Hundreds of Millions of PCs Remain Vulnerable as Windows 7 Reaches End of Life:
Windows 7 has reached end of life on Tuesday, January 14, 2020, but hundreds of millions of PCs worldwide still run the operating system, which likely makes them a more tempting target for malicious cyber actors.
Microsoft will no longer provide free security updates, patches or technical support for Windows 7, which makes devices running this version of the operating system more vulnerable to attacks and more likely to be targeted.
The latest data from Statcounter and NetMarketShare shows that roughly 30% of the over 1 billion PCs estimated to exist worldwide still use Windows 7. According to Statcounter, the percentage is just under 18% in the United States.
Kaspersky reported in late August that, based on its data, nearly half of small and medium-sized businesses (SMBs) and enterprises had still used Windows 7. More recent data from Kollective suggests that the situation has not improved too much, with 53% of businesses in the US and UK still using Windows 7 devices.
While these statistics may not be highly accurate, at least a few hundred million PCs around the world likely still run Windows 7. It's worth noting that when Windows XP reached end of life in April 2014, the operating system also had a market share estimated at roughly 30%.
[...] Chris Morales, head of security analytics at Vectra, a California-based provider of technology that leverages AI to detect and hunt for cyber attackers, does not believe the actual impact will be catastrophic.
"For home users that want to cling on for whatever reasons, many of the potential problems could be mitigated using other tools and methods, like VPN, encryption, security software, and a good secure home router," Morales said.
"For many enterprises, they will simply sign up for Windows 7 Extended Security Updates for the next three years of coverage. This covers anything deemed critical or important," Morales added. "Which means not much will change in the attack landscape for enterprises with the Windows 7 Extended Security Updates. Most major apps like Google Chrome browser will also continue to be supported with updates for all users."
Many will lose support for programs that ran on WIndows 7, too.
(Score: 5, Informative) by Gaaark on Monday January 20 2020, @11:04AM (23 children)
Come on! Even Windows 10 is being hit...when will people learn to get off Windows?
--- Please remind me if I haven't been civil to you: I'm channeling MDC. I have always been here. ---Gaaark 2.0 --
(Score: 3, Insightful) by ilsa on Monday January 20 2020, @02:23PM (22 children)
I'm just going to assuming that this is just an exasperated rhetorical statement cause I'm too tired to keep debating this.
This argument has been had incessantly for as long as I can remember and yet, mindbogglingly, it still keeps coming up as if that horse hasn't already been flogged into a thin meaty goo.
(Score: 3, Insightful) by Ethanol-fueled on Monday January 20 2020, @05:48PM (19 children)
People who want an OS that Just Works and who can't afford the Mac tax will continue to run Windows because modern Linux can't do a goddamn thing right without hours of tweeking right out of the box, and then with me standing by vigilantly waiting to spend many further hours fixing shit suddenly not working anymore. Windows is also light-years ahead with backwards compatibility, which is something that Muh Package Management was supposed to help fix.
I'll go back to Linux when I win the lottery and can spend 8 hours a day fucking with terminals, forums, Stackexchange, and blind dumb luck just to have a Linux system that doesnt crash every 5 seconds and then boot to a permanent blinking cursor.
Linux is the perfect example of something with the potential to be so awesome, but squandered by the fifth-columnist freakshow that managed to infest its cadre of developers.
(Score: 0) by Anonymous Coward on Monday January 20 2020, @06:07PM
You're too stupid to get a calculator to work, nevermind a real computer with a real OS. You should stick with windows - it was made for ppl like you.
(Score: 0) by Anonymous Coward on Monday January 20 2020, @06:45PM
Ethanil_fiddled: Too cheap for Mac, too stupid for Linux. That leaves bigotry.
(Score: 0) by Anonymous Coward on Monday January 20 2020, @08:00PM
It is just fitting you of all people would make that post.
(Score: 1, Interesting) by Anonymous Coward on Monday January 20 2020, @08:04PM (3 children)
When Windows 10 came out (and I discovered that Microsoft had already snuck telemetry tracking into Win7 via their "security updates"), I was so mad I moved off Windows entirely. I paid the Mac tax. I considered going to Linux, but after 30 years of working in IT, I have no desire to be a sysadmin.
