7 good habits for securing your windows 7

Old laptops running windows 7 are sitting there catching dust. Depends on your style, you can trade them with the latest cutting edge PC, or you can get value out of them with memory upgrades and proper usage. Besides, if some installed softwares have to be run on old windows platform like windows 7, upgrading the operation system won't be an option.

windows 7

Old operation system pose security risks to you network. The vendor is less actively support these branches, so bug fixes are released less frequently. The bright side is, hackers are less interested in these old systems as well, so less dark energy is dedicated to explore holes in these old platforms. As a result, both defender side and attacker side are less interested in these old gears, they just move into to those new lubricate battle fields.

Defending windows in-depth sometimes do need PHD degree, however, with good habits, we can still practically put these old but not obsolete windows 7 boxes into use.

1. Use normal account instead of admin account for your everyday work, set a strong password.
2. enable automatic windows update, make sure the latest bug fixes and system enhancement are installed . Microsoft is the key player on defending windows operation system. As long as vulnerabilities are found on windows, microsoft will keep patching the existing operation system. These patching are critical to keep your PC safe from malwares. In order to control your computer, malware have to gain privileges in order to run command line/shellcode to install payload. Some sort of system bug has to be there to aid the privilege escalation, either some buggy code allowing buffer overflow or sql injection to reveal use/pass of admin from database, etc. Windows updates fix those buggy code which the hackers are looking for.
3. Avoid using IE, uninstall active X components, use other browsers like chrome or firefox instead. It sounds mean to microsoft, however, active X might be one of the major reason microsoft is called "evil" in popular culture. Hackers are working hard to gain privilege to run malicious code in order to install malwares, windows's active X give them such privilege for free. As long as windows found needed active X components, IE are allowed to run codes and install programs on the host in the background without asking for permission. This opened door for drive by infection -- just by browsing a webpage with malware content, your IE can download and install them with the aid of active X without your notice. Microsoft itself stopped using active X in Edge browser, which is the replacement of IE. Unfortunately, at the time of this post, Edge browser haven't been ported from windows 10 to windows 7, so other browsers like chrome and firefox is better on windows 7 from the perspective of security.
4. Use Windows Defender to protect against spyware and potentially unwanted software, keep the windows defender up to date. Other choices are third party anti-virus (anti-malware) software like Norton. You can use windows defender alone or use both (risking conflict), the bottom line is you have to have one. These anti-malware software find malware signature by scanning your computer and catch them. Windows Defender used to be scored much lower than its competitors, but since windows 10, it has caught up.  Microsoft's own anti-malware product windows defender has the advantage of being free and intimate to windows, which is a proprietary operation system. It might have better chance to detect rootkit since it knows the windows source code.
5. enable windows firewall. Windows firewall can help prevent hackers or malicious software from gaining access to your computer through the internet or a network. 
6. Only install softwares from reputable source. The difference between bad softwares and malwares are just you perception. A non-professional developer can write a program that provides bugs for hacker to explore, it can slow down your computer by consuming too much resources, it can refuse to be uninstalled, or even sending your sensitive data somewhere out to the internet. Blocking rogue applications' inbound and outbound traffic with windows firewall rules can prevent them from ringing home before we find way to erase them from disk.
7. Avoid visiting dangerous websites. If you have to visit them, use guest account instead.