Q: We've all been told that Windows 7 won't get security updates after mid-January, and that if your computer can't handle an upgrade to Windows 10 you need to buy a new Windows 10 PC.
But, based on what I've been able to learn, malware infections are mostly caused by operator errors, such as clicking a link in a suspect e-mail or downloading corrupted programs or software updates. If that's the case, why would anyone be safer with Windows 10? And, if a person was vigilant, why couldn't he just keep using a Windows 7 PC?
Mark Stedman, Afton, Minn.
A: Vigilance won't save you once Windows 7 security updates are gone. In many cases, PCs are infected simply because they use the internet, not because of operator error.
Consider one of the principle methods of distributing malware, called the "drive-by download." You can become the unwitting victim of a drive-by download if you visit a legitimate website on which malware downloads have been surreptitiously planted. (This can happen two ways: Hackers can break in to a legitimate website and use it to download malware to your PC; or the website may unknowingly display bogus advertising that transfers malware to your computer.) As the security firm Kaspersky puts it, "You don't have to click on anything, press download, or open a malicious e-mail attachment to become infected."
One way that drive-by downloads attack is to find a security hole in an outdated computer operating system. And outdated is precisely what Windows 7 will become in mid-January when it no longer receives security updates. Windows 10, on the other hand, will receive security updates and will be safer.
So, to all the readers who have written asking if they can keep using Windows 7 PCs "just for Web browsing," the answer is an unequivocal "No." You shouldn't use Windows 7 at all after mid-January. There are no exceptions.
Q: I've received e-mail "receipts," allegedly from Microsoft, for products I never ordered. The receipts include $1,500 for "MS Defender Firewall" and $300 for "Windows Defender Firewall / Internet Security." The e-mails list phone numbers to call if I have questions. Is this a scam?