Support for Windows 7 has ended, leaving Marcy wondering how they can protect themselves
Thu 16 Jan 2020 08.00 GMTLast modified on Thu 16 Jan 2020 21.50 GMT
I do a lot of work on a Windows 7 desktop PC that is about five years old. I’m a widow and can’t afford to run out and get a new PC at this time, or pay for Windows 10. If I do stay with Windows 7, what should I worry about, and how can I protect myself? I have been running Kaspersky Total Security for several years, which has worked well so far. Marcy
Microsoft Windows 7 – launched in 2009 – came to the end of its supported life on Tuesday. Despite Microsoft’s repeated warnings to Windows 7 users, there may still be a couple of hundred million users, many of them in businesses. What should people do next?
To begin with, Windows 7 will not stop working, it will just stop receiving security updates. Users will therefore be more vulnerable to malware attacks, particularly from “ransomware”. We saw how dangerous that can be when WannaCry took over unpatched PCs in the NHS and other places. It was so bad that Microsoft released a patch for XP, even though it was out of support.
There are reasons to be fearful, because of the way the malware industry works.
On the second Tuesday of every month, Microsoft releases security patches that should be installed automatically by Windows Update. The malware industry analyses these patches to find the holes, and then looks for ways to exploit them. A lot of the code in Windows 10 goes back to Windows 7 and earlier versions. As a result, some of the security holes in Windows 10 will also be present in Windows 7, but they won’t be patched.
Malware writers don’t normally target out-of-date operating systems, because they don’t usually have many users. In this case, as with XP, there could be millions of relatively easy targets.
The British government’s National Cyber Security Centre (NCSC) told the BBC: “We would urge those using the software after the deadline to replace unsupported devices as soon as possible, to move sensitive data to a supported device and not to use them for tasks like accessing bank and other sensitive accounts.” That’s good advice.
The NCSC’s website suggests some “short-term steps to take when you can’t move off out-of-date platforms and applications straight away”. It’s aimed mainly at government departments and businesses, and isn’t specific to Windows 7.
The core advice boils down to this: avoid coming into contact with any malware, and make sure you have nothing to lose. The first is basically impossible in a world where malware can be served via advertisements (“malvertising”) even on respectable websites. The second is tedious but essential.
While you can’t patch Windows 7, you can make sure your other software is patched. That applies to browsers in particular. Fortunately, the main browser suppliers will keep updating them, and Google has said: “We will continue to fully support Chrome on Windows 7 for a minimum of 18 months from Microsoft’s end of life date, until at least 15 July 2021.”
Eventually, however, they’ll stop testing their browsers on Windows 7 because it’s expensive and will only serve a shrinking number of users.
If you can’t avoid malware completely, try to avoid untrusted or insecure websites. Major name-brand websites should be reasonably safe, including your bank’s. Sources of free, pirated or “adult” stuff are generally less so. But, sooner or later, your bank will decide that it’s too risky to deal with people who have vulnerable computers, and prevent you from logging on.
Running good anti-virus software and a firewall should help minimise the risk, so it may be worth paying for something like Kaspersky Total Security. However, no security software is foolproof, and it won’t patch your unpatched operating system.
You must also be super-suspicious about emails, and never click unsolicited attachments. According to Precisesecurity.com, spam and phishing emails caused 67% of ransomware infections in 2019, causing $4bn (£3.1bn) worth of damage.
The best defence against ransomware and other serious attacks is not having anything to lose. Keep copies of all your valuable data on external hard drives and thumb-drives and possibly online, and as little as possible on your Windows 7 PC. Make daily backups to a storage device that is not otherwise attached to your PC, and keep a current disk image handy. You’ll never have to pay a ransom if you can just wipe the infected drive and restore your PC from a backup.
Replacing Windows 7
Given the risks of running Windows 7, users should plan to replace it as soon as possible. The options include Windows 10, Linux and CloudReady, which is based on Google’s Chromium OS. In effect, it turns your PC into a Chromebook.
Windows 10 is the best option for most ordinary Windows 7 users. Although it has some additional stuff, Windows 10 still has most of the features of Windows 7, and you can make it look much the same. It will run most, if not all, of your existing software, and you will have to do the least amount of relearning. Decades of Windows experience will still be useful.
Microsoft offered Windows 7 users a free in-place upgrade to Windows 10 during the year after its launch, and it would have been sensible to take it. Since then, you have been able to download a copy of Windows 10 and use Microsoft’s media creation tool to upgrade Windows 7 either directly or from a thumb-drive. So far, most users who have tried this and entered their Windows 7 product key have had their copy of Windows 10 authenticated. I can’t say whether that will continue to work. However, Microsoft wants people off Windows 7 and on to Windows 10, so it’s worth a go. Just skip the part where it asks for a product key, and leave it for later.
If you install Windows 10, you can use it for a month. After that, you will get a “watermark” on your desktop that says it isn’t authenticated, and Microsoft will nag you to do it. You will also lose personalisation options, so you won’t be able to change the wallpaper, themes, lock screen and so on, but it will continue to work. Using an unauthenticated copy of Windows 10 is not a long-term solution, and it’s a bad idea for businesses, which can pay for extended updates. However, if you’re a Windows 7 home user, it gives you more time to decide what to do.