Wednesday 22 January 2020

You've had five years to upgrade, now you're at risk from Windows 7

Microsoft began warning users about the cut-off
for Windows 7 security support back in 2015. Photo: AP
Microsoft began warning users about the cut-off for Windows 7 security support back in 2015. Photo: AP
Adrian Weckler

Adrian Weckler

This coming Tuesday, one in five Irish PCs will stop getting security support from Microsoft. Computers with Windows 7 will become susceptible to viruses and ransomware, even if you also have anti-virus software. Because this is Ireland, hundreds of thousands of us haven't updated our systems in time.

Microsoft is offering laggards a €50-per-PC annual security support deal, aimed mainly at businesses and large organisations. Otherwise, it's €259 to download Windows 10 for business now, or €145 for a home PC. It was initially free.

Probably the biggest Irish bill for this 'extended support' from Microsoft is for the HSE. It's spending €1.1m this year to keep 46,000 of its 60,000 PCs and laptops on Windows 7. It will have to then pay more to upgrade to Windows 10.

To be fair, there are mitigating circumstances. A large chunk of its computers are waiting on other upgrades before they themselves can be upgraded.

Please log in or register with for free access to this article.

Log In

The HSE's chief information officer, Fran Thompson, told me last week that the organisation, which has 6,000 locations and 650 different major computer applications, has 12,000 radiology machines that won't be upgraded until 2021.

That, he said, effectively stops any Windows 10 upgrade because those radiology machines are designed to work with the Windows 7 computers they have.

It's a similar situation across many areas of industry, especially when there's specialist machinery or heavy equipment involved.

But there are also less compelling scenarios. Government departments still have tens of thousands of PCs using Windows 7.

According to figures released from a parliamentary question from Labour TD Alan Kelly, the Department of Employment Affairs has 11,000 PCs still using Windows 7, while the Department of Justice has 3,700. Both departments host sensitive data on citizens. It's possible that some - or many - of these PCs are attached to software that has not yet been tested with Windows 10, or needs an upgrade itself for compatibility.

But it's also possible that the IT upgrade is, once again, toward the bottom of the to-do list in a large organisation. Except now it will cost penalty cash or an impending security crisis.

Regular readers will forgive me for having written rather a lot about this in recent weeks and months. But I remember the Wannacry virus.

I remember the havoc it caused, partly because hundreds of thousands of PCs were still using Windows XP.

To be clear, if you fork out for Microsoft's extended support, you won't be any more vulnerable to viruses like Wannacry (which is still going strong, by the way) than you were.

But, look, you've had five years to upgrade from Windows 7. Five years.

It's not like the laptop you bought in Harvey Norman the year before last had it installed. Or the batch of HPs you got for the Athlone office from your channel partner.

No. Most of your Windows 7 computers are at least four or five years old.

And even then, next week's date was clear. Back in 2015, Microsoft set the date of January 14, 2020 as its security support cut-off point.

(Just as it has set January 2023 as its cut-off date for Windows 8, for the 1pc of you who currently use that operating system.)

I know that must have seemed like an impossibly long time away. But now it's here. And thousands of businesses - not to mention Government departments and critical State utilities - are still using it.

I know that we're bombarded with scare stories about IT cybersecurity on a near-daily basis. But this isn't a millennium bug tale.

Leaving a PC with an outdated operating system is, if not quite an open invitation, a careless act in an age of foreseeable malware attacks.

Lest you're thinking 'what malware attacks', the foreign exchange firm Travelex is currently being held to ransom by cyber attackers who say they will expose sensitive customer details unless the London-based firm pays over millions to the thieves.

Travelex says that the cyber attack is the ransomware virus Sodinokibi, also known as REvil. Its online currency exchange feature is still unavailable to visitors.

The hackers are reported to be looking for €5m to release the company from their grip. They claim to have possession of credit card information, dates of birth and national ID numbers.

"In the case of payment, we will delete and will not use that database and restore them [Travelex] the entire network," the gang told the BBC last week.

"The deadline for doubling the payment is two days. Then another seven days and the sale of the entire base."

I'm not saying that a Windows 7 PC will automatically be attacked. But it makes it more likely.

The problem now is that if you haven't upgraded already, it could take months to do so with all of the potential complications to other applications that this causes.

And while you're doing this, you can pay Microsoft a new escalating fee to keep you on Windows 7 with security patches. It costs about €50 per PC per year, doubling next year and quadrupling the year after that.

But if you're a big organisation, you can bargain this down to around half of that cost.

This is what the HSE did. Its bill for getting Microsoft's extended support for Windows 7 works out at around €25 per PC.

It will have an overspill into 2021 - and thus a new Windows support bill to negotiate - but it expects to have "the bulk" upgraded to Windows 10 by then.

I know that there are those who will say: 'Hang on, why does Microsoft get to dictate the terms of civic infrastructure like this? Doesn't this show that it has far too much power over our day-to-day operations?'

This is a fair question. Microsoft's answer to this is that operating systems are labour-intensive to maintain and support.

New ones are more secure and efficient in almost every way and are to be desired, both from the customer and supplier perspective.

It's not in anyone's interest, it will argue, to stick with an outdated interface. (Windows 7 was launched more than a decade ago; Windows 10 was introduced in 2015.)

Ironically, this point will be somewhat moot in future. There is no end-of-support date for Windows 10.

It is designed to be the last big swap-and-replace PC operating system from Microsoft, with much more of the heavy lifting to be done using online updates.

Even still, I'm pretty sure that we'll be hearing more about Windows 7 problems in the coming months.

So if you are one of those still using it at home or at work, do everyone a favour and switch as soon as possible.

Sunday Indo Business

Also in Business