The Windows 7 operating system is reaching end of support. Microsoft will soon begin displaying a warning on your computers that still run this OS:

I strongly recommend that you replace your Windows 7 PCs. Older PCs should be recycled, newer Win 7 PCs can be upgraded to Windows 10. But if, for whatever reason, you must keep using Windows 7, here are a few must-dos. These are good practice for anyone, but as a vulnerable target, they are particularly important when you are using Windows 7.

Here is the condensed version:

  • Don’t click links or open attachments in emails
  • Examine all search results very carefully before clicking
  • Run up-to-date security software that includes Internet protection

Most attacks on Windows 7 PCs will come via email or hacked web sites. So treat your inbox like a minefield, and your searches like a covert operation.

Windows 7 and Email

No matter how safe an email appears to be, you must not click any links or open any attachments until you are absolutely certain that the email is genuine. Every link and every attachment must be suspect. You cannot go by appearance — the attacks can look identical to a legitimate message from your bank, a shipping company, or a friend from your address book.

You can evaluate links, buttons and clickable images in an email by pointing at them without clicking. Most email clients will show a tool-tip or hint somewhere on screen that displays the actual content of the link. (Go ahead and try it with the links in the sidebar to the right. Remember, point, but don’t click.)

Using my bank as an example, let’s say I receive an email that tells me to check my account, with a link to First National Bank. If I then hover my mouse pointer on the link, a tip will pop up showing where the link will actually take you. If it’s genuinely First National, the link should look like this: https://fnbo.com/somepage… The fnbo.com part is the bank’s actual domain name. If the link is to anywhere else, like https://someotherplace.ru/…, you know it is a malicious email.

Windows 7 and the Web

When using a web search page, be extremely careful where you click! Don’t just look at the big bold titles of search results — just as with email links, check the URL (usually shown below the title.) It should have a believable domain name in it, related to what the title shows. Be wary of links that don’t end in .com, .net or .org. They may be legit, but country-code domains (.ru, .cn, .br, etc) are sometimes used for malicious purposes.

Sometimes you hear or are given a web address to visit. It may be a radio ad or billboard, or a friendly recommendation–“Hey, you should check out example.com!” When you already know where you want to go, do not type the address into a search box. This is almost guaranteed to return imposters and look-alikes. Instead, use the address bar at the very top of your browser window to enter URLs.

This image has an empty alt attribute; its file name is ksnip_20200110.png

Windows 7 and Security (AV) software

It goes without saying, but I will stress it anyway–a good security program like Bitdefender, ESET or Sophos is absolutely necessary on your Windows 7 PCs after Microsoft support ends. It must be the latest version, with an active subscription and up-to-date threat data. You need the most effective defense you can have on a vulnerable system.

The best option is still to not use Windows 7 anymore. But the real world sometimes overrules best practices for a variety of reasons. If you must keep using Windows 7, please follow these recommendations to stay as safe as you can.