Can Windows 7 Be Locked Down...

Discussion in 'privacy problems' started by KindaParanoid21, Dec 4, 2015.

  1. KindaParanoid21

    KindaParanoid21 Registered Member

    Joined:
    Jun 21, 2014
    Posts:
    46
    Look, if I don't ask I know I'll regret it. Try as I might, I'm too stuck in my ways (lazy?) to want to do a complete change over from W7 to Linux. Honestly it's not just about appearance \ aesthetics but functionality and efficiency. I have things tweaked down to the micron how I like it, and it works... BUT...

    There's a but, this W10 telemetry related assimilation into W7 just sticks in my craw. Reading the one link to the W10 forum from here in the other thread, some of the anti tinfoil members are saying how silly it is for people to be upset \ paranoid \ etc. Well, it is what it is. See that's the point of my username, I'm paranoid, but only kinda. Willing to forgo \ just not think about certain aspects that would bother my side due to convenience.

    So that's the long winded way of saying I took a look at Linux Mint Cinnamon and Zorin and while great OS's, it's just too much of a learning curve at this point in time. The ultimate question then, as I have images from before this past summer's W7 updates, should I just reinstall them and completely turn off updates?

    Can one completely shut off updates and trust that none will install under the radar? Sure you're sacrificing other potential benefits of the updates, but then maybe that will push a user like myself to keep up more on what's going on and only install the really important security related ones.

    Look, five paragraphs in and I'm rambling. After three here and the week is still on going. Either way I think you guys know where I'm going and what I'm looking for, as clearly I'm Not Sure!
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Sure just set Autoupdates to off, and that is it. I never auto update w7. What I do now is hide optional updates, and most of the windows updates. I just look at each security update to see what it is. If it even smells of W10 it gets hidden.
     
  3. pandorax

    pandorax Registered Member

    Joined:
    Feb 14, 2011
    Posts:
    330
    I think it is time you to switch to GNU/Linux. If you don't want headache just install Ubuntu 14.04 LTS which supported 5 years. Don't install bleeding or cutting edge distros like Fedora or Archlinux. Because they are not stable and most probably give you headache. And what learning curve? Here is the commands you want to know:

    "sudo apt-get update" to update repos. After that "sudo apt-get upgrade" to install updated packages. "sudo apt-get install package_name" to install something. "sudo apt-get remove package_name" to remove. Here you go! And if you have spesific question you can ask here or askubuntu.com
    e
    If you have to use windows make a dual boot and never ever connect windows to internet.
     
  4. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    Not connecting Windows to the internet would be pretty useless. Windows 7 does give you good control over the update process and the just setting it to not automatically update works. It also lets you choose each individual update. If you really want to lock the update process down, check out the group policy tweaks under "Windows Components/Windows Update" in the group policy editor. You can even somewhat tame the update process in Windows 10 with these but the great advantage of Windows 7 is the granular control over updates right in the control panel.

    Mint Cinnamon is probably the easiest distro to transition from Windows 7 from since the GUI is basically a knock off of the Windows 7 GUI. It is a bit rougher around the edges but I really like the start menu. That being said, the GUI is not the most important part of the OS in terms of structure but it certainly is what makes or breaks it for most users who aren't used to using command lines. Ubuntu has a good GUI too but it is more targeted to OSX users and takes some adjustment from Windows.
     
  5. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    203
    Personally, I find Fedora to be very stable even though the packages tend to be fresher than what you would find on Ubuntu. To each his own, though -- most of the major distributions (Ubuntu, Fedora, Linux Mint, etc) tend to be essentially the same with some differences here and there.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    @KindaParanoid21

    What are you kinda paranoid about?

    You can't use Windows for stuff that you want to reliably hide from Microsoft, and from everyone that it may share with. No matter what you do to lock it down, you can never be sure. But of course, that's a concern for any OS, even open-source Linux. Consider the Amazon leak in Ubuntu.

    However, there's a key difference: Windows typically knows who you are. There's usually a money trail from buying the computer, or from buying standalone software. Using VPNs and/or Tor doesn't help. That's not the case for free software. The OS may leak information. But you can limit the impact through compartmentalization, using multiple personas, each in its own VM, with Internet connectivity through various nested chains of VPNs and Tor. None of those personas, even the host box that the VMs are running on, is linked to your meatspace identity aka your true name. That's so even for OSX, which is free, if you run it on generic hardware (aka hackintosh).

    I recommend starting with Debian stable (now jessie) as host OS, and running a Windows VM. Or at least, as long as you don't need Windows on native hardware for gaming or whatever. Otherwise, you can just run two machines, one with Windows, and the other with Debian and VMs. Anything private goes in the Debian box.
     
