End of the Line for Windows 7: Open Road for Hackers
By Peter Suciu
Mar 7, 2019 10:26 AM PT

Microsoft has been urging customers to upgrade from its Windows 7 operating system, while attempting to ease the transition with several options for extended support. It will stop providing routine fixes and security patches effective January 2020. Regular support for Windows Server 2008 also is scheduled to end at that time.

End of the Line for Windows 7: Open Road for Hackers

Windows 7 enterprise customers can subscribe to Extended Security Updates (ESU) to receive security fixes for uncovered or reported vulnerabilities in the OS. However, patches will be issued only in cases of threats rated "Critical" or "Important" by Microsoft.

Those are the two top rankings in Microsoft's four-step scoring system, meaning that performance issues might not be addressed. Moreover, ESU will be available only in one-year increments, and for just three years. It will be sold on a per-device basis instead of the per-user basis that Microsoft has offered for Windows 10.

ESU will be available for US$25 to $50 per year per device, but the cost will double each year, so that by 2022, support for the aging Windows 7 OS will cost $100 or $200 per device. Customers who subscribe to Microsoft 365 Enterprise will be offered the lower-tier pricing.

Computers running Windows 7 account for 37.9 of PCs today, while Windows 10 accounts for 40.9 market share, according to data from Netmaketshare. On the business side of the market, Windows 10 accounts for more than 50 percent of the market.

Windows 7 was released in 2009 as a replacement for the unpopular Windows Vista, as well as 2001's Windows XP.

Server Side

Microsoft also plans to end support for Windows Server 2008 and SQL Server applications early next year, and the company has been encouraging clients to migrate to Azure.

Unlike with Windows 7, no ESU is planned, leaving customers with limited options.

The end of Windows Server 2008 support is why nearly one-third of companies surveyed said that they were considering purchasing new server hardware, according to the recent Spiceworks 2019 State of Servers report.

"Windows 2008 Server is the most widely used server on the planet," said Zohar Pinhasi, CEO of MonsterCloud, provider of managed cybersecurity services.

As a result, it could make a tempting target to hackers once support ends.

"A lot of organizations moved to Server 2012, but migration isn't an easy task, and too often companies take the approach 'if it ain't broken don't fix it,'" he told TechNewsWorld.

"Criminals are already aware that Microsoft will discontinue the support for the OS next year, and our research suggests they could be cooking up something big -- like taking advantage of zero-day vulnerabilities," Pinhasi added.

Ending 7

Windows 7 was released as a follow-up to the underwhelming Windows Vista. It received a warm reception, widely seen as offering the best features and functionality of Windows XP and Vista.

In 2012, however -- just three years after the release of Windows 7 -- Microsoft took the OS in a completely new direction with Windows 8, which offered what the company dubbed a "Modern User Interface" with touchscreen options.

The new interface, which also was meant to bridge tablets and PCs, failed to catch on. Microsoft then released Windows 10 in 2015. Whereas Windows 7 combined the best aspects of XP and Vista, Windows 10 offered the best of Windows 7 and 8/8.1.

Yet, perhaps because Windows 10 resembles Windows 7 so closely, users have been slow to adopt it. Nearly four years later, 10 has only just surpassed 7 in total users. Microsoft has had to support three operating systems, so it is no surprise that the company decided to pull the plug on the oldest.

"Windows 7 was introduced 10 years ago in 2009 -- that is 70 dog years or Internet years -- a human lifespan," said Paul Teich, principal analyst at LiftrCloud.

"It had to happen sometime; Microsoft has extended Windows 7's life a number of times," noted Roger Kay, principal analyst at Endpoint Technologies Associates.

Out With the Old OS

What makes this transition difficult is that Windows 7 has done its job quite well, remaining a very stable operating system. Still, supporting multiple OSes is not only a drain on resources, but also is inconsistent with Microsoft's new direction.

"Microsoft is committed to pushing everyone onto Windows 10, which is better adapted to a services revenue stream," Kay told TechNewsWorld.

"In fact, there may never be another Windows," he suggested. "The company will keep updating the Windows 10 code essentially indefinitely. Now, beta versions of new code get pushed out, bug reports come back, and the team patches whatever needs it."

Hardware Improvements

In the past, a barrier to upgrading was the hardware that past versions of Windows ran on, and making a move from Windows 3.1 to Windows 95 almost certainly required that users purchase a new computer. The same trend continued with Windows 98, Windows Millennium, Windows XP and notably Windows Vista.

