End of the Line for Windows 7: Open Road for Hackers
By Peter Suciu
Mar 7, 2019 10:26 AM PT
Microsoft has been urging customers to upgrade from its Windows 7 operating system, while attempting to ease the transition with several options for extended support. It will stop providing routine fixes and security patches effective January 2020. Regular support for Windows Server 2008 also is scheduled to end at that time.
Windows 7 enterprise customers can subscribe to Extended Security Updates (ESU) to receive security fixes for uncovered or reported vulnerabilities in the OS. However, patches will be issued only in cases of threats rated "Critical" or "Important" by Microsoft.
Those are the two top rankings in Microsoft's four-step scoring system, meaning that performance issues might not be addressed. Moreover, ESU will be available only in one-year increments, and for just three years. It will be sold on a per-device basis instead of the per-user basis that Microsoft has offered for Windows 10.
ESU will be available for US$25 to $50 per year per device, but the cost will
double each year, so that by 2022, support for the aging Windows 7 OS will
cost $100 or $200 per device. Customers who subscribe to Microsoft 365
Enterprise will be offered the lower-tier pricing.
Computers running Windows 7 account for 37.9 of PCs today, while Windows 10 accounts for 40.9 market share, according to data from Netmaketshare. On the business side of the market, Windows 10 accounts for more than 50 percent of the market.
Windows 7 was released in 2009 as a replacement for the unpopular Windows Vista, as well as 2001's Windows XP.
Microsoft also plans to end support for Windows
Server 2008 and SQL Server applications early next year, and the company has been
encouraging clients to migrate to Azure.
Unlike with Windows 7, no ESU is planned, leaving customers
with limited options.
The end of Windows Server 2008 support is why nearly
one-third of companies surveyed said that they were considering
purchasing new server hardware, according to the recent Spiceworks 2019 State of
"Windows 2008 Server is the most widely used server on the planet,"
said Zohar Pinhasi, CEO of
MonsterCloud, provider of managed cybersecurity services.
As a result, it could make a tempting target to hackers once support ends.
"A lot of organizations moved to Server 2012, but migration isn't an
easy task, and too often companies take the approach 'if it ain't
broken don't fix it,'" he told TechNewsWorld.
"Criminals are already aware that Microsoft will discontinue the
support for the OS next year, and our research suggests they could be
cooking up something big -- like taking advantage of zero-day
vulnerabilities," Pinhasi added.
Windows 7 was released as a follow-up to the underwhelming Windows
Vista. It received a warm reception, widely seen as offering the best features and functionality of Windows XP and Vista.
In 2012, however -- just three years after the release
of Windows 7 -- Microsoft took the OS in a completely new direction with
Windows 8, which offered what the company dubbed a
"Modern User Interface" with touchscreen options.
The new interface, which also was meant to bridge tablets and PCs, failed to catch on. Microsoft then released Windows 10 in 2015. Whereas Windows 7 combined the best aspects of XP and Vista, Windows 10 offered the best of Windows 7 and 8/8.1.
Yet, perhaps because Windows 10 resembles Windows 7 so closely, users
have been slow to adopt it. Nearly four years later, 10 has only just
surpassed 7 in total users. Microsoft has had to support
three operating systems, so it is no surprise that the company decided to pull the plug on the oldest.
"Windows 7 was introduced 10 years ago in 2009 -- that is 70 dog years
or Internet years -- a human lifespan," said Paul Teich, principal analyst at
What makes this transition difficult is that Windows 7 has done its job
quite well, remaining a very stable operating system. Still, supporting multiple OSes is not only a drain on resources, but also is inconsistent with Microsoft's new direction.
"Microsoft is committed to pushing everyone onto Windows 10, which is
better adapted to a services revenue stream," Kay told TechNewsWorld.
"In fact, there may never be another Windows," he suggested. "The company will keep updating the Windows 10 code essentially indefinitely. Now, beta versions of new code get pushed out, bug reports come back, and the team patches whatever needs
In the past, a barrier to upgrading was the hardware that past versions
of Windows ran on, and making a move from Windows 3.1 to Windows 95
almost certainly required that users purchase a new computer. The same
trend continued with Windows 98, Windows Millennium, Windows XP and
notably Windows Vista.
By the time Windows 7 came along, Moore's Law of ever-faster
processors seemed to slow down. More importantly, apart from some
PC games, most software really didn't require vastly improved hardware.
