Windows 7 is EOL: What next?

Windows 7 is EOL: What next?

End-of-life (EOL) is an expression commonly used by software vendors to indicate that a product or version of a product has reached the end of usefulness in the eyes of the vendor. Many companies, including Microsoft, announce the EOL dates for their products far in advance.

Every Windows product has a lifecycle. The lifecycle begins when a product is released and ends when it’s no longer supported. Knowing key dates in this lifecycle helps you make informed decisions about when to update, upgrade, or make other changes to your software.

Windows 7 EOL

For those that were unaware, Windows 7 reached EOL on January 14, 2020. When a Windows Operating System (OS) hits the end of its lifecycle, it no longer receives updates from Microsoft.

That means Microsoft no longer supports users of Windows 7, and Windows 7 will no longer receive updates, although Microsoft has been known to make exceptions for urgent vulnerabilities. And while organizations may be able to extend support by paying for it, home users are advised to move on to more modern operating systems.

Or as Microsoft puts it:

“Now is the time to shift to Windows 10. Get robust security features, enhanced performance, and flexible management to keep your employees productive and secure.”

And of course, they have a point. If cybercriminals discover a vulnerability in Windows 7, there is no guarantee that this vulnerability will be patched by Microsoft. And while there is still a large Windows 7 user base, it pays off for the cybercriminals to weaponize such a vulnerability and use it to their advantage. Keep in mind that most of the exploit kits active in the wild focus on older vulnerabilities, which will not be patched if you are using EOL software.

Is Windows 10 more secure?

While the call to move on to Windows 10 by Microsoft makes it sound mighty safe, what exactly are these security features that Windows 10 has over Windows 7? We know it’ll be supported by Microsoft, and therefore any known vulnerabilities will be patched. Its other security features are as follows:

  • Windows 10 includes Windows Defender by default, which provides a baseline level of antivirus protection.
  • SmartScreen is a reputation system that tries to block harmful and unknown file downloads.
  • Windows 10 includes Microsoft Edge instead of Internet Explorer, which is targeted most often by exploits.

On the downside, you might argue that Windows 10 has a lot of new features that tend to come with new problems and risks. However, Windows 10 has been around for a while now, so the worst problems should have been tackled.

However, we want to stress: Moving on to a new operating system, while safer than sticking with a legacy system, is no substitute for a strong security solution. Even Windows 10 machines need anti-malware protection.

According to a spokesperson from our malware removal staff, the correlation between browser use and malware is actually higher than the one between OS version and malware. Meaning: The browser you use has a much bigger impact on the likelihood of being infected than the OS that you use. So even if you switch over to Windows 10 but keep using Google Chrome, you can still be easily infected. Now that Windows 10 has switched over to Edge, many cybercriminals are focusing on exploits for Google Chrome, one of the most popular browsers today.

Other operating systems

To avoid potential infection—or because they’re looking for a change— some Windows users might consider moving to entirely different operating systems, such as Mac or Linux. But layering up built-in protection with security software is important, even if you decide to switch.

For example, the long-standing myth that Macs are safer than Windows systems has been proven wrong. As you can read in our 2020 State of Malware Report, Mac threats increased exponentially in comparison to those against Windows PCs in 2019, with nearly double the threats per Mac endpoint than Windows. And while Macs don’t get viruses, Mac adware is more sophisticated and dangerous than traditional Mac malware.

In some cases, people may consider switching to a Chromebook, which is certainly a cheaper option if it offers enough capabilities to replace your current Windows desktop or laptop. But even Chromebooks can—and do—get infected.

We don’t expect a lot of users to switch to a more hardcore Linux OS, since they might expect a huge learning curve (another misconception) or their favorite software is not available (unfortunately, not a myth). However, even if they do, Linux OSes are not free from malware. They’re simply attacked less often because cybercriminals understand their user base isn’t as large (and therefore, their payday isn’t as big).

Windows 7 user base

Currently over 23 percent of Windows users worldwide are still on Windows 7, and only 69 percent have already switched to Windows 10. The rest are using the less popular Windows 8 or versions of Windows that have gone EOL long before Windows 7.

Oddly enough, the percentage of Windows 7 users has hardly decreased after reaching the EOL date in January (from roughly 24 percent to 23 percent). With this huge amount of potentially unpatched systems still active in the market, any exploitable vulnerability will result in a widespread disaster.

Would WannaCry have had such an enormous impact if Windows XP and Windows Server 2003 had been abandoned before it spread? We will never know. What we do know that Windows 8 and 10 did not need to be patched for the vulnerability that was used to spread WannaCry. They were not contributing to the choir of systems trying to infect their neighbors. Emergency patches were released for several older Windows versions, including Windows 7. At the time, Windows 7 was still supported.

We got you

It is not our habit to promote our own products in our blogs, but we wanted to let you know that whichever OS (and browser) you chose next, we’ve your back. As a demonstration, here is a list of the available Malwarebytes consumer versions created to protect our users:

Malwarebytes for Windows

Malwarebytes for Mac

Malwarebytes for Chromebook

Malwarebytes for Android

Malwarebytes for iOS

Malwarebytes Browser Guard (for Firefox and Chrome)

Download links, pricing, and more information, such as a list of our business offerings and customer reviews, can be found on our pricing page.

Stay safe, everyone!

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.