Many consumers and businesses still rely on unsupported or near end-of-life operating systems (OS), according to research.
While newer versions of such OS are available, around 41 percent of consumers still use either an unsupported or approaching end of support desktop OS like Windows XP or Windows 7. At the same time, 40 percent of very small businesses (VSBs) and 48 percent of small, medium-sized businesses (SMBs) and enterprises still rely on these systems. This situation creates a security risk.
In most cases, the end of lifecycle of an OS means that no further updates would be issued by the vendor, and this includes updates related to cybersecurity. Yet security researchers or cyberattackers may find previously unknown vulnerabilities within these systems. Subsequently, these vulnerabilities may be used in cyberattacks and users would be left exposed as they would not receive a patch to resolve the issue.
To try and gauge how many of these at-risk systems exist in order to estimate the scale of the risk, Kaspersky researchers analyzed the anonymized data of OS use provided by Kaspersky Security Network users (with their consent). The results show that 4 out of 10 consumers still use obsolete systems, including extremely old ones like Windows XP and Vista.
Looking at the specific versions of outdated OS used, 2 percent of consumers and 1 percent of workstations used by VSBs rely on Windows XP — an OS which hasn’t been supported for over 10 years. Less than half a percent of consumers (0.3 percent) and VSBs (0.2 percent) still prefer Windows Vista, for which mainstream support ended seven years ago. Remarkably, some consumers (1 percent) and businesses (0.6 percent of VSBs and 0.4 percent of SMBs and enterprises) missed the free update to Windows 8.1 and continue to use Windows 8, which has not been supported by Microsoft since January 2016.
Windows 7 is still a popular choice for consumers and businesses, despite extended support coming to an end in January 2020. More than a third (38 percent) of consumers and VSBs, and 47 percent of SMBs and enterprises, still run this OS. For the small, medium-sized and enterprise business segments, the share of Windows 7 and the newest version of Windows 10 (47 percent of workstations work on this OS) is the same.
To be protected against emerging threats, Kaspersky recommends that businesses and consumers do the following:
– Use an up-to-date version of the OS with the auto-update feature enabled
– If upgrading to the latest OS version is not possible, organizations are advised to take into account this attack vector in their threat model and to address it through smart separation of vulnerable nodes from the rest of the network, in addition to other measures.
– Use solutions with behavior-based exploit prevention technologies to reduce the risk of exploits targeting obsolete OS (Windows 7 and later).