Making a Windows 7 laptop "safe"

I have a Dell Lattitude E7440 that is all the computer I will need for a long time. I basically use Chrome, Thunderbird (email) and OpenOffice for spreadsheets.
I need a new battery which looks to be $50 investment.
I do banking so I need it to be safe.
Any suggestions?

What is “safe”?

Malwarebytes is usually a couple of dollars per month.

I have one laptop with Qubes OS installed on it, and various virtual machines on it (including Windows 7) isolated from each other. So you could keep your email/browsing/gaming and your banking separate, for example.

Win7 is now past support.


So any security faults it has will never be fixed. it’s just a matter of time before you get pwned.

The less you do on that computer the better off you’ll be.

But every email, or especially email attachment, is an attack vector. Every website displaying an advertisement (i.e all of them) is a source for malware.

If you’re knowledgeable enough to be careful enough, you’ll probably be safe enough. But you won’t be “safe”. Nobody is “safe” online.

To follow up what LSLGuy said: We have a couple of computers at work that must keep Windows 7 on them to continue running a legacy laboratory program just a few months longer. There’s no way in hell our outside IT support or outside quality-control auditors will allow those computers to have internet access.

I have that model computer here that I use occasionally. It can run Windows 10 and it will probably be more secure if you are able to upgrade to it.

If you’re wedded to Windows 7, then the main solution for individual users is to subscribe to the paid version of 0patch, which is 23 Euro a year, so around $25. They’re currently keeping Windows 7 up to date with their micropatches that fix small problems, using both stuff from Windows 10 and the business-only extended updates.

That said, Dell supports Windows 10 on your computer, and the upgrade is still free. The main downside is just putting up with the updates–but this is less of a problem if you actually have “quiet hours” where you’ve shut down all your programs and just leave your computer on (plugged in, of course) so it can update (and restart).

There still are more potential headaches with the upgrade, since the updates are not tested as well, and Microsoft will move you to the latest Windows 10 when you get close to the end of support for the previous version, instead of the previous, more stable version (but you can mitigate this). But it’s free, and you’ll never have to worry about your online programs (Chrome especially) dropping support for the latest Windows.

Just how safe do you want to be?

Windows 7:

  • Get every last possible update on it.

Browser:

  • Don’t visit websites you don’t trust.
  • Do keep a script blocker set to a strict whitelist as well, Just In Case.
  • If you’re really paranoid, don’t load images off websites either.

Network:

  • Get a router, and lock all ports down except the SMTP and HTTP/HTTPS protocols. **
  • Be sure to change the admin account password on the router too.
  • Turn off UDP and NAT punchthrough on your router.
  • For thorough overkill, also install a third-party firewall, set as strict as you can.

Software:

  • Just don’t run anything you don’t thoroughly know.
  • Keep a trusted third-party antivirus program on your computer and give it complete, thorough, free rein.
  • Scan your computer on a regular basis.
  • Keep that antviral updated. (Note: Based on your router and/or firewall settings, this may prove challenging. You may need to open some few extra ports, depending on the antiviral.)
  • Maybe actually consider running two antivirals, one that just runs on demand, to ensure the first antiviral isn’t infected.

Email:

  • Don’t open any e-mail from anybody you don’t know or trust.
  • Don’t open any attachment, even if it’s from somebody you trust, until you’ve thoroughly scanned it for viruses.

Hardware:

  • Ensure all forms of autorun are turned off.
  • Just in case, hold down shift while inserting USB keys, etc. It manually overrides autorun, even if it’s off.

Now, this is an utterly paranoid set of rules, but it will keep your old computer snug and safe. You can maybe loosen up on this paranoia as needs dictate. Most of these rules (don’t run unknown software, don’t go to unknown websites, don’t open unscanned attachments) will likely knock off 90+% of your potential infection vectors.

I’m in a similar situation, in that I have a really elderly scanner that only has Windows XP drivers. I have a dedicated XP laptop just for the scanner. It stays off the network, and it only scans, and everything is fine.

win-7 … if the choice was mine … i’d yank out the internet connection … install some children’s games from disk … and give the computer to the grand-kids. imo … win-7 should not connect to internet.

then, i’d purchase a cheap, new, win-10 computer (4gb ram) … and make sure the os is always updated. as for thunderbird and open-office/libre and banking … you should never use same user-id and same password. so, this necessitates using a password manager … think chrome browser probably integrates one. windows-defender and malwarebytes (free) might provide enough security … that’s your call. you might also consider also using ad-blocker.

and, as a friendly reminder … never click on email links … no matter how legitimate the emails appear.

I hate to be “that guy” but the OP’s needs could easily be met with one of the Linux distributions that is reasonably similar to Windows, Linux Lite or Kubuntu (etc)

Pro: more secure than Windows 7 * (but not a silver bullet) and will perform well on the hardware and so will the automated updates. All the OP’s preferred software (Chromium substituted for Chrome) will work fine. The OP can try it out using a USB bootable OS and/or dual boot until comfortable.

Con: the two I mentioned are sort-of-like Windows, but there’s still going to be a learning curve. Linux UI historically sucks somewhat. Also - and inevitably - the OP is going to need basic terminal/console commands… which is pretty scary for a novice.

  • part of “security” in the Linux world is security by obscurity: while each distro may have known exploits it is just not worthwhile to craft an exploit that, say, targets Mint : there may be a few million Mint users but their collective value is way less than several hundred million Windows 7 users. Plus an attack vector that works for Mint might not work for the closely related Kubuntu, it is just too much hard work for Jo Average hacker to “support” all the variations.

The support for Windows 7 will end soonly but I can recommend 360 anti virus for free. It is really secure, it doesn t consume so much RAM

“GNU”-me want to know how to run win7 after end of support?