What Happens When Support for Windows 7 Ends?
We’ve already had ample warning that Windows 7 and derivatives are reaching the end of life, but what is actually going to happen on January 15th? Previously, Microsoft was content to just let the devices fall off on their own, but devices with XP hung on for years past what anyone expected. Many of us still deal with the odd Server 2003 machine. Microsoft has also been receiving a bit of ire for their forced upgrades on Windows 10, so it should come as no surprise that they’re going to do the same with Windows 7.
Microsoft has stated that the December 10th rollup KB4530734 will show a full screen popup telling users that Windows 7 has reached the end of life and there will be no further updates without purchasing extended support. The popup will require user interaction. The good news is that Microsoft has stated that this will not affect machines in kiosk mode or machines joined to a domain. This patch also applies to Windows Server 2008 R2.
Since Windows 7 and Server 2008 (R2) are all going out of support, they will also be going out of compliance (e.g. PCI compliance). Most compliance specifications have something touching on updated software or operating systems. To make it even worse, usually just a single agent at the site is enough to blow the compliance status of the entire site.
PCI compliance, HIPAA compliance, ISO 27001, etc. all require operating systems to be supported and up to date. Out of date OSes create massive issues and can be a huge security vulnerability. The compliance headache of a violation alone should be enough to move most businesses, but unfortunately it’s not unless it’s explained correctly. Your clients should know that a compliance violation can be grounds for a fine or lawsuit if they don’t act.
Windows 7 and Server 2008 (R2) going out of support are one of the many security concerns for 2020. It’s also one of the easiest to stop at least, but many organizations want to hold out like they did for XP. The popup won’t be showing up for domain joined machines though, so the people who need it the most probably won’t see it.
There are some serious security risks to consider with Windows 7 and derivatives. First of all, there aren’t going to be anymore updates. That means the next Spectre or SWAPGS are probably going to be there to stay. Microsoft may have relented with XP, but the nagware and push towards Windows 10 and its inability to avoid patching is a direct action to force upgrades the time around.
Microsoft isn’t the only one planning to drop support for Windows 7, it gives third-party software developers a reason to drop it as well. From advanced security software to basic accounting software, all of them will drop support sooner than later. It only makes sense to drop a platform without vendor support since it means less testing and less support for something which should be gone already.
Holding Out For Windows 7
Microsoft doesn’t have to worry about too many holdouts. Windows 7 will have been supported for almost a decade, and they stopped selling licenses in 2016. Modern hardware doesn’t support it, and come January 15, 2020, new hardware will begin to work less and less with Windows 7.
The machines from early in Windows 7 life cycle have ancient dual core processors and some even have 2GB or 4GB, which is almost unusable with the modern internet. They’re littered with old spinning rust drives which have long passed the 3 year reliability mark, and early generation SSDs, some of which didn’t even have TRIM. Microsoft is just going to let attrition take out the few holdouts where they can. After all, how long are these machines going to be usable?
Avoid Security Ramifications of Windows 7
Microsoft has “forgotten” to close a loophole which can be used to upgrade from Windows 7 or 8.1 to Windows 10 for free. Upgrading is the easiest way to avoid security issues. This method also wholesale avoids the compliance issue if you can do this at the entire organization.
Obviously, upgrading everything isn’t always possible. Some legacy programs require Windows 7 or older, and there can be other compelling reasons a client doesn’t want to upgrade. Even though they may have good enough reasons, their decision or limitation is still going to present security issues.
We previously went over how to circumvent some of these limitations. Air-gap the environment with legacy bits as much as possible and use virtualization where possible. This won’t necessarily solve your compliance woes entirely, but it does reduce them. If you’re an MSP, this is a great chance for an upsell.
Capitalizing on the End of Windows 7 and Server 2008 (R2)
You can bet hardware manufacturers and technical companies are going to take the chance to cash in on the end of Windows 7 and Server 2008 (R2). If you’re running an MSP, this is a great chance to use any vendor discounts to get systems and sell them for a markup which reduces your workload and the client’s frustration with the move to Windows 10.
A new computer shouldn’t have issues with Windows 10, but that Windows 7 machine may just plain not be compatible. How old is it by the way? Can you get parts if it dies? How business essential is that machine? You may not sell the organization on all new computers, but you can sell the right group on upgrades and format the old ones to be used elsewhere splitting the difference in work.
If they decide to keep some Windows 7 or Server 2008 (R2) servers, you need to have the uncomfortable talk about security. It’s not going to be supported, so who ends up supporting it? You do. This can be an opportunity to upsell security services and network services though. The networks with legacy OSes need to be schismed off as much as possible and made as secure as possible for both your sake and the client’s. This can require new networking equipment if the old stuff just doesn’t cut it.
Countless service, software, and hardware companies are all looking to cash in on the mass exodus from Windows 7. Make both your client’s life and yours easier, and make your wallet fatter by selling them on what helps them and helps you. Sort out the trash for them and provide them with a value worth buying. Get them secure and compliant again without wasting their time or yours. Learn more about how to leverage these opportunities for your business and your client’s with our MSP Sales Academy.
KB4530734 probably won’t affect your enterprise clients, but it shows what Microsoft is planning. They learned from the inertia against moving away from Windows XP. The same tricks forcing people between upgrades of Windows 10 are going to be used against Windows 7 holdouts.
Don’t expect KB4530734 to be the last move to push people from Windows 7. Expect more nagware and inconvenience to force upgrades to either extended support or Windows 10. Even though this is a huge pain, it is also a golden opportunity to help sell the client on new hardware and services to bring them back to compliance and keep them secure.
The popup is going to be the least of your worries if you don’t act now. With modern security threats and the growing interconnectness of every device, you need to be on top of security or risk having your business pulled under. Your client’s business is on the line if you don’t act, and Microsoft has no qualms pushing harder than they ever have to ensure upgrades. Move now or risk compliance and security issues.
by Sage Driskell