No... This is separate and being called 'File Explorer AI Actions' -- and on the surface of it looks like innocuous Send To shell extensions -- but it's Microsoft's Marketing looking for ways to record, process, and monetize everything you do -- where AI is the new telemetry...
A lot of good ideas there. If I never download a driver, does that improve my safety? I'm not seeking out danger - my only security risk comes from commercial websites that have been surreptitiously hacked and are harboring trojans. If I suffer a Win 7 Ring-0 exploit, then will I get a secure-boot warning? It sounds like the Ring-0 risk is theoretically lower with Win 10 & 11. Except virtualizing them might eliminate such advantage? I'm not sure whether or not you're saying there's no benefit to enabling encryption in Win 7? It seems like you're saying it doesn't provide a guarantee. It seems you may (or may not) be implying that enabling encryption in Win 10 or 11 could provide greater benefits? But still not a guarantee. I'll continue studying these ideas, and try to figure out if I can come up with a user-friendly containerization strategy built on another OS or Ventoy. My original rationale for relying on the security provided by everyday use of Win 7's system restore is that it's been working, and it's quick and easy. What I gather from your comments is that my op sec protocol is likely to continue working well, but does not provide me with any guarantees. I can live with that, out of necessity, until I have enough knowledge to do something more sophisticated.
Well, only Windows 7 32bit does. Windows 7 64bit requires signed kernel drivers. The problem is rather, for ESU-unpatched Windows 7 and old software kernel drivers, that the kernel signing bases on the utterly defeated SHA1 algorithm. ESU added SHA2.
Ah, thanks. Combining the last two posts, it sounds like ESU-patched 64bit use of signed kernel drivers makes it a more secure host, like 10 & 11. It's a bit too extreme to equate the lack of a guarantee with "unsound." I know I've encountered commercial sites that were hacked. My unsound approach worked on those occasions. The lack of a guarantee doesn't invalidate playing the odds. If I don't have to work during the year-end holiday season, then I'll use that time to try to figure out how cumbersome a more secure approach will be. The unsecure approach of Microsoft has the advantage of 30 years of aggressive marketing, exclusionary business tactics, resulting ubiquity. Most of us are accustomed to Windows, so switching to a more secure approach requires an investment of time. Then there are questions about needs and competing uses of time . . .
Well, beware. It's secure (in this regard) only if the kernel driver in question has also been updated to use SHA2. Old ones still use SHA1. There are, of course, more construction sites. All in all, you need a lot more intrinsic OS knowledge and dedication to run Windows 7 safely, these days. You just managed to catch one before it got shot. The forums are full with the corpses of deleted topics like this, even if you can't see them.
Thanks guys. Hopefully system restore will work in a Lite Win 11, and then I won't have to rely on 7 anymore. But I suspect Microsoft is against relying on system restore. So I expect playing around with 11 ultimately to be disappointing, but I'll give it a try via virtualization. Are you sure that hacks against the hyperviser won't be reversed out by the host's system restore? I would take a nuanced interpretation of this. They're not hunting me. They're hunting everyone, which means they're focused on the average user. That's why historically there have been fewer exploits against Mac and Linux. However, with AI, I think we're going to see more exploits deployed against Mac and Linux going forward, so they won't retain their historic advantage of not being widely used.
Right. So, why should I assume that Windows 11 is any more secure than a well-maintained (and I mean it) Windows 7. In my opinion, with the kind of preferred "features" MS likes to shine these days (mostly eye candy), Windows 11 is just lipstick on a pig. Plus, with the AI stuff added, it will become even more complex and much more vulnerable, guess in what context the AI sh*t will run in.
The word from a previous coworker and acquaintance that used to work there (left in May) -- is that everything is run by Marketing now; Developers used to be cherished at Microsoft, now they're treated as pariahs and and shown the door ASAP. The things you describe and 'File Explorer AI Actions' specifically is my line in the sand (part of the reason for starting this thread) and not arbitrarily... Microsoft telemetry and AI integration to scrape and concatenate all your data for sharing with their 'partners' like Palantir and Blackrock is ugly. When there are no performance counters or any means to see, throttle or stop this crap even with an Administrative account -- is my limit. Satya Nadella, Alex Carp and Larry Fink publically getting giddy, literally air-humping and bragging about their civil Panopticon is more than just a little too Brave New World for me... That it's being rolled out so fast, cheap, dirty, and conspicuously -- suggests they don't want to invest a lot in what could be redressed legally (and hopefully will be)... In the meantime: Intellegere quid agatur! Caveat emptor...
Thanks guys. You've convinced me that I should be getting into alternatives as soon as possible. Work has been crazy. Hopefully I don't get hacked b4 I have a chance to learn about containerization. It seems that Steve Ballmer might have been on to something with his Developers' dance
You're obviously a thinker and a planner, more so than most, and even though it may be new territory -- there are lots of helpful people that have made it their passion just like here on MDL. There are also a lot of different approaches to secure and harden what you do -- and some are very simple, like just 'air-gap' everything that you don't want exposed to hell and high water, don't use that system for anything but your important stuff -- and no playing with anything on that system but added security measures. This is not trivial stuff anymore the entire government infrastructure of St. Paul, Minnesota (USA) was recently hacked, across multiple departments of Government, multiple systems, and I bet you can guess which OS was penetrated first to get to the others... Granted there's more incentive for hacking big entities, but there's also more risk and consequences. With massive server farms sweeping everyone and everything for vulnerabilities -- you and I are the softest targets... I think you are right, he was generally well liked their when he was CEO -- also as far as the Consumer goes, 'The Ballmer Years' were pretty much 'Peak Microsoft'... For nostalgic me, the slide into the dystopian thing Microsoft has become -- is sad...
ankhtech and windowsxlite also have various builds/emergency OS/winpe types to try win 10, 11, ltsc but they are mostly modified frankensteiners
Thanks again for the heads up guys. Since you've gotten me interested, I found several virtualization exploits documented in 2025. That means a version that works in a Win 7 host won't be patched for the latest exploits. I guess Win 7 will remain my daily driver, and my use of virtualization will be limited to trusted applications that require a newer O/S. I'm sort of wishing that a lite version of 11 might have a reliable version of system restore, but it probably won't.
Those are some key technical advantages that are practical. I was probably worried too much about the theoretical vulnerability of Linux, without considering your secure use case, which is a safer version of what I had been pondering.