That made the transition from Windows Vista to Windows 7 much easier,
and even today an upgrade to a new OS isn't really that much of a
"Windows 7 first shipped on 45nm Intel Core processors code-named
'Yorkfield' (desktop) and 'Penryn' (mobile), which both debuted in 2008,"
"The 45nm Core i5 'Lynfield' (desktop) processor was introduced at the
same time as Windows 7, as was the 45nm Core i7 'Clarksfield' (mobile)
processor," he told TechNewsWorld.
The "sweet spot" for Intel Core processors at the time was quad-core
for both mobile and desktop, while the core clock frequency ranges for
all of those processors started at 2.3 GHz and topped out above 3 GHz.
"A current generation Core i5 'Skylake' desktop processor has a base
frequency of 2.6 GHz to 3.6 GHz, and two dual-threaded cores running four
threads is still a sweet spot," added Teich.
Today Mobile Core i3 versions have base frequencies of 2.3 GHz to 3.6
GHz using two dual-threaded cores.
"In 10 years, we didn't get faster clock speeds except at the very
high end of Intel's product lines," said Teich. "AMD could not do any
better, because physics is physics. We got some speed-ups due to
architectural improvements, but really, Moore's Law is dead, dead,
Old PC With New OS
Given that we haven't seen a great leap forward in hardware has meant
in most cases those older PCs could be upgraded -- something Microsoft initially offered for free.
"Hardware-wise, any system that can run Windows 7 can run Windows 10," said Kay.
"That part is easy, and I've upgraded a bunch of older systems," he added.
Even though that window to upgrade Windows for free has closed, Kay said it isn't
really that difficult and still can be accomplished easily.
"The Windows10 updater essentially looks for a valid Windows 7 or
Windows 8 license, and off you go," Kay explained.
"Windows 7 was designed to run well on whatever was running Windows
Vista, so it didn't require more compute power than was available
several years before it shipped," added Teich.
Moreover, Windows 10 was designed to run well on any PC that can run
Windows 7, in order to appeal to both Windows 7 and Windows 8
"It wasn't a hard goal, because Windows 10 focused on an easy-to-install and easy-to-update architecture, better security, and
improving the user experience -- none of which required more processor
speed," said Teich. "I have personally installed Windows 10 on at
least four of my own Windows 7-era notebooks and self-built media PCs.
All have performed well."
The biggest reason to upgrade from Windows 7 remains the security
concern. Even with the ESU from Microsoft, users could be putting
themselves at risk.
"It is already known that criminals are cooking up stuff in their labs," warned MonsterCloud's Pinhasi.
"Once they have those tools they can exploit the older versions of
Windows to make billions from it," he added.
Ransomware, such as the WannaCry cryptoworm, which targeted Windows
machines in May 2017, could be unleashed after Microsoft's support for
Windows 7 ends.
That particular ransomware was propagated through EternalBlue, an
exploit developed by the United States National Security Agency.
"The hackers dropped a package that was stolen from the NSA, and
hackers could use something similar," Pinhasi warned.
The best course of action isn't to invest in the ESU from Microsoft,
but to upgrade the OS and if necessary even the PC hardware.
"It's time to move on; the demise of a loved operating system is hard,
but inevitable," said Roger Entner, principal analyst at Recon
"Windows 7 stopped being the flagship Windows OS seven years ago, so
it is time to upgrade, and a laptop for $179 at Best Buy runs Windows
10 and is probably more powerful than anything that was made in 2012,"
he told TechNewsWorld.
"There is no reason that anyone running Windows 7 should stick with
it, other than pure ornery stubbornness, and it's not like you have to
learn a new OS," added Teich.
Of course, it isn't just individual users who should heed these warnings.
"Companies really should get off Windows 7 as soon as they can," warned Kay.
"Security attacks are getting more frequent, more sophisticated and
more automated -- and don't imagine that just because you're a small
fish, they won't come after you," he explained. "Small firms are
sometimes used as an attack vector against larger firms. And if
companies need to turn over their PC base once every 10 years, that's
a good thing. Employees might even be more productive."
Peter Suciu has been an ECT News Network reporter since 2012. His areas of focus include cybersecurity, mobile phones, displays, streaming media, pay TV and autonomous vehicles. He has written and edited for numerous publications and websites, including Newsweek, Wired and FoxNews.com.