What You Need To Know About Windows 7 End of Life

If your organization uses Windows 7 you are probably already aware Microsoft plans to discontinue this popular operating system beginning January 14, 2020. Windows has taken every opportunity to remind you of the Windows 7 End of Life event. After January 14, Microsoft will no longer offer technical assistance or software updates for Windows 7, including updates that help protect PCs from new cyber threats. If you’re a Windows 7 user, what does this mean for you, and what do you need to do before January 14?

Why is Windows 7 End of Life Happening?

Microsoft says they need to end Windows 7 support so they can focus on newer technologies. Windows 7 is 10 years old after all, which is about 200 years old in tech-years. But Windows 7 also remains incredibly popular, with recent reports showing that Windows 7 is still being used on more than 37% of all PCs.

Microsoft actually started the Windows 7 End of Life process by ending mainstream support on January 13, 2015. At that point they stopped adding new features and honoring warranty claims. However, they have still provided regular patches and updates to ensure security issues and bugs are fixed. That will no longer happen after January 14. The termination of support for Windows 7 comes just after Microsoft introduced Windows 10, and Microsoft wants you to upgrade to the new system, boasting that their Windows 10 software is the most secure Windows ever. But should you?

What’s the Big Deal? I think I’ll Keep Windows 7.

While your Windows 7 operating system will still work after January 14, the lack of security patches is a real concern. As PC Place points out, “The biggest issue with continuing to use Windows 7 is that it won’t be patched for any new viruses or security problems once it enters End of Life, and this leaves you extremely vulnerable to any emerging threats. What’s more, if a large number of people continue to use Windows 7 after the End of Life date, that could actually be a big incentive for malicious users to target viruses and other nasties at Windows 7.”

That Sounds Bad. What Are My Options? 

  1. Upgrade to Windows 10

Upgrading from Windows 7 to Windows 10 is by far be the easiest transition for your organization in response to Windows 7 End of Life. As TechRadar reports, “because both operating systems are made by Microsoft the upgrade process is relatively easy, and in many cases you can keep your files on your PC. This means you’ll experience the minimum of disruption when upgrading to Windows 10.”

And most reviews of Windows 10 have been positive, with the new system offering a number of new features including facial recognition, faster start-ups, “ink-accelerated technology” with a stylus, and new editing tools for photos and videos.

One of the biggest problems, however, is the possible expense involved—and purchasing the new operating system is only a fraction of that cost. You see, you might also have to buy everyone a new computer. As Microsoft says: “The best way for you to stay secure is on Windows 10. And the best way to experience Windows 10 is on a new PC. While it is possible to install Windows 10 on your older device, it is not recommended.”

Here are the minimum hardware specifications for Windows 10:

  • Processor:1 gigahertz (GHz) or faster processor or SoC
  • RAM: 1 gigabyte (GB) for 32-bit or 2 GB for 64-bit
  • Hard disk space: 16 GB for 32-bit OS 20 GB for 64-bit OS
  • Graphics card:DirectX 9 or later with WDDM 1.0 driver
  • Display:800 x 600 resolution

If all of your organization’s computers have those specifications, you’re set for your Windows 7 End of Life software purchase and transition. If not, however, you need to upgrade your hardware before you switch. And while prices continue to go down on many computer models, this can still be a sizable investment.

  1. Upgrade to a different operating system

Windows may be the most popular PC operating system, but it’s not the only one. For example, Linux has been around since 1991, and is a completely open source system (meaning it is free). Apple is also an option, although that will also necessitate brand new hardware, and many of your programs might not be compatible with their operating system.

Still, you might want to look into other options, especially if the expense of converting to Windows 10 is out of your budget.

  1. Upgrade to Windows 10, Slowly

While there are some advantages to simply pulling the Windows 7 End of Life band-aid quickly, it’s also possible to dip just one foot into the water. If you simply can’t make the switch before January 14, Microsoft is offering Windows 7 Extended Security Updates. These will continue to deliver updates and patches for Windows 7 business users after January 2020. However, these extended security updates aren’t free, and Microsoft is charging a per device fee. Current pricing is $25 a device for the first year of updates, $50 per device for year two, and $100 a device for year three, with no guarantee updates will be offered beyond that date. However, this approach may allow you the flexibility of updating or purchasing new computers in phases, and reducing a single year financial hit.

I’m Not Sure What To Do!

