Windows 7 sometimes safer than Windows 10: Windows CryptoAPI Spoofing Vulnerability

From the CVE-2020-0601 FAQ:

Are versions older than Windows 10 versions affected by this vulnerability?

No, only Windows 10 versions of the OS are affected. In the initial release of Windows 10 (Build 1507, TH1), Microsoft added support for ECC parameters configuring ECC curves. Prior to this, Windows only supported named ECC curves. The code which added support for ECC parameters also resulted in the certificate validation vulnerability. It was not a regression, and versions of Windows which don’t support ECC parameters configuring ECC curves (Server, 2008, Windows 7, Windows 8.1 and servers) were not affected.

(Acknowledgements: National Security Agency)

More info see Krebs

Windows 10+, dual boot installation on HP notebook procedure

Ver. 2.6

Win10+7+XP+Linuxes installation procedure for myself, to remember how to handle the new notebooks and WinXP/7/8/10 multiple boots therein. I learned it the hard way, by installing, imaging, uninstalling, wiping etc. much too many times...

Warnings: 

• Use the backup or system restore point at most key stages. 

• Check if WinKey+M (+D) key combinations still work.  (They may disappear in the so-called Tablet mode though).
• Check if e.g. Edge can be started from the default (administrative) account (one of the updates below disables these).

• Install Wolf on another partition: 
• Obtain the embedded Windows 7/8/10 keys, note it down.
• Stop the Telemetry services
• Disable the Apps in Privacy tab
• Disable sending the crash report (download and run the Regedit fix or read this for details)
• Install MS Windows 10. 
• Disable most of M|s snooping via the initial customization option. 
• Run MMC:
• Add Disk Management, 
• Device Driver etc. components 
• Save as Console1 
• Create desktop shortcut to Console1 
• Turn on system protection on C partition (allocate7%)
• Create the 1st Restore Point
• Use it liberally at later stages
• Rename all the partitions 
• Use the elevated CMD prompt to Label the C: system partition)
• assign sensible drive letters to all: C, D to H for the internal partitions, 
• Assign J: etc – for external ones
• Install and run Macrium Reflect 
• Rename the Reflect desktop icons to Macrium Reflect for easier finding
• Backup 1 perform of the OS drive (C:) and the system bootup UEFI partitions only (double check if these were backed up and not e.g. D:)
• Create Task with Monthly Full and Weekly Differential backups to the same external drive
• Update the missing or old drivers in Device Management: 
• Use the downloaded updated drivers save to external \Installs folder 
• Update the Intel display and Realtek sound drivers, using an old Win 8.1 etc. installation on another partition
• File Explorer: 
• All hidden files shown
• Colors for encrypted folders
• No boxes to select items etc.
• Remove Live Tiles from Start Menu one by one to declutter the screen.
• Backup 2 differential do
• Rename System PC Name to Above-HP-Win10
• Autoruns disable startups of shit: wow64 cpu, mail etc.
• Screensavers copy or install to local disks, configure all.
• Select flower theme, test it
• Personalization, Start: disable suggestions, Start full screen disable
• Backup 3 do
• Install Classic Shell
• Replace Start Button. 
• Change the Skin: Windows 8 etc.
  Warning: It seems to disable the WinKey combinations, Win+D, Win+M etc!Check here!
• Connect to Internet.
• Connect and log in to OneDrive personal account. 
• Create its sync to c:/online/onedrive. 
• Disable “fetch any file from PC”.
• Install Firefox. 
• Log in to your Firefox account to synchronize Add-ons, credentials, etc. 
• no send information, 
• no upgrade service, 
• no Task Bar, 
• no Desktop. 
• Disable sending anything to Mozilla. 
• Recheck the synced Add-ons.
• Restart. 
• Disable Advanced, Updates services. 
• Always ask where to save downloaded files.
• Change Advanced Settings, Updates not to local network, Give updates to other MS products, Developers, Defender sending samples, etc.
• Privacy, Background apps disable Get Office, Store, Xbox etc. Never ask for feedback. Basic data sent.
• Do not share and sync info with dev that do not pair: OFF. Apps cannot control radios (BT) themselves. Apps cannot read SMSes. Apps cannot access call history, contacts, account info.
• (Win+D stopped working by now!)
• Disable Fast Start. 
• Update Windows manually
• Add windows features: Telnet Client, TFTP Client, TIFF Ifilter, ...
• Uninstall Movies, etc from Apps and Features
• Download Offline Maps
• Add languages and language packs
• Chinese, Polish, French, Spanish... (warning: it gets stuck at Getting Windows ready, Don't turn off your computer!)  
• Possibly: Add Family Account
• Update drivers via the DriverIdentifier tool
• Disable Synaptics "features": reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SynTP\Parameters\Debug /v DumpKernel /d 00000000 /t REG_DWORD /f
• Install these survival tools: 
• Battery Bar
• NetSpeedMonitor
• KePass2 (disable the Ctrl+Alt+A global shortcut combination in Options! Messes up with Ą)
• MyPhoneExplorer (sync Android local account with PC DBs)
• Google Picasa (great Google abandonware for the photo editing dummies that we are) 
• Skype (disable the pesky ads) 
• Tencoder video converter (one of the bests)
• Scan2PDF: simple so quick multiple pages to PDF scanner
• Oracle VirtualBox 
• DroidManager for yer phone
• Net 3.5 via these complicated tricks using the Administrative (elevated) CMD prompt:

• dism /online /Cleanup-Image /RestoreHealthdism /online /add-package /packagepath:E:\sources\sxs\microsoft-windows-netfx3-ondemand-package.cab 

• Notes:
• E is the Source Windows drive. 
• Other commands DO NOT work).
• Install other OSes on the other partitions
• Windows 7
• Android, 
• Tails (you need two USB sticks for that!), etc. 

Back up all this beauty with Macrium Reflex! Three times. Send one of the disks abroad ;), and the other one in a hidden underground vault.