Yes, Mac doesn't have many games. I paid the Sony tax and got a PS4.
Years ago I enjoyed building my own systems, even back in the days when you had to assign the IRQ for each card. But I've long since burned out, and I just want something that pretty much works. I also am not in the market for a new religion, thanks anyway Linux.
(Score: 1) by Ethanol-fueled on Monday January 20 2020, @08:18PM (2 children)
Well I won't buy any trash other than the hardware I have on my desktop, But with you I agree: Modern Linux is shit and Mac is all the privacy intrusion of Windows but with a markup. So you could try BSD or deal with shit Windows, Mac, or Linux.
(Score: 1, Interesting) by Anonymous Coward on Tuesday January 21 2020, @01:28AM
After four years of using a Mac (my previous Apple computer was a ][e), yes indeedy I have learned that Macs are just as shitty as Windows, but in different ways. Mostly because with each "update" they remove features, apparently because they can't figure out how to fix something without breaking something else, so they just rip the whole thing out. Many times I've thought of just giving in and joining the Win10 borg, but every time that thought slithers back into my brain, either here or on the green site there's another story of Microsoft screwing over their users again. Everything's shit, only choice anyone has is what flavor of shit they have to choke down.
Frankly the last computer I actually loved having and using was the Amiga 1000. I've seriously considered getting one of those AmigaOne X5000 machines, which I know is sheer madness but at least it might be an interesting sort of madness.
(Score: 2) by Freeman on Tuesday January 21 2020, @04:37PM
Yeah, switching to BSD for the average user is an insane suggestion. Then again, I've not really looked into BSD for a long time. Still, the average user wants to be able to run Netflix, DisneyPluPlus, etc. Then you have the people who might want to play a game the kids are into. The year of Linux on the Desktop is a pipedream. The year of BSD on the Desktop is a mythical unicorn.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 3, Touché) by Azuma Hazuki on Tuesday January 21 2020, @12:41AM (3 children)
If you were posting this 20, maybe even 15 years ago, you might have had a point. Now? Good grief, just install Mint and call it a day. Not even you can fuck that up. Gentoo and company still exist for the utter grognards like yours truly who get wet over seeing GCC's output scrolling by like an outtake from the Matrix movies.
I am "that girl" your mother warned you about...
(Score: 3, Informative) by ilsa on Tuesday January 21 2020, @02:26PM (1 child)
So... your argument is that because you can install linux easily, that means everyone is good to go?
Installation was just one of the countless problems Linux had. One of the biggest ones being the arrogant community surrounding it that is utterly unwilling to understand the needs of normal users and why said users are still turned off by Linux.
Linux may be easier now than before but it's still complicated. More specifically, Linux is extremely fragile the moment you put a pinky toe outside of whatever experience has been curated for you. Suddenly you need to deal with command lines, config files, etc. I've lost track of the number of times I have had to, and still have to, suddenly go full nerd to troubleshoot some problem with the OS or DE or library conflicts or wierd permissions or whatever, when all I wanted to do was get my primary task done. Hell, it's 2020 and I still don't trust Linux to suspend/resume reliably. (I don't expect Windows to either, but that's another story...)
And then there's the fact that people either need or insist on using applications that are simply not available in Linux. Quickbooks and Microsoft Office the Adobe Suite are obvious examples. People don't run an OS for the sake of running an OS. They care about getting the thing they want done, done. And no, explaining to them that they need to use Wine to make them run is not an acceptable answer.
That is why the single most popular "Linux" distributions, arn't. MacOS (FreeBSD derivative but whatver). iOS. ChromeOS. Android (Sorta, not counting bullshit like TouchWiz and whatnot). All extremely controlled, curated and restricted platforms that provide a consistent and reliable user experience regardless of the device. They have a huge ecosystem of applications that people can access. They generally just work without much fiddling. That's the experience users expect to have. And if that's not provided out of the box, someone has to make up for that lack. I sure as hell don't have time for that level of handholding.
