Jena – The official support for Microsoft Windows 7 ends on January 14, 2020. For the aging operating system, there will be no more security updates in the future after more than ten years. The same applies to the server operating systems Microsoft Server 2008 and 2008 R2. Anyone who continues to use the three dinosaurs must expect serious consequences for the security of their data or their company – because: If the regular security patches are omitted, known security gaps will no longer be closed. This is also known by malware developers, who in turn specifically develop malicious code for known Windows vulnerabilities. Private users and companies also put their cyber insurance cover at risk when using outdated operating systems because they rely on programs that no longer correspond to the state of the art. Companies and freelancers who work with personal data also blatantly violate the EU General Data Protection Regulation (GDPR) if they continue to use Windows 7 on the appropriate office devices.
“The switch to a modern operating system is inevitable for companies and private users,” explains Thomas Uhlemann, ESET Security Specialist. «Cyber criminals are just waiting to exploit security holes in Windows 7 that are no longer closed. The continued high number of users promise fat prey. »
No security updates will appear from the key date
Security updates and technical support for the operating systems, which are more than ten years old, will end on January 14, 2020. This affects the operating systems themselves, as well as parts of the systems such as Internet Explorer. Similar to the end of support for Windows XP, Microsoft plans to offer updates for paying customers at prices that increase annually. However, this only applies to corresponding licenses. Windows 7 Home, for example, is completely excluded from this. The approximately 30 percent of Windows users who still use Windows 7 (source: ESET LiveGrid®) should therefore consider a change as soon as possible.
The GDPR and the end of support
The EU General Data Protection Regulation (GDPR) requires companies to adhere to the “state of the art” when processing and using personal data. Companies such as doctors or lawyers who process and store personal data act here, if you continue to use Windows 7 or Server 2008, against the EU GDPR. In the case of data theft of personal data, the fines imposed by data protection officers will be correspondingly higher. Insurance companies could also refuse to pay benefits here.
Cyber insurance companies could refuse payments if the operating system is out of date
If companies or private users are affected by cyberattacks, there are often IT failures, loss of personal or personal data and, not infrequently, immense financial damage. In recent years, insurers have started offering special cyber insurance here. In this way, IT risks are to be secured as best as possible. “Many insurers require customers that an IT system meets current security standards,” says Thomas Uhlemann, ESET Security Specialist. «The term« state of the art »is often used. This includes, among other things, that updates and security patches are installed as soon as they appear. »
But what happens if this update is no longer available?
If devices with an outdated operating system or software are in use in the company or in the private environment, it can be difficult with cyber insurance in the event of damage. Does a known vulnerability, which is no longer closed in the used and outdated program, meet the point of negligence? What happens if a new operating system for the device cannot be imported at all? “The insurance conditions are important here,” explains Uhlemann. «What it looks like in the event of a claim must be assessed individually for each policy. In case of doubt, the insurer should always be consulted. »
For which Microsoft operating systems will support – and therefore also the provision of updates – be discontinued on January 14, 2020?
- End of support for Windows 7
- End of Lifetime also for Win 7 / Internet Explorer
- End of Lifetime also for Microsoft Server 2008 and 2008 R2
Tips for affected companies and private users
- Check your insurance policy: If a device cannot be updated to a current operating system, private users and companies should consult their insurer to prevent any problems in the event of a claim. It would make sense to clearly define the “state of the art” in the policy. Due to the difficult definition, some insurers no longer include this point in their terms.
- Check how the switch now works: Microsoft offers support on its website. Those who rely on Microsoft applications are well advised to switch to Windows 10, which automatically installs the updates for home users and has a much better system security architecture. As an alternative, there are modern Linux distributions with less resource hunger. A current Ubuntu, for example, can be operated free of charge, comfortably and safely for private users.
(ESET / mc / ps)