmware exploits over the last year and several of those models they are not updating because they are EOL and they want you to buy a new model?

AV and Malware Bytes are great, good steps to stay secure, but they do not stop 0-day exploits and viruses. Testing by credible security industry people have found that AV is only about 20-30% effective on average for stopping newly discovered items because most AV and Malware bytes rely on signature based lists. While good AV is moving to "usage patterns" and tying AI into it, most are not doing it very well yet unless you get into enterprise level AV products.
 

Ranma_Sao

2[H]4U
Joined
Mar 15, 2002
Messages
2,603
The problem with Windows 7 is that it doesn't have the protections of newer windows to make exploiting harder, as well if there is a patch for vuln for supported windows, it's trivial to reverse engineer and try it on Windows 7. Not being direct connect to the internet prevents people coming from the internet from exploiting you, but does nothing to prevent you from going to them and being exploited....

(Compromised Web Ad servers, clicking on an email with an exploit, etc)

As I guy who does Incident Response for the last 10 years, my advice is to get on supported platforms, either Windows 10, Mac, or supported Linux. It raises the bar for attackers. (Obviously, I'd recommend Windows 10 off that list)

This posting is provided "AS IS" with no warranties, and confers no rights.
 

thebufenator

[H]ard|Gawd
Joined
Dec 8, 2004
Messages
1,255
It's pretty hard to protect yourself from malicious ads with an old OS. If you surf the interwebs with that box you can have trouble unless you update that OS.
 

Executioner

Limp Gawd
Joined
Apr 22, 2015
Messages
416
I have an AT&T router. The machine on 7 is connected to the internet, but I hardly ever use a browser on it. It's mainly my home server.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
19,603
Nothing stops 0-day, that's how it's defined, unknown vulnerability that can be exploited. Won't matter how up to date Windows, your router or AV is.
Some 0-days will use existing exploits and thus can some times fall under similar trends and may get blocked. You are right, 0-day by definition, but with AV makers promising they can stop everything these days, too bad the marketing machines miss-lead so many people.
 

B00nie

[H]F Junkie
Joined
Nov 1, 2012
Messages
8,556
Nothing stops 0-day, that's how it's defined, unknown vulnerability that can be exploited. Won't matter how up to date Windows, your router or AV is.
Heuristic analysis may stop some 0-day attacks but not all. Running full heuristics usually means a performance penalty bigger than from the infection :ROFLMAO:
 

Boris_yo

n00b
Joined
Oct 22, 2011
Messages
31
There is "Jim Browning" channel on YouTube. I wonder how this guy hacks into scammers' PCs...
 

B00nie

[H]F Junkie
Joined
Nov 1, 2012
Messages
8,556
There is "Jim Browning" channel on YouTube. I wonder how this guy hacks into scammers' PCs...
Most likely he uses voice actors and pretends. It's really funny, people are scammed watching videos of scammers getting scammed. There are many videos like this on Youtube and they perform things which are simply not possible using the tools they use. An ancient version of Anydesk had a dll injection flaw allowing the guest to take over the host but these videos claim to do it with teamviewer and the likes. They're 99,9% probably fakes.

There are so many fishy things such as how do they manage to get repeatedly hit by these scammers to produce several videos when most of the planet never gets the contact...
 

SalimDev

n00b
Joined
Oct 30, 2020
Messages
2
Simply install windows 10 with the latest updates , use a good antivirus and avoid suspicious apps
 

AltTabbins

Fully [H]
Joined
Jul 29, 2005
Messages
20,096
Viruses aren't much of an issue. Its unpatched vulnerabilities that are the issue. You don't need a virus to install malicious code if you can just get direct access to a computer using a common port that your firewall isn't blocking and leverage that vulnerability to do what you need. If you have direct admin access and the ability to execute code you are all set with just about anything you would ever want on that computer. Its actually a huge issue for people who run old versions of Windows 7 and Windows XP since they never got the fixes needed to patch up vulnerabilities that bot nets use to add that computer to the farm.

I mean you can run Windows 7, but it's good practice to use something that is under support. Meaning there are people finding and patching known vulnerabilities. Linux distributions that are still under support, Windows 10, or Mac OS are all safer alternatives.
 

vick1000

2[H]4U
Joined
Sep 15, 2007
Messages
2,078
You can "get hacked" on any OS. The software environment and apps are all vunerable. Mitigation is the only option we have, firewalls, active monitoring through AV software, DEP, etc...

