End of Mainstream Support Not the End of the Road for Windows 7 and Windows Server 2008
Recent statements from Microsoft concerning the end of “Mainstream Support” for Windows 7 and Windows Server 2008 have caused some concern among Windows users. Fortunately, upgrading to Windows 8.1 to continue support and take advantage of new features is easy.
Microsoft has announced that on January 13, 2015, mainstream support is ending for two popular products, Windows 7 and Windows Server 2008. The deadline affects all home and business versions of Windows 7 (Home Basic, Home Premium, Ultimate, Enterprise and Starter). Microsoft is urging Windows 7 users to upgrade to Windows 8.1.
Extended Support
The end of mainstream support announcement does not mean it’s the end of the road. It’s more like a “Road Narrows” warning sign which signals the end of feature updates while security updates continue under “Extended Support.”
Lest users panic, extended support for Windows 7 will not end until January 14, 2020. Prior to that milestone, users can expect to receive free security updates but not feature updates. For Windows 7 with Service Pack 1, the end-of-mainstream and extended-support dates are the same.
The end of mainstream support is not as serious as the termination of all support which occurred last April for Windows XP. Instead, it means that Windows 7 and Windows Server 2008 are entering the extended support period, usually five years. During this phase, Microsoft will continue to provide increasingly necessary security updates, but will no longer add new features. Now is a great time to start planning an upgrade to Windows 8.1.
To be helpful, we offer these definitions for Microsoft’s support road signs:
Mainstream Support: The period (usually five years) when Microsoft provides free updates, patches and fixes, including security and feature updates, to improve existing products.
Extended Support: The period (again usually five years) following mainstream support during which Microsoft continues to provide free security fixes. During the extended support phase users must pay for and license other types of updates to the product.
End of Support: The end of the pavement; users are on their own beyond this point, and can expect no more paid or free fixes or patches, either security or non-security.
Compliance Issues
Windows 7 and Windows Server 2008 users subject to HIPAA, PCI or Sarbanes-Oxley Compliance rules may wonder if the end of mainstream support will make them non-compliant. Here is some guidance:
Compliance rules regarding security patches
PCI DSS
Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release. (Source: www.pcisecuritystandards.org)
HIPAA
According to information security expert Chris Apgar, there are two types of software products that need to be patched on virtually every computer system: operating systems and applications. Failing to patch both types of computer software properly is dangerous—and may be considered a violation of HIPAA’s security regulations, says Apgar. (www.hcpro.com/content/42829.pdf)
Additionally, any known security vulnerabilities of an operating system should be considered in the covered entity’s risk analysis (e.g., does an operating system include known vulnerabilities for which a security patch is unavailable because the operating system is no longer supported by its manufacturer). (www.hhs.gov/ocr/privacy/hipaa/faq/securityrule)
Sarbanes-Oxley
Compliance comes down to implementing access controls on data that work and also ensuring that vulnerabilities in the system are patched and do not allow unauthorized modification or leakage. (msdn.microsoft.com/en-us/library/aa480484.aspx#regcompliance_demystified_topic2)
So, as long as the security patches available under mainstream support or extended support are applied as required, Windows 7 and Windows Server 2008 users should not experience compliance issues. Nevertheless, the best approach to ensure compliance is to upgrade to Windows 8.1 and Windows Server 2012. Windows XP users, however, should be worried as they are probably non-compliant.
Dangers of being on Windows XP
Unlike Windows 7, that classic and long-lived Microsoft operating system Windows XP has reached the end of the road. On April 8, 2014, Windows XP was officially declared unsupported, with no more extended support, and more significantly, no more security patches.
Most users are aware of this milestone, as Microsoft has forecast the end of XP since its release 14 years ago in 2001.
The “End of Support” (see above) in 2014 for Windows XP and Small Business Server 2003, means that you need to upgrade to a modern operating system like Windows 8.1 as soon as possible to ensure that you receive regular security updates. Hackers are targeting known vulnerabilities in Windows XP. No business, no matter how large or small is immune to attack.
What does this mean for your business?
