No... This is separate and being called 'File Explorer AI Actions' -- and on the surface of it looks like innocuous Send To shell extensions -- but it's Microsoft's Marketing looking for ways to record, process, and monetize everything you do -- where AI is the new telemetry...
A lot of good ideas there. If I never download a driver, does that improve my safety? I'm not seeking out danger - my only security risk comes from commercial websites that have been surreptitiously hacked and are harboring trojans. If I suffer a Win 7 Ring-0 exploit, then will I get a secure-boot warning? It sounds like the Ring-0 risk is theoretically lower with Win 10 & 11. Except virtualizing them might eliminate such advantage? I'm not sure whether or not you're saying there's no benefit to enabling encryption in Win 7? It seems like you're saying it doesn't provide a guarantee. It seems you may (or may not) be implying that enabling encryption in Win 10 or 11 could provide greater benefits? But still not a guarantee. I'll continue studying these ideas, and try to figure out if I can come up with a user-friendly containerization strategy built on another OS or Ventoy. My original rationale for relying on the security provided by everyday use of Win 7's system restore is that it's been working, and it's quick and easy. What I gather from your comments is that my op sec protocol is likely to continue working well, but does not provide me with any guarantees. I can live with that, out of necessity, until I have enough knowledge to do something more sophisticated.
Well, only Windows 7 32bit does. Windows 7 64bit requires signed kernel drivers. The problem is rather, for ESU-unpatched Windows 7 and old software kernel drivers, that the kernel signing bases on the utterly defeated SHA1 algorithm. ESU added SHA2.