Windows 7 is a fine OS if you don't connect it to the Internet, but it's basically screaming "hack me" everywhere you go online.
A few occasional mild annoyances from the marketing team is worth tolerating for a reasonably secure operating system. I'd argue people who feel otherwise need to reprioritize their risks.
This is the sort of BS paranoia-propaganda that is contributing to the propagation of walled gardens and continued mass user oppression and "herding".
List the last known remote exploit that will work for someone behind a NAT, and that doesn't involve visting a malicious site with all the default settings of IE or downloading and running an executable (at which point nothing will save you but the most authoritarian of walled gardens.)
Don't forget, the new stuff is not free of attack surfaces either.
First of all, the most common attack surface of most Windows PCs is Chrome. I find almost all malware in either extensions, or via misuse of Chrome features (many customers think they have malware because a spammer has been granted access to Chrome's notifications feature).
However, bear in mind, as others said, NAT isn't a security feature, it's just an annoying roadblock that helpfully makes accessing computers somewhat more difficult. However, quite a few applications on the average PC reach out and touch other services, granting malicious actors plenty of ways into a PC.
I get the hate on walled gardens, as a big antitrust supporter, but unfortunately, Windows 10's app model (universal apps) gets a bad rap because of the Microsoft Store being generally considered attached to it: UWP apps are basically the safest way to run apps, because UWP apps cannot harm other things outside of their little sandbox. And contrary to popular belief, it's entirely possible to create, distribute, and install UWP apps without the Microsoft Store. Microsoft has definitely had some missteps in both rolling out and marketing the newer app model, but it is the future.
Sandboxed applications not only provide unparalleled security, they also are incredibly stable because other apps can't tamper with them either. By being self-contained, developers can generally be confident the app will work on any machine without issue.
> List the last known remote exploit that will work for someone behind a NAT,
NAT is not a firewall (though it's usually paired with one). And the NAT is usually one hop away from the computer, so it provides no protection against an attack coming from the same network (like a worm on a coworker's laptop).
However, AFAIK Windows 7 does have a built-in firewall, which (depending on the settings) might help protect even against an attack coming from the local network.
Genuinely interested, why would Win7 be worse than Win10 if you had the same network setup, same browser (same extensions) and behaved the same as you do with Win10?
I ask as even at home, my different devices all use the same browser/extensions, VPN and browsing habits. I use established FOSS where possible and the only problems I have had since Windows 98 are from data breaches (nothing I could have prevented with different OS/software).
There is no difference between security and privacy. If you have no privacy, compromising your security is easy. If you have no security, compromising your privacy is easy.
I would not have thought the improvements would have been that significant (I'm old and ignorant).
HeSP is dependent on the cpu? (article noting intel gen 11 and amd ryzen 3 are needed) and ASLR still being implemented on Win7 with http://support.microsoft.com/kb/2639308
We still have to keep a couple winxp and nt boxes alive at work for diagnostic gear (none are online). Thankfully not my job as I am obviously a risk :)
Forced ASLR isn't the important feature (the browsers already opted themselves in). The increased entropy, which doesn't exist on Win7, is important however.
Windows 10 was technically vulnerable, but since Windows 10 has drastically better security features, from a defense-in-depth standpoint, having Windows 10 more or less rendered most computers immune in practice. (Likely, the few 10 machines infected were intentionally crippled by their admins.)
Bear in mind, Windows 7 is an OS from 2009, 12 years ago. It's ancient from a computer security standpoint.
Whether you are personal or corporate, you probably should be running either Windows 10, or choose an alternate operating system entirely like OS X or Linux.
Good choice, the Windows 10 UI and UX are complete trash. I'm not sure who at Microsoft thought it would be a good idea to use this kind of tablet interface even on non-tablet devices. Many times, when you want to change a setting, first you are presented with this flat useless UI, so you almost always have to go to the original one anyway. The look and feel is completely inconsistent and unintuitive. The notifications suck. The Edge bullshit sucks. The update mechanism sucks and wastes the precious lifetime and work of millions of people. I don't want my computer to take hours to install and restart a thousand times while I'm unable to use it. Cortana is useless, search is slow, I don't want a "dynamic", "fancy" animated interface, I don't want changing lockscreen pictures, I want immediate feedback when I click anywhere. Whoever directed this should be fired.
Wine can probably run most windows 7 software, you're probably better off with Linux (use pop-os if you want something easy with good IME/desktop features. My Thai girlfriend jumped pretty much strait to that from windows after she got tired of all the MS/vendor crap eating up all the I/O.)
I've been saying this for decades at this point, but there is still the occasional snafu. We bought a TomTom GPS, and their MyDrive Connect map updater won't run on wine. Some error with vulkan and a Win32 extension.
Now I have to admit the GPS device itself is also pretty low-quality, so probably I should just return it to the store, but still... What were they smoking? No 3D accelerated map updates for me, I guess.
