January 14, 2020

Windows 7 end of life risks cyberattacks for users

By Robert Scammell

As of today Microsoft will no longer support its Windows 7 operating system with security updates, putting those that continue to use it at an increased risk of cyberattacks.

Cybersecurity experts and Microsoft are urging businesses and consumers to update to a newer version of Windows.

Those that continue to use Windows 7 while connected to the internet will be vulnerable to any newly discovered security threats.

“Not receiving security updates can put data at risk, not to mention the GDPR problems involved, and the potential of being attacked with ransomware or other malicious code that can bring firms crashing to a halt,” said Jake Moore, cybersecurity specialist at security firm ESET.

In 2017, the WannaCry ransomware attack crippled the NHS, which spread on hospital computers running Windows 7 and Windows XP that had not been updated.

Many continue to use Windows 7

Despite repeated warnings over the past year, 27% of Windows users were still using Windows 7 as of December 2019.

Around one in 20 Verdict readers continue to browse our site using the unsupported operating system.

“Many businesses are still running Windows 7 because they’ve been slow to act, hadn’t seen it as a priority, or thought of it as too much of a daunting challenge to upgrade all their systems. Daunting as it may be, we’re now at the stage where the best option is to upgrade,” said Ken Galvin, senior product manager at cybersecurity firm Quest KACE.

“However, if businesses cannot and have made arrangements with Microsoft to pay for continued Windows 7 patching support, it is critical that they make sure their patch management system will be able to apply them.”

In many cases updating to Windows 10 will require a hardware upgrade. Independent security expert Graham Cluley said that he fears this will mean “many will simply choose to continue using a legacy operating system that is no longer receiving patches against newly-found vulnerabilities”.

Windows 7 end of life: “Nothing will change overnight”

The software, which was first released in 2009, has been on “extended support” since January 2015. Despite ending security support, Windows 7 will continue to function and those that continue to run it on offline devices will not be at risk.

Despite the dangers, it is unlikely that Windows 7 users will suffer immediate attacks as it takes time for cybercriminals to develop new exploits.

“Nothing will change overnight,” said Chris Morales, head of security analytics at cybersecurity firm Vectra. “It is true that Windows 7 will be more vulnerable to attack. That is the expectation. But I don’t think the actual impact will be catastrophic.”

He added that home users wishing to stick with Windows 7 could “mitigate” many of the problems with tools and methods such as “VPN, encryption, security software, and a good secure home router”.

“For many enterprises, they will simply sign up for Windows 7 Extended Security Updates for the next three years of coverage,” he said. “This covers anything deemed critical or important.”

Moore added: “The cost of a major upgrade may be a bitter pill to swallow for some businesses but it is better to prepare for an attack rather than to pick up the pieces after your businesses goes offline.”

Read more: IoT devices are cybercriminals’ favourite targets – and attacks are skyrocketing