By Jesse Drake
Microsoft will stop providing security updates and support for Windows 7 on January 14, 2020. On that date, anyone at the university still running the Microsoft Windows 7 operating system will fall out of compliance with the U's Information Security Policy 4-004.
"At this point, I can't think of many compelling reasons not to upgrade to Windows 10. Continuing to run Windows 7 on your machine puts the university at risk," said Dustin Udy, security assessment team lead in UIT's Information Security Office (ISO).
A recent ISO endpoint management query found that more than 16,000 users have logged in to a Windows 7 machine since January 1. This doesn't necessarily reflect the number of devices, which Udy places at between 3,000 and 6,000 PCs based on other queries — but it does contextualize the challenge faced by the university should users and IT systems administrators not act before the Windows 7 end-of-life (EOL) date.
Windows 7 is a decade old, having launched on July 22, 2009. Microsoft actually ended "mainstream support" — free security and non-security updates, and telephone customer support — for the Windows 7 Service Pack 1 in 2015. Since then, it has been in "extended support," a period during which Microsoft has continued to issue patches to fix security issues and bugs.
Rob White, IT director for Continuing Education & Community Engagement, said the vast majority of his users have been moved to Windows 10, and are running at least Windows 8.1. He's actively working to upgrade everyone he supports 10.
"From the university's perspective, we want to look good to students, which means adopting and endorsing really great technology for end users," White said. "We want to be forward-looking, not playing catch-up."
While 8.1 is more recent than Windows 7, Microsoft will end extended support for that version on January 10, 2023, making it worthwhile to upgrade to Windows 10 now.
Matt Munro, senior lead of the core group in UIT Campus Computer Support, said that similar to how Mac OS X has become Apple's base operating system that's iteratively updated, Windows 10 will be Microsoft's major OS going forward.
Not upgrading all the way to 10 now, he said, would be like replacing an 18-year-old car with a 17-year-old model when you can afford something more reliable.
"Anything new that Microsoft develops will be on that platform," Munro said.
If you believe mitigating circumstances require you to keep using Windows 7 after January 14, 2020, such as specialized instrumentation or hardware configurations critical to a research project, you may apply for a policy exception. Email ISO's Governance, Risk & Compliance (GRC) team at email@example.com and include a brief statement that justifies the exception. The GRC team will walk you through the process.
Per Policy 4-004, the cost to remediate non-compliant systems and processes must far exceed the risks of non-compliance, and must have an expiration date no later than one year from the approval date. Prior to expiring, the exception will be reevaluated "based on emerging threats and business justifications."