January 14, 2020 marks the end of life for Windows 7 and Windows 2008 operating systems. Have you done your SRA to make sure you have things covered? What about home computers, should you be worried about those? In this episode we review what this end of life for Windows OS means and what you should be doing in the 4th quarter of 2019 to prepare for it.
In this episode:
End of Life for Windows 7 and 2008, Ready? – Ep 223
Final 2019 Session
Nov 5, 6, 7
For info go to TheHIPAABootCamp.com
Share Help Me With HIPAA with one person this week!
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
End of Life for Windows 7 and 2008, Ready?
We have talked about this issue off and on for over a year. If this latest round of end of life for Windows is news to you there will be a rude awakening coming in a few minutes. Since we still run into cases where Windows XP is still out there on networks we know going in to 2020 we are just beginning to deal with the problems that this round of end of life for Windows operating systems will create for security conscience folks like us.
What does end of life for Windows 7 and 2008 really mean?
Let’s start with answering these questions about what does this mean and why are they doing this and mine still works so why do I have to change anything. There are still people asking those questions about Windows XP when we discover them on a network scan list because the machine is still working and we only use it for X.
First lets make note that Windows 7 was officially available beginning on October 22, 2009 so they have had it on their list of things to support for over 10 years before they cut it off. Let’s look at this time frame the same way you look at a car when you buy it brand-new off the lot with its new car warranty. How long do you expect to drive that car?
Let’s just say that this new car has a mack-daddy warranty that covers it end to end for 6 years regardless of mileage and it even includes basic services free of charge like oil changes, tire rotations, etc. Those free services don’t just happen by themselves, you have to take the vehicle in to the services department so they can perform the services and update the parts and lubricants as needed. Without doing that work your car isn’t going to perform very well and probably will not make it through the entire 6 years you have on warranty. Once that warranty is over you can get an extended warranty but fewer services are included, if any, and after that warranty is out what are you going to do? You may keep running that car for a very long time but you will not be covered by the manufacturer anymore they may or may not make parts for it. That old model also has not been updated with safety features or new technology unless it was part of the warranty updates.
Now think of that same scenario with your computer systems that are run constantly and in many cases very rarely turned off just restarted and made to keep going. With any luck, regular updates have been made to protect it from the constant attacks that are coming at it from the outside and the challenge of protecting it from the damages you inflict on it day in and day out. The poor computer never gets cleaned up like when you take the car to the cleaners but you keep running it even if it is full of dust.
It is easy to see where computers take a beating like a poor truck left in the rain, snow, wind, sun, salt, and rarely taken care of over the course of several years. The only way for you to drive it safely is to keep it maintained. When Microsoft ends their support of a product it has been supported for a very long time in computer years so it isn’t like they do it or 4 or 6 years or 100,000 miles.
End of support means that Microsoft no longer offers services for those operating systems and software that means no technical support, no software updates, no security updates and those are all the things you need to keep that software up and running securely. There are very rare times when Microsoft will provide updates for those old products and that means the security issue is so bad and being used by hackers actively attacking so many machines they feel obligated to try to close it.
They do offer one option for large enterprises to maintain coverage custom for them if you have one of their enterprise accounts which they had done for XP for years. I don’t think many small businesses have the parts in place for them to be able to pay for those kinds of support packages.
What should you be doing to prepare for end of life for Windows software?
We know that all of those machines and servers have to be dealt with in some manner or another whether they are replaced or just put out to pasture. There must be a plan to address these problems and you may be dealing with medical devices that are entangled with a computer running one of these operating systems. Vendors have been a constant battle since the end of life for Windows XP which says something encouraging. We still have medical devices running XP which we have had to address for years now but those have been slowly dribbling away just in time for us to start dealing with Windows 7 devices.
If you have no choice and you must continue to run the devices after Jan 14 you need to do a security risk analysis now and start building a plan for protecting the devices. That SRA will be a key element for you to show you are trying to handle the problem but for some very important reason you can’t replace them now.
If you have to keep these devices for a while you should have them segmented and monitored closely for known issues cropping up on the tech news sites. I would recommend that you make sure your IT is doing that just like we mentioned a few episodes ago in our discussion about what you should expect from them.
Don’t stop with end of life on Windows operating systems.
Also, check any old Windows OS that you may be using. Windows Small Business Server 2011 contains Server 2008 and Exchange 2010 even with 2011 in the name which makes David pull his hair out more than his kids ever did. Your technology plan should include worrying about things like this on a regular basis so make sure that it is in your annual technology plans to review software you use for end of life issues. This is equally important when you think about line of business apps like EHR, PM, accounting and any other key element to supporting and managing your business. That should include things like the upcoming end of life for Office 2010 which is October 13, 2020, which also means if you are using earlier versions of Office you are already in a mess with those.
While there is always a tendency of taking the “if it ain’t broke don’t fix it” approach to technology it really can’t be done. That approach worked ok when it was a machine that had parts that either worked or they didn’t. If they didn’t work you got another part to replace it and kept going. You didn’t touch it until something, well, broke. With technology you can’t tell if it is broken until that machine blows up completely. You can’t see all the parts and the ones you can see have to be taken care of constantly. The good news is the machine will do the work of many people at once for as long as it can. Then it just can not do that any longer and needs to be replaced whether it is broken or not you can’t tell. You just have to trust us when we say it has come to its own end of life.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!