Wayne’s IT Security Blog

Windows 7 End of Life Support: January 2020

Are you prepared?

Windows 7 has now been with us since 2009. It’s probably one of the most liked of all recent releases of the Microsoft Windows Operating Systems.

In January 2020, Microsoft will end the extended support for the Windows 7 Operating Systemwhich means that they will no longer patch any security vulnerabilities found after that date.

Microsoft has stated that they: “strongly recommend that you move to Windows 10 sometime before January 2020 to avoid a situation where you need service or support that is no longer available.”

What does that mean for your business?

This basically means that all technical assistance and automatic updates that currently help to protect your PC will no longer be available. We understand that the end of life for a software product can be a significant challenge for businesses.

Don’t believe us? Consider this:

When Microsoft ended support for its popular Windows XP product in 2014, it affected 40% of the world’s computers. That’s 40% of one billion computers worldwide. In a world where cyber-security threats are on the increase, sticking with Windows 7 means you are extremely vulnerable as a business.

computers graphic

What if I don’t upgrade or replace my machines by 2020?

Imagine using a product that a company doesn’t want to take responsibility for anymore. You’ll be using the product at your own risk. This means that Microsoft will not take responsibility for loss of data due to security breaches on Windows 7.

Computer threats are now developed daily. Although there is technically nothing stopping you from continuing to use Windows 7, it’s important to understand that continuing to use it will expose your business and make your data vulnerable. Without regular patches and security updates, you’re basically at the mercy of hackers.

Although 2020 seems a long way off, businesses should now plan their approach to replace or upgrade any machines running Windows 7 before this date.

Still sceptical? Remember the NHS 2017 Cyber Attack?

Wannacry Graphic

Do you remember the NHS Cyber Attack in 2017? It’s also known as the WannaCry attack, and it’s a prime example of what can happen when your systems aren’t in current vendor support. The WannaCry attack in 2017 leveraged vulnerabilities in unpatched and unsupported operating systems and spread the infection throughout the NHS, amongst many others throughout the world. It left the NHS with a whopping £72 million IT bill, and massive costs on patients who received incorrect treatments, had ambulances delayed, and appointments cancelled.

What shall I do?

The passing of this product I’m sure will be mourned by many users; according to NetMarketShare’s September 2018 data, over 40% of desktop users are still using Windows 7. That’s the equivalent of up to 184 million commercial PC’s still using the software.

At ITCS, we have already upgraded many of our customers to the replacement Windows 10 platform, and although the user interface is quite a step change from what customers were used to, it has proved to be a stable and secure platform.  In addition to the usual Microsoft offerings, the professional versions allow the planned encryption of your hard drives to protect the information they contain in the event of loss or theft ‑ a must in today’s post GDPR environment for an increasingly mobile workforce.

If you haven’t upgraded yet, it’s best to seek the help of an IT professional. This is a good way to ensure that everything is upgraded correctly and that all firewalls and antivirus are in place and working optimally. Depending on what type of hardware and software you’re using, you may need to take specific steps to make sure everything is fully compatible.

To meet with a member of our team or discuss your needs, please contact the ITCS support desk on 08456 400200 or email support@itcs.co.uk and we will be happy to help.

WebWindows 7 End of Life Support: January 2020

ITCS responds to publicity surrounding CPU Chipset Vulnerabilities

Wayne Harris, Compliance Officer & Cyber Security expert at ITCS discusses the impact of the much-publicised chipset vulnerabilities revealed on 3 January.

There has been a flurry of publicity surrounding vulnerabilities identified within the Intel chipset (processors), however this vulnerability also affects other mainstream manufacturers AMD and ARM.  Together, these manufacturers provide the vast majority of processors in use by modern computer manufacturers.

Who is at risk and what is the threat?

The two vulnerabilities which have been revealed, ‘Meltdown’ and ‘Spectre’ affect every modern computer containing one of these processors, i.e. the majority of PCs on the market.  The CPU chipset vulnerabilities are present in most of the processors produced in the last decade and in certain circumstances the vulnerability allows access to contents of protected memory areas by some applications such as javascript in web browsers.

That said, despite the hype, the threat is currently considered low on the Common Vulnerability Scoring System (CVSS).

What is being done to tackle the risk?

The underlying vulnerability is primarily caused by CPU architecture design choices, so fully removing the vulnerability will require the replacement of the CPU hardware.  The true long-term solution will be the replacement of the vulnerable chipsets entirely – but don’t expect a product recall any time soon.

While it may be technically accurate to say a completely redesigned chip is the ultimate solution, large-scale hardware replacements would possibly amount to a needless, over-the-top reaction.  It is unlikely that manufacturers will offer chip replacements – we expect them to instead provide a solution to fix any chipset vulnerabilities with a patch.

Microsoft, Apple and other Operating system vendors have all responded quickly and they have released (or are working on) solutions which will ‘patch’ these vulnerabilities.

Will I notice any difference when my PC is patched for chip vulnerabilities?

Unfortunately, at present there is a performance cost to this patch solution –  because the solution involves segregating the kernel into a completely different address space, it takes additional time to separate the memory addresses and switch between the two.  The impact on performance will vary – anything from a 5% to 30% reduction in processing speed can be expected.

How are ITCS responding?

At ITCS, we have been monitoring the vulnerability since the news broke.

We have already implemented a roll out of the Microsoft patch update throughout our contracted customers to address these vulnerabilities.  Users may have had to restart their computers to apply the changes, and we will monitor these installations to ensure our customers continue to be protected with up‑to‑date vulnerability patching.

How should our customers respond?

This vulnerability highlights the need and importance of regular vulnerability reviews, and the timely installation vendor patching to reduce the risks to businesses from cyber-attack.

For a review of your cyber security, please contact ITCS on 08456 444 200, or use the call back request to speak to one of our support team.

 

 

WebITCS responds to publicity surrounding CPU Chipset Vulnerabilities