While it's true that any one of the mentioned problems can still be found in more mainstream environments, Linux manages to hit every single pain point while providing very little payoff in return. It's finicky. It doesn't have a reliable experience. (Different DEs and apps have can have wildly different UIs). It has poor mainstream software support (Server stuff and software dev is not mainstream). Linux may be improving, but the improvements have been slow and incremental. Meanwhile commercial software is constantly shifting the goalposts of what people expect their systems of being able to do, and Linux folk can't provide a decent experience cause they're too busy arguing about how systemd is a violation of the traditional unix philosophy. And that is why people don't use Linux, no matter how easy it is to install.
(Score: 2) by Azuma Hazuki on Wednesday January 22 2020, @04:09AM
Wisdom and strength come to us weeping. TANSTAAFL. Or however else you wish to word this.
Windows is in the end-stage. It's turning into the cancerous rent-seeking corporate hellscape we've been warning about for ages. If people want to stay in said hellscape, well, I can't really persuade them otherwise. And you make one solid point here, which is that the programs people need to make a living are often Windows-only. But that aside, home users have very little need for it aside from games (and even then, Steam runs on Linux...). The barrier to entry is stupidly low now for simple use cases.
Yes, there is going to be a "curated" experience at the low end, but if that weren't there, everything would be Gentoo. Which is another example of the inevitable tradeoff: ease of use vs. control. There is no easy solution to this, and we've *let* this happen by being, collectively, ignorant and lazy.
I am "that girl" your mother warned you about...
(Score: 1) by Ethanol-fueled on Tuesday January 21 2020, @06:24PM
Ive said over and over again that I gave Mint a shot and it hard-choked during install. I tend not to give software that can't even install a second chance. Even Ubuntu MATE is giving me shit on standard modern hardware.
(Score: 1, Insightful) by Anonymous Coward on Tuesday January 21 2020, @01:06AM
Linux is the perfect example of something with the potential to be so awesome, but squandered by the fifth-columnist freakshow that managed to infest its cadre of developers.
Honestly this is the most insightful thing about linux. It is run by people who think free equals the most awesome thing on the planet. I use computers to run software not make political statements.
My desktops are windows. In almost every way I have to compromise what I use for a desktop to use mac or linux. All for the 'air' of being better. It is not better. It just does not run the software I use. Not without a shit-ton of fiddling around with it. I would rather my software 'just work' than have to jump through any hoops.
I also use linux software every day. Its CLI environment is better than windows. Powershell fixes a lot of that but is still wonky. But that is about it. As being a dev after 25 years I can say I give up on it for a dev environment. VI, EMACS, eclipse *sucks*. They work to a point. But the polish is just not there. For tweaking low level items it works. But for building large systems it is a royal pain in the ass. You *can* do it. But you have to spend just so much more time fighting your tools and playing stackoverflow 'how to do XYZ command in eclipse/vi/emacs'.
What is *the* most amusing thing about linux? It is being used by hundreds of companies to build a shit show of locked in vendor pay per month IoT software and garbage hardware. Good luck getting the exact combination the hardware manufactures BOM dictates so you can patch your hardware. If they bother to expose a JTAG or a way to flash the device at all. If you thought the windows bot nets were fun wait until we get the IoT ones.
Mac on the other hand just decides every 2-3 years you should toss out all of your software. They do not want old software running on their systems it may make the look bad.
(Score: 3, Informative) by Gaaark on Tuesday January 21 2020, @02:31AM (2 children)
Holy shit! What did YOU install...MS Linux?
Manjaro works OOTB! I've NEVER had that work with any Windows system ive seen. GIMME A BREAK!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. I have always been here. ---Gaaark 2.0 --
(Score: 0) by Anonymous Coward on Tuesday January 21 2020, @07:38AM (1 child)
Manjaro is based on Arch, but it is the spiritual descendant of Mandrake. Mandrake (and Mandriva/Mageia) always had an easy install as a high priority. They tweaked the package managers and repositories until you could just about stick in the boot disk and lean on the Y key until it was done. It would find all your hardware and guide you through any decisions such as partitioning.
