The End is Near! At least, for Windows 7…
Jan. 14, 2020 will be the last day that Microsoft will provide security updates for Windows 7. The software will still work on existing PCs, but it will become increasingly vulnerable to malware because Microsoft will discontinue regular support and security updates.
How big a deal is this for your organization? Do you still have legacy machines or users who are trying to hold onto their Windows 7 OS?
WannaCry Virus & Windows 7
In May 2017, the WannaCry virus painfully reminded many IT managers of the dangers of vulnerable operating systems. As covered by Josh Fruhlinger of CSO Magazine, Microsoft issued a patch in March 2017 to remove the SMB vulnerability in Windows.
Two months later, the WannaCry virus attacked that vulnerability and caused widespread suffering despite the patch.
It was an absolutely preventable disaster. Microsoft went to the unusual extreme of issuing a patch not only for Windows 10 and Windows 7, but also for older machines such as Windows XP well in advance of the attack.
And yet, it was not the legacy machines that were the biggest problem in 2017, because there simply were not that many machines running Windows XP. As Russell Brandom of The Verge pointed out, Kaspersky Lab found that 98% of WannaCry victims were running unpatched versions of Windows 7!
It was the beleaguered IT departments who were behind in their patching that suffered the most.
Still with 36% of PC users holding onto their Windows 7 machines, an attack later in 2020 could be much worse if users do not move over to Windows 10. The sheer number of potentially vulnerable legacy systems only a few months away from the twilight of Windows 7 makes it difficult to believe that all of the users will have switched over to Windows 10.
Steven J. Vaughan-Nichols of Computer World noted that Windows 7 Extended Security Updates are available through 2023, but this only for Windows 7 Professional and Enterprise versions purchased through a volume licensing deal.
To those resistant to change, there is more bad news since it is not just Windows 7 that is ending. Office 2010 and Office 2016 will no longer be supported after Oct. 13, 2020.
If you are committed to desktop solutions, Office 2019 can be purchased as a replacement; however, it may be a good time to consider a switch to an Office 365 subscription. In either case, it is time to consider upgrades.
Microsoft’s own announcement video recommends upgrading to a new PC to take advantage of Windows 10 features such as touch screen and facial recognition. New hardware will also be faster, and in the case of laptops, may be lighter and have longer battery life.
Yet, there may be legitimate reasons that your business environment requires Windows 7 machines. Perhaps there is legacy software too expensive to change or critical hardware devices that do not yet support Windows 10.
Protecting Windows 7 Machines
Susan Bradley of CSO illustrates the following options to protect Windows 7 machines that do not get updated, but the security of these options varies widely.
Isolating the machines to a private network can be a good option and we have recommended micro-segmentation of networks in our last few blogs. Virtualization of Windows 7 can also be effective so long as the machine running the virtualization software possesses robust security and the license is transferred properly.
Blocking internet browsing, installing Enhanced Mitigation Experience Toolkit, Disable of Autorun, and enabling Data Execution Prevention Protection all seem like stop-gap measures that leave the operating system vulnerable to future exploits.
If an attacker penetrates your network and discovers a Windows 7 or Windows XP machine, they likely have a broad portfolio of attacks ready to exploit the machine – even if the PC is not able to “see” the internet.
These options mainly provide measures to prevent the Windows 7 machine from being the entry point of the attack.
Ensuring the install of the latest version of Office, fully patching Windows 7, and the avoidance of email on Windows 7 seem more like crossing one’s fingers than adopting a true security strategy and we cannot recommend relying upon those suggestions to protect legacy machines.
Users make mistakes. Hurried users may forget they are working on the legacy machine. Interns may not know the legacy machine is not supposed to view the internet when they decide to check facebook or their email. To ensure the safety of your legacy system, more proactive measures should be taken to separate and protect the PC.
If a security vulnerability is severe enough, Microsoft might release patches. In May 2019 Brian Barrrett of Wired Magazine covered how Microsoft issued a patch to prevent exploitation of Remote Desktop Services. This update also included their first patch for Windows XP since March 2017 – just before WannaCry hit.
The Right Support
IT professionals don’t generally have more time in 2019 than they did in 2017, so they are not just sitting around waiting to patch PCs. They are just as behind today and they are likely to remain hurried and overworked well after Microsoft stops supporting Windows 7.
There are many ways to make life easier for the IT team. One of those is to obtain outside help. Ideal Integrations is here to assist your IT department so it won’t be overwhelmed by a Windows 10 migration or many other projects.
We can assist in developing virtual infrastructure or micro-segmented networks to segregate legacy machines and hardware from the rest of the network. Our managed services can help ensure your machines are as fully patched as possible and our security services can proactively monitor for potential attacks.
Connect with us to secure your managed IT solutions in Pittsburgh, and all around the United States!
Complete the form below for an evaluation or quote today.