Question Install W11 (unsupported) or W10 or Linux distro for secure/banking/sensitive info notebook?

[cd_reader_eater]

I am currently running Windows 10 but will remove it in the coming days.
I intend on opening my banking application and other sensitive programs/sites on this notebook.

Therefore, the operating system must be secure out of the box.
I know the system is only as secure as the user, I get it

don't install shady programs

verify checksums and pgp

don't visit shady sites, don't click ads

don't open pdfs or install (random) browser addons

absolutely no cracked software

don't stick stuff into usb & run "totally_safe.exe" to delete 999 trojans

no clicking ad-malware search results with a sneaky url typo

no trusting amazon . com with untrusted ssl cert

open email attachments only in an isolated VM (disabled network) like Tails

don't let others at your notebook, run VPN if on a network with others.

I won't install any program requiring admin rights, only MINIMAL amounts of (official) applications, no games.

Here comes the actual issue, my CPU is a i7-7500U. Therefore it's not officially supported as a W11 machine. It has TPM2.0. I have Hyper-V, memory and core isolation enabled on W10.

Redditors mention that 7500U with unsupported registry entry installation bypass runs W11 just fine but running an unsupported installation is absolutely not what we can agree as "secure" but that's why I'm asking here. Maybe someone might conclude that enabling the rest and running an unsupported W11 is still more secure than W10, I don't know, that's why I am here.

My actual concern is still security. Given that my machine has support for core isolation, vt-x and TPM-2.0, I don't know what else is needed. I am okay with losing performance for security, always.

What should I do (and why). Grub-Rescue USB to delete and override all partitions and install Windows 10?

Install a linux distro like Fedora, enabled disk encryption, etc. ? <--- Unfavourable. I have archlinux installed on my desktop but stuff like XZ-Backdoor sitting dormant in front of everyone, as well as modern-day Fedora crashing randomly over and over again, makes linux distros a less preferable option.

I love linux distros but for this task, I would only consider the disgraced Ubuntu or much more likely, my beloved Parrot Security OS, but I have no idea how secure these distros truly are OOTB compared to Windows 10.

 

[COLGeek]

OOTB secure may not be 100% achievable. Nearly all modern OSes will need updates, even after a fresh, clean installation.

All of the aforementioned OSes can be made more secure by updating them during/after the installation process. To maintain this is on ongoing activity as threats change.

Why the OOTB requirement? What specifically are you concerned about?

 

[USAFRet]

Your 7th Gen CPU is off the bottom of the officially supported list for Win 11.
It can be done, but zero guarantees for future security/compatibility.

Win 10 falls off official support from MS on Oct 15 2025.

Linux? Well.....

Your desired hyper security mostly depends on the squishy grey stuff between your ears.
Seriously.

 

[cd_reader_eater]

OOTB secure may not be 100% achievable. Nearly all modern OSes will need updates, even after a fresh, clean installation.

I thought that was basically given. Of course there's no such thing as "100%" anything. Don't know why it needs to be said.

All of the aforementioned OSes can be made more secure by updating them during/after the installation process.

I know. The question was rather which OS.

Why the OOTB requirement? What specifically are you concerned about?

OOTB because I wouldn't have to manually activate everything or wonder whether it's activated (and how to do it, I have nothing against the good old CLI or terminal but I just want an OS, a tool to get work done).

An OS with OOTB mind on security is not something weird. I don't know what to tell you.

 

[cd_reader_eater]

Your 7th Gen CPU is off the bottom of the officially supported list for Win 11.
It can be done, but zero guarantees for future security/compatibility.

Why did you say "future" though? If the bypass entry is creating a massive security hole right now, then I would consider it compromised already. Or are you refering to not being able to receive future (security) updates? In that case, that would imply that it's just as safe to install on a supported device, is it not (since you receive the updates right now) ?

Win 10 falls off official support from MS on Oct 15 2025.

