The long goodbye: 41% of consumers still use unsupported and near end-of-life OS

The long goodbye: 41% of consumers still use unsupported and near end-of-life OS

Many consumers and businesses still rely on unsupported or near end-of-life operating systems (OS), according to Kaspersky research. While newer versions of such OS are available, around 41% of consumers still use either an unsupported or approaching end of support desktop OS like Windows XP or Windows 7. At the same time, 40% of very small businesses (VSBs) and 48% of small, medium-sized businesses (SMBs) and enterprises still rely on these systems. This situation creates a security risk.

In most cases, the end of the lifecycle of an OS means that no further updates will be issued by the vendor, and this includes updates related to cybersecurity. Yet security researchers or cyber attackers may find previously unknown vulnerabilities within these systems. Subsequently, these vulnerabilities may be used in cyberattacks and users will be left exposed as they will not receive a patch to resolve the issue. To try and gauge how many of these at-risk systems exist in order to estimate the scale of the risk, Kaspersky researchers analyzed the anonymized data of OS use provided by Kaspersky Security Network users (with their consent). The results show that four out of 10 consumers still use obsolete systems, including extremely old ones like Windows XP and Vista. 

Looking at the specific versions of outdated OS used, two per cent of consumers and one per cent of workstations used by VSBs rely on Windows XP – an OS which hasn’t been supported for over 10 years. Less than half a per cent of consumers (0.3%) and VSBs (0.2%) still prefer Windows Vista, for which mainstream support ended seven years ago. Remarkably, some consumers (1%) and businesses (0.6% of VSBs and 0.4% of SMBs and enterprises) missed the free update to Windows 8.1 and continue to use Windows 8, which has not been supported by Microsoft since January 2016.

The long goodbye: 41% of consumers still use unsupported and near end-of-life OS
The distribution of Windows OS versions on desktop devices used by consumers and business customers

Windows 7 is still a popular choice for consumers and businesses, despite extended support coming to an end in January 2020. More than a third (38%) of consumers and VSBs, and 47% of SMBs and enterprises, still run this OS. For the small, medium-sized and enterprise business segments, the share of Windows 7 and the newest version of Windows 10 (47% of workstations work on this OS) is the same.

“Statistics show that a significant share of users, both businesses and individuals, still use workstations running an outdated or approaching end of lifecycle OS. The widespread use of Windows 7 is concerning, as there is less than six months to go until this version becomes unsupported. The reasons behind this lag vary depending on the software in place, which may be unable to run on the newest OS versions, to economic reasons and even just down to habit. Nonetheless, an old unpatched OS is a cybersecurity risk – the cost of an incident may be substantially higher than the cost of upgrading. This is why we recommend that customers migrate to supported versions and ensure that additional security tools are in place during the transition period.” – Alexey Pankratov, Enterprise Solutions Manager, Kaspersky.

Distribution of outdated OS usage in Singapore and Southeast Asia

Data from Kaspersky’s research show that while many countries in the region are already using the latest windows 10, a significant portion of users in Southeast Asia continues to use outdated OS such as Windows 7, Windows 8, Windows Vista and Windows XP. 

Under the consumer segment, Singapore had the lowest percentage of users employing unsupported OS such as Windows 7, Windows 8, Windows Vista and Windows XP at 25.7%, compared to its neighbours: Philippines (26.5%), Thailand (38.1%), Malaysia (40%), Indonesia (45.4%), and Vietnam (66.4%).

For the SMB and enterprise segments, Singapore again led the charts with the lowest percentage of users employing unsupported OS such as Windows 7, Windows 8, Windows Vista and Windows XP at 26.7%, compared to its neighbours: Philippines (35%), Vietnam (44.6%), Indonesia (46.2%), Malaysia (50.5%) and Thailand (52.3%).

Within Singapore, the usage of Windows 10 among consumers was the highest (68.7%), followed by Windows 7 (24.4%), Windows 8.1 (5.5%), Windows 8 (0.6%), Windows XP (0.6%) and Windows Vista (0.1%).

For the local SMBs and enterprises, Kaspersky’s research found that this segment was more up-to-date in terms of OS adoption, with 71% using Windows 10, 26.4% on Windows 7, followed by Windows 8.1 with 2.3% and Windows 8 with 0.3%.

“For the security of our computers, it is important that we install the most updated OS as much as possible. The latest versions have updates that fix errors, patch critical vulnerabilities, and serve as the first line of defence of our businesses’ critical systems. As one of Southeast Asia’s most digitally advanced economies, it comes as no surprise that Singapore ranked the highest in terms of up-to-date OS adoption in the region. However, there remains a sizeable proportion of users across the consumer, SMB, and enterprise segments in the country which are using outdated operating systems. It’s critical for these companies, no matter how big or small they are, to close this loophole which cybercriminals can use against them sooner or later,” comments Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky Lab.

To be protected against emerging threats, Kaspersky recommends that businesses and consumers do the following:

  • Use an up-to-date version of the OS with the auto-update feature enabled
  • If upgrading to the latest OS version is not possible, organizations are advised to take into account this attack vector in their threat model and to address it through the smart separation of vulnerable nodes from the rest of the network, in addition to other measures. ConsiderKaspersky Embedded Systems Security (if using Windows XP)
  • Use solutions with behaviour-based exploit prevention technologies, such as Kaspersky Security CloudKaspersky Endpoint Security for Business, and Kaspersky Small Business Security which help to reduce the risk of exploits targeting obsolete OS (Windows 7 and later)