End of the Line for Windows 7: Open Road for Hackers

Microsoft has been urging customers to upgrade from its Windows 7 operating system, while attempting to ease the transition with several options for extended support. It will stop providing routine fixes and security patches effective January 2020. Regular support for Windows Server 2008 also is scheduled to end at that time.

Windows 7 enterprise customers can subscribe to Extended Security Updates (ESU) to receive security fixes for uncovered or reported vulnerabilities in the OS. However, patches will be issued only in cases of threats rated “Critical” or “Important” by Microsoft.

Those are the two top rankings in Microsoft’s four-step scoring system, meaning that performance issues might not be addressed. Moreover, ESU will be available only in one-year increments, and for just three years. It will be sold on a per-device basis instead of the per-user basis that Microsoft has offered for Windows 10.

ESU will be available for US$25 to $50 per year per device, but the cost willdouble each year, so that by 2022, support for the aging Windows 7 OS willcost $100 or $200 per device. Customers who subscribe to Microsoft 365Enterprise will be offered the lower-tier pricing.

Computers running Windows 7 account for 37.9 of PCs today, while Windows 10 accounts for 40.9 market share, according to data from Netmaketshare. On the business side of the market, Windows 10 accounts for more than 50 percent of the market.

Windows 7 was released in 2009 as a replacement for the unpopular Windows Vista, as well as 2001’s Windows XP.

Server Side

Microsoft also plans to end support for WindowsServer 2008 and SQL Server applications early next year, and the company has beenencouraging clients to migrate to Azure.

Unlike with Windows 7, no ESU is planned, leaving customerswith limited options.

The end of Windows Server 2008 support is why nearlyone-third of companies surveyed said that they were consideringpurchasing new server hardware, according to the recent Spiceworks 2019 State ofServers report.

“Windows 2008 Server is the most widely used server on the planet,”said Zohar Pinhasi, CEO of MonsterCloud, provider of managed cybersecurity services.

As a result, it could make a tempting target to hackers once support ends.

“A lot of organizations moved to Server 2012, but migration isn’t aneasy task, and too often companies take the approach ‘if it ain’tbroken don’t fix it,'” he told TechNewsWorld.

“Criminals are already aware that Microsoft will discontinue thesupport for the OS next year, and our research suggests they could becooking up something big — like taking advantage of zero-dayvulnerabilities,” Pinhasi added.

Ending 7

Windows 7 was released as a follow-up to the underwhelming WindowsVista. It received a warm reception, widely seen as offering the best features and functionality of Windows XP and Vista.

In 2012, however — just three years after the releaseof Windows 7 — Microsoft took the OS in a completely new direction withWindows 8, which offered what the company dubbed a”Modern User Interface” with touchscreen options.

The new interface, which also was meant to bridge tablets and PCs, failed to catch on. Microsoft then released Windows 10 in 2015. Whereas Windows 7 combined the best aspects of XP and Vista, Windows 10 offered the best of Windows 7 and 8/8.1.

Yet, perhaps because Windows 10 resembles Windows 7 so closely, usershave been slow to adopt it. Nearly four years later, 10 has only justsurpassed 7 in total users. Microsoft has had to supportthree operating systems, so it is no surprise that the company decided to pull the plug on the oldest.

“Windows 7 was introduced 10 years ago in 2009 — that is 70 dog yearsor Internet years — a human lifespan,” said Paul Teich, principal analyst at LiftrCloud.

“It had to happen sometime; Microsoft has extended Windows 7’s life anumber of times,” noted Roger Kay, principal analyst at EndpointTechnologies Associates.

Out With the Old OS

What makes this transition difficult is that Windows 7 has done its jobquite well, remaining a very stable operating system. Still, supporting multiple OSes is not only a drain on resources, but also is inconsistent with Microsoft’s new direction.

“Microsoft is committed to pushing everyone onto Windows 10, which isbetter adapted to a services revenue stream,” Kay told TechNewsWorld.

“In fact, there may never be another Windows,” he suggested. “The company will keep updating the Windows 10 code essentially indefinitely. Now, beta versions of new code get pushed out, bug reports come back, and the team patches whatever needsit.”

Hardware Improvements

In the past, a barrier to upgrading was the hardware that past versionsof Windows ran on, and making a move from Windows 3.1 to Windows 95almost certainly required that users purchase a new computer. The sametrend continued with Windows 98, Windows Millennium, Windows XP andnotably Windows Vista.

By the time Windows 7 came along, Moore’s Law of ever-fasterprocessors seemed to slow down. More importantly, apart from somePC games, most software really didn’t require vastly improved hardware.That made the transition from Windows Vista to Windows 7 much easier,and even today an upgrade to a new OS isn’t really that much of astretch.