They also gave up on the "purity" shtick and the standard install can add all the video drivers and codecs to rip and play music and video, which is what most of the hassle is these days, ie. basically finding and adding all the 'non-free' repositories. Is there a single linux workstation out there that doesn't have these added? I applaud them for doing this and saying "fuck you" to the companies who claim patents on software.
(Score: 2) by Gaaark on Tuesday January 21 2020, @12:12PM
Mandrake was actually the second distro I ever installed (5.2 I believe) after Redhat (6.0?).
Mandrake was nice. So was Corel's until MS forced them out. Yeah....feck you MS.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. I have always been here. ---Gaaark 2.0 --
(Score: 0) by Anonymous Coward on Tuesday January 21 2020, @06:40AM
void linux works very well for me.
https://voidlinux.org/ [voidlinux.org]
Its solid and has all the things I need.
I can surf, I can develop software, I can run FPGA design software,
I can watch youtube live music videos.
I modify the live releases to my liking and that gives me a fresh system
on each reboot.
AND
no systemd bloat
What linux were you using? Sounds like maybe Red Hat that seems to have
adopted the Redmond software methods ....
And to everyone that says they just want something that "just works" TM
Are you expecting people to believe that you just get your new M$ or Apple
system and you turn it on and do nothing more? HA HA HA, good one ....
(Score: 0) by Anonymous Coward on Tuesday January 21 2020, @08:58AM
While it is true that setting up a linux box may take some time you actuay get it back with interest after.
(Score: 1) by cyberthanasis on Tuesday January 21 2020, @09:35AM
Windows just does not work.
For example, updates when you have 5 minutes for a presentation.
Another example, disabling updates. I spent countless hours searching for that. And it still fetches updates every single day.
(Score: 2) by doke on Tuesday January 21 2020, @03:12PM
My experience has been exactly the opposite. For me, Windows has been much harder to get working, and much less backwards compatible. For example, a friend just upgraded his Win7 to Win10, and now his graphics card is unsupported. I just installed Win7 to support a hardware vendor's control app, and had to spend a couple hours fighting to get it registered with Microsoft so it would be "Genuine".
Linux, either headless or graphical, works out of the box. Anyone vaguely familiar with modern desktop idioms will have no problems. I personally don't care for the default gnome gui, and spend some time tweeking that, but that's my choice.
(Score: 3, Informative) by driverless on Tuesday January 21 2020, @03:30AM (1 child)
"Whatever reasons" being that it was the last version of Windows before Microsoft succumbed to the brain rot of putting a phone UI on a PC, combined with the brain rot of using the flat UI with incomprehensible non-discoverable escape-room semantics for any nontrivial operation. In other words Windows 7 + no more patches is preferred by several hundred million users to Windows 10 + some patches.
(Score: 0) by Anonymous Coward on Tuesday January 21 2020, @12:21PM
Eating 7 poos IS preferable to eating 10 poos!
(Score: 5, Insightful) by SomeGuy on Monday January 20 2020, @11:37AM (6 children)
"which likely makes them a more tempting target for malicious cyber actors."
Likley? So they don't have ANY hard information at all to back up that statement? Without that, this story is just FUD trying to make people buy a new computer or sell their privacy to Microsoft with Windows 10.
(Score: 4, Insightful) by takyon on Monday January 20 2020, @11:47AM (4 children)
Isn't it just an obvious statement? Hundreds of millions of Microsoft Windows computers are no longer receiving security updates at a time when it is common to find 10+ year old exploitable bugs.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1, Insightful) by Anonymous Coward on Monday January 20 2020, @12:58PM (2 children)
Isn't it much more common to find 9- year old exploitable bugs? As in, too new to affect Windows 7.
As far as "obvious statements" go, that N lines of code field-tested for 10 years have less bugs left than 2N+ lines of "rolling release" code started out 4 years ago, should be very obvous indeed.
