|
Realizing that Microsoft is threatening stoping support for Windows 10 this year, I am thinking about biting the bullet and getting it over with and starting the learning and mental adaptation to it.
I am looking for advice from those who have already gone down this path, and opinions as well.
For our Gurus, your advice and recommendations would be greatly appreciated.
I admit some concerns about trying an "upgrade in place" as opposed to a fresh install.
I am also considering a newer desktop, though according to Dell and Microsoft, the current machine should be adequate for my needs.
Your advice is appreciated.
Thanks and 73 de Dave, W5SV
|
On 09/04/2025 11:10 am, David Reed via
groups.io wrote:
I admit
some concerns about trying an "upgrade in place" as opposed to a
fresh install.
My advice is to do a fresh install. With an
upgrade of an old Win10 install you will likely be bringing across
years worth of garbage data/files.
I never perform upgrades, always fresh installs on my personal PCs
and in my corporate IT capacity (30+ years of IT support).
de Laurie VK3AMA
(JTAlert author)
|
I did it some time ago. Bought a new computer and transferred DXLab to it. Win 11 itself is no issue. You will see little change other that where the start menu is located. Follow Dave's instructions to the letter on transferring DXLAB. The only problem I m had was skipping one step - all my doing.
Go for it.
I gather Microsoft has surrendered and will allow computers that previously could not be upgraded to do so. When that happens I am not sure. Someone on here will likely know that answer.
73, Don AD0K?
Realizing that Microsoft is threatening stoping support for Windows 10
this year, I am thinking about biting the bullet and getting it over
with and starting the learning and mental adaptation to it.
I am looking for advice from those who have already gone down this path,
and opinions as well.
For our Gurus, your advice and recommendations would be greatly appreciated.
I admit some concerns about trying an "upgrade in place" as opposed to a
fresh install.
I am also considering a newer desktop, though according to Dell and
Microsoft, the current machine should be adequate for my needs.
Your advice is appreciated.
Thanks and 73 de Dave, W5SV
|
+ AA6YQ comments belo-w
My advice is to do a fresh install. With an upgrade of an old Win10 install you will likely be bringing across years worth of garbage data/files.
+ I agree with Laurie ? ? ? 73, ? ? ? ? ? ?Dave, AA6YQ
|
I HAVE A VERY NICE BUT OLD HP PC THAT IS w10. I TRIE TO UPGRADE AD OF COURSE IT MIS ISSIG THE HARDWARE THA Microsoft has demanded. How do I get around this? It is really a rotten thing to have to throw away a perfectly good machine. Talk about recycle wishes. !!! ? Outlook LT Gil W0MN Hierro Candente Batir de Repente 44.08226 N 92.51265 W EN34rb ? ?
toggle quoted message
Show quoted text
From: [email protected] <[email protected]> On Behalf Of Inbody, Don via groups.io
Sent: Tuesday, April 8, 2025 9:48 PM
To: [email protected]
Subject: Re: [DXLab] Considering upgrading to Windows 11? I did it some time ago. Bought a new computer and transferred DXLab to it. Win 11 itself is no issue. You will see little change other that where the start menu is located. Follow Dave's instructions to the letter on transferring DXLAB. The only problem I m had was skipping one step - all my doing. I gather Microsoft has surrendered and will allow computers that previously could not be upgraded to do so. When that happens I am not sure. Someone on here will likely know that answer. ? Realizing that Microsoft is threatening stoping support for Windows 10
this year, I am thinking about biting the bullet and getting it over
with and starting the learning and mental adaptation to it.
I am looking for advice from those who have already gone down this path,
and opinions as well.
For our Gurus, your advice and recommendations would be greatly appreciated.
I admit some concerns about trying an "upgrade in place" as opposed to a
fresh install.
I am also considering a newer desktop, though according to Dell and
Microsoft, the current machine should be adequate for my needs.
Your advice is appreciated.
Thanks and 73 de Dave, W5SV
-- W0MN EN34rb 44.08226 N 92.51265 W
Hierro candente, batir de repente
HP Laptop
|
Among other results from a Google search for "Windows 11 without TPM"
is this one:
<>
There are also many other links/hacks although Microsoft have been
closing some of those exploits.