  7. pandorax

    pandorax Registered Member

    Joined:
    Feb 14, 2011
    Posts:
    330
    So true. no matter how you locked down windows, thre is always something exist calls microsoft. Always! I would also like to suggest jessie but @KindaParanoid21 most probably needs blobs in kernel. Headache for noobs. I also use jessie.

    Locking down windows is a lie.

    Ok. I have never used Fedora before.
     
  8. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    Windows can certainly be locked down in a security sense. It has all kinds of features designed for corporate deployments that are intended to limit what an employee can do with the corporation's computers and these feature can also be used to secure it and lock it down for personal use. Most of these features can be accessed in the Group Policy Editor. In a privacy sense, much less so but it is still possible to install it without putting any personal information on the system. One common practice is to use unactivated systems. No product key entered means it is has no unique system identifier. Just do a new install every so often and never activate and you have a relatively anonymous Windows install. If it is done in a VM, there is no hardware profile either. Windows 7 is not so bad in comparison to what is out there now and not just with Windows. One of my lock downs is to disable all syncing, no mater what the program or device. Syncing involves transmitting a personal profile to a third party and is getting more and more prevalent these days. Windows 10 has all kinds of syncing in the OS that you have to disable in group policy. Syncing is not in the privacy settings but it is certainly a privacy concern. I gave up on Opera again when they eliminated the flags that disabled syncing in the latest versions. In Windows 7, that is still not a problem. That is just one example.

    That being said, Linux will always be much more locked down for both privacy and security than Windows will ever be. It is in the architecture of the OS. It is that way out of the box and you can lock it down much further if you want to.
     
  9. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Yes Windows 7 can be locked down, however, it is not easy. Going full linux is not feasible for most people so you need some way to run Windows programs. The VM path is the only viable approach. Two options exist:

    Go the Qubes OS path and use their windows VM tools. It is easy to limit windows by using whitelists for internet access. Very effective and if you limit internet access to this extent you really dont need windows updates.

    Second is to use another linux distribution (I use Kubuntu) and virtualbox VMs with seamless mode. Then you lock down the VM using Tinywall. Not as effective as the Qubes option but easier to learn and more stable.
     
  10. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I say ditto on Mirimir's choice of Debian. I was using several distro's and made the switch to 100% Debian. I am getting pretty darn good at doing some amazing things using Deb Jessie.

    I have a Win 7 Pro VM to use when I run into a specific need for a Windows. As my learning expands I can say I almost never need windows because Linux does it all for me. I am NOT a gamer, which is the one windows specific need.
     
  11. KindaParanoid21

    KindaParanoid21 Registered Member

    Joined:
    Jun 21, 2014
    Posts:
    46
    @Peter2150 - Yeah that's one of the first options to go for, giving you a bit more control. The problem is, the security updates especially, all more or less say the same thing in the Windows explanation section of the update menu. Do you go through each one, as in research?

    @pandorax - Yep, hell of a learning curve but necessary if I'm ready to make the move!

    @mirimir - Well it's the assimilatory nature of 10 into 7. If they can do that, what can't they do? And have probably been doing it for years now as well. That's where the contradictory nature of my approach toward this, another nod toward my UN. To the tinfoil hat types I'm not accepted as one of their own because I'm too lazy, yet to the lazy out there I'm way too hyper about this stuff. (I've had conversations with people both on the net and IRL and have been told as much!)

    Jessie is completely unknown to me so time for some research, but sounds interesting from what you guys are saying. Also checked out ReactOS and far more Windows like then what I've seen thus far!

    @MisterB - Great stuff as I like to say! See I wonder if these are things I should have been looking into all this time... But the anti TF in me, and what I've read from others, especially on the W10 boards, is that MS isn't necessarily swiping data, apps, or active information related to your time spent on websites, just telemetry related to this and that. I'm willing to live with some of that, so long as I do so in a safe enough environment like W7 USE TO BE! (Caps for emphasis)

    I don't know, I might not be communicating the best way to be clear, but hopefully enough to not sound confusing. With that said, I finally gave GWX Control Panel a try and found it thorough enough.

    However I'm curious if anyone else has used it. Naturally I checked WU and I've got a whole mess of updates waiting download and installation, so of course I'm a bit cautious. So my next question is, does GWX completely remove the W10 telemetry related updates from the update list once you use it? Even if it does, I take it from this point forward, I can't really trust that a new batch won't have updates related to these issues?

    Which brings me to the whole turning off updates completely and going through some of the options \ group policy edits y'all have suggested... Among other precautions as well. Either way I do appreciate all this help, hope some rookies \ noobs find this information useful as well!
     
