Microsoft is ending support for Windows 7 in 2020, which begs one simple question for anyone using a computer that still runs it: is Windows 7 safe? Should you upgrade to Windows 10? To find out, we consulted Microsoft, security companies and an independent security expert. Here’s what they said.
What does Microsoft have to say for itself?
“After January 14, 2020, if your PC is running Windows 7, it will no longer receive security updates,” it stated. “Microsoft strongly recommends that you move to a new device with Windows 10 preinstalled, which can provide the latest security updates to help keep you and your data safer.”
Well, yes, of course. Anything else?
“Windows 10 has lot of amazing security features that do not exist on Windows 7 and we have even upgraded the AV on Windows 10. The security built into Windows 10 prevents, detects, and automatically remediates threats, so users are protected from threats like phishing links and malicious attachments.”
This is all true, but sadly doesn’t answer any of our questions. We know it’s safer to run Windows 10 than Windows 7; the question is whether it’s safe enough to keep an old system running.
The big question: is Windows 7 safe?
“Right now, yes,” said Allan Liska, senior solutions architect at Recorded Future, a global real-time cyber threat intelligence provider. “Microsoft is actively patching vulnerabilities and regular updates are occurring.”
However, he warns that cyber criminals will continue targeting the operating system once it has been discontinued. “For example, Microsoft discontinued support for Windows XP in 2014. Since that time there have been more than a dozen published vulnerabilities and attackers regularly advertise in underground forums that their tools exploit Windows XP. So, while Windows 7 is safe today, it won’t be very soon after it goes end of life.”
It’s a view precisely echoed by independent security consultant Andy Johnson, who runs online safety site becybersafe.com. “Windows 7 is still safe to use, but it’s a good idea to think about moving to a more modern operating system now since, from January 2020, Microsoft will no longer publish any updates for it. This means that any security holes found in it in won’t get patched and could be exploited by virus writers.”
And in case you were left in any doubt, here’s what the superbly named Fennel Aurora, security adviser at F-Secure, had to say. “Since Windows XP stopped receiving security updates in 2014, SANS Institute observed that it takes on average 20 minutes before a newly connected device is hacked. Even without the coming end of support on Windows 7, it is highly recommended to always update your operating system to the latest version if possible. With end of support, this becomes urgent.”
Will using antivirus be enough to keep people secure from attacks?
“Antivirus software can be incredibly effective but should be a last line of defence only – it isn’t foolproof and may not protect you from all viruses,” advises Andy Johnson. “To keep your computer free from viruses we recommend following the easy to remember Dodge, Deny, Detect principle.”
- Dodge: Prevent your computer from coming into contact with viruses in the first place, for example by learning how to spot phishing attacks
- Deny: Keep your software up to date so that viruses aren’t able to install themselves
- Detect: Run antivirus software to help detect and remove any viruses that do still manage to find their way onto your computer.
“For Windows 7 users, the ‘Deny’ part of this defence strategy will no longer be possible from January 2020 as Microsoft stop supporting Windows 7,” said Johnson. “Without adequate protection you then risk viruses stealing your personal details or possibly destroying your files.”
F-Secure agrees. “Nothing is 100% secure – even the most protected banks get robbed,” said Fennel Aurora. “What is sure is that if you do not have any protection, if you just leave the key under the doormat, you are going to have a bad time.”
“Most antivirus software will not help with this problem,” added Allan Liska. “Antivirus software are meant to stop malicious applications, such as trojans, worms, and viruses. They are not meant to protect the integrity of the underlying operating system, especially against new and possibly previously unseen exploits.”
Come on, what’s the worst that can happen?
“In 2017 when the WannaCry ransomworm broke out, one of the worst hit organisations was the NHS,” said Liska. “One of the reasons they were particularly susceptible was that they still had a large number of Windows XP systems running in their organisation, and Microsoft did not release a patch for the exploit used by WannaCry for Windows XP.”
“It’s very easy to think of worse and worse scenarios – it’s more useful to think of what is likely,” said F-Secure’s Aurora. “The most common threats that consumers face today are ransomware destroying all their photos and documents, identity and data theft turning their life upside-down, banking trojans stealing their money, and cryptojackers making their device slower and quicker to fail.
“The point is that the same threats apply, it is just that unpatched/un-updated Windows 7 will make it easier for the predators to make a statistic of you.”
He adds: “Most attacks are automated and invisible, especially when we are talking about security holes in unpatched/outdated operating systems. For example, the NSA-developed exploits used by WannaCry and EternalPetya very quickly turned hundreds of thousands of computers around the world into useless bricks.”
Are people just being doom-mongers because it’s in their interests?
“No, everyone should update their devices and keep them up to date,” said Aurora. “Connecting out-of-date devices to the internet is reckless in the same way that having 19th century locks with the key ‘hidden’ near the door is reckless in a modern city.”
So what should you do?
That message is simple, even if it’s annoying – you should upgrade. And rather than go to Windows 8, you should go straight to Windows 10.
“With a modern operating system, such as Windows 10, keeping your computer patched and up to date can be very simple and doesn’t even need any effort by you,” said Johnson.
If you don’t have a big budget, consider a Chromebook. (If you can wait, the magazine I edit, PC Pro, is running a Chromebooks group test that will be published in July.)
And if you can stretch to £600, consider this HP convertible laptop.
READ NEXT: Why is even Microsoft begging you to stop using Internet Explorer?