However, given the significant number of mini pc systems with
significant CPU/RAM/SSD capability that run Windows 11 for under
$500 (at least pre tariffs), I don't know that I would rely on
10 year old technology for my primary system (I may try the
bypass on a 10+ year old laptop with an I7-4xxx CPU and no TPM
just to have a Win11 laptop in case I need something on the go).
73,
... Joe, W4TV
toggle quoted message
Show quoted text
On 2025-04-09 9:24 AM, Gilbert Baron W0MN via groups.io wrote: I HAVE A VERY NICE BUT OLD HP PC THAT IS w10. I TRIE TO UPGRADE AD OF COURSE IT MIS ISSIG THE HARDWARE THA Microsoft has demanded. How do I get around this? It is really a rotten thing to have to throw away a perfectly good machine. Talk about recycle wishes. !!!
Outlook LT Gil W0MN
Hierro Candente Batir de Repente
44.08226 N 92.51265 W EN34rb
From: [email protected] <[email protected]> On Behalf Of Inbody, Don via groups.io
Sent: Tuesday, April 8, 2025 9:48 PM
To: [email protected]
Subject: Re: [DXLab] Considering upgrading to Windows 11
I did it some time ago. Bought a new computer and transferred DXLab to it. Win 11 itself is no issue. You will see little change other that where the start menu is located. Follow Dave's instructions to the letter on transferring DXLAB. The only problem I m had was skipping one step - all my doing.
Go for it.
I gather Microsoft has surrendered and will allow computers that previously could not be upgraded to do so. When that happens I am not sure. Someone on here will likely know that answer.
73, Don AD0K
Don Inbody
Buda, Texas
On Tue, Apr 8, 2025, 20:10 David Reed via groups.io <> <w5sv.dave@... <mailto:[email protected]> > wrote:
Realizing that Microsoft is threatening stoping support for Windows 10
this year, I am thinking about biting the bullet and getting it over
with and starting the learning and mental adaptation to it.
I am looking for advice from those who have already gone down this path,
and opinions as well.
For our Gurus, your advice and recommendations would be greatly appreciated.
I admit some concerns about trying an "upgrade in place" as opposed to a
fresh install.
I am also considering a newer desktop, though according to Dell and
Microsoft, the current machine should be adequate for my needs.
Your advice is appreciated.
Thanks and 73 de Dave, W5SV
|
From that page, I've tried "How to Bypass Windows 11's TPM Requirement Using Rufus"
on a laptop with an i7-4700mq CPU and a v1.2 TPM. It seemed to work fine. I have it on
a spare hard drive and haven't decided whether to make it permanent yet.
73, Mike - W1MI
toggle quoted message
Show quoted text
-----Original Message----- From: [email protected] [mailto: [email protected]] On Behalf Of Joe Subich, W4TV Sent: Wednesday, April 9, 2025 9:54 AM To: [email protected]Subject: Re: [DXLab] Considering upgrading to Windows 11 Among other results from a Google search for "Windows 11 without TPM" is this one: <> There are also many other links/hacks although Microsoft have been closing some of those exploits. However, given the significant number of mini pc systems with significant CPU/RAM/SSD capability that run Windows 11 for under $500 (at least pre tariffs), I don't know that I would rely on 10 year old technology for my primary system (I may try the bypass on a 10+ year old laptop with an I7-4xxx CPU and no TPM just to have a Win11 laptop in case I need something on the go). 73, ... Joe, W4TV
|
I hate to risk the security exploits and I hate to throw away a perfectly working set of hardware. OTOH at my age (86) I am not sure I want to start learning Linux since I really would need to learn a lot of new apps too. Maybe I will just keep the machine with W10 as long as I can and just use for word processing, photos, email, and etc.
Sad but asi es la vida I guess.