That’s what Single Path is here for. Choosing new technology applications for your school or business can be a difficult decision, especially when resources are limited. We are continuously meeting with companies, schools and other organizations to provide guidance on their Windows 7 End of Life choices, and help them make smart decisions, evaluate their current tools, and to continuously re-evaluate them. And our large menu of security solutions can help protect you from cyber threats, or rebound if you are hit by one. With considerable experience working with small-to-medium sized businesses, plus schools and school districts, we can help you operate with confidence.

Contact us for more information!

Phishing Part Two: Six More Techniques Hackers are Using to Steal Your Information

In the first part of this two-part post, we detailed some of the most common phishing techniques currently used by hackers, including email phishing, smishing and content spoofing. Here are some additional schemes you should be aware of.

Spear Phishing

Traditional email phishing uses a “spray and pray” approach—sending as many emails to as many people as possible. Spear phishing, on the other hand, is a targeted attack in which the hacker goes after a narrower audience: an individual or a specific organization. With a little research on the person or company, a phishing attack is much more likely to be effective and manipulate a user into divulging private information. An email may appear to come from a supervisor, such as the CEO of a firm, or someone of authority.

Keystroke Logging

Keystroke logging is the act of recording the keys struck on the computer keyboard—the information is then sent to hackers to decipher passwords and other types of information. Keystrokes can be captured in many ways. For example, there is hardware that can covertly identify keystrokes by sound and repetition of keys, and some hardware can capture data as it is exchanged between wireless keyboards and its receivers. There are also viruses that can infect your system and transmit keystroke data directly to hackers. Smartphones are particularly vulnerable to keystroke logging—keystroke logging software is relatively common and easy to purchase online.

Some websites provide options to use mouse clicks to make entries through the virtual keyboard, as a way to combat keyloggers.

Malvertising

Malvertising is a form of advertising that may look legit, but contains active scripts that download malware or unwanted content onto your computer. Generally, the advertising network or website is unaware they are delivering malicious content. Any visitor visiting a site risks infection. Sites that have carried malvertising include the New York Times, the NFL and AOL.

How is that possible? Explains the Center for Internet Security, “Many websites, especially large ones with several hundred thousand users per day, rely on third party vendors and software in order to display its ads, which in turn reduces the direct oversight and the amount of vetting that takes place. This automation makes online ads vulnerable to malvertising.” Since ads on a webpage constantly change, one visitor can be infected, but the next ten people who visit the exact same webpage, are not. This makes it difficult to track the source.

Many malvertising schemes manipulate vulnerabilities in Flash. While there is no full-proof way to escape infection, disabling Flash will limit the risk.

Search Engine Phishing

Just because a site appears on your next Google or Bing search, doesn’t mean it’s safe. Malicious sites can take advantage of search optimization the same as legitimate sites. Some product sites are designed solely to entice users with low cost products or services, but merely exist to collect credit card information. These sites include fake bank websites offering low-rate credit cards or loans.

Man In The Middle

This is one of the more sophisticated phishing techniques. A hacker intercepts communication between two systems, usually between a consumer and an authentic website. The hacker can trace the details of a transaction, reading emails and gathering financial or personal information without the user being aware of the hacker’s presence. Often, a hacker will modify a message in order to gain confidential information, but it appears as if the two parties are still communicating normally.

There are ways to thwart such attacks, or at least make them more difficult, including email encryption and implementing certificate-based authentication on your, or your organization’s, computers.

Social Media Phishing

With the popularity of social media, it should be no surprise that a number of phishing schemes have been developed to take advantage of these sites. One example is “angler phishing,” named after the anglerfish which uses a glowing lure to attract prey (you may remember this fish from a scene in Finding Nemo). With this phishing attack, a fake customer-service account is posted, such as one from a bank or retailer. Their clients share personal data, convinced they are communicating with staff from a trusted company.

In fact, according to Internet security company Fraud Watch International, there was a 150% increase in social media phishing between 2015 and 2016 and that “In 2015, a study showed that of all the social media accounts supposedly owned by renowned brands across various industries (such as Amazon, Starbucks, Chanel, Nike, BMW, Shell, Samsung and Sony), 19% were fake.”

We Stand With You

No one can be smart all the time, and hackers continue to develop new strategies and tools to slip past even the most observant of users. A partner like Single Path can help. We can train employees, establish procedures and protocols, and both install and maintain the software and hardware you need to guard against the majority of attacks. We can also provide guidance if or when your security is breeched. With Single Path Security offerings you get a security leader and extensive, customized services.

Ask us how to get started!

Why the Simplest Security May be the Most Important

It’s annoying—an alert to upload the latest operation system because of a security patch? Really? Another one? Is my security really an issue here?

