Wanderer is correct here, you can attempt to purchase an ESU for it, which depends on version.
https://support.microsoft.com/en-gb/help/4527878/faq-about-extended-security-updates-for-windows- Regards On Wed, 15 Jan 2020, 13:48 The Wanderer, <wande...@fastmail.fm> wrote: > On 2020-01-15 at 01:29, Alexander V. Makartsev wrote: > > > On 15.01.2020 10:25, john doe wrote: > > > >> Hi, > >> > >> I have a Debian server serving/doing DHCP/DNS/firewall/..., as of > >> today, Microsoft stops supporting Windows7. > >> > >> Is there anything that I could do to protect those Windows7 hosts > >> that are behind this server? > >> > >> P.S. > >> > >> For the sake of this question, upgrading to W10 /buying new > >> Windows devices is not an option. > > > > End of support for Windows 7 means that you won't get OS updates, or > > any kind of support anymore. > > True. (Unless you have a paid extended-support contract with Microsoft, > in which case - as long as you keep paying, I think per-computer - you > have something like another two years.) > > > It also means Microsoft will now change many downloadable support > > packages so they won't run anymore on Windows 7 > > Possible, although I wouldn't expect them to bother to go and make > changes en-masse. It's more likely that they just won't bother to make > sure that future changes to such packages remain compatible with Windows 7. > > > and delete TechNet articles about Windows 7, > > Are you sure? I've never seen them do that with previous releases; at > the least, I'm fairly sure I keep running across Technet articles (and > other support documents) marked as being for older Windows versions, > when I'm looking for ones that apply to something newer. > > > and also 3rd party software developers now have rights to deny any > > support for Windows 7. > > They had that before; it just wasn't a particularly good idea in many > cases. Some of them will probably start doing this, while others will > probably continue offering as much support as they did before, at least > for a good while. > > > If Windows 7 is unsupported it doesn't means it will stop function, > > it means, in terms of support and maintenance, you're on your own. It > > will stay as secure as it is to this day > > Modulo the discovery of new security vulnerabilities, which currently > exist but aren't yet known about, anyway. So technically true, but > doesn't mean what it might appear to mean at first glance. > > Personally, I'm half-expecting one or more previously unknown zero-day > vulnerabilities to be revealed and start being actively exploited today, > now that the only people who will be getting patches for them are the > ones who have paid extended-support contracts with Microsoft. > > > and it doesn't really depend on firewall, if you won't open > > (port-forward) high risk service ports (like RDP, SMB, etc) to the > > internet, of course. > > I'm not really sure what you're talking about here. While yes, if you > wall a Windows 7 computer off from access to the Internet any security > vulnerabilities it may have will become far closer to irrelevant than > otherwise be the case, anything short of that will still leave ways by > which it could get infected (especially assuming less-than-perfect > security behavior on the part of users) - and the full wall-off would > most likely be impractical for real-world use. > > -- > The Wanderer > > The reasonable man adapts himself to the world; the unreasonable one > persists in trying to adapt the world to himself. Therefore all > progress depends on the unreasonable man. -- George Bernard Shaw > >