Outlook LT Gil W0MN
Hierro Candente Batir de Repente
44.08226 N 92.51265 W EN34rb
toggle quoted message
Show quoted text
-----Original Message----- From: [email protected] < [email protected]> On Behalf Of Mike - W1MI via groups.io Sent: Wednesday, April 9, 2025 10:56 AM To: [email protected]Subject: Re: [DXLab] Considering upgrading to Windows 11 From that page, I've tried "How to Bypass Windows 11's TPM Requirement Using Rufus" on a laptop with an i7-4700mq CPU and a v1.2 TPM. It seemed to work fine. I have it on a spare hard drive and haven't decided whether to make it permanent yet. 73, Mike - W1MI -----Original Message----- From: [email protected] [mailto: [email protected]] On Behalf Of Joe Subich, W4TV Sent: Wednesday, April 9, 2025 9:54 AM To: [email protected]Subject: Re: [DXLab] Considering upgrading to Windows 11 Among other results from a Google search for "Windows 11 without TPM" is this one: <> There are also many other links/hacks although Microsoft have been closing some of those exploits. However, given the significant number of mini pc systems with significant CPU/RAM/SSD capability that run Windows 11 for under $500 (at least pre tariffs), I don't know that I would rely on 10 year old technology for my primary system (I may try the bypass on a 10+ year old laptop with an I7-4xxx CPU and no TPM just to have a Win11 laptop in case I need something on the go). 73, ... Joe, W4TV -- W0MN EN34rb 44.08226 N 92.51265 W Hierro candente, batir de repente HP Laptop
|
To continue running Windows 10 after Microsoft drops support,
1. don't use the system to maintain financial information, or any information that could facilitate identify theft
2. use a quality router with a bult-in firewall, and close all unnecessary ports
3. use a secure DNS, e.g. CloudFlare's free 1.1.1.1
https://www.cloudflare.com/learning/dns/what-is-1.1.1.1/
4. maintain an up-to-date version of MalwareBytes, and direct it to scan for malware once each week?
Detailed recommendations from Perplexity are appended below
? ? ? ?73,
? ? ? ? ? ? Dave, AA6YQ
**Security Precautions for Unsupported Windows 10 PCs**
?
**1. Use a Robust Anti-Malware Solution** ?
Install a reputable third-party antivirus with active updates (e.g., Malwarebytes, Kaspersky) to compensate for the lack of Microsoft security patches. **Microsoft Defender will no longer receive updates after October 14, 2025**, leaving inherent vulnerabilities unpatched[2][4]. Avoid running multiple antivirus programs simultaneously to prevent system instability[3].
?
**2. Enable Advanced Browser Protections** ?
Use browsers like **Firefox** or **Microsoft Edge** with strict pop-up blockers, ad-blockers (e.g., uBlock Origin), and enable **SmartScreen** to block malicious sites[3]. Avoid downloading untrusted files or opening suspicious email attachments[3].
?
**3. Apply Third-Party Security Patches** ?
Services like **0patch** offer micro-patches for critical vulnerabilities. The free tier covers some 0-day exploits, while the Pro plan ($24.95/year per PC) provides comprehensive coverage[4]. This is essential for mitigating unpatched Windows vulnerabilities.
?
**4. Minimize Attack Surface** ?
- **Disable unnecessary services/ports** - seen report appended below
- **Use a standard (non-admin) account** for daily tasks to limit malware privileges[3]. ?
- **Enable Tamper Protection** in Windows Security to prevent unauthorized changes to security settings[3].
?
**5. Network-Level Protections** ?
- **Use a firewall** (hardware or software) to restrict inbound/outbound traffic. ?
- **Route traffic through a secure DNS** (e.g., Cloudflare 1.1.1.1) to block malicious domains. ?
- **Consider isolating the PC** from critical network devices using VLANs or a separate physical network.
?
**Critical Reminder:** ?
Unsupported systems remain vulnerable to **zero-day exploits** and targeted attacks. Use this PC only for non-sensitive tasks, and avoid storing critical data or accessing financial accounts from it[2][4].
Citations:
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
?
**Ports to Consider Closing in Windows 10 for Enhanced Security**
**Critical Ports to Block** ?
- **Ports 135-139, 445**: Associated with SMB (Server Message Block) and NetBIOS, historically targeted for exploits like EternalBlue. **Disable SMBv1** first via "Turn Windows Features On/Off," then block these ports if no network sharing or printing is needed[4][5]. ?
- **Port 3389**: Used for Remote Desktop Protocol (RDP). Block inbound connections unless remote access is explicitly required[4][7]. ?
- **Ports 1433/1434**: Used by Microsoft SQL Server. Close if no database services are running[4][7]. ?
- **Port 3306**: MySQL default port. Unnecessary unless hosting a MySQL server[4][7]. ?