It seems like a waste of time. Except.

Except it only takes one hack to leave all your accounts vulnerable. It just takes one piece of malware to leave information exposed and your business or personal accounts devastated.

Plugging security holes is a constant battle, and one being fought in the trenches every day. You don’t see most of these threats. Most viruses and cyber attacks are thwarted before they come near your system.

Most viruses and attacks. But not all.

Ignoring security patches is risky and irresponsible at best. At worst it’s the end of your business.

We related the details of the infamous Equifax breach in a recent blog post. As we wrote, Equifax was aware of a hole in their system and given the security patch to fix it, yet did nothing. The result? 143 million Americans put at risk and the company in deep water.

The Never Ending Quest For Security

According to an article on the site TopTenReviews.com, “When you browse the internet, your computer is at the mercy of its current protective measures. Viruses, malware and rootkits are always on the search for security holes to exploit and gain entry to your personal data. While the best antivirus software would prevent this from ever happening, in order to accomplish such a goal you need to perform recommended updates.”

Just like medical viruses, software viruses are always evolving. Like a flu shot must change every year, a security patch for one attack is likely ineffective toward a new, and potentially more devastating one. Your operating system, antivirus and other applications must keep up. Updates serve to:

  • Fix security holes
  • Optimize the existing operating system resources
  • Add newer and more secure features
  • Remove clutter by deleting old and unused security features
  • Update drivers to increase software efficiency

The Experts Say …

Internet security company Heimdal Security recently interviewed a number of cyber security experts. Their agreement was unanimous: patching is not optional. The days of putting antivirus software on your computer, and then calling it a day, is long gone. That’s because, back then, computers were mostly individualized with little contact from the outside world. Networks didn’t share open data.

Times have changed.

Why is software so vulnerable? Per the above article, Mathew Pascucci Cyber Security Specialist & Privacy Advocate at Front Line Sentinel relates, “Software is vulnerable because it’s being pushed to market quickly without proper vulnerability testing, either statically or dynamically. Users of the software should have automatic updates for all software enabled and verify that it’s as up to date as possible.”

From the same article, Ivanti Principal Security Engineer & Evangelist Duncan McAlynn says, “Software, like everything else in life, isn’t perfect. Unfortunately, we can’t patch humans. Whether software developers or end users, they’re both flawed. We live in an imperfect world. Adjust, adapt and overcome!”

Be Ready for The Worst

As long as there is code and valuable information others want, there will be risks and vulnerabilities. Security innovation is not optional.

A recent blog post by the Principal Program Manager for Office 365 Customer Experience, Ross Smith IV, addresses this. Says Mr. Smith, “Microsoft recommends adopting a software update strategy that ensures all software follows N to N-1 policy.” In others words, back-up everything. Mr. Smith recommends this for all products, including operating systems, software and applications, hardware drivers, and firmware.

No matter how diligent there is no way to assure 100% protection. Employees will have lapses. Short cuts may be exposed. That’s why redundancy is perhaps a business’s most valuable defense. Can malware be removed without deleting data? Does ransomware need to be paid to access your files? A significant, repetitive and continual backup plan is vital to ensure your business continues to run regardless of outside forces.

Do Anything But Ignore The Problem

If you close your eyes, the problem won’t go away. Only by being proactive can you assure the best defense. Ross Smith IV says, “Another concerning trend I witnessed is that customers repeatedly ignored recommendations from their product vendors. There are many reasons I’ve heard to explain away why a vendor’s advice about configuring or managing their own product was ignored, but it’s rare to see a case where a customer honestly knows more about how a vendor’s product works than does the vendor. If the vendor tells you to configure X or update to version Y, chances are they are telling you for a reason, and you would be wise to follow that advice and not ignore it.”

So when that annoying security patch comes along, don’t ignore it or put it in your “I’ll take care of it later” pile. Perhaps a bug has already been discovered. Or, more likely, the possibility of a vulnerability has been defined and changes need to be made to assure nothing infiltrates your system.

A security patch may be a nuisance, but the alternative is far worse.

A Partner Can Help

If you are uncertain how best to protect your business from cyberattacks, Single Path has your back. Our security specialists know the ins and outs of network security, offering security offerings from data loss protection to infrastructure patch management. We can dig deep and look at your entire technology structure, providing expert advice, ongoing analysis of your needs, and the certainty your information is protected. We know that the best solutions are those that involve minimal effort and maximum peace of mind.

Ask us how to get started!