Comprehensive Software Reviews to make better IT decisions
Windows 7 Reaches End of Life; Are You About to Pay the Price?
Last fall, Microsoft announced that it would be ending support for Windows 7 on January 14, 2020. This has come into effect. Windows will no longer release any updates for the Windows 7 operating system – including crucial security patches.
Microsoft did say it would offer a paid service for Windows 7 Extended Security Updates (ESUs) on a per-device basis, but even this program has limitations. The program is only available for larger clients to extend their current security coverage. This includes large businesses, government operations, and educational services. Second, the program caps out after three years, ending in 2023. Finally, the price for the ESU will increase in the following year.
Source: Support for Windows 7 ends in January 2020, Microsoft. Accessed January 22, 2020
Microsoft’s Windows 7 has a myriad of security flaws including a zero-day vulnerability. Yet, despite the flaws, Windows 7 is one of the most-used operating systems among businesses at 32.74% of operating system share. Without continual security updates, users of Windows 7 will be at risk for more sophisticated probing and hacking tools. It remains critical to update and assess your security programs regularly.
Try to update your security systems to the newest versions when possible. These versions are up to date with the latest security features and are based in response to innovations so they can better respond to threats.
The cost of remaining on Windows 7 will also begin to add up. If it is not possible to upgrade for operational reasons, consider this example in Germany.
Germany’s federal government has already paid close to one million euros in ESUs to Microsoft for the continued use of Windows 7, and it’s still operating thousands of computers on Windows 7. This is not only a security risk – since the system will no longer be receiving any updates – but also a financial burden. Germany’s federal government has at least 33,000 computers still operating on Windows 7. This number of computers operating Windows 7 will end up costing over €800,000.
For North American companies, at around US$25 to $50 per device in the first year, the fees will add up similarly. It is estimated that it would cost $500,000 for an enterprise running 10,000 machines in the first year. Furthermore, the ESU fee is cumulative and will increase for each year a user does not update to a newer Windows version. In the third year alone, this will cost a business around $100 to $200 per device.
The percentage of current Windows 7 users in Germany is comparable at 19.77% to North America’s 19.61%. This means that North American businesses are likely to pay far more – accounting for population – over the coming years in ESUs. With around 200 million PCs worldwide still running Windows 7, the costs businesses pay for ESUs will be staggering.
Current Windows 7 users should consider both the fiscal and security consequences of not updating to a newer version of Windows.
Want to Know More?
Since its acquisition of Rsam in 2019, Galvanize (formerly ACL) has maintained its high-quality delivery of cloud-based security, risk management, compliance, and audit software. Recognized as one of Canada’s Best Managed Companies, Galvanize’s comprehensive product offerings have not gone unnoticed.
GTB Technologies has been recognized as “Best Data Loss Prevention Solutions Provider for 2020.” With organizations addressing digital transformation and a growing remote workforce, the risk of data breaches is increased from both insider and outsider perspectives.
SC Media had its recent 2020 SC Awards Honored in the U.S. event and has awarded Qualys recognition for Best Vulnerability Management Solution in the “Trust Awards” category.
RSA Archer, a leader in the governance, risk, and compliance space has been acquired by Symphony Technology Group, based in Palo Alto, California. Symphony, a private equity firm, has investments in a cross section of companies in the analytics space, HR and recruitment, and supply chain among many others.
Qualys announced its new flagship product, Qualys VMDR, at RSA Conference 2020. According to the Qualys website, VMDR will be available after March 30, 2020.
There is a vulnerability at the layer 2 Wi-Fi encryption level called Kr00k (formally CVE-2019-15126 in the NIST National Vulnerability Database) affecting Broadcom and Cypress Semiconductor Wi-Fi devices.
Microsoft’s end-of-life support for Windows 7 has run into its first set of issues with its extended security updates (ESUs). Administrators who paid for the ESU found out their downloads are not applying.
Qualys’ newest product, VMDR (Vulnerability Management, Detection, and Response), will be available in March and will provide an all-in-one cloud-based solution for vulnerability management. VMDR will automate the entire management cycle on all endpoints.
Startup security vendor SECURITI.ai wins RSAC “Most Innovative Startup” at the RSA Conference 2020 Innovation Sandbox Contest.