By the time Windows 7 came along, Moore's Law of ever-faster processors seemed to slow down. More importantly, apart from some PC games, most software really didn't require vastly improved hardware. That made the transition from Windows Vista to Windows 7 much easier, and even today an upgrade to a new OS isn't really that much of a stretch.

"Windows 7 first shipped on 45nm Intel Core processors code-named 'Yorkfield' (desktop) and 'Penryn' (mobile), which both debuted in 2008," explained LiftrCloud'sTeich.

"The 45nm Core i5 'Lynfield' (desktop) processor was introduced at the same time as Windows 7, as was the 45nm Core i7 'Clarksfield' (mobile) processor," he told TechNewsWorld.

The "sweet spot" for Intel Core processors at the time was quad-core for both mobile and desktop, while the core clock frequency ranges for all of those processors started at 2.3 GHz and topped out above 3 GHz.

"A current generation Core i5 'Skylake' desktop processor has a base frequency of 2.6 GHz to 3.6 GHz, and two dual-threaded cores running four threads is still a sweet spot," added Teich.

Today Mobile Core i3 versions have base frequencies of 2.3 GHz to 3.6 GHz using two dual-threaded cores.

"In 10 years, we didn't get faster clock speeds except at the very high end of Intel's product lines," said Teich. "AMD could not do any better, because physics is physics. We got some speed-ups due to architectural improvements, but really, Moore's Law is dead, dead, dead."

Old PC With New OS

Given that we haven't seen a great leap forward in hardware has meant in most cases those older PCs could be upgraded -- something Microsoft initially offered for free.

"Hardware-wise, any system that can run Windows 7 can run Windows 10," said Kay.

"That part is easy, and I've upgraded a bunch of older systems," he added.

Even though that window to upgrade Windows for free has closed, Kay said it isn't really that difficult and still can be accomplished easily.

"The Windows10 updater essentially looks for a valid Windows 7 or Windows 8 license, and off you go," Kay explained.

"Windows 7 was designed to run well on whatever was running Windows Vista, so it didn't require more compute power than was available several years before it shipped," added Teich.

Moreover, Windows 10 was designed to run well on any PC that can run Windows 7, in order to appeal to both Windows 7 and Windows 8 upgrades.

"It wasn't a hard goal, because Windows 10 focused on an easy-to-install and easy-to-update architecture, better security, and improving the user experience -- none of which required more processor speed," said Teich. "I have personally installed Windows 10 on at least four of my own Windows 7-era notebooks and self-built media PCs. All have performed well."

Security Concerns

The biggest reason to upgrade from Windows 7 remains the security concern. Even with the ESU from Microsoft, users could be putting themselves at risk.

"It is already known that criminals are cooking up stuff in their labs," warned MonsterCloud's Pinhasi.

"Once they have those tools they can exploit the older versions of Windows to make billions from it," he added.

Ransomware, such as the WannaCry cryptoworm, which targeted Windows machines in May 2017, could be unleashed after Microsoft's support for Windows 7 ends.

That particular ransomware was propagated through EternalBlue, an exploit developed by the United States National Security Agency.

"The hackers dropped a package that was stolen from the NSA, and hackers could use something similar," Pinhasi warned.

The best course of action isn't to invest in the ESU from Microsoft, but to upgrade the OS and if necessary even the PC hardware.

"It's time to move on; the demise of a loved operating system is hard, but inevitable," said Roger Entner, principal analyst at Recon Analytics.

"Windows 7 stopped being the flagship Windows OS seven years ago, so it is time to upgrade, and a laptop for $179 at Best Buy runs Windows 10 and is probably more powerful than anything that was made in 2012," he told TechNewsWorld.

"There is no reason that anyone running Windows 7 should stick with it, other than pure ornery stubbornness, and it's not like you have to learn a new OS," added Teich.

Of course, it isn't just individual users who should heed these warnings.

"Companies really should get off Windows 7 as soon as they can," warned Kay.

"Security attacks are getting more frequent, more sophisticated and more automated -- and don't imagine that just because you're a small fish, they won't come after you," he explained. "Small firms are sometimes used as an attack vector against larger firms. And if companies need to turn over their PC base once every 10 years, that's a good thing. Employees might even be more productive."


Peter Suciu has been an ECT News Network reporter since 2012. His areas of focus include cybersecurity, mobile phones, displays, streaming media, pay TV and autonomous vehicles. He has written and edited for numerous publications and websites, including Newsweek, Wired and FoxNews.com. Email Peter.