I am still using win7 and Windows Media Center For a Dvr because I prefer Windows Media Center over any other DVR software I have tried (also, not all tv tuner cards are supported in linux). WMC is performing well for me, but I am pretty sure that my win7 PC has become compromised in terms of security and I need to find a way to isolate it from malicious internet traffic or at least from the rest of my local network..
Can your router firmware be used to close ports or narrowly control traffic to specific hosts within a network?
Can your firmware include antivirus, etc to intercept malware at the router, or can it require internet traffic addressed to a specific win7 host to go through a linux host and be scanned by a real time antivirus program that can scan both windows boxes and linux boxes? Cand it close/open specific ports on a host? If so, I should be able to continue limited(dedicated) use of the DVR box safely on my network.
Just an addendum. While I have been aware of these firmware projects for a while, I am new to flashing hardware. I am ready to try in order to deal with security issues that should be common until all or most win7 hosts are upgraded or abandoned, and I think that could be a while.
I hope this is a matter of some interest/concern to others out there and that this firmware has some solutions.
In OpenWrt you can set a guest WiFi and/or a guest LAN where the non-trusted devices can have internet access while being isolated from the rest of your network. You can also block traffic to certain ports of you know what they are!
Your question about using a different PC as a firewall (of sorts) for your Windows 7 PC is beyond the scope of this forum.
If you ask my opinion, it's not really worth the hassle and the risks. Windows 7 will only get older and vulnerabilities will keep increasing. So just upgrade it and get it over with. You will find other alternatives and get used to it.
OpenWrt does block all incoming traffic by default. And there exists software that can scan passing traffic and try to indentify suspicious activity, but I have never used it.
However, any device that can connect to the internet is at a risk, no matter what firewall you put in between.
Well, if you are worried about updates, there is the possibility to modify the windows update client and get
the extended security updates. But I guess it is not allowed to post this here.