by Charles Miller

Last week in this column I was giving Microsoft (also tacitly Apple and Google) a hard time for their ending support for Operating Systems (OS) while they continue to be popular and still widely used in the market. As of this writing, Microsoft seems determined to stick to a plan to cease providing critical security updates for its popular Windows 10 Operating System that, eight months away from its end-of-support date, still commands 61.2 percent of the worldwide market. There are two important storylines to know in order to understand the importance of this issue.

The first point to understand is that since Microsoft released Windows 10 on July 29, 2015 the company has been maintaining it with regular monthly updates, including a staggering 83 bug fixes in March 2023 alone. Even in spite of this and after almost 10 years, cybercriminals continue to discover new zero-day vulnerabilities in Windows 10 and older Windows versions. "Zero-day" is the term used to describe a security threat that could potentially impact not just a few users of one product but the entire internet.

The operative word in that last sentence is "entire." Like an ostrich with its head in the sand, some Windows users want to believe that continuing to use their one home or office computer that is out of date should not be a problem or if it is a problem it would only affect them. Unfortunately, if their out-of-support computer is ever connected to the internet the potential is there for it to be exploited immediately upon discovery, possibly leading to significant risks for others connected to the internet, meaning others that are newer and up to date.

The importance of addressing security vulnerabilities is underscored by their potential for having widespread impact far beyond just one user’s out-of-date computer. In 2017 the WannaCry ransomware attack exploited a zero-day vulnerability in Windows by infecting hundreds of thousands of computers worldwide before Microsoft pushed out an emergency update to prevent millions more computers from being infected.

Zero-day vulnerabilities pose critical threats, and continuing security updates by Microsoft and others serve to mitigate extensive damage across the internet. The worst-case scenario is that some yet to be discovered zero-day could result in the entire internet and everything connected to it being unable to function.

In spite of this, Microsoft appears to be sticking to its plan to discontinue consumer support for Windows 10 on October 14 of this year in spite of the fact that it still remains the number one most in-use Windows version. The company plans to offer paid support for U$ 30, but only for one year unless you are a large organization or government. Read that last sentence again please.

The second point to remember is that after the end of life date for Windows 10 on October 14 Microsoft will continue to create important security updates for Windows 10 but will be putting unknown numbers of users at risk by withholding these updates from most consumers. Governments and large organizations can purchase these critical updates after support officially ends, but you and I cannot. And it gets much worse. Microsoft is still today creating critical security updates for Windows 7 for which support ended 2020 and even for Windows XP that ended support 2009. None of these critical updates are made available to regular consumers.

As Microsoft is still creating critical updates for governments and large organizations that continue to use discontinued versions of Windows, it is grossly irresponsible for Microsoft to not make those same updates available to the small and dwindling numbers of consumers who need to have them. Such availability seems not to place a new burden on Microsoft. The company is already creating these critical updates, so all they need to do is stop withholding them from the public. Of course there are financial considerations, along with the public safety considerations.

Finally, I am not letting Apple, Google, and other software giants off the hook. To one degree or another all of them have situations similar to Microsoft and all of them need to recognize how their policies might affect not only their end-of-life products but the safety and security of the internet as a whole.

**************

Charles Miller is a freelance computer consultant with decades of IT experience and a Texan with a lifetime love for Mexico. The opinions expressed are his own. He may be contacted at 415-101-8528 or email FAQ8 (at) SMAguru.com.

Discover Lokkal:
Watch the two-minute video below.
Then, just below that, scroll down SMA's Community Wall.
Mission

Visit SMA's Social Network

Contact / Contactar