9 ways to use Windows 7 (safely) when support ends
Credit to Author: Andy Patrizio| Date: Tue, 15 Oct 2019 11:51:00 -0700
On January 14, 2020, Microsoft will issue its final release of patches and fixes for Windows 7. After that, there will be no more technical assistance and software updates from the company, unless you have an Enterprise Agreement or Enterprise Agreement Subscription, and then it will cost you plenty.
Naturally, Microsoft strongly recommends that you move to Windows 10 sometime before January 2020 to avoid a situation where you need service or support that is no longer available. But some companies either cannot or perhaps don’t want to upgrade to Windows 10.
Why wouldn’t some people move? For many consumers, it’s a case of if it ain’t broke, don’t fix it. They have a system running just fine and they will ride it until the wheels come off.
For professionals, sometimes the decision isn’t so easy. Back when we went through the Windows XP end of life in 2014, one group that wasn’t migrating was medical professionals. I noticed everyone from doctors to dentists to optometrists to chiropractors were all staying with Windows XP, and they all cited the same reason: Their patient database software, which was highly vertical and specialized, could not be reinstalled on a Windows 7 machine.
They had to buy a new version to run on Windows 7, and the software was prohibitively expensive, running into five figures. So they kept their PC off the network, did manual backups to external drives, and ran those PCs until they died.
So what’s a company to do? Well, Windows 7 will continue to work, it’s not like Microsoft will send out a kill switch. Your PCs just won’t be protected like they should. There are ways to work around the end of life for Windows 7, some of which require extra work while others require extra diligence.
On January 14, 2020, Microsoft will issue its final release of patches and fixes for Windows 7. After that, there will be no more technical assistance and software updates from the company, unless you have an Enterprise Agreement or Enterprise Agreement Subscription, and then it will cost you plenty.
Naturally, Microsoft strongly recommends that you move to Windows 10 sometime before January 2020 to avoid a situation where you need service or support that is no longer available. But some companies either cannot or perhaps don’t want to upgrade to Windows 10.
Why wouldn’t some people move? For many consumers, it’s a case of if it ain’t broke, don’t fix it. They have a system running just fine and they will ride it until the wheels come off.
For professionals, sometimes the decision isn’t so easy. Back when we went through the Windows XP end of life in 2014, one group that wasn’t migrating was medical professionals. I noticed everyone from doctors to dentists to optometrists to chiropractors were all staying with Windows XP, and they all cited the same reason: Their patient database software, which was highly vertical and specialized, could not be reinstalled on a Windows 7 machine.
They had to buy a new version to run on Windows 7, and the software was prohibitively expensive, running into five figures. So they kept their PC off the network, did manual backups to external drives, and ran those PCs until they died.
So what’s a company to do? Well, Windows 7 will continue to work, it’s not like Microsoft will send out a kill switch. Your PCs just won’t be protected like they should. There are ways to work around the end of life for Windows 7, some of which require extra work while others require extra diligence.
Microsoft makes it clear in the Windows 7 end-of-life FAQ that IE is a component of Windows and thus follows the support lifecycle of the Windows operating system it’s installed on, meaning there will be no more fixes to IE 11.
Historically, Firefox and Chrome as well as laggards like Opera, Pale Moon, and Safari, hang on for at least a year when an OS sunsets, offering fixes for the old OS and the new. Microsoft ended support for Windows XP in April 2014 but Google supported it until 2016, while Firefox hung on until 2018. Since so many infections take place via browser exploits, stopping use of IE is a must.
Yes, Microsoft has its own antimalware software, Windows Defender, but it is frequently a laggard in tests against other antivirus programs. The antivirus market has resisted the typical market consolidation that comes with a maturation cycle and there remains plenty to choose from. A number of publications, including our sister pub PCWorld, conduct annual tests and make recommendations. This year, PCWorld gave thumbs up to Norton, AVG, and Trend Micro.