- **Port 5000**: Often used by vulnerable services (e.g., Universal Plug and Play). Block unless required[5]. ?
**General Guidelines** ?
1. **Identify Open Ports**: Use `netstat -an` to detect listening ports[7][5]. ?
2. **Block via Windows Firewall**: ?
? ?- Navigate to **Windows Defender Firewall > Advanced Settings > Inbound Rules > New Rule**[2][3]. ?
? ?- Select **Port > Block Connection** and specify the port number (e.g., 445)[3][5]. ?
3. **Outbound vs. Inbound**: ?
? ?- **Inbound**: Block unused services (e.g., RDP, SMB). ?
? ?- **Outbound**: Generally safe to leave open unless restricting telemetry/data exfiltration[4][6]. ?
**Impact of Closing Ports** ?
- **SMB/NetBIOS**: Disables file/print sharing and network discovery[4][5]. ?
- **RDP**: Prevents remote access but has no effect on local use[4]. ?
- **Database Ports**: Stops external access to SQL/MySQL services[4][7]. ?
**Security Best Practices** ?
- **Disable Unused Services**: Turn off SMBv1 and RDP in Windows Features/Settings[4][5]. ?
- **Use a Router Firewall**: Block inbound ports at the network level (e.g., disable UPnP)[5][7]. ?
- **Minimal Rule Set**: Allow only ports 80 (HTTP), 443 (HTTPS), and specific application ports (e.g., SSH on 22 if used)[6][7]. ?
**Tools for Management** ?
- **Windows Firewall**: Primary tool for port blocking[2][3][8]. ?
- **Third-Party Software**: Tools like Windows Doors Cleaner simplify port management but are less transparent[5]. ?
?
Citations:
[1]
[2]
[3]
[4]
?
[5]
[6]
[7]
[8]
?
Answer from Perplexity: pplx.ai/share
?
|
Gilbert,
Before tossing a perfectly good computer look into upgrading your win10 computer to win11, some computers will and some (with the wrong processor) will not, lot cheaper than a new computer.
73,
W9RF - Joe
On Wednesday, April 9, 2025 at 12:43:53 PM CDT, Gilbert Baron W0MN via groups.io <w0mn00@...> wrote:
I hate to risk the security exploits and I hate to throw away a perfectly working set of hardware. OTOH at my age (86) I am not sure I want to start learning Linux since I really would need to learn a lot of? new apps too. Maybe I will just keep the machine with W10 as long as I can and just use for word processing, photos, email, and etc.
Sad but asi es la vida I guess.
Outlook LT Gil W0MN
Hierro Candente Batir de Repente
44.08226 N 92.51265 W EN34rb
-----Original Message----- From: [email protected] < [email protected]> On Behalf Of Mike - W1MI via groups.io Sent: Wednesday, April 9, 2025 10:56 AM To: [email protected]Subject: Re: [DXLab] Considering upgrading to Windows 11 From that page, I've tried "How to Bypass Windows 11's TPM Requirement Using Rufus" on a laptop with an i7-4700mq CPU and a v1.2 TPM. It seemed to work fine. I have it on a spare hard drive and haven't decided whether to make it permanent yet. 73, Mike - W1MI -----Original Message----- From: [email protected] [mailto: [email protected]] On Behalf Of Joe Subich, W4TV Sent: Wednesday, April 9, 2025 9:54 AM To: [email protected]Subject: Re: [DXLab] Considering upgrading to Windows 11 Among other results from a Google search for "Windows 11 without TPM" is this one: <> There are also many other links/hacks although Microsoft have been closing some of those exploits. However, given the significant number of mini pc systems with significant CPU/RAM/SSD capability that run Windows 11 for under $500 (at least pre tariffs), I don't know that I would rely on 10 year old technology for my primary system (I may try the bypass on a 10+ year old laptop with an I7-4xxx CPU and no TPM just to have a Win11 laptop in case I need something on the go). 73, ? ? ... Joe, W4TV -- W0MN EN34rb 44.08226 N 92.51265 W Hierro candente, batir de repente HP Laptop
|
Nothing I? can do about it. I did get 12 years of use out of the system though. I can still use it for things like browsing, email, word processing, managing photos, etc. The system does not have the needed TPM chip. No TPM. I can only upgrade with the published hacks. Sort of furious with Microsoft. ? I have a new W11 Desktop. It is really fast . It is a Ryzen processor. ? I do have DXLABS and other Ham programs running now. ? Outlook LT Gil W0MN Hierro Candente Batir de Repente 44.08226 N 92.51265 W EN34rb ? ?
