Old but gold: 22% of PC users still running end-of-life Windows 7 OS
April 2021 by Kaspersky
Kaspersky conducted a study based on anonymized OS metadata provided by consenting Kaspersky Security Network users. The survey has found that almost one quarter (22%) of PC users are still using the end-of-life OS Windows 7, which stopped receiving mainstream support in January 2020. When an OS comes to the end of its lifecycle, no more updates will be issued by the vendor, including critical security fixes.
Although a trusted operating system may seem fine on the surface because it does everything you need it to do, if the vendor no longer supports it, it could be susceptible to attacks. When operating systems reach end-of-life, vulnerabilities will remain without update patches to resolve issues, providing cyberattackers with potential ways to gain access to a system. Therefore, it is critical to update your OS to protect your system or business network from this avoidable issue.
Among those still using Windows 7, consumers, small and medium businesses (SMBs), and very small businesses (VSBs) occupy almost the same share – 22% each. It’s noteworthy, that almost a quarter of VSBs still use the outdated OS and, particularly considering that they do not have dedicated IT staff responsible solely for cybersecurity – it makes it more important to ensure their OS is up-to-date. For now, businesses can still receive extended paid support for Windows 7, but this means extra expense – and this offering will not be available forever.
Kaspersky’s findings also showed that only a small percentage (less than 1%) of people and businesses still use older operating systems, such as Windows XP and Vista, support for which ended in 2014 and 2017, respectively. Overall, almost one quarter (24%) of users are still running a Windows OS without mainstream support.
Fortunately, 72% of users are using Windows 10, the latest version of Windows OS, which appears to be the safest choice as well.
Knowing the risks of an end-of-life operating system is a good start but acting on that knowledge is a smart way to finish. So, to protect yourself, or your business, Kaspersky recommends the following:
• Use an up-to-date version of the OS and make sure the auto-update feature is enabled.
• If upgrading to the latest OS version is not possible, organizations should consider this attack vector in their threat model and ensure smart separation of vulnerable nodes from the rest of the network. Kaspersky Embedded Systems Security can provide support in this case, as it allows operating an OS as old as Windows XP SP2 that runs on systems with very low specifications.
• Use solutions with exploit prevention technologies, such as Kaspersky Security Cloud, Kaspersky Endpoint Security for Business, and Kaspersky Small Office Security, which help to reduce the risk of exploitation of unpatched vulnerabilities that can be found in and obsolete OS (Windows 7 and earlier).
 According to MS Extended Security Updates FAQ, the last term of ESU will end in 2023.
 Among such OS are: Windows 7, Windows 8, Windows XP, Windows Vista.