What does HackerNews think of simplewall?
Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.
Unless they deliberately coded it in like
if OS=Win7/Win8 ; then Crash ; else Run
---------
Now to your point.
It is absolutely possible to run Windows 7 reasonably securely.
Well..., depends on your usecase.
But the way in which I keep it secure might be a little cumbersome to some.
My router runs PFSense with Suricata, and I encrypt my DNS traffic.
I run a combination of Peerblock(while no longer maintained, it works splendidly in whitelist mode)[1], and Simplewall Firewall[2].
I run a combination of uMatrix(which again, while no longer maintained, it works great in whitelist mode)[3], and NoScript[4] on my Firefox web browser which I run inside Sandboxie[5].
There are also various services that are insecure and must be turned off - UPnP, Print Spooler, RDP etc.
I run mostly FOSS software. The few proprietary closed source software(Games, Sublime Text) that I do run, I run them in SandBoxie or QEMU.
Here are my reasons for not upgrading:
I've modified my `UXTheme.dll` to significantly change my "Desktop Environment" to suit my workflow, and I've heard from people I know to be credible, that latter Windows versions(8 onwards) break system UI modifications when they update, and they don't work quite as well afterward. My modified Win7 UI is way too important to my workflow.
Python have stopped releasing binaries for Win7 after 3.8.10[6] but I'm okay with it. If I do need the newer Python versions for something, I'll just use my Linux Desktop or run Linux in a virtual machine for a Python quickie.
Windows 7 is extremely stable. While not as stable as Linux, I often have uptimes of over 350 days, before a BSOD, by which point I can foresee a crash coming and reboot.
To lean into your metaphor, Microsoft is now shipping operating systems with "open windows" everywhere(way more open windows than my "insecure" Windows 7 has), and we, as users, are having to rebuild the ISOs they release, to make them more "privacy friendly"(yes I'm aware of the difference between privacy and security but they're really interchangeable here), and even then, we're having to use 3rd party "de-bloaters" and Batch/Powershell scripts off of Github, just so the majority of those proverbial windows are closed back up again. This really shouldn't have to be the case, but it is. Microsoft have decided that they would rather their bread be buttered by advertisers than by the actual users of their software.
With Windows 7, I know there's an open window that I can't shut, but I have an electrified fence surrounding my compound, with security cameras and loaded turrets pointed towards that open window and other open windows in my house. I know where Windows 7's security limitations are, and I can mitigate against that, elsewhere. But I will admit, I don't go around recommending laypeople to use Windows 7 though, as the barrier to securing it is high. Even after securing it, the user has to be careful.
In my humble opinion, Windows 7 was the last true Microsoft Operating System. It simply does what is asked of it, and moves out of the way. All Microsoft need have done was support Powershell, DirectX, give Win7 a "security updates as a service" business model(which I would've gladly paid for), and make WSL for it(Cygwin is excellent but WSL would be nicer). I know there is 0Patch, a 3rd party company who sell security updates for Windows 7, but I would've appreciated official Microsoft security updates. I would switch to Linux, if there was a robust equivalent to Autohotkey on Linux, and the games I want to run, worked on it.
So yeah, I still run Windows 7. I can't see myself ever upgrading to another Microsoft OS, ever again. And I am, and I cannot emphasize this enough, exceedingly happy with it.
[1] https://www.peerblock.com/
[2] https://github.com/henrypp/simplewall
My data isn’t up for grabs for profiteering/aggregating/snooping on, sorry.
EDIT: Your comment made me curious so I will do more due diligence and return with an update.
EDIT2: So after not that much investigation--mostly just rereading what's shown on their project page (https://github.com/henrypp/simplewall) -- it confirms my belief that this adequately shields me from any and all networks without my knowledge or consent. In my opinion, it's kind of dystopian that The Industry basically operates on the assumption that most people will in fact just not care, but maybe more would care if it was presented as more of a choice than a concession.
Like, I don't mind sharing for the purpose of analytics. I read through privacy policies (is this being an adult?) kind of frequently these days, and as much as I hate to say it, Apple is still probably what I consider the poster child for big tech data privacy, they are doing the absolute bare minimum by clearly and plainly disclosing what data is used for what and how, and it allows my mind some rest.
EDIT3: Proof shown here https://github.com/henrypp/simplewall/issues/980
[0] binisoft.org/wfc
I also use my mobile hotspot due to my current living situation, so when gaming, network activity can be detrimental. Now I use simplewall by henry++ [0] to block all network activity (whitelist) - and my god it just works amazingly well. Can't recommend it enough. Easily blocks updates too, and even blocks edge, live.com, and linkedin, which I really don't care for!
> Simple tool to configure Windows Filtering Platform (WFP)
So much better than anything else I tested. Easy to import/export rules (XML) and there's also portable mode and advanced options (that goes beyond the simple UI you can see in the image).
I also use Tinywall in my work pc. I don't tink it does anything else besides checking for updates. But you can remove it from exception in the options, open windows firewall from control panel and clear see that Tinywall is not allowed to connect in the rules.