toggle quoted message
Show quoted text
From: [email protected] <[email protected]> On Behalf Of Joe - W9RF via groups.io
Sent: Wednesday, April 9, 2025 3:06 PM
To: [email protected]
Subject: Re: [DXLab] Considering upgrading to Windows 11? Before tossing a perfectly good computer look into upgrading your win10 computer to win11, some computers will and some (with the wrong processor) will not, lot cheaper than a new computer. On Wednesday, April 9, 2025 at 12:43:53 PM CDT, Gilbert Baron W0MN via groups.io <w0mn00@...> wrote: I hate to risk the security exploits and I hate to throw away a perfectly working set of hardware. OTOH at my age (86) I am not sure I want to start learning Linux since I really would need to learn a lot of? new apps too. Maybe I will just keep the machine with W10 as long as I can and just use for word processing, photos, email, and etc.
Sad but asi es la vida I guess.
Outlook LT Gil W0MN
Hierro Candente Batir de Repente
44.08226 N 92.51265 W EN34rb
-----Original Message-----
From: [email protected] <[email protected]> On Behalf Of Mike - W1MI via groups.io
Sent: Wednesday, April 9, 2025 10:56 AM
To: [email protected]
Subject: Re: [DXLab] Considering upgrading to Windows 11
From that page, I've tried "How to Bypass Windows 11's TPM Requirement Using Rufus"
on a laptop with an i7-4700mq CPU and a v1.2 TPM. It seemed to work fine. I have it on a spare hard drive and haven't decided whether to make it permanent yet.
73, Mike - W1MI
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Joe Subich, W4TV
Sent: Wednesday, April 9, 2025 9:54 AM
To: [email protected]
Subject: Re: [DXLab] Considering upgrading to Windows 11
Among other results from a Google search for "Windows 11 without TPM"
is this one:
<>
There are also many other links/hacks although Microsoft have been closing some of those exploits.
However, given the significant number of mini pc systems with significant CPU/RAM/SSD capability that run Windows 11 for under
$500 (at least pre tariffs), I don't know that I would rely on
10 year old technology for my primary system (I may try the bypass on a 10+ year old laptop with an I7-4xxx CPU and no TPM just to have a Win11 laptop in case I need something on the go).
73,
? ? ... Joe, W4TV
--
W0MN EN34rb 44.08226 N 92.51265 W
Hierro candente, batir de repente
HP Laptop
-- W0MN EN34rb 44.08226 N 92.51265 W
Hierro candente, batir de repente
HP Laptop
|
Hi Everyone,
More as an academic exercise than anything else, I did have one
PC here that has only ever had upgrades since Windows Vista. Well,
it finally got stuck at Windows 10 23H1 and would not proceed any
further.
After installing the upgrade and rebooting it would get stuck at
the swirling icon and eventually fail and perform a roll-back.
Needless to say, for normal purposes I do concur with Laurie and
Dave. Whenever you can, always do a fresh install.
73,
Ian VK5ZBI
On 9/04/2025 1:03 pm, Dave AA6YQ via
groups.io wrote:
toggle quoted message
Show quoted text
+ AA6YQ comments belo-w
My advice is to do a fresh install. With an upgrade
of an old Win10 install you will likely be bringing across
years worth of garbage data/files.
+ I agree with Laurie
? ? ? 73,
? ? ? ? ? ?Dave, AA6YQ
_._,_._,_
|
I wish to thank all you for your excellent suggestions and advice.
I have decided to do a fresh install of Windows 11 on my current machine and will follow Dave and Joe’s sage advice. ?
Thanks again!
|
My experience is that the instructions online do work. I have two computers that I bought refurbished years ago, they both came with Windows 10 Pro and Microsoft says both of them are 'incompatible' for upgrade to Windows 11. Following the instructions in the article above, recently I was able to upgrade both of them to Windows 11 Pro. I use one of them regularly to run DXLab with WSJT-X. And I'm using the other upgraded computer to type this response.
