Stop Using Windows 7!

May 18, 2020

Change is hard, I get it. Especially when that change gives you the nonsense that was Windows 8, which was also the final straw in converting me into an Apple fan. Yes, I eventually gave Windows 10 another chance, and I've certainly learned to like it, but I still miss the days of Windows XP and Windows 7 (no one actually remembers Vista).

Windows 7 still has a huge fan-base, and I completely understand why. It was simple, but it did what you want. It just worked. And I get that all these tech companies keep pushing out new versions so they can make more money. So whether you don't want to move off Windows 7 because of nostalgia or because you don't want to spend the money on upgrading, at least give me a chance to explain why Windows 7 isn't a great idea anymore.

Why?

Because it's dead, it officially died on January 14, 2020. And you should stop using it. Microsoft is no longer supporting Windows 7, meaning there are no security updates and no patches. While Windows 7 will still work, it is going to be more vulnerable to security risks and viruses, and Microsoft itself is of course recommending users upgrade to Windows 10.

Source

First things first, do I need to remind everyone of the dangers on the internet? And according to NetMarketShare, Windows 7 still accounts for almost 30% of the vulnerabilities out there. So, even though it seems like a relatively low number, we have to remember that these 30% are no longer receiving security updates to mitigate cyber-attacks. It is also pretty easy to figure out if someone is using Windows 7 using a tool called Nmap.

Oh, and I forgot to mention that Microsoft is also ending support for Internet Explorer, too. And shocker, IE has tons of vulnerabilities, even patching one in February. Side note, Microsoft will occasionally provide security updates even when outside of the support window, like in 2019 when Microsoft released a patch for XP for a Remote Code Execution vulnerability.

Let's take a step back and talk about why not receiving security updates is a problem. All Microsoft Windows products are all built on the same underlying architecture - that includes XP, 7, 8, and 10. When Microsoft issues a patch for Windows 8 or 10, which are still fully supported, that would normally also patch Windows 7. But now that Microsoft isn't supporting Windows 7, the patch doesn't flow down. On top of that, most other software tools or web browsers will likely end their support for Windows 7 as well.

If you have software that is only supported by Windows 7 and there is no plan to upgrade said software to use on Windows 10, there are two possibilities to keep yourself secure. First, ensure the device never connects to the internet (as long as the software does not require internet, of course). Second, upgrade to Windows 10 and use a Windows 7 virtual machine to access the software. This keeps the vulnerabilities of Windows 7 away from your home device, as a virtual machine can be easily wiped.

So what can you do because I know not everyone can just up and buy a new computer whenever they want.

If there is absolutely positively no way around using Windows 7, make sure you upgrade and patch everything you can (browsers, tools, etc.), install antivirus software, limit access to the internet, ensure firewalls are up, and make a plan to eventually move away from Windows 7.

You can also still download the Windows 10 upgrade for free, you just don't get all the features of Windows 10 without purchasing a license.

If you don't want Windows 10, you can also upgrade to Linux. It might be a bit of a learning curve at first, but I've found that Linux is a great option for people (Ubuntu is a great starting point). There are tons of tutorials out there for installing Linux on your device too. I have one laptop where I wiped Windows and installed Ubuntu. I also have a few VMs I use with Kali Linux and Ubuntu. It takes some time I get used to, but I think most people could learn to appreciate the simplicity of a Linux system.

So let's work through a scenario here. Your kid is using your old Windows 7 device to do their school work and their Zoom calls. Because you have to connect to your schools remote learning solution, the device has to be connected to the internet. It may or may not have been used much in the past few years so there might be some out of date software on the device as well. I'm a bad actor and I want to target you - it could be for any number of reasons, money, information, future access, etc. I eventually get access to the device because it is out of date and no longer receiving security updates, but because it is connected to the same network as the other devices that might have more enticing rewards, I use this access to pivot onto something that gives me what I want. Now I'm in. I can install a keylogger to pull all your usernames/passwords, say for your personal email account or your bank account. I could lock you out of your email or social media accounts, I could mine data that could later be used for blackmail. Or maybe you have sensitive work information on your personal device or even a work device. Scary, right?

Yes, that is oversimplifying a situation, but it isn't outside the realm of possibility for a determined threat actor.

I'll stop here. Can I make it any more clear that continuing to use Windows 7 is nothing more than a liability? Because if I was a hacker, why would I go after a more secure Windows 10 device when there's a perfectly "easy" Windows 7 device to attack (and plenty of them)?