Endpoint

10/24/2018
04:05 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Windows 7 End-of-Life: Are You Ready?

Microsoft will terminate support for Windows 7 in January 2020, but some there's still some confusion among enterprises about when the OS officially gets retired.

Microsoft will terminate support for Windows 7 on January 14, 2020. That may seem far off, but the clock is ticking – and security and IT teams have sixteen months to figure out a plan.

Many businesses already have the ball rolling, notes Andrew Hewitt, Forrester analyst serving infrastructure and operations professionals, who says the upcoming end-of-life "is a major point of focus for a lot of organizations I'm working with right now."

Hewitt points to "a massive push toward Windows 10" as organizations prep for Microsoft to terminate Windows 7 support. However, different businesses are approaching the Windows 10 upgrade in different ways, which largely depend on their size and maturity, he says.

Windows 10 readiness varies widely. More than half of respondents in a recent survey by Avecto say they're ready for the migration; however, 44% are unsure about their plans or feel unprepared. Part of the problem is awareness: 30% think the end of life for Windows 7 has already occurred, and only 30% knew the date of Microsoft's planned termination, according to the report, which polled 500 IT and security pros on their preparedness to upgrade to the new OS, as well as the related benefits and risks. 

The most surprising finding in the survey was the lack of certainty around the end-of-life for Windows 7, says Kevin Alexandra, principal consultant at Avecto. "It's the default operating system for most businesses – has been for the past few years," he adds. As Microsoft continues to push the Windows 7 end-of-life, companies are reluctant to fix something they don't see as broken.

What's Holding Them Back?

Compounding this reluctance are myriad challenges associated with upgrading an operating system that so many devices and applications rely on, says Hewitt, who says the biggest hurdle will be preparing on-premise legacy applications for the transition.

Organizations with a huge number of legacy apps, especially without a virtualized environment, will have a difficult time testing them for Windows 10 compatibility. "It can take a lot more time to make sure those apps are ready," he adds, especially when focusing on mission-critical tools.

The Windows 10 upgrade is a "very manual process," Hewitt continues, and it slows companies down. Most folks are aiming to complete their transition by 2020 and they're worried they won't make their deadline because of the manual compatibility testing processes. They need to test driver compatibility, create test groups, and make sure everything works.

"That's been a huge source of anxiety," he says. "There's a lot of clients out here who have successfully made the transition, but the majority are trying to figure out how to do this most efficiently with the least impact on their user base."

Companies are also worried about security and have vulnerable endpoints and malware at top of mind, Avecto researchers found. Forty percent say their top security concern is protecting remote workers and other employees who operate off the network. The biggest issue with securing remote workers and employees who BYOD is ensuring their endpoints are secure.

Microsoft Responds, Eases Up

The Windows 10 upgrade poses a tough transition for many. Hewitt points out how Microsoft, which started out aggressively pushing the new OS, has made some changed to ease the process of managing Windows 10 for companies with a long road ahead.

It's a fundamentally different from earlier versions of Windows, he explains. Many companies weren't sure if they were agile enough to handle an OS upgrade every six months, or manage their traditional systems along with the cloud-based Windows 10 model. As an example, Microsoft has offered more options to make it easier to combine cloud and PC management.

In some ways, the transition from Windows 7 to Windows 10 will be easier than past Windows migrations, says Alexandra, pointing to the example of getting new users on board. With its new OS, Microsoft has been pushing consumers to adopt Windows 10 at home; as a result, when it lands on their corporate endpoints, it will already be familiar to them.

"People are finding it significantly easier and a large part of that is user acceptance," he says. Employees are learning nuances like how account control works with underlying architecture.

For Windows 7 Pro and Windows 7 Enterprise customers, Microsoft is offering an option to continue Windows 7 Extended Security Updates (ESUs) for additional charge through January 2023. The Windows 7 ESUs will be available to all Windows 7 Pro and Enterprise customers in Volume Licensing, and they will be sold on a per-device basis with price increasing each year. Microsoft won't be introducing new features as part of the package; this is primarily intended to keep machines secure until a full enterprise upgrade is complete.

How You Can Prepare

If you haven't started to prepare for the Windows 10 migration, Hewitt recommends starting with an inventory of applications to be tested. Understand how important those applications are; figure out whether they're security-related, mission critical, or common among end users, and prioritize your list based on those needs. Survey your employees to figure out which apps they value and consider these when building your testing process.

He also advises joining the Windows Insider program, which lets members test updates ahead of their release. Educate yourself on what an update will, and will not, allow you to do.

"Really areas people need to think about are security testing, mission critical application testing, limiting end user downtime, and having a strong focus on making sure people aren't disrupted as a result of these updates," says Hewitt.

Alexandra advises using the upgrade as an opportunity to take advantage of security tools in Windows 10. Application control and least privilege accounts, for example, are two additions to leverage and improve on users' overall security.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
10/25/2018 | 7:09:01 AM
Remember Windows XP effort
THAT was a forever migration and there are still some machines out there.  And not legacy systems either, not many.  Windows 7 was about 3 years being pushed into corp America mostly because there was no "migration" per se - it was copy user data and re-install everything, then copy back.  In my small accounts, I ensured that user data was saved to THE SERVER so I had no problem with backing stuff up.  A universal good idea and also ensures BACKUP protection too. ( Hello Ransomware) to an offsite system.  I was part of a team at Groupe Clarins doing that in 2013 or so and it was a fun, though demanding, exercise.  

 
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360,  11/13/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15769
PUBLISHED: 2018-11-16
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is...
CVE-2018-18955
PUBLISHED: 2018-11-16
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resour...
CVE-2018-19311
PUBLISHED: 2018-11-16
Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
CVE-2018-19312
PUBLISHED: 2018-11-16
Centreon 3.4.x allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
CVE-2018-19318
PUBLISHED: 2018-11-16
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.