Windows 10 is now the most widely used version of Windows on the desktop, but as Windows 7’s end of life looms, nearly half of small to medium sized businesses (SMBs) are still relying on an operating system that soon won’t get security patches.
For the past four years Microsoft has been nudging Windows 7 users to upgrade PCs to Windows 10, but millions of small businesses and consumers are still using Windows 7, which Microsoft will stop delivering patches for on January 14, 2020.
According to security firm Kaspersky, 38% of consumers and 38% of small office/home office (SOHO) PCs are still running Windows 7, while 47% of SMBs are running Windows 7.
Microsoft launched the first version of Windows 10 in 2015, moving from mega-upgrades every three or four years to its biannual Windows 10 feature release schedule targeted for March and September each year.
In the early days of Windows 10’s release, Microsoft offered Windows 7 and Windows 8.1 users a free upgrade to Windows 10 but the company was accused of ‘coercing’ Windows 8.1 and Windows 7 users into upgrading and it even paid a user $10,000 after losing a lawsuit over a forced Windows 10 upgrade.
Microsoft no doubt knows that a large number of businesses are still using Windows 7 as it reaches end of life. Businesses can pay for extended support however this is a costly option for customers and not an option for consumers and most SMBs.
Earlier this month Microsoft launched the "FastTrack Center Benefit" aimed at SMBs as a free service for organizations that have at least 150 licenses for Office 365 or its bundle of services under Microsoft 365. And in March, Microsoft released a Windows 7 update that showed desktop notifications urging users to upgrade to Windows 10 before January 2020.
On the other side, hackers know that if a large chunk of Windows devices aren’t receiving patches, newly discovered bugs can be exploited vulnerabilities en masse, in theory, forever.
Microsoft recently made two rare exceptions to its policy of not patching unsupported versions of Windows: it patched Windows XP after the WannaCry ransomware outbreak in 2017 to kill a wormable flaw; and for the same reason in May this year it patched unsupported versions of Windows to shield them from the so-called BlueKeep bug.
Kaspersky’s data broadly lines up with other sources of Windows version distribution, such as Net Applications, which estimates that Windows 7 accounts for 32% of all PCs, including macOS and Linux systems. The good news is that Windows 7 adoption decreased by 4 percentage points over the past month and is trending down.
Kaspersky claims to have 400 million users and 270,000 corporate clients, so its numbers are likely representative of the worldwide distribution of Windows 7.
“The widespread use of Windows 7 is concerning as there is less than six months to go until this version becomes unsupported,” said Alexey Pankratov, enterprise solutions manager at Kaspersky.
“The reasons behind the lag in updating OS vary depending on the software in place, which may be unable to run on the newest OS versions, to economic reasons and even down to comfortability of routinely using the same OS.
“Nonetheless, an old unpatched OS is a cybersecurity risk and the cost of an incident may be substantially higher than the cost of upgrading. This is why we recommend that customers migrate to supported versions and ensure that additional security tools are in place during the transition period.”