The end of lifecycle of an OS means that no further updates will be issued by the vendor which includes updates related to cybersecurity. The vulnerabilities within the systems may be used in cyberattacks and users will be left exposed as they will not receive a patch to resolve the issue.
According to Kaspersky research, the analysis reveals that four out of ten (41 percent) of consumers still use obsolete operating systems (OS) even though newer versions of OS are available. Nevertheless, 40 percent of very small businesses (VSBs) and 48 percent of small, medium-sized businesses (SMBs) and enterprises still rely on these systems which will create a security risk situation.
Looking at the specific versions of outdated OS used, two percent of consumers and one percent of workstations used by VSBs rely on Windows XP – an OS which hasn’t been supported for over 10 years. Less than half a percent of consumers (0.3 percent) and VSBs (0.2 percent) still prefer Windows Vista, for which mainstream support ended seven years ago.
One percent of consumers, 0.6 percent of VSBs and 0.4 percent of SMBs and enterprises missed the free update to Windows 8.1 but still continue to use Windows 8, which has not been supported by Microsoft since January 2016.
Windows 7 is still a popular choice for consumers and businesses, despite extended support coming to an end in January 2020.
Distribution of Current and Outdated OS in Malaysia, Data Compiled by Kaspersky
|Segments/OS||Windows 10||Windows 7||Windows 8||Windows 8.1||Windows Vista||Windows XP|
|SMBs & Enterprises||44.8%||49.8%||0.7%||4.6%||–||–|
According to Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky, a good majority of the consumers, SMBs and enterprises in the region are using the most updated OS, which have updates that fix errors, patch critical vulnerabilities, and serve as the first line of defense of businesses’ critical systems. It is, however, worth noting that the adoption of the latest OS on all segments is still not at 100 percent.
“Our Kaspersky Automatic Exploit Prevention technology uncovers vulnerabilities, including zero-day vulnerabilities from time to time. Clearly, there is a threat in using outdated OS versions. If found unpatched, hackers can exploit this vulnerability to wage damaging attacks. It is highly critical for consumers and companies to keep their operating systems up to date to close loopholes cybercriminals can use against them,” says Yeo.
To be protected against emerging threats, Kaspersky recommends that businesses and consumers do the following:
- Use an up-to-date version of the OS with the auto-update feature enabled
- If upgrading to the latest OS version is not possible, organisations are advised to take into account this attack vector in their threat model and to address it through smart separation of vulnerable nodes from the rest of the network, in addition to other measures. Consider Kaspersky Embedded Systems Security (if using Windows XP)
- Use solutions with behavior-based exploit prevention technologies, such as Kaspersky Security Cloud, Kaspersky Endpoint Security for Business, and Kaspersky Small Business Security which help to reduce the risk of exploits targeting obsolete OS (Windows 7 and later)