(Score: 5, Informative) by takyon on Monday January 20 2020, @01:24PM (1 child)
Microsoft fixes severe 19-year-old Windows bug found in everything since Windows 95 [pcworld.com]
Microsoft fixes a serious 15-year-old bug [cnn.com]
20-Year-Old Bug in Legacy Microsoft Code Plagues All Windows Users [threatpost.com]
Microsoft and NSA say a security bug affects millions of Windows 10 computers [techcrunch.com]
And I included the last one because no matter how old the bugs are, if it's in Windows 7, it's staying there.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 3, Informative) by Hyperturtle on Monday January 20 2020, @05:21PM
I have heard from trustworthy resources that it's not in any version prior to the non-server versions of Windows 10's infrastructure/topology (meaning both consumer and professional/enterprise). I can't really prove it without trying to exploit it, though, but I believe it to be true.
Something about it being by design and they sat on that disclosure until they were certain anyone putting off upgrading that was going to upgrade had already started the process to do so since it's hard to roll back from Windows 10 now. Other 'states' found out about it and were using it, but in order to get various people on board, they had to wait until all the people that could be scared about a lack of security updates would be influenced enough.
Were I among that type, I'd wonder why windows 10 is affected and the other versions aren't and why am I upgrading again, to patch a 'bug' that didn't exist before?
(I mean good God, read up on it... they removed parts of the certificate checks as if it was on purpose and when the NSA notices and an announcement comes out on the same day support for 7 is pulled... who doesn't think this isn't a stunt designed and pulled by design? Besides the IT industry reporting on this stuff and not wanting to get cut off from inside advertising tie-ins, I mean.)
(Score: 4, Interesting) by Anonymous Coward on Monday January 20 2020, @08:08PM
I wonder how many Win7 computer owners have decided that the risk of malware getting on their systems is higher from Microsoft's "security updates" than with just leaving it unpatched.
(Score: 2, Informative) by Anonymous Coward on Monday January 20 2020, @12:15PM
Upgrade to Windowa 10 now with "new and improved" security bugs.
(Score: 4, Interesting) by dltaylor on Monday January 20 2020, @12:45PM (1 child)
For example: even though a patch set does not require a reboot, it is only a couple of days, at most, before applications start behaving strangely (menu items missing, peripherals stop working, ...). If you are working on a project over a period of several days, you are going to be required to hope you can save your work and safely reboot and resume. IME, that is not always true.
Another: I have a laptop with an original Windows 7 and a disk to which I cloned the 7 and allowed the upgrade to 10. I have a camera (very recently, after the update) that works fine with 7, but, even though 10 tells me that the hardware is working perfectly and that the latest drivers are installed, it refuses to even allow the microphone test, which is greyed out. I cannot do video conferencing with 10 ON THE SAME HARDWARE.
Throw in M$s latest nonsense which is to make it difficult to have local accounts for home users, and you have severe limits on the portability of laptops running Windows 10. If you are trying to work on the road and cannot get authentication of the microsoft account, you are hosed.
(Score: 3, Touché) by Runaway1956 on Monday January 20 2020, @01:17PM
Windows 10 is not userland, that's the whole point.
Remember when Bill Gates said something like, "If they're going to steal an OS, we want them to steal from us!" I'm thinking that MS was already plotting toward this end.
MS has a helluva lead on Amazon, Apple, and all the rest. They already have their spyware installed on 90% of the computers in the world. Amazon is still trying to sell that same 90% on Amazon Ring, and the rest of it's spyware. The more cynical customer is going to ask, "Why should I pay Amazon to spy on me, when Microsoft is doing such a fine job of it?"
I predict more and more competitors giving away free spy devices to catch up with Windows10. "Get a free Nest device with every $120 purchase! Certain conditions and limitations apply."
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 4, Informative) by epitaxial on Monday January 20 2020, @02:29PM (2 children)
I'm not touching 10 and its time for a hardware upgrade anyhow. VMWare makes a tool for converting existing Windows installs into virtual machines. So my current install will be virtualized and run from inside Linux, most likely Slackware.
(Score: 2) by Runaway1956 on Monday January 20 2020, @09:07PM (1 child)
That's pretty much my solution. Yeah, sometimes, you really do need a Windows thing. For me, it's pretty rare, but sometimes, MS Office is the only tool that will do what needs be done. So, fire up the virtual machine, navigate to the shared folder, do what needs to be done, then go back to Linux and email the POS document that I had to sign off on. That's just me, of course. Others will have different stories, and different needs.
