Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

10/24/2018
04:05 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Windows 7 End-of-Life: Are You Ready?

Microsoft will terminate support for Windows 7 in January 2020, but some there's still some confusion among enterprises about when the OS officially gets retired.

Microsoft will terminate support for Windows 7 on January 14, 2020. That may seem far off, but the clock is ticking – and security and IT teams have sixteen months to figure out a plan.

Many businesses already have the ball rolling, notes Andrew Hewitt, Forrester analyst serving infrastructure and operations professionals, who says the upcoming end-of-life "is a major point of focus for a lot of organizations I'm working with right now."

Hewitt points to "a massive push toward Windows 10" as organizations prep for Microsoft to terminate Windows 7 support. However, different businesses are approaching the Windows 10 upgrade in different ways, which largely depend on their size and maturity, he says.

Windows 10 readiness varies widely. More than half of respondents in a recent survey by Avecto say they're ready for the migration; however, 44% are unsure about their plans or feel unprepared. Part of the problem is awareness: 30% think the end of life for Windows 7 has already occurred, and only 30% knew the date of Microsoft's planned termination, according to the report, which polled 500 IT and security pros on their preparedness to upgrade to the new OS, as well as the related benefits and risks. 

The most surprising finding in the survey was the lack of certainty around the end-of-life for Windows 7, says Kevin Alexandra, principal consultant at Avecto. "It's the default operating system for most businesses – has been for the past few years," he adds. As Microsoft continues to push the Windows 7 end-of-life, companies are reluctant to fix something they don't see as broken.

What's Holding Them Back?

Compounding this reluctance are myriad challenges associated with upgrading an operating system that so many devices and applications rely on, says Hewitt, who says the biggest hurdle will be preparing on-premise legacy applications for the transition.

Organizations with a huge number of legacy apps, especially without a virtualized environment, will have a difficult time testing them for Windows 10 compatibility. "It can take a lot more time to make sure those apps are ready," he adds, especially when focusing on mission-critical tools.

The Windows 10 upgrade is a "very manual process," Hewitt continues, and it slows companies down. Most folks are aiming to complete their transition by 2020 and they're worried they won't make their deadline because of the manual compatibility testing processes. They need to test driver compatibility, create test groups, and make sure everything works.

"That's been a huge source of anxiety," he says. "There's a lot of clients out here who have successfully made the transition, but the majority are trying to figure out how to do this most efficiently with the least impact on their user base."

Companies are also worried about security and have vulnerable endpoints and malware at top of mind, Avecto researchers found. Forty percent say their top security concern is protecting remote workers and other employees who operate off the network. The biggest issue with securing remote workers and employees who BYOD is ensuring their endpoints are secure.

Microsoft Responds, Eases Up

The Windows 10 upgrade poses a tough transition for many. Hewitt points out how Microsoft, which started out aggressively pushing the new OS, has made some changed to ease the process of managing Windows 10 for companies with a long road ahead.

It's a fundamentally different from earlier versions of Windows, he explains. Many companies weren't sure if they were agile enough to handle an OS upgrade every six months, or manage their traditional systems along with the cloud-based Windows 10 model. As an example, Microsoft has offered more options to make it easier to combine cloud and PC management.

In some ways, the transition from Windows 7 to Windows 10 will be easier than past Windows migrations, says Alexandra, pointing to the example of getting new users on board. With its new OS, Microsoft has been pushing consumers to adopt Windows 10 at home; as a result, when it lands on their corporate endpoints, it will already be familiar to them.

"People are finding it significantly easier and a large part of that is user acceptance," he says. Employees are learning nuances like how account control works with underlying architecture.

For Windows 7 Pro and Windows 7 Enterprise customers, Microsoft is offering an option to continue Windows 7 Extended Security Updates (ESUs) for additional charge through January 2023. The Windows 7 ESUs will be available to all Windows 7 Pro and Enterprise customers in Volume Licensing, and they will be sold on a per-device basis with price increasing each year. Microsoft won't be introducing new features as part of the package; this is primarily intended to keep machines secure until a full enterprise upgrade is complete.

How You Can Prepare

If you haven't started to prepare for the Windows 10 migration, Hewitt recommends starting with an inventory of applications to be tested. Understand how important those applications are; figure out whether they're security-related, mission critical, or common among end users, and prioritize your list based on those needs. Survey your employees to figure out which apps they value and consider these when building your testing process.

He also advises joining the Windows Insider program, which lets members test updates ahead of their release. Educate yourself on what an update will, and will not, allow you to do.

"Really areas people need to think about are security testing, mission critical application testing, limiting end user downtime, and having a strong focus on making sure people aren't disrupted as a result of these updates," says Hewitt.

Alexandra advises using the upgrade as an opportunity to take advantage of security tools in Windows 10. Application control and least privilege accounts, for example, are two additions to leverage and improve on users' overall security.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
10/25/2018 | 7:09:01 AM
Remember Windows XP effort
THAT was a forever migration and there are still some machines out there.  And not legacy systems either, not many.  Windows 7 was about 3 years being pushed into corp America mostly because there was no "migration" per se - it was copy user data and re-install everything, then copy back.  In my small accounts, I ensured that user data was saved to THE SERVER so I had no problem with backing stuff up.  A universal good idea and also ensures BACKUP protection too. ( Hello Ransomware) to an offsite system.  I was part of a team at Groupe Clarins doing that in 2013 or so and it was a fun, though demanding, exercise.  

 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4229
PUBLISHED: 2020-06-05
IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. IBM X-Force ID: 175211.
CVE-2020-4448
PUBLISHED: 2020-06-05
IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228.
CVE-2020-4449
PUBLISHED: 2020-06-05
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.
CVE-2020-4450
PUBLISHED: 2020-06-05
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.
CVE-2020-8103
PUBLISHED: 2020-06-05
A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178.