Windows 7 End of Life 14.1.2020

From January 14, 2020, apart from a few justified exceptions, no Windows 7 computers should be operated in Kiel University's network. After this date, Windows 7 computers that continue to operate permanently should be effectively isolated from network access.
(Cf. circular from the Chancellor of Kiel University to the facility management on November 18, 2019)

 

Table of contents

 

Problem

the entire campus network.


On January 14, 2020, Microsoft ended regular support for Windows 7, and the manufacturer will no longer release updates (available free of charge) for this product. It can therefore be assumed that security holes in Windows 7 that have now been discovered will no longer be plugged (note that the relevant databases listed 250 new vulnerabilities in Windows 7 for the past year 2019 alone). There are now no more security patches. Although one usually still receives up-to-date virus signatures from the antivirus vendors even after this, the end of support poses a significant threat to the IT security of individual workstations and the entire campus network. 

Hinweistext bei Rechnern mit Win7:

Windows 7 computers that will continue to be operated (not isolated) in the university network after January 14, 2020 pose a considerable risk for the entire campus network: They are extremely easy to attack and, after an attack, form starting points for further attacks on the university network.

Need for action

Users/operators/users (especially) of Windows 7 have to change to more secure software platforms (e.g. Windows 10) or working environments in a timely manner.

To support the change from Windows 7 to Windows 10, the computing centre has created a run sheet for the Win10 conversion.

There may be a few constellations in which a rapid replacement of Windows 7 does not seem possible, e.g. in static links of experimental hardware with Windows 7. Such constellations must at least be separated from the general network of Kiel University. The group 'networks and infrastructure' of the computing centre, for example, is available for support in this regard.

Variants for the replacement of Windows 7

Regarding the replacement of Windows 7 there are at least the following variants:

  • Update of the operating system on the existing PC, if the system requirements allow it
  • Renewal of the workstation hardware (PC), accompanied by a change to a
    secure version of an operating system
    Please note the sometimes significantly increased delivery times for some
    products of the PC/notebook framework agreements of the university and order in time!
  • If a usual PC is to be used at the workstation (alternative in the next point), the question of the change to another operating system, thus the turning away from Windows e.g. to a Linux-like system (e.g.: Ubuntu), also arises. Besides some other questions, it has to be considered whether the 'available consulting environment' can cover the resulting IT support requirements. In the course of time a Windows dominance has developed in many university areas, which had to be supported by IT support and made Windows support prevalent in many places. It should be noted that non-Windows operating systems also have a significant end-of-life issue.
  • Change to a more care-friendly and low-maintenance concept for IT workstations, e.g. switch to the use of so-called thin clients connected to central terminal servers.

Is your PC workstation affected?

On Windows 7 PCs with home user versions (Home, Ultimate, ...) you will now be shown a note on the login screen informing you that support will end on January 14, 2020. For Windows 7 enterprise versions (Professional, Enterprise) this does not (yet) seem to be the case.
 
Check (if necessary) whether you use Windows 7. There are different procedures for this. An example is the Heise online help:
 
 

Is the existing Windows 7 PC workstation suitable for an upgrade?

Check whether your current computer hardware is suitable for the use of a (future) more secure operating system. For this purpose, the system requirements of the targeted operating system must be taken into account. If you want to stay with Microsoft Windows, sooner or later you will not be able to avoid Windows 10. The regular Microsoft support for Windows 8.1. already expired in 2018, the 'extended' support (but with a reduced support scope) will continue until January 2023. Full Microsoft support is only available for current versions of Windows 10. Therefore, if you are planning to move towards Windows, you should target Microsoft Windows 10.
 
The system requirements for the use of Windows 10 can be found directly at Microsoft, for example:
 
However, these are minimum requirements that do not guarantee a fluid application in typical scenarios. For comparison: Many IT admins currently recommend a standard configuration with an Intel i3-CPU, 8 GB main memory and a 256GB SSD as hard disk storage.
 
