Own a Windows 7 PC? Get ready for a potential security nightmare
Next Tuesday, Microsoft is switching off security support for Windows 7. Unfortunately, one in five Irish Windows computers are still stuck on the obsolete system, leaving users open to a possible repeat of the Wannacry virus that harmed thousands of machines. Adrian Weckler reports.
One in five Irish PCs face significant security worries from next Tuesday when Microsoft withdraws security support from computers running Windows 7.
The security shut-off means that if a Wannacry-style virus is released in the coming weeks or months, Windows 7 desktops and laptops will have reduced defences, leading to a potentially large loss of data.
That is because Microsoft will release security patches for Windows 10 computers, but not for Windows 7 machines.
Although the company has been warning about the January 14 date for over a year, 19.3pc of Irish Windows PCs still use Windows 7, according to Statcounter.
Please log in or register with Independent.ie for free access to this article.
The figures also show that almost 1.5pc of PCs still use Windows XP, while 0.4pc use Windows Vista, both of which are already unprotected.
About 1pc of computers use Windows 8, which will face a similar security deadline in January 2023.
Two years ago, Ireland faced a ransomware epidemic partially due to out-of-date Windows software on PCs.
The malware, including Wannacry, shut down HSE services and caused a number of small businesses to pay criminals hundreds or thousands of euro in cash to unlock their PCs.
In seven days' time, hundreds of thousands of Irish PCs face potentially similar vulnerabilities, except for those who pay a new premium for security 'extended support'. Microsoft Ireland is still declining to say how much the premium support will cost, adding that it is likely to depend on a case-by-case basis between businesses and their suppliers.
Reports last year suggested that Microsoft was briefing enterprise customers on the likely cost.
For Windows 7 Pro, the cost was reportedly almost €50 per device for the first 12 months, double that for the next 12 months, and then double again (almost €200) for the remaining 12 months.
So an organisation with 1,000 PCs using Windows 7 Pro could face an upfront security fee of €50,000 in 2020, rising to almost €200,000 in 2022, if they do not sort out upgrades in time.
"If an organisation waits and purchases extended security updates for the first time in year two or year three, they will have to pay for preceding years as well, since all security updates are cumulative, starting January 2020," says Microsoft's official guidance document. "After support has ended in January 2020, organisations will no longer receive regular bug fixes and patches, and the help desk will not be able to provide support."
However, experts warn that companies which have not yet started to switch away from Windows 7 will be stuck paying Microsoft premium protection fees for the foreseeable future.
"In our experience, migrations from previous versions of Windows involving Irish organisations with more than 200 users took 12 months to complete on average," said a report on the issue from the Irish consultancy Auxilion last year.
"Of course, there are instances where the process can be completed in a much shorter time, but in almost every case, the migration time was much longer than initially anticipated by the client."
The overall cost to Irish business, Auxilion's report said, could be as much as €200m, based on the number of corporate devices in the market. And there could be a squeeze on resources to help the process.
"Companies in that situation have no guarantee that a quick solution will be available in 2020, as demand for migration support services is likely to remain strong for quite some time," added the Auxilion report.
"Ireland has been quite slow to migrate to Windows 10 and there will likely be extreme resource constraints for projects starting in the latter part of 2019 and in 2020. The fact is that the IT industry simply doesn't have the capacity to meet a surge in demand from late migration projects."
Comparisons are being drawn with the chaotic end-of-support problems that occurred when Windows XP was cut off from security support five years ago.
Millions of company PCs worldwide were still using the operating system, and a wave of viruses and malware caused havoc among private enterprises and state organisations.
Public sector organisations, including hospitals and schools, were hit by malware and had to pay emergency fees for remedial action.
The HSE had 1,500 systems using Windows XP when the Wannacry malware epidemic struck. A similar problem was faced by companies running devices such as ticketing machines, CCTVs, ATMs and public signage.
For big organisations, the cost to update all of this was calculated in the millions rather than the thousands.
The problem became so bad that Microsoft agreed to waive its end-of-support rule and provide patches for machines with XP.
"Microsoft's extended support means that some IT departments have taken their foot off the gas on the issue, which is disappointing," said Conor Flynn, managing director of ISAS and one of the country's most senior IT security specialists.
"It's allowed people to be sloppy and lazy. The danger is going to be that some will afford it and get their patches but there will be a sense of complacency among other people who hear that there's support and think that they're protected, when in fact they're not.
"The communication hasn't been clear that you will only get these if you get into a contract with Microsoft."
He said that some companies put off their upgrades because they were late replacing Windows XP.
"There are quite a significant amount of businesses here still using Windows 7," he said. "In many cases, a lot of effort and pain went into upgrading XP to Windows. They left that upgrade for so long that it seems quite recent to them."
One of the features of Windows 10 is that it no longer requires wholesale replacement for Microsoft's next upgrade.
The firm is trying to encourage companies that have held off upgrading into adopting the current system.
Microsoft said that the cost of Windows 10 is €260 for a small business or €145 for a home version.
"The best way to experience Windows 10 is on a new PC," the company said. "While it is possible to install Windows 10 on your older device, it is not recommended."
As for what small companies can do now, Microsoft said they should go to a third-party vendor.