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 2) by EEMac on Monday January 20 2020, @10:40PM
That's the important part here, and thank you for saying it. Linux works for lots of people, and that's great! It's when people start insisting "it works for me, it should work for everybody, nobody has different needs than me" that things get ugly.
(Score: 2, Informative) by Anonymous Coward on Monday January 20 2020, @05:46PM
As if they weren't vulnerable before.
(Score: 2) by jmichaelhudsondotnet on Monday January 20 2020, @09:34PM
Hundreds of Millions of PCs Remain Vulnerable as Windows
get rid of extra meaningless words - strunk and white
Although we could throw systemd into that as well, and the apple/pc distinction has become meaningless, I am calling it.
I tried using an apple for 2 days and os x is a mangled mess now with always on phone-home-ware. It was difficult to use, but more difficult to see the outright degeneracy from a personal computer to an app-whatever.
If nso group and cellebrite can just backdoor the iphone, to demonstrate their erudite superiority and undying friendship to the good ole usa when u.s. law enforcement comes begging, we should expect same from all apple everything. Also check this out, go into a room of windows computers and visit r/epstein and they will all install a new update.
In case you missed it earlier,
https://archive.is/7YNX0 [archive.is] If windows and the iphone were being hq in turkey or russia, I would give those countries a hard time too, but in both cases, the culprit of these platforms lack of security leads back uniformly to one place.
The first principle, don't fool yourself. - Richard Feynman
(Score: 1, Insightful) by Anonymous Coward on Monday January 20 2020, @11:20PM (1 child)
Expect to see this continue for quite some time, because people are not going to maim their systems because Microsoft says so.
The people have spoken. They distrust and hate Windows 10 and for very good reasons that are ignored. Most of those who "convert" to Windows 10 do so because they don't know what else to do, or have very few options, or don't even know the problems.
The Cult of the Mindless Update cannot answer the charges that OS's like Windows 10 push us ever onwards towards the common user no longer owning their computer, nor can it get past the fact that "patched" software is increasingly acting like the malware it claims to protect against. All they can do is continue their endless chanting as they have for years.
If you really want a secured system you are going to have to do a lot more than just hope Microsoft treats the computer you gifted it nicely, particularly if you did something stupid like connect it to the Internet with no firewall.
(Score: 0) by Anonymous Coward on Tuesday January 21 2020, @01:11AM
Pretty much every one I know that did not upgrade was for one of two reasons.
The 'I use linux I am not upgrading'. Uh OK.
Then the 'Hey this will not upgrade' guys. This is usually some bit of hardware with drivers that went EOL 15 years ago. It is not that they do not want to the thing just will not let them.
If you really want a secured system you are going to have to do a lot more than just hope Microsoft treats the computer you gifted it nicely, particularly if you did something stupid like connect it to the Internet with no firewall
https://kernelnewbies.org/Linux_2_6_31 [kernelnewbies.org] Would you connect a linux system of that era to the raw internet? You do realize most people run their computer through something we call a 'router'. They usually have a firewall/NAT. But you *know* that right?
(Score: 0) by Anonymous Coward on Tuesday January 21 2020, @03:17AM
The top risks are:
a) Browser (and browser updates)
b) User (e.g. downloading and opening stuff that's malware or exploitable)
c) Other installed software updates/"phone homes"
d) Windows updates (Microsoft has screwed up many Windows machines with updates or even "upgrades to Windows 10")
e) Somehow an attacker going through the NAT router and windows firewall (which is exceedingly unlikely).
So if the browser is still supported and updated that home user's exposure isn't very much higher than if they were running Windows 10. Don't bother mentioning privilege escalation given most Windows home users are usually admins and/or all their important stuff is stored using the same accounts (so malware/ransomware will be able to pwn their stuff anyway).
In contrast it is a big issue for large organizations where it's common for Windows PCs to be more exposed- remote desktop is enabled, windows file shares might be accessible (e.g. C$), and too often windows firewall is disabled or there are significant holes made in it.