“Windows 7 first shipped on 45nm Intel Core processors code-named’Yorkfield’ (desktop) and ‘Penryn’ (mobile), which both debuted in 2008,”explained LiftrCloud’sTeich.

“The 45nm Core i5 ‘Lynfield’ (desktop) processor was introduced at thesame time as Windows 7, as was the 45nm Core i7 ‘Clarksfield’ (mobile)processor,” he told TechNewsWorld.

The “sweet spot” for Intel Core processors at the time was quad-corefor both mobile and desktop, while the core clock frequency ranges forall of those processors started at 2.3 GHz and topped out above 3 GHz.

“A current generation Core i5 ‘Skylake’ desktop processor has a basefrequency of 2.6 GHz to 3.6 GHz, and two dual-threaded cores running fourthreads is still a sweet spot,” added Teich.

Today Mobile Core i3 versions have base frequencies of 2.3 GHz to 3.6GHz using two dual-threaded cores.

“In 10 years, we didn’t get faster clock speeds except at the veryhigh end of Intel’s product lines,” said Teich. “AMD could not do anybetter, because physics is physics. We got some speed-ups due toarchitectural improvements, but really, Moore’s Law is dead, dead,dead.”

Old PC With New OS

Given that we haven’t seen a great leap forward in hardware has meantin most cases those older PCs could be upgraded — something Microsoft initially offered for free.

“Hardware-wise, any system that can run Windows 7 can run Windows 10,” said Kay.

“That part is easy, and I’ve upgraded a bunch of older systems,” he added.

Even though that window to upgrade Windows for free has closed, Kay said it isn’treally that difficult and still can be accomplished easily.

“The Windows10 updater essentially looks for a valid Windows 7 orWindows 8 license, and off you go,” Kay explained.

“Windows 7 was designed to run well on whatever was running WindowsVista, so it didn’t require more compute power than was availableseveral years before it shipped,” added Teich.

Moreover, Windows 10 was designed to run well on any PC that can runWindows 7, in order to appeal to both Windows 7 and Windows 8upgrades.

“It wasn’t a hard goal, because Windows 10 focused on an easy-to-install and easy-to-update architecture, better security, andimproving the user experience — none of which required more processorspeed,” said Teich. “I have personally installed Windows 10 on atleast four of my own Windows 7-era notebooks and self-built media PCs.All have performed well.”

Security Concerns

The biggest reason to upgrade from Windows 7 remains the securityconcern. Even with the ESU from Microsoft, users could be puttingthemselves at risk.

“It is already known that criminals are cooking up stuff in their labs,” warned MonsterCloud’s Pinhasi.

“Once they have those tools they can exploit the older versions ofWindows to make billions from it,” he added.

Ransomware, such as the WannaCry cryptoworm, which targeted Windowsmachines in May 2017, could be unleashed after Microsoft’s support forWindows 7 ends.

That particular ransomware was propagated through EternalBlue, anexploit developed by the United States National Security Agency.

“The hackers dropped a package that was stolen from the NSA, andhackers could use something similar,” Pinhasi warned.

The best course of action isn’t to invest in the ESU from Microsoft,but to upgrade the OS and if necessary even the PC hardware.

“It’s time to move on; the demise of a loved operating system is hard,but inevitable,” said Roger Entner, principal analyst at ReconAnalytics.

“Windows 7 stopped being the flagship Windows OS seven years ago, soit is time to upgrade, and a laptop for $179 at Best Buy runs Windows10 and is probably more powerful than anything that was made in 2012,”he told TechNewsWorld.

“There is no reason that anyone running Windows 7 should stick withit, other than pure ornery stubbornness, and it’s not like you have tolearn a new OS,” added Teich.

Of course, it isn’t just individual users who should heed these warnings.

“Companies really should get off Windows 7 as soon as they can,” warned Kay.

“Security attacks are getting more frequent, more sophisticated andmore automated — and don’t imagine that just because you’re a smallfish, they won’t come after you,” he explained. “Small firms aresometimes used as an attack vector against larger firms. And ifcompanies need to turn over their PC base once every 10 years, that’sa good thing. Employees might even be more productive.”

Peter Suciu has been an ECT News Network reporter since 2012. His areas of focus include cybersecurity, mobile phones, displays, streaming media, pay TV and autonomous vehicles. He has written and edited for numerous publications and websites, including Newsweek, Wired and FoxNews.com.Email Peter.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

How does the quality of customer service delivered by government compare to that of the private sector?
Loading ... Loading ...

LinuxInsider Channels