?
Best of luck to anyone who decides to go this route instead of discarding a still working computer.
?
73, Jim AC9ZL
|
David Reed via groups.io - w5sv.dave=gmail.com(a)groups.io said: I am looking for advice from those who have already gone down this path, and opinions as well.
For our Gurus, your advice and recommendations would be greatly appreciated. Normally a lurker here, but I do have some thoughts to share on this topic which may help. 1. To most directly address your short-term pain, please be aware that you can kick the can a bit for a few bucks if you choose: 2. The hacks to bypass the TPM and processor requirements can work, and I have done it. However, I have also seen that this can cause subtle problems and creates risks, because it is not a supported thing to do. In particular, I have seen a machine which was built this way ignore or fail to apply security updates, and had to be rolled back to Windows 10. I do not recommend doing that if the hardware is in fact not compatible. 3. Running equipment past its end-of-life date, when it cannot receive security updates, is done all the time in business and industry for various reasons - usually because of specialized software that can't be upgraded. The way to do this safely is along the lines of AA6YQ's post, which is to use it ONLY for one purpose, do not let sensitive data touch it, and isolate it from everything else to the extent possible. You particularly do not want to use it for general browsing on the internet or for anything involving financial or personal data. Make it your ham-apps only box. If you have the skills, putting your ham stuff on a separate network is the gold standard for doing this right. 4. Finally, re: obsolescence: I do not often find myself defending Microsoft, but in this case, what they are doing is the right thing. A major reason that Windows is so woefully insecure is MS's history of prioritizing backwards compatibility, thus making it impossible to enforce new standards out of the box as threats evolve. The TPM and processor requirements are due mostly to security features that are not available on older hardware, so this is a (very) rare case when they made the decision to insist on upgrading in order to make Windows 11 more secure. (Apple has more often done the opposite, being willing to break older hardware in order to move forward, which is one reason that a Macs' lifecycle is unfortunately shorter than a PC's.) Hope this is useful.
|
I would also point out that various companies sell very nice computers that have just come off corporate leases for reasonable prices.?
For example i recently purchased a Microsoft Surface with Windows 11 for under $300, in like new condition.?
I can recommend RTR Computers and have also found good deals at Micro Center. My backup desktop is a Dell I bought from them for $150.?
73 de Chuck, WS1L?
David Reed via - w5sv.dave=(a) said:
> I am looking for advice from those who have already gone down this path, and
> opinions as well.
>
> For our Gurus, your advice and recommendations would be greatly appreciated.
Normally a lurker here, but I do have some thoughts to share on this
topic which may help.
1. To most directly address your short-term pain, please be aware that
you can kick the can a bit for a few bucks if you choose:
2. The hacks to bypass the TPM and processor requirements can work, and
I have done it. However, I have also seen that this can cause subtle
problems and creates risks, because it is not a supported thing to do.
In particular, I have seen a machine which was built this way ignore or
fail to apply security updates, and had to be rolled back to Windows 10.
I do not recommend doing that if the hardware is in fact not compatible.
3. Running equipment past its end-of-life date, when it cannot receive
security updates, is done all the time in business and industry for
various reasons - usually because of specialized software that can't be
upgraded. The way to do this safely is along the lines of AA6YQ's post,
which is to use it ONLY for one purpose, do not let sensitive data touch
it, and isolate it from everything else to the extent possible. You
particularly do not want to use it for general browsing on the internet
or for anything involving financial or personal data. Make it your
ham-apps only box. If you have the skills, putting your ham stuff on a
separate network is the gold standard for doing this right.
4. Finally, re: obsolescence: I do not often find myself defending
Microsoft, but in this case, what they are doing is the right thing. A
major reason that Windows is so woefully insecure is MS's history of
prioritizing backwards compatibility, thus making it impossible to
enforce new standards out of the box as threats evolve. The TPM and
processor requirements are due mostly to security features that are not
available on older hardware, so this is a (very) rare case when they
made the decision to insist on upgrading in order to make Windows 11
more secure. (Apple has more often done the opposite, being willing to
break older hardware in order to move forward, which is one reason that
a Macs' lifecycle is unfortunately shorter than a PC's.)
