Microsoft will stop supporting Windows 7 after January 14, and the UK intelligence agency, GCHQ, made a public call, as reported by The Telegraph, asking everyone to move on to another operating system (OS) that continues to receive security patches or, at the very least, stop logging into financial services and email from Windows 7 devices.
GCHQ’s Windows 7 Warning
According to a spokesperson from UK’s National Cyber Security Centre, a division of GCHQ, nobody use Windows 7 devices for work involving sensitive information, including logging into bank accounts or sending email starting tomorrow. Sensitive data that’s stored on these unsupported devices should also be moved to systems that continue to receive security patches.
It’s important to keep in mind that although GCHQ mainly focused on the most dangerous activities you should avoid performing on unsupported Windows 7 systems, the reality is that no online activity will be safe on Windows 7 devices starting tomorrow.
If history has taught us anything, the uncovered vulnerabilities will keep piling on as time goes by, and attackers will eventually combine them to create highly effective ransomware or exploits that lead to stolen data.
Google promised that Chrome will support Windows 7 until at least July 15, 2021. That should offer some cover against drive-by attacks (using malware that downloads automatically on your PC) from infected websites or online ads.
However, it’s unlikely Chrome will be able to protect against deeper-level OS vulnerabilities, such as kernel flaws. If hackers take advantage of kernel flaws in their exploits, then Chrome’s protections will likely not be sufficient, even if the browser itself is up to date.
Windows 7: The Next Windows XP?
On the eve of Windows 7's end-of-life (EOL) support date, the OS continues to have an installed base of over 440 million. That's a little over a quarter of total Windows installations and roughly the same percentage of users Windows XP had when it reached its own EOL date.
Like Windows XP, Windows 7 was well-received. Businesses in particular often resist switching to a new OS because that can create significant disruption within the company. It can take years to switch all of a company’s machines to a new OS and to port legacy applications to it at the same time. Furthermore, if the new OS looks significantly different than the old one, many employees may require training, which is an additional cost to the company.
However, the vulnerabilities that will malicious actors will discovered could create damages that are significantly larger than the costs of switching to a new OS.
Just ask Maersk, a large container shipping company that experienced $300 million in damages from a cyber attack in 2017 because its OS and applications weren’t up to date. The WannaCry ransomware has also created billions of dollars in damages to companies all over the world by infecting unpatched systems.
If you haven’t upgraded to Windows 10 or switched to a supported Linux distribution yet, now is the time to do it before your data is at risk.