Berlin (dpa) – Authorities, companies and private users are still using the Windows 7 PC operating system, which was discontinued a year ago, on a large scale, although the software now has major security gaps. Worldwide, the software is still used on around 18 percent of all Windows computers that regularly access the Internet, even without regular updates. This emerges from projections by Statcounter. The analysis company uses a tracking code on over two million websites to determine which operating system is used by the users.
Many users underestimated the security risk of an outdated Windows version, said Thomas Uhlemann, security specialist at the security software company ESET, the German press agency. “One weak point is enough and the computers are open like a barn door for cyber criminals.” This behavior is negligent. “Information about known security vulnerabilities is spreading rapidly in underground forums and is used for a variety of attack scenarios.”
In Germany the situation looks a little better. Windows operating systems have a market share of around 80 percent for desktop PCs and notebooks. Statcounter recorded around 8.3 percent or a good four million Windows 7 devices. Together with the also outdated and insecure Windows versions Vista, XP and 8, this adds up to 5.2 million devices in Germany that are insecure.
One of the public institutions in Germany that did not manage to switch to a modern operating system in time a year ago is the Berlin city administration. At the beginning of 2020, just under 82 percent of the more than 80,000 IT workstations there had been converted to Windows 10.
The country Berlin Like many other companies and administrations, had to buy a grace period from Microsoft in order to keep the jobs that had not yet been converted running. Experts estimate that Microsoft requires between 25 and 50 euros per year per Windows license in the special support contracts. The delay in converting Windows 7 PCs cost a six-figure amount in the upper range in 2020 just for the support extension at Microsoft.
Actually, the outdated computers should all be converted to the current Windows 10 by the end of 2020. But on the sidelines of a hearing in a specialist committee in the Berlin House of Representatives, reports of “evident” problems with the changeover were made in September 2020. Therefore, the completion notification of the Windows switch to New Year’s Eve was not received.
The difficulties were not due to the fact that the state of Berlin did not manage to buy modern computers during the corona crisis. The devil here lies in the (software) detail. Certain programs that enable certain administrative operations are also hopelessly out of date and simply won’t work on Windows 10. “I assume that the conversion has not been successful across the board,” said Bernd Schlömer, the digitization expert of the FDP parliamentary group in the House of Representatives.
In response to a dpa request, the Senate Department for the Interior announced that another 10,000 computers had been successfully converted in 2020. The switch to Windows 10 will be completed this year. In the foreseeable future, “no more workstation computers owned by the Berlin state government would run Windows 7”. The conversion of the systems is a “mammoth task that can only be implemented with a great deal of effort”.
On the one hand, companies and authorities run a higher risk by ignoring the end of support for Windows 7 because this makes cyberattacks easier. The Berlin state administration has already been the target of hacking attacks on several occasions. The Berlin Court of Appeal and computers at the Humboldt University were also infected by Trojans. According to experts, too late comers also violate the European General Data Protection Regulation (GDPR). The EU directive requires that the processing and use of personal data comply with the “state of the art”.
Windows 7 came onto the market over ten years ago on October 22, 2009 as the successor to the unsuccessful Windows Vista and was used by PC manufacturers until 2014. The successor, Windows 8, also had difficulties starting and did not convince many users. This is why many companies in particular remained loyal to Windows 7 even after 2014.
Although Windows 7 is generally considered to be fully developed, more and more security gaps have been discovered in the aged system in recent years. In 2010, only 64 vulnerabilities were found in Windows 7; in 2019, the number reached a peak with 250 officially registered problems. Figures for 2020 are not yet available.
Companies and organizations can still purchase updates for a fee from Microsoft. Private users, on the other hand, no longer have access to the security updates even for a lot of money. And that could have fatal consequences for online banking, for example, warns security expert Uhlemann.
“Many users are well aware that the access data for online banking and the TAN number should not be given to strangers”. A modern and up-to-date operating system is just as much a part of the duty of care as the use of a modern security solution or a current browser. “In the event of damage, banks can refuse a claim for compensation because the customer has negligently neglected his obligations.” Cyber insurance companies also refused to regulate this in many cases. “Users should regularly check their computer, which they use for online banking, for updates.”