Hope this is useful.
|
Dave, I changed my DNS yesterday to 1.1.1.1 and all seemed good.....until.....I tried to upload to LOTW today, and I got a message it wasnt reachable, so I tried via a browser to connect to LOTW via the internet, still couldnt reach it, says to disable network prediction or change my dns.....so I switched back to AUTO for my wan dns setting, is there something else I should have enabled to still be able to use lotw with 1.1.1.1
------ Original Message ------
Date 4/9/2025 3:07:38 PM
Subject Re: [DXLab] Considering upgrading to Windows 11
To continue running Windows 10 after Microsoft drops support,
1. don't use the system to maintain financial information, or any information that could facilitate identify theft
2. use a quality router with a bult-in firewall, and close all unnecessary ports
3. use a secure DNS, e.g. CloudFlare's free 1.1.1.1
https://www.cloudflare.com/learning/dns/what-is-1.1.1.1/
4. maintain an up-to-date version of MalwareBytes, and direct it to scan for malware once each week?
Detailed recommendations from Perplexity are appended below
? ? ? ?73,
? ? ? ? ? ? Dave, AA6YQ
**Security Precautions for Unsupported Windows 10 PCs**
?
**1. Use a Robust Anti-Malware Solution** ?
Install a reputable third-party antivirus with active updates (e.g., Malwarebytes, Kaspersky) to compensate for the lack of Microsoft security patches. **Microsoft Defender will no longer receive updates after October 14, 2025**, leaving inherent vulnerabilities unpatched[2][4]. Avoid running multiple antivirus programs simultaneously to prevent system instability[3].
?
**2. Enable Advanced Browser Protections** ?
Use browsers like **Firefox** or **Microsoft Edge** with strict pop-up blockers, ad-blockers (e.g., uBlock Origin), and enable **SmartScreen** to block malicious sites[3]. Avoid downloading untrusted files or opening suspicious email attachments[3].
?
**3. Apply Third-Party Security Patches** ?
Services like **0patch** offer micro-patches for critical vulnerabilities. The free tier covers some 0-day exploits, while the Pro plan ($24.95/year per PC) provides comprehensive coverage[4]. This is essential for mitigating unpatched Windows vulnerabilities.
?
**4. Minimize Attack Surface** ?
- **Disable unnecessary services/ports** - seen report appended below
- **Use a standard (non-admin) account** for daily tasks to limit malware privileges[3]. ?
- **Enable Tamper Protection** in Windows Security to prevent unauthorized changes to security settings[3].
?
**5. Network-Level Protections** ?
- **Use a firewall** (hardware or software) to restrict inbound/outbound traffic. ?
- **Route traffic through a secure DNS** (e.g., Cloudflare 1.1.1.1) to block malicious domains. ?
- **Consider isolating the PC** from critical network devices using VLANs or a separate physical network.
?
**Critical Reminder:** ?
Unsupported systems remain vulnerable to **zero-day exploits** and targeted attacks. Use this PC only for non-sensitive tasks, and avoid storing critical data or accessing financial accounts from it[2][4].
Citations:
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
?
**Ports to Consider Closing in Windows 10 for Enhanced Security**
**Critical Ports to Block** ?
- **Ports 135-139, 445**: Associated with SMB (Server Message Block) and NetBIOS, historically targeted for exploits like EternalBlue. **Disable SMBv1** first via "Turn Windows Features On/Off," then block these ports if no network sharing or printing is needed[4][5]. ?
- **Port 3389**: Used for Remote Desktop Protocol (RDP). Block inbound connections unless remote access is explicitly required[4][7]. ?
- **Ports 1433/1434**: Used by Microsoft SQL Server. Close if no database services are running[4][7]. ?
- **Port 3306**: MySQL default port. Unnecessary unless hosting a MySQL server[4][7]. ?
- **Port 5000**: Often used by vulnerable services (e.g., Universal Plug and Play). Block unless required[5]. ?
**General Guidelines** ?
1. **Identify Open Ports**: Use `netstat -an` to detect listening ports[7][5]. ?
2. **Block via Windows Firewall**: ?
? ?- Navigate to **Windows Defender Firewall > Advanced Settings > Inbound Rules > New Rule**[2][3]. ?