That's probably enough time for me, but I wanted to get more input in this issue-salad for the other options, as well as potential "unsupported" W11 upgrade considerations/concerns. Technically the best option right now is using Gparted iso to clean all partitions, enable secure boot, tpm, vt-x etc, install W10, enable all isolation/security features in Windows Security/Defender, as well as follow the security mantra table listed in the opening post.
Maybe also start using linux VMs on Windows 10 for seperate tasks (1 for browsing, 1 for mail etc, all isolated).

Linux? Well.....

I would really like to hear your opinion, why the "well..." ?

Your desired hyper security mostly depends on the squishy grey stuff between your ears.
Seriously.

Yes. That's why I added the security table, as a little peek.

When in doubt, don't do it.

 

[USAFRet]

OOTB because I wouldn't have to manually activate everything or wonder whether it's activated (and how to do it, I have nothing against the good old CLI or terminal but I just want an OS, a tool to get work done).

All your desired applications are completely different than the singular activation of the OS.

 

[COLGeek]

Stick with Win 10, if the timeline isn't an issue. If it is an issue and you want to keep a fully supported Windows platform, then consider a new system.

Unless web based, some of the applications previously mentioned may not be natively supported on Linux.

 

[USAFRet]

Why did you say "future" though? If the bypass entry is creating a massive security hole right now, then I would consider it compromised already. Or are you refering to not being able to receive future (security) updates? In that case, that would imply that it's just as safe to install on a supported device, is it not (since you receive the updates right now) ?

There are workarounds to install Win 11 on currently unsupported hardware. Like your 7th Gen Incel CPU.
Will this last in the future? Completely unknown.


Linux?
A completely different platform/OS.
If it works for you, that may be an option.

As far as the "grey matter"....any OS is susceptible to screwing you over, given a clueless user.
Linux/Apple/Windows/Android....

 

[cd_reader_eater]

Stick with Win 10, if the timeline isn't an issue. If it is an issue and you want to keep a fully supported Windows platform, then consider a new system.

Unless web based, some of the applications previously mentioned may not be natively supported on Linux.

Yea this seems like the most rational path right now. Using hardened (different OS) VMs for tasks as another security measure perhaps too.

 

[Cilantro7536]

I have no idea what would work for you, but you seem comfortable with the current W10 which is supported on your CPU. It seems the least amount of work and headache is to stay on it and pay for the security updates.

If you don't want to pay and want to move on, running W11 unsupported seems like something you'd have to constantly find out insiders' information about how it would impact your security and stability as the OS evolves, information that might be hard to come by and at times confusing. You want things to be secure OOTB, running OS on an unsupported hardware doesn't seem to be it.

If you don't have native app requirements and need only web apps, seems like ChromeOS would be secure and least likely to be attacked.

If you don't like Google, then it seems one of the Linux distributions is it. If you pick up a distribution that focuses on security, and you run your system in a very limited way (for sensitive app/websites only in the ways that you describe), then your attack surface is already way less than normal. Unless you are in a highly sensitive groups (journalist, politicians, government officials, corporate secrets, large crypto assets, political activists, criminals), then you are already thinking about this as a security hobbyist, and perhaps the OOTB requirement is not a hardline for you. Then, pick a secure Linux distribution and tinker with it some more.

 

[BFG-9000]

I used to suggest for people with children (who tend to download every sketchy type of game-optimizer or auto-mouse-clicker) that they could always live-boot from a very minimalistic browser-only kiosk distro such as Webconverger or Instant-Webkiosk (Debian) or Porteus (Gentoo) to do their shopping and banking. Stores nothing, auto-resets on every reboot and doesn't auto-mount any drives so you can leave the Win 10 drive installed. Even if the computer gets stolen there's nothing saved to optical disc or USB.

It's a shame all of the freeware ones are now gone but you could roll your own with GNOME-kiosk.

 

[EggShell]

If you're concerned about security and want it at the forefront of your operating system, if you have the hardware support, then use something like OpenBSD.