Is Windows 7 safe to use?

Last Updated on July 23, 2023 by Dave Farquhar

Is Windows 7 safe to use? No. Next question? Alright, I guess I need to explain why, without being so dismissive.

Support for Windows 7 ended in January 2020, which means there have been no new security updates for Windows since. That means Windows 7 isn’t safe to use, even with a firewall and antivirus.

Why Windows 7 is no longer safe to use

is Windows 7 safe to use
Is Windows 7 safe to use? Not anymore. I won’t be plugging this machine into my network until I get Windows 10 running on it.

Microsoft generally supports operating systems with bugfixes and new feature updates for about five years. After that point in time, they cut back to the minimum, providing just security updates for another 5 years or so.

Windows 7 proved to be one of the most beloved Windows releases ever, and some diehards hung onto it until the very end. But absent the monthly security updates that cause your computer to reboot in the middle of the month every month, Windows 7 isn’t safe to use. Most bugs discovered in newer versions of Windows since January 2020 are present in Windows 7 as well as in Windows 10 and 11. But while Windows 10 and 11 got the update, Windows 7 didn’t.

It’s not exactly unusual for a monthly Windows update to fix 100 vulnerabilities. So the security gap between supported and unsupported Windows versions grows quickly. The April 2020 update addressed 113. March 2020 addressed 115, and February addressed a mere 99. That growing security gap means Windows 7 is no longer safe to use, and becomes increasingly unsafe over time.

There have been a couple of instances where Microsoft quietly released and pushed a fix for Windows after their official end of life. But those were isolated incidents. Applying the fix for those onesie-twosie vulnerabilities provides no protection against the hundreds of others with no available fix for Windows 7. About 20 of the vulnerabilities in Windows discovered after Windows 7 went EOL are on the CISA KEV, a list of known exploited vulnerabilities the U.S. government tracks.

It was possible to hack Windows 7 go get updates until January 2023. But even if you did that, you stopped getting updates in early 2023. That means its security gap is growing.

If you have a Windows 7 computer with software on it that you need, and that software won’t run under Windows 10, keep that computer off the Internet when you’re using it.

What about antivirus and firewalls? Don’t they make Windows 7 safe to use?

Your antivirus and firewall software provide necessary security, but they aren’t invincible. If you’ve ever had to take security awareness training at work, say, the (in)famous Kevin Mitnick Security Awareness Training, everything he demonstrated was on machines with a functioning firewall and up-to-date antivirus. The catch was the systems themselves weren’t fully up to date, so he was exploiting those vulnerabilities to undermine the other security measures in place. A system that hasn’t received any updates for months or years is vulnerable to the same types of attacks Mitnick demonstrated.

And hacking generally isn’t like in the movies. In the movies, the protagonist knows when they’ve been hacked. In the real world, you generally don’t. The reason you could see in the Kevin Mitnick demonstrations was because he was showing you both sides of the attack, and going out of his way to make it clear he had broken through the target computer’s security measures.

What about businesses, government and military?

Microsoft offers Extended Security Updates for business and government use. For a fee, which increases every year, Microsoft continues to provide updates the same way they did between 2015 and 2020 to keep Windows 7 safe to use in those isolated cases. The fee encourages businesses to move to Windows 10, which doesn’t require paid support for updates.

The government and military generally do a much better job of upgrading to new Windows versions than commercial businesses do. Generally the government starts its migrations within a couple of years of the new Windows release. When I was a government contractor, I had Vista and Windows 7 on my desk. The government started migrating off XP in 2006 or 2007. When I went back into the private sector in 2013, they handed me a laptop with XP on it.

Yes, you’ll hear stories about the Navy using ancient Windows versions, and certain outlets will try to call that an example of government incompetence. But the argument doesn’t hold up. The Navy refurbishes its ships on a 20-year lifecycle. That includes the computer systems. So that means some of their ships have Windows builds on them that are 10 years out of support. Perhaps even a bit longer. The Navy buys extended support from Microsoft to abate this. It always has. That’s part of lifecycle management. They buy the updates, and they’re rather good at getting them deployed too.

For the rest of us, lifecycle management means upgrading from Windows 7 to a safe version like Windows 10 or 11.

Upgrading to Windows 10 or 11 to get safe

Microsoft no longer offers Windows 10 as an easy, automatic and free upgrade from Windows 7. That said, even today, if you use Windows 10’s USB installer and enter a valid Windows 7 license key when it prompts you, it will accept the key, install, and activate.

Windows 7 admittedly runs better on aged hardware than Windows 10 does, but installing an SSD does a lot to close the difference. But even Windows 10’s end of life is coming up on us. After October 2025, Windows 10 won’t be supported anymore. You can purchase systems with 4th through 7th generation Intel i-series CPUs rather cheaply because they don’t support Windows 11, and they make a rather inexpensive stopgap in the meantime. But prices even on Windows 11-capable machines are coming down. So you can upgrade from Windows 7 to a version that is safe to use inexpensively.

If you found this post informative or helpful, please share it!