Kaspersky recently conducted a study based on anonymized OS metadata provided by consenting Kaspersky Security Network users. The survey found that almost one quarter (22%) of PC users are still using the end-of-life OS Windows 7, which stopped receiving mainstream support in January 2020 by way of the vendor no longer sending software updates including critical security fixes.

Although a trusted operating system may seem fine on the surface, if the vendor no longer supports it with important updates to the software, the system becomes more susceptible to attacks. When operating systems reach end-of-life, vulnerabilities will remain on the system without patch updates to resolve issues, providing cyber attackers with potential ways to gain access. Therefore, it is critical to update a system's OS to protect networks from this avoidable issue.

Among those still using Windows 7, consumers, small and medium businesses (SMBs), and very small businesses (VSBs) occupy almost the same share with 22% each. It is also noteworthy that almost a quarter of VSBs still use the outdated OS as they do not have dedicated IT staff responsible for ensuring their OS is up-to-date. For now, businesses can still receive extended paid support for Windows 7, but this means an extra expense, and this offering will not be available forever.

Kaspersky's findings also showed that only a small percentage (less than 1%) of people and businesses still use older operating systems, such as Windows XP and Vista, support for which ended in 2014 and 2017 respectively. Overall, almost one quarter (24%) of users are still running a Windows OS without mainstream support.

Fortunately, 72% of users are using Windows 10, the latest version of Windows OS, which appears to be the safest choice.

"Updating your operating system might seem like a nuisance for many, but OS updates are not just there just to fix errors, or to enable the newest interface," comments Oleg Gorobets, senior product marketing manager at Kaspersky. "The procedure introduces fixes for those bugs that can open a gaping door for cybercriminals to enter. Even if you think you are vigilant and protected while online, updating your OS is an essential element of security that should not be overlooked, regardless of any third-party security solution's presence. If OS is obsolete, it can no longer receive these critical updates. If your house is old and crumbling, there is no point to install a new door. It makes more sense to find a new home, sooner rather than later. The same attitude is needed when it comes to ensuring the security of the operating system you trust with your valuable data every day."

Knowing the risks of an end-of-life operating system is a good start, but acting on that knowledge is a smart way to finish. To protect yourself or your business, Kaspersky recommends the following:

• Use an up-to-date version of the OS and make sure the auto-update feature is enabled.
• If upgrading to the latest OS version is not possible, organizations should consider this attack vector in their threat model and ensure smart separation of vulnerable nodes from the rest of the network. Kaspersky Embedded Systems Security can provide support in this case, as it allows operating an OS as old as Windows XP SP2 that runs on systems with very low specifications.
• Use solutions with exploit prevention technologies, such as Kaspersky Security Cloud, Kaspersky Endpoint Security for Business, and Kaspersky Small Office Security, which help to reduce the risk of exploitation of unpatched vulnerabilities that can be found in and obsolete OS (Windows 7 and earlier).