Your data is at risk, and maintaining your XP systems for another year may cost you more than upgrading. According to Microsoft’s Security Intelligence Report Volume 15, XP users were 4 times more likely to require computer cleaning than Windows 8 users, even before Microsoft stopped providing the XP security updates.
Some of the risks of malware and other security threats to Windows XP on the Web are impossible to mitigate. Hackers know that Microsoft has ended support for XP and are taking advantage of the opportunity to target those systems, which could lead to the loss or destruction of sensitive customer and company data.
Earlier this year the Cryptowall ransomware virus attacked PCs, accessing user’s systems through ads from trusted companies. Without security updates, XP users remain vulnerable. This headline from Forbes about another attack confirms the risk:
“Microsoft Races to Fix Massive Internet Explorer Hack: No Fix for Windows XP Leaves 1 in 4 PCs Exposed,” (www.forbes.com, 4/28/14).
In light of these and similar attacks, you should take action immediately. There have been no new security updates, no security fixes, or any other kind of update since April 8, 2014. Continuing to run Windows XP and Office 2003 exposes your company to these risks:
Security and Compliance Risks – Unsupported and unpatched software is more vulnerable to security risks including data theft and destruction. This may lead to suspension of security or compliance certifications, and disclosure to the public of your inadequate security measures.
Unsupported Hardware and Application Software – Application software vendors are reluctant to support new versions of their software on Windows XP. Eventually, your business-critical software will no longer function. And compatible hardware parts will become more difficult to obtain.
Cut Costs with a Modern Platform
If your organization still runs on Windows XP, your best option at this point is to upgrade to Windows 8.1. In addition to keeping you supported with vital security updates it can make employees more productive with useful remote access and collaboration tools.
Upgrading will reduce the overall cost of PC maintenance. And you can take advantage of cost-saving technology such as sever consolidation and the cloud. According to a recent IDC study, a PC running Windows XP costs about $870 per year to support (ouch), much more that the $168 for an upgraded PC.
For XP Holdouts
If you absolutely must continue to run Windows XP, Geek Squad offers these recommendations to increase your chances of survival off-road (www.geeksquad.com/do-it-yourself/tech-tips/keep-windows-xp):
- Install a good anti-virus program
- Update your software packages and keep them updated
- Do not use Internet Explorer as your web browser
- Update your copy of Microsoft Office XP or 2003
- Stop using Outlook Express
- Update your device drivers and keep them updated
- Disable Java for web browsing
Is any kind of support for Windows XP available from Microsoft? Perhaps, but it will cost you dearly. The British Government paid 5.5 million pounds to Microsoft for an additional year of support to maintain critical and important security updates for Windows XP, Office 2003, and Exchange 2003. Last year, Gartner issued a report claiming that the prices could go as high as $200 per PC, per year, if you are big enough to get Microsoft’s attention.
eMazzanti Can Help
eMazzanti is ready to show you how upgrading to a modern operating system will cut costs and open up new growth opportunities. Rather than just survive, your business can thrive by taking advantage of the new mobile, laptop, desktop and server technologies built into and around Windows 8.1.
Keep your business data secure with a security-first mindset and a proactive approach. If you would like to explore your options, please contact us at 1-866-EMAZZANTI.
Carl Mazzanti is Co-Founder and President of eMazzanti Technologies, Microsoft’s four time Partner of the Year and one of the premier IT consulting services for businesses throughout the New York metropolitan area and internationally. Carl and his company manage over 400 active accounts ranging from professional services firms to high-end global retailers.
eMazzanti is all about delivering powerful, efficient outsourced IT services, such as computer network management and troubleshooting, managed print, PCI DSS compliance, green computing, mobile workforce technology, information security, cloud computing, and business continuity and disaster recovery.
Carl Mazzanti is also a frequent business conference speaker and technology talk show guest and contributor at Microsoft-focused events, including frequent prominent roles at the Microsoft Inspire (Worldwide Partner Conference / WPC).
Carl, a serial Entrepreneur, gives back to the community through Entrepreneur teaching engagements at Georgetown University, the company’s ocean wildlife conservation effort, the Blue Project, and Tree Mazzanti.
