Catch Of The Week: Windows 7 End Of Life

By BECKY RUTHERFORD

Los Alamos

Now is the time to check what version of Windows you are running, because Windows 7 goes out of support Jan. 14. What does this mean, and why should you care?

When a Windows operating system (OS) goes out of support, this means it will no longer receive security updates to the operating system free of charge. You will be able to continue to run Windows 7 after Jan. 14, but you will be more susceptible to security issues. Starting Jan. 15, Microsoft will deliver a new pop up reminder to Windows 7 users, letting them know they are out of support. Users have been receiving notifications of the required update since April of 2019.  

How do you tell what version of Windows you are running? It depends on which version of Windows you are running. The Microsoft website has detailed instructions for doing this for various OS versions. 

Why are security updates so important? Security folks look forward to the second (and sometimes fourth) Tuesday of every month, known as “Patch Tuesday”, because this is the day that Microsoft and other vendors release their security updates or “patches” to fix vulnerabilities in their software. 

Sometimes vendors release these updates “out of band”, like if a really bad vulnerability (known as a zero-day) is unleashed upon the world. 

Generally, zero-day vulnerabilities are discovered by security researchers, who then inform the company of the issues and give them time to fix the problems before unleashing the vulnerability on the world.  That said, sometimes malicious actors find these vulnerabilities first, and exploit them.

A good example is the infamous WannaCry ransomware attack of May 2017, which exploited a vulnerability in the Windows implementation of the Server Message Block (SMB) protocol. Microsoft had discovered the vulnerability a month before the attack and released a patch flagged as “critical”.  Unfortunately, many users did not update their systems, allowing WannaCry to infect over 200,000 systems in 150 countries.  

If you are a business running Windows 7 Enterprise Agreement (EA) or Enterprise Subscription Agreement (EAS), you have the option to purchase Windows 7 Extended Security Updates. Updates can be purchased for a year on a per-device basis, with the price increasing each year. Depending on the size of your business, this can be complicated and expensive. Upgrading your operating system will likely be a better option. 

Some possible options if you really must keep Windows 7, make the machine a “standalone” system, or change your OS to Linux and run Windows 7 as a virtual machine. If you only use the machine for tasks that don’t require internet connectivity, disconnect it from the network and continue using it. Just be careful plugging in strange USBs; otherwise you should be fairly secure. You can also change your OS to any version of Linux, a free and open-source OS. Once you have Linux installed, you can install Windows 7 on a virtual machine. You can use the Linux machine for everyday tasks involving internet usage, and continue to use Windows 7 for other tasks like Word processing, etc. This option is more complex, and some risk may remain, but there are many tutorials online that can walk you through the steps. 

For the home user, the best choice is to upgrade your OS to Windows 10. Continuing to run Windows 7 while keeping it connected to the internet after Jan. 14 is not a good choice. Keeping the old OS will expose you to security risks since your machine will no longer be receiving security patches to fix problems. If a malicious actor can exploit a vulnerability in your system, they can install malware that can give them full access to your system, encrypt your files, or do anything else they want. These attacks will end up costing you more than paying for the upgrade (the upgrade costs about $139).

Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.

Search
LOS ALAMOS

ladailypost.com website support locally by OviNuppi Systems