Windowe 7 has some unpatched vulerabilities that other modern environments do not. Your usage habits will have more to do with your security than the OS, generally. If you know the system is vulnerable to certain exploits, avoid those situations, or use apps to protect the system.

If you are a typical user, who just browses the web, with default browser settings, and email clients, I suggest using Win10 over 7, or if not gaming, Linux. In any case, you should look into router security and browser extensions, they will go a long way. But be aware, almost nothing can protect a machine from a neglegant user running maliciuos code through ignorance, so know where your downloads are coming from, and avoid suspicious links. Use a seperate "disposable" machine or VM, if you feel the need to be "frisky".
 

vick1000

2[H]4U
Joined
Sep 15, 2007
Messages
2,078
Most likely he uses voice actors and pretends. It's really funny, people are scammed watching videos of scammers getting scammed. There are many videos like this on Youtube and they perform things which are simply not possible using the tools they use. An ancient version of Anydesk had a dll injection flaw allowing the guest to take over the host but these videos claim to do it with teamviewer and the likes. They're 99,9% probably fakes.

There are so many fishy things such as how do they manage to get repeatedly hit by these scammers to produce several videos when most of the planet never gets the contact...
Jim is legit.

He is using other exploits than Team Viewer, and does not disclose them for obviuos reasons.
 

B00nie

[H]F Junkie
Joined
Nov 1, 2012
Messages
8,556
Jim is legit.

He is using other exploits than Team Viewer, and does not disclose them for obviuos reasons.
Well then Jim seems to know and use an awful lot of 0-day exploits and not sharing them with Microsoft. A criminal in essence.
 

vick1000

2[H]4U
Joined
Sep 15, 2007
Messages
2,078
Well then Jim seems to know and use an awful lot of 0-day exploits and not sharing them with Microsoft. A criminal in essence.
The remote connection initiated by the scammer, through Team Viewer, allows other exploits that are known by the security community to be executed.
 

B00nie

[H]F Junkie
Joined
Nov 1, 2012
Messages
8,556
The remote connection initiated by the scammer, through Team Viewer, allows other exploits that are known by the security community to be executed.
Still a criminal if he uses exploits and doesn't report them forward. By the way, any examples of such exploits? They're hidden from Google searches at least :)
 

vick1000

2[H]4U
Joined
Sep 15, 2007
Messages
2,078
Still a criminal if he uses exploits and doesn't report them forward. By the way, any examples of such exploits? They're hidden from Google searches at least :)
White hats are criminals? Only to the true criminals. I will not proliferate the software he or others use for this purpose, not in public or private communication. You won't find them on a surface search engine, not without knowing what terms to use.
 

kirbyrj

Fully [H]
Joined
Feb 1, 2005
Messages
27,116
Still a criminal if he uses exploits and doesn't report them forward. By the way, any examples of such exploits? They're hidden from Google searches at least :)

This is kind of like someone who steals drugs off of a drug dealer. Are the dealers going to go to the police to report the theft? Do you have a crime if you don't have a victim?
 

B00nie

[H]F Junkie
Joined
Nov 1, 2012
Messages
8,556
White hats are criminals? Only to the true criminals. I will not proliferate the software he or others use for this purpose, not in public or private communication. You won't find them on a surface search engine, not without knowing what terms to use.
A white hat sends his exploits to be fixed. If this guy uses the exploits without releasing them, he's a black hat that makes money off it.
 

vick1000

2[H]4U
Joined
Sep 15, 2007
Messages
2,078
A white hat sends his exploits to be fixed. If this guy uses the exploits without releasing them, he's a black hat that makes money off it.
The exploits are known, the scammers are just too greedy and stupid. White hats use their skills to help people by bringing down criminals, in most cases, those the law will not persue.
 

Meeho

Supreme [H]ardness
Joined
Aug 16, 2010
Messages
5,197
A white hat sends his exploits to be fixed. If this guy uses the exploits without releasing them, he's a black hat that makes money off it.
We should all cry ourselves to sleep in moral outrage that Jim is exploiting Indian scammers with his black hat h4x0r skillz.

As for the OP, it's what you find more important. There is a higher chance of Win 7 getting compromised than Win 10, but probably not too much higher with all the Internet facing software being updated. On the other hand, I found the 100% chance of suffering the abomination that is Win 10 to be much less acceptable. I have been on the Internet practically since its beginning and have only suffered one exploit on a single XP box, so I consider the personal risk tradeoff acceptable.
 
Top