The term “antivirus” is most often used to describe these software products but pretty much every decent product is a suite that covers all forms of malware, rootkits and ransomware as well as monitors your browser to block users from visiting known malicious sites and also scanning attachments that come in your email. Windows Defender doesn’t do email protection and has minimal browser protection, so you should be using a full suite antivirus already.
If you have a remote/mobile workforce that frequently uses the public internet through Wi-Fi hotspots they should already be using a VPN, and if they are not, shame on you. Like antivirus programs, VPNs are available as services, with monthly fees, usually metered.
A VPN is a secure connection between your computer and a server, but there is an ISP in between the two. It could be your corporate network or an airport lounge or Starbucks. When you use a VPN, you connect to a server run by the VPN provider, which directs your traffic instead and blocks anyone from electronically snooping.
Because Windows 7 will be at greater risk for compromise, a VPN will be necessary to encrypt and protect all incoming and outgoing traffic.
You want to keep your system properly backed up even if using Windows 10, but a riskier situation calls for greater coverage. Basically, you want a cloud backup for continuous sync and a network attached storage (NAS) device for regularly scheduled backup.
Cloud backup services like OneDrive, Carbonite, MEGA, SugarSync and many more offer constant backup. Click save on a Word or Excel file and automatically in the background your file goes up to the cloud. That’s good for immediate work being generated throughout the day.
The problem with cloud backup services is that they sometimes save only the last version. You may want to roll back to an earlier version of the file. Some of the cloud backups do cover multiple versions of one file; check with each provider when you are shopping around.
That’s where NAS comes in. A NAS can take a snapshot daily or weekly and, if necessary, roll back files to the previous backup. This is especially handy if you have a large amount of data. Cloud backup services are generous but a NAS means terabytes of backup in your own home or office.
So, use cloud backup for incremental and continuous backup and a NAS for larger snapshots stored locally to cover all the bases. And like antivirus protection, this is something you should already be doing.
If your environment is stable, then the last thing you want to do is introduce unpredictable changes. You want to update your antivirus, obviously, and your browser. But other updates might break the system. They might rely on Windows 10-only versions of libraries or other components. You want older machines to change as little as possible, especially if they are offline machines.
Shadow IT remains a constant problem, with people installing their own software like cloud backup, a preferred browser, Spotify, what have you. You can lock down the PC by disabling the installer.
Go to your Start Menu and type in gpedit.msc. This brings up something called the Local Group Policy Editor, unique to Windows 7. Now go to Computer Configurations > Administrative Templates > Windows Components > Windows Installer. Scroll down until you find “Turn off Windows Installer.” This will prevent users from installing software on the computer. Double click it and chose Enabled in the pop-up box.
The second option is a Registry edit. In the Run box, type regedit to bring up the Registry Editor. Click down the tree of options to:
HKEY_LOCAL_MACHINESoftwareClassesMsi.PackageDefaultIcon
In the right-hand window, you’ll see the path to the Windows Installer, with a zero on the end. That means it is turned on. Click on that line, and in the box that now pops up, change that 0 to a 1. Now it is disabled. Save and close.
Of course, this will also block your antivirus and browser from updating as well, so this solution is for a total system lockdown.
Virtual desktops allow users to connect into separate workspaces with a different OS. Windows 10 is the first Microsoft operating system to offer this feature natively, but there are third-party options for Windows 7. They include Microsoft Desktops, DexPot and VirtuaWin, all free programs that bring multiple desktops to Windows 7.
It seems an obvious choice in some cases, such as the medical professionals mentioned above. If you are in a situation where the Windows 7 PC does not need network access, then pull the plug if you have not done so already.
Free updates are ending but you can still pay for them through the Windows 7 Extended Security Updates (ESU) for businesses of all sizes, starting on December 1, 2019 and running until January 2023. ESU pricing for Windows Pro users starts at from $50 per device in the first year to $200 per device in the third year. For Windows Enterprise users, the pricing goes from $25 per device for the first year to $100 per device by the third year.
In the end, securing your Windows 7 machines past January 2020 comes down to your behavior and you are responsible for your own safety. You have to be more careful about what you do and can’t assume there’s a net to catch you.