OS migrations after Windows7 still a hassle for IT professionals

News by Chandu Gopalakrishnan

OS updates happen continuously and security demands constant change, but compatibility issues make OS migration a headache for most IT pros

Microsoft has announced a massive update for Windows. The announcement about Windows 10X comes as businesses, particularly in the lower tiers, struggle to phase out Windows 7 from their systems. 

A major upside of the update is that Windows 10X will isolate the operating system, drivers and apps from user data. They can be updated in the background without any hassles, while the platform switches to the latest version of the OS whenever it is rebooted. 

The new OS will run traditional win32 desktop apps, but Microsoft does not plan to port it to Windows 10 computers. Instead, the company will target it at an anticipated market for dual-screen devices, such as its futurist Surface Neo.

Change chores

OS-related migration currently continues to be a serious problem and necessity for organisations. A survey among IT decision makers and executives by SolarWindsfound that most IT professionals migrating OS due to Windows 7 phase-out expect it to cause a myriad of problems.

However, the cost of transition was never the largest concern, found the survey. Nearly 80 percent of IT professionals surveyed agreed that application compatibility issues continue to pose huge problems for them when migrating to a newer OS.

According to the IT professionals responding to the survey, the main issues preventing businesses from updating to a newer version were compatibility issues (67 percent) and downtime or disruption (44 percent). Costs (42 percent), competing IT department priorities (37 percent), underestimating the consequences of not doing so (33 percent), lack of supporting hardware (24 percent), and concerns around complexity (22 percent) followed.

The majority of them (74 percent) were aware of the security vulnerabilities related to continued usage of earlier versions of Windows. Despite these concerns, they also felt confident in the industry’s preparedness for a security incident, and most have already left Windows 7 behind. 

Chinks galore

Prompt updating does not guarantee the safe performance of the OS, says the annual vulnerability and threat trends report by Skybox Security.

The number of new vulnerabilities within Windows OS’s increased by 66 percent between 2018 and 2019, making Microsoft the owner of the industry’s most vulnerable operating systems, said the report. The number of vulnerabilities within Windows products, as opposed to OSs, also increased by 75 percent, presenting a stark contrast to Android’s 73 percent drop. 

Microsoft’s Patch Tuesday security update released on 11 February has fixed a whopping 99 vulnerabilities, making it the company’s biggest Patch Tuesday known to date. The highlight of this month's security train represents the fix for CVE-2020-0674, a zero-day vulnerability in Internet Explorer.

The rising security updates also means that Microsoft is reporting and patching more vulnerabilities, which is a sign of good cyber-security practices on their part, the Skybox report suggested.

Vulnerabilities that arise from an OS that reached the end of life still remain far greater threats, commented Tim Brown, VP of security, SolarWinds.

“It’s heartening to see that an overwhelming majority of the IT community has made this shift. At the same time, compatibility issues are still proving troublesome. It’s vital that these issues don’t leave parts of the business behind and at risk. However, these periods of migration when an OS is reaching EOL are the ideal time to review applications in use, and audit these to improve the security of the environment.”

No two ways

OS migration, in any case, is absolutely necessary, said Roger Grimes, data-driven defense evangelist at KnowBe4.

“All vendors have limited resources. At some point, they need to concentrate more of their resources on the more current stuff. As less and less employees are experienced with something older, the resources that can even deal with the issue become less and less. Pretty soon, the vendor is expending an abnormal amount of resources to support something that less and less people use. This applies to the whole eco-system,” he told SC Media UK. 

“When an OS doesn’t upgrade, that means every vendor that has a product has to support more on a greater number of options. Everyone in the ecosystem is applauding the forced upgrades. It’s less to support for everyone.” 

Market pressure makes software manufacturers add new features in the updates, which the old one doesn’t have. Using the old versions to use the updates often result in waste of resources, he noted.

“It’s sometimes very difficult to backfill a feature into an older OS and even if they did, the feature would be just as good because the other necessary supporting dependencies aren’t. And when current customers are using less feature-rich products, there is a greater chance that they will move to a competitor’s product to get that new feature set.”

While consumer demand remains a major catalyst, changing employee preferences -- particularly in the wake of the BYOD culture -- has been a growing influence in OS migration for the companies. And, of course, security. Short-cuts or add-on software fails miserably there, he said.

Because shortcuts are just that: shortcuts. They are not as strong and secure as upgrading. Every system not upgraded becomes a potential higher risk exploitation point. Shortcuts don’t provide better security, they just provide some protection for accepting weaker protection as a default.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews