On January 14, 2020, Microsoft will abandon Windows 7 and stop issuing security updates for one of the most popular versions of its flagship operating system. But does that mean that users and businesses will stop using it? Barely.
Microsoft stopped adding new features to Windows 7 when it ended general support in 2015, and it regularly reminded users of the end-of-life deadline and invited them to install Windows 10. Windows 10 adoption is growing fast, but Windows 7 accounted for about 27% of desktops and laptops in October, according to Netmarketshare, which tracks the use of different technologies.
Since more than 1.5 billion Windows devices are available, at least 400 million devices are still running the operating system, which will soon be obsolete. If Windows 7 continues to decrease at the current rate, its share will reach 13% by 2021, but that is more than 100 million devices.
The main concern will be security; hackers are always on the lookout for uncorrected and insecure devices. And if a new vulnerability appears in Windows 7, bad actors will immediately have millions of devices to attack and infect with malware.
It is safe to assume that Microsoft will leave Windows 7 users at the mercy of malicious hackers when the operating system’s end of life time arrives. But in reality, it’s more complicated.
Hackers Love Outdated Operating Systems
In April 2017, the hacker group Shadow Brokers disclosed EternalBlue, a Windows vulnerability it had stolen from the National Security Agency. Less than a month later, other hackers used EternalBlue to infect more than 230,000 uncorrected Windows machines with the WannaCry ransomware. Microsoft had already fixed the flaw in the supported versions of Windows. But at the time of the epidemic, many computers were still running Windows XP (retired in 2014) and Windows Server 2003 (retired in 2015).
Microsoft was forced to issue an emergency fix for unsupported operating systems to prevent the spread of ransomware. (Interestingly, it later became apparent that WannaCry did not affect Windows XP machines because they crashed before running its malicious payload.)
Earlier this year, Microsoft discovered another critical security hole in Windows XP and Server 2003 that allowed hackers to infect computers with malware without requiring any user interaction. And again, Microsoft has done everything possible to release a patch for the operating systems it had removed.
Security support can continue, if you pay
The main reason why Microsoft is removing older versions of its operating systems is that maintaining them requires resources and engineers. These can be costly, especially as the company focuses on new products and services.
From 2015 to 2020, during Windows 7’s extended support period, Microsoft released only critical security updates. But the company recognizes that not all of its customers will be able to transition by January 2020, especially large companies and government agencies for which the port will be expensive.
That’s why the company has an extended security update program, which runs until January 2023. Organizations wishing to continue using Windows 7 Pro and receive bug fixes will have to pay $ 50 per device the first year, $ 100 in the second year and $ 200 in the third year to do so. It’s a high price, especially for organizations that haven’t transitioned to Windows 10 due to financial constraints.
There will be an exception for Windows 7 users who have an active Windows 10 subscription; they will receive one year of extensive security updates for free.
Windows 7 Embedded: a support exception
Windows 7 isn’t just for laptops and workstations. Many Internet of Things (IoT) devices, such as point-of-sale terminals, ATMs, ATMs, and medical devices, use it. Most of these devices use Windows 7 Embedded, a light version of the operating system intended to run on machines with limited resources.
IoT devices are particularly vulnerable: hackers often target them with ransomware because they control critical applications in the physical world, and their owners are more likely to pay. They are also popular targets for botnet viruses, which hackers use in distributed denial of service (DDoS) attacks.
The problem with IoT devices is that they are not replaced or upgraded regularly (how often do you replace your refrigerator?). And given their minimal hardware resources, many of these devices won’t be able to run new versions of Windows.
The good news is that Microsoft will continue to support Windows 7 Embedded Standard 7 Service Pack 1 until October 2020 and that other integrated versions will be supported until 2021.
Since millions of devices are still running Windows 7, Microsoft is likely to provide critical fixes after the January 2020 deadline. But users and organizations should upgrade to Windows 10 as soon as possible, if they don’t have it. already done. Don’t rely on Microsoft’s generosity and responsive security updates to keep your Windows devices secure.
