Windows 7 end of support: the risks of an obsolete operating system
As now almost everyone knows, even Windows 7 has retired, with the end of support from Microsoft in force since January 14, 2020.
Let’s get some clarity and try to understand how to behave in view of this important change, given that there are still many companies, professionals, municipalities and private using Windows 7.
We have chosen to treat the “problem” from several different points of view:
- we went straight to the source and got Microsoft to explain what the end of support is;
- we asked for the opinion of a lawyer and DPO (Data Protection Officer) to understand what can happen and what are the penalties that can be incurred by using Windows 7 after January 14.
⚠️ UPDATE 29/01/2020: “Although support for Windows 7 has officially ended, Microsoft promises one last update to fix a bug…” ➡️ FIND OUT MORE
End Of Support (EOS)
Claudia Bonatti, Microsoft Device Sales Lead, explained what is Windows 7 end of support and how Italian small and medium-sized enterprises are preparing for the event.
“Windows 7 was born on October 22nd, 2009 and for 5 years the mainstream support remained active, which allowed to keep its OS efficient with updates and new functions, while for the following 5 years it was possible to take advantage of the extended support, with patch and general support.
➡️ After this time the OS is no longer updated and Microsoft establishes the end of support (or EOS) which in the case of Windows 7 began on January 14th, 2020.
➡️ What happens now? In summary the consequences are these:
- the OS continues to work, but will not receive updates;
- it is no longer considered safe and therefore potentially exposed to attacks;
- it no longer complies with the GDPR, with consequent problems for those who (practically all companies) manage sensitive data, with the possibility of incurring penalties;
- it will come out of the radar of the App producers and programs, who will give up releasing updates compatible with Windows 7.
Many Italian small and medium-sized enterprises are not ready for change: 55% are not aware of it or are not prepared while only a percentage below 30% has developed a plan to manage EOS. If we add the fact that 50% of small and medium-sized enterprises still use Windows 7 we can understand how this OS is still very widespread.
An obsolete operating system is more exposed to risks, even potentially disastrous if you consider that 1 small and medium-sized enterprise out of 5 that is attacked is then forced to close.
✔️ So why is it essential to go without fear to a new operating system like Windows 10? Here are the main reasons:
- for greater security (this is the ‘safest version of Windows’ ever created);
- it can increase productivity;
- it can be easily integrated into existing systems.”
Legal implications and GDPR
What does the law say if a company, a professional or a public administration that uses Windows 7 after January 14th, 2020 suffers an attack in which sensitive data is stolen?
We asked the lawyer Riccardo Berti, member of the IT Commission and DPO (Data Protection Officer) of the Lawyers Bar Association in Verona.
“As the deadline for the termination of official support for Windows 7 approaches, many companies are wondering what the consequences are in terms of legal responsibility, in case they decide to continue using this operating system after the end of support from Microsoft.
➡️ The legal consequences of such a choice are manifold, but certainly the most incisive ones concern the sphere of privacy, whose legislation imposes numerous security requirements on subjects dealing with personal data (substantially all companies).
Although the recent European legislation on privacy (GDPR – EU Reg. 2016/679) does not explicitly prescribe the obligation to have up-to-date software, it contains numerous provisions that make such an obligation evident.
➡️ It is very clear that any processing of personal data carried out on obsolete software is illegal for the purposes of privacy. The fact that the processing is unlawful entails both consequences on the administrative level (with the heavy sanctions referred to in articles 83 and 84 of the GDPR) and in terms of compensation caused by damage to privacy (article 82 of the GDPR).
➡️ To avoid compensation, in fact, those in possession of personal data should have done everything in their power to avoid the damage itself. It seems obvious that in a privacy structure where the systems are out of date, from a security point of view not much has been done to avoid the occurrence of damage.
It is clear that the company that decides not to update the OS will be directly responsible in case of data loss (even non-personal), defaults and other damages caused by the software failing or by cyber-attacks after the official support period.
Discounted is also the fact that the responsibility of the software provider (in the case of Microsoft) is less in case of flaws in the operating system when the support for that release has ceased.
Finally, on a more general level, we must not underestimate the fact that if there are two versions of a software, one aimed at the general user and one aimed at the professional user, it is advisable for companies to turn to the version of software designed for them.
✔️ In conclusion, it is really important for companies to schedule the upgrade from Windows 7 by switching to Windows 10 (possibly in the Pro or Enterprise version), or to join the Extended Security Update (ESU) program for Windows 7, to guarantee security and lawfulness of the business operations”.
⚠️ UPDATE 29/01/2020: “Although support for Windows 7 has officially ended, Microsoft promises one last update to fix a bug.
This error may result in the appearance of a black screen when changing the background and started with the recent update KB4534310.
The update is expected to arrive in the coming days and will almost certainly be the latest Windows 7 update”.
A new machine
Updating the operating system is certainly a stressful moment for every company or professional, but as often happens with any change, it is possible to earn something and continue the way with new means and awareness.
Also in Intercomp we have faced this necessary change and we have gained in performance and safety, reducing the risk of possible future problems that would compromise our everyday work.
And therefore we feel compelled to advise all our customers with an EOS on Windows 7 also an upgrade of their devices, to have an advanced and updated hardware able to exploit all the enormous potential of Windows 10.
Windows 7 end of support: the risks of an obsolete operating system can be prevented by updating to the “safest version of Windows ever created”.
Our success has its roots in the technical experience that we have acquired over the years and it is this experience that allows us to offer avant-garde Hardware solutions, both standard and made to measure, that are completely in line with customer requirements.