SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Security at risk as PC users continue to use end-of-life Windows 7
Tue, 11th May 2021
FYI, this story is more than a year old

Almost a quarter of PC users are still using the end-of-life operating system Windows 7, new research has revealed.

Security firm Kaspersky conducted a study based on anonymised OS metadata provided by consenting Kaspersky Security Network users. The survey has found 22% are still using Windows 7, which stopped receiving mainstream support in January 2020.

When an OS comes to the end of its lifecycle, no more updates will be issued by the vendor, including critical security fixes.

Although a trusted operating system may seem fine on the surface because it does everything you need it to do, if the vendor no longer supports it, it could be susceptible to attacks, Kaspersky says.

When operating systems reach end-of-life, vulnerabilities will remain without update patches to resolve issues, providing cyberattackers with potential ways to gain access to a system. Therefore, it is critical users update their OS to protect the system or business network from this avoidable issue.

Among those still using Windows 7, consumers, small and medium businesses (SMBs), and very small businesses (VSBs) globally occupy almost the same share – 22% each.

Almost a quarter of VSBs still use the outdated OS and, particularly considering that they do not have dedicated IT staff responsible solely for cybersecurity – it makes it more important to ensure their OS is up-to-date.

With that said, more consumers use outdated software as compared to businesses in Singapore – only 9.6% of SMBs and 12.2% of VSBs use outdated Windows 7. For now, businesses can still receive extended paid support for Windows 7, but this means extra expense – and this offering will not be available forever.

Kaspersky's findings also showed that only a small percentage (less than 1%) of people and businesses still use older operating systems, such as Windows XP and Vista, support for which ended in 2014 and 2017, respectively.

Overall, almost one quarter (24%) of users are still running a Windows OS without mainstream support. While a small percentage (less than 1%) of businesses still use the older Windows XP, none use Vista, and slightly over one-fifth (21%) run a Windows OS without mainstream support.

Fortunately, 72% of users are using Windows 10, the latest version of Windows OS, which appears to be the safest choice as well. 
“Updating your operating system might seem like a nuisance for many. But OS updates are not just there to fix errors, or to enable the newest interface," says Oleg Gorobets, senior product marketing manager at Kaspersky.

"The procedure introduces fixes for those bugs that can open a gaping door for cybercriminals to enter. Even if you think you are vigilant and protected while online, updating your OS is an essential element of security that should not be overlooked, regardless of any third-party security solution's presence," he explains.

"If OS is obsolete, it can no longer receive these critical updates. If your house is old and crumbling, there is no point to install a new door. It makes more sense to find a new home, sooner rather than later.

"The same attitude is needed when it comes to ensuring the security of the operating system you trust with your valuable data every day.”

Gorobets adds knowing the risks of an end-of-life operating system is a good start but acting on that knowledge is a smart way to finish.

Kaspersky recommends the following:

  • Use an up-to-date version of the OS and make sure the auto-update feature is enabled.
  • If upgrading to the latest OS version is not possible, organisations should consider this attack vector in their threat model and ensure smart separation of vulnerable nodes from the rest of the network. Kaspersky Embedded Systems Security can provide support in this case, as it allows operating an OS as old as Windows XP SP2 that runs on systems with very low specifications.
  • Use solutions with exploit prevention technologies, such as Kaspersky Security Cloud, Kaspersky Endpoint Security for Business, and Kaspersky Small Office Security, which help to reduce the risk of exploitation of unpatched vulnerabilities that can be found in and obsolete OS (Windows 7 and earlier).