  12. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    I find 90% of what I do in Windows can be done as well or better in Linux. It is the remaining 10% that is a problem. My latest glitch has been a printer driver. My print jobs generate income for me so it is not trivial. So I had to print a shipping label with Windows. Not something that couldn't be overcome with a VM having access to a USB port but I didn't have time to sort that out. Not that big an issue overall because it has to do with my own choice of printers and it wouldn't surprise me if Windows dropped support for my printer. This is an Xp era business printer that has a dirt cheap per page cost and can handle anything from postcards to posters. The best long term solution to keep using it is to virtualize one of the Windows systems I use for it. The Linux host can compensate for any Security weaknesses of a no longer supported Windows system. Not to mention the ease of restoring snapshots if something did get messed up.
     
  13. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I am quite lucky in that Debian supports my printer virtually as well as the factory install disk for windows users. Even print levels, etc....
     
  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Hi KP21

    Yes, I do click each link to see what it is. Once the browser is open it goes quick. I may get to the point I just plain stop with the updates. With the security setup I run, I really am not to worried.

    Unforunately much as I might want to linux just won't work at all for me.
     
  15. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    Truly I find Linux more than 10x more efficient than W7. I spend +-3hrs every week updating separate security & non-security programs. Sometimes 4hrs or more.

    Depending on the Distro in Linux I check the repository or am notified of ALL updates. Takes ~15 minutes per week.

    Why am I not running Linux 100% of the time? My shameful secret is I like being hypnotized, distracted, complaining, discussing program updates, visiting MajorGeeks main page, hanging out at Wilders & moaning about M$. I bet I'm not the only one. I dare someone someone else to admit the same! Come on admit it!
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I was on the edge for a while about 6-7 years ago, when I finally moved from Win XP to Win 7. I needed Windows to run Access, Excel and Word for work. But I moved everything at all sensitive to Ubuntu, and started using VPN services and Tor. Initially, I ran Ubuntu VMs in VWware Player and VirtualBox in Windows. But when I got a new work box, I installed Ubuntu on the old one, and started playing with VirtualBox.
    I recommend starting with a Debian jessie VM in VirtualBox in Win 7 host. You can get by with just GUI apps. But pretty soon you'll want to start learning shell commands. Once you're comfortable, you can switch to Debian host with Win 7 etc VMs. That's more secure, because the host OS can always see what VMs are doing, but not vice versa.
     
  17. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Yep, that was me too until about 3 days ago when I decided I'd had enough MS and Win, period. It's linux for me all the way now... :)
     
  18. KindaParanoid21

    KindaParanoid21 Registered Member

    Joined:
    Jun 21, 2014
    Posts:
    46
    Okay mods, with future apologies for running around headless with this whole topic (and for the redundancy of my recent posts!) here's a round up of what I think will be helpful for those curious and kinda paranoid like myself.

    - Run this edit from the group policy editor from this link...
    https://www.maketecheasier.com/stop...letter&utm_medium=email&utm_campaign=21092015

    - Run @MisterX's script form this link...
    https://www.wilderssecurity.com/threads/bork-tuesday-any-problems-yet.370217/page-58

    - Run the GWX control panel from this link...
    http://ultimateoutsider.com/downloads/

    And FINALLY, keep updates ticked so you choose when where how and who to DL and install them and bam, you should be safe!?!
     
  19. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    1,768
    Location:
    Mexico
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
  21. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    108
  22. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Resistance really is futile, unless you dump it and start over with NO windows. Its amazing how hard folks are trying to hold on to 7 and trying to prevent the jump to 10. The same sinister "black magic" going on with 10 can and does easily happen on the 7 platform too. I have one machine running one single partition with 10 Pro on it. Its FDE only to keep it OFF when I am using the machine from other partitions and I want Windows to leave me alone. I am tempted to blow it away but I guess the 100 Gig isn't really bothering me as long as I can keep it locked with FDE most of the time.
     
  23. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    I guess the W7 eula & people's apathy allows this. It's aggro. But I made another system image today Monday December 7th before tomorrows D-Day. Hoping beyond hope that this'll stop.
     
  24. KindaParanoid21

    KindaParanoid21 Registered Member

    Joined:
    Jun 21, 2014
    Posts:
    46
    @Mister X - Looks like they're not going to quit are they?

    @Peter2150 - Logical, but you have to wonder how far they'll go in hiding this upgrade or other telemetry related updates behind the veil of security.

    Anyway, would love some thoughts on my strategy from above! Thanks guys
     
  25. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    I'm thinking far more along the lines of running Windows in a no-network VM. It's a bit awkward because of all the activation stuff, but not impossible, and works fine if you're not gaming.

    Problem is that, apart from Linux, all the other operating systems are becoming cloud ones, for data mining purposes - MS are only joining in.
     
Loading...