? ?- Select **Port > Block Connection** and specify the port number (e.g., 445)[3][5]. ?
3. **Outbound vs. Inbound**: ?
? ?- **Inbound**: Block unused services (e.g., RDP, SMB). ?
? ?- **Outbound**: Generally safe to leave open unless restricting telemetry/data exfiltration[4][6]. ?
**Impact of Closing Ports** ?
- **SMB/NetBIOS**: Disables file/print sharing and network discovery[4][5]. ?
- **RDP**: Prevents remote access but has no effect on local use[4]. ?
- **Database Ports**: Stops external access to SQL/MySQL services[4][7]. ?
**Security Best Practices** ?
- **Disable Unused Services**: Turn off SMBv1 and RDP in Windows Features/Settings[4][5]. ?
- **Use a Router Firewall**: Block inbound ports at the network level (e.g., disable UPnP)[5][7]. ?
- **Minimal Rule Set**: Allow only ports 80 (HTTP), 443 (HTTPS), and specific application ports (e.g., SSH on 22 if used)[6][7]. ?
**Tools for Management** ?
- **Windows Firewall**: Primary tool for port blocking[2][3][8]. ?
- **Third-Party Software**: Tools like Windows Doors Cleaner simplify port management but are less transparent[5]. ?
?
Citations:
[1]
[2]
[3]
[4]
?
[5]
[6]
[7]
[8]
?
Answer from Perplexity: pplx.ai/share
?
|
+ AA6YQ comments below
Dave, I changed my DNS yesterday to 1.1.1.1 and all seemed good.....until.....I tried to upload to LOTW today, and I got a message it wasnt reachable, so I tried via a browser to connect to LOTW via the internet, still couldnt reach it, says to disable network prediction or change my dns.....so I switched back to AUTO for my wan dns setting, is there something else I should have enabled to still be able to use lotw with 1.1.1.1
+ I don't know why CloudFlare's DNS wouldn't let you connect to LoTW. You'd have to ask them to investigate; please post what you learn here. ? ? ? ?73, ? ? ? ? ? ? ?Dave, AA6YQ
|
I use 1.1.1.1 and just did an LOTW upload via DXKeeper with no problems. ?I also connected via the internet.
toggle quoted message
Show quoted text
On Apr 10, 2025, at 15:56, Dave AA6YQ via groups.io <aa6yq@...> wrote:
+ AA6YQ comments below
Dave, I changed my DNS yesterday to 1.1.1.1 and all seemed good.....until.....I tried to upload to LOTW today, and I got a message it wasnt reachable, so I tried via a browser to connect to LOTW via the internet, still couldnt reach it, says to disable network prediction or change my dns.....so I switched back to AUTO for my wan dns setting, is there something else I should have enabled to still be able to use lotw with 1.1.1.1
+ I don't know why CloudFlare's DNS wouldn't let you connect to LoTW. You'd have to ask them to investigate; please post what you learn here. ? ? ? ?73, ? ? ? ? ? ? ?Dave, AA6YQ
|
Do you have a secondary dns server specified? If I choose a second it works, but with only 1.1.1.1 it doesnt
toggle quoted message
Show quoted text
On Apr 10, 2025, at 5:13?PM, TOM-KQ5S via groups.io <kq5stom@...> wrote:
? I use 1.1.1.1 and just did an LOTW upload via DXKeeper with no problems. ?I also connected via the internet.
On Apr 10, 2025, at 15:56, Dave AA6YQ via groups.io <aa6yq@...> wrote:
+ AA6YQ comments below
Dave, I changed my DNS yesterday to 1.1.1.1 and all seemed good.....until.....I tried to upload to LOTW today, and I got a message it wasnt reachable, so I tried via a browser to connect to LOTW via the internet, still couldnt reach it, says to disable network prediction or change my dns.....so I switched back to AUTO for my wan dns setting, is there something else I should have enabled to still be able to use lotw with 1.1.1.1
+ I don't know why CloudFlare's DNS wouldn't let you connect to LoTW. You'd have to ask them to investigate; please post what you learn here. ? ? ? ?73, ? ? ? ? ? ? ?Dave, AA6YQ
-- Tom-KQ5S
|
Inbody, Don
Gilbert Baron W0MN
Ian VK5ZBI
Chuck, WS1L