Often the question of suitability for a Windows 10 conversion is also asked on the basis of the device age. Although it is not possible to give a generally valid answer here, available conversion reports allow a softer limit at 5 years and a hard limit at more than 7 years. When reaching these age limits, there are sometimes considerable problems with the use of hardware and software components (e.g.: keyword 'driver'). Among the possible and reasonable measures for upgrading existing hardware, admin circles often hear about switching to the storage medium SSD as a replacement for rotating hard disks.
 
 

Licensing matters

To use newer Windows versions you need a license. This is available as an upgrade version for eligible Kiel University's institutions at no additional cost via the (Kiel University's accession to the) Microsoft federal contract. However, for use on a PC, a basic license is required, which is usually purchased with the purchase of a new PC/notebook. It is also possible to acquire a license directly in connection with new computer hardware, via Kiel University's hardware framework agreement for computer procurement.

You can find information on this at:

 Microsoft Licenses
 Information on the hardware framework agreement of Schleswig-Holstein universities (in german)
Please note the sometimes significantly increased delivery times for some products of the PC/notebook framework agreements of the university and order in time!

The recurring End-of-Life Trap: Description and a Way Out

Software in general and operating systems such as Windows 7 in particular are subject to a lifecycle that extends over a period of limited activity. At the end of this lifecycle(s), the software reaches the end-of-life state (EoL) in which the manufacturer or the manufacturer community no longer provides changes, improvements, patches, security updates. A general description of the life cycle of Windows can be found at Microsoft.

Continued operation of the software after the EoL time usually leads to a threat to the IT security of the organization using it, since security gaps found subsequently are no longer plugged.

So on January 14, 2020 Windows 7 reached the EoL state. Before that, this has already happened with Windows XP and Vista. Maybe not everyone is aware that there are already Windows 10 versions that have 'gone EoL'. Windows 10 Pro 1709 and Windows 10 Enterprise/Education 1607 expired in April 2019. For Windows 10, function updates will be released continuously (planned for spring and fall), which will have a service period of 30 months for the Enterprise/Education versions of fall updates. In addition, there are also so-called LTSB/LTSC versions of Windows 10, which will receive support for 10 years. However, Microsoft should advise against the use of LTSB/LTSC in 'normal working environments' (see article by G.Born (in german)).

It should be obvious that the EoL problem is not limited to Microsoft Windows, but is of a more general nature. Apple operating systems and the Linux(e) also have their EoL topic.

For many application scenarios, one can almost completely eliminate one's own exposure to the EoL trap by switching to an alternative concept for workplace IT. Conventional stationary PCs ('fat clients'), which are used for typical office work, can be replaced by 'thin clients' (TCs), which are connected via the computer network to 'thick' (terminal) servers (TS) on which the actual work is done. Special software on the TS ensures that the users working simultaneously on the server can work cleanly separated from each other. The TCs consist of very little hardware, their task is only to handle the input/output with the user and to connect mobile storage media (if acceptable for IT security reasons). The maintenance of the used software, especially the EoL topic, is generally taken care of by the operators of the TS, in case of Kiel University by the computing centre.

TC/TS configurations have been in use at Kiel University for a long time, so that corresponding experience and basic infrastructures are available here. The direct demand from the facilities has been rather restrained so far, so that a correspondingly bookable computing centre service has not yet been developed. However, since the TC/TS approach is an extremely attractive solution for the university, e.g. in terms of effective use of Kiel University IT and IT security, the computing centre welcomes corresponding inquiries from Kiel University's institutions and is considering a suitable extension of the service catalog. If you are interested, please contact pcsupport@rz.uni-kiel.de

Further information, tools etc.

General Press

 

IT trade press, Heise-Verlag (partly with costs)

 

Microsoft:

 

Tools

 

Miscellaneous

 

Contact person/Contact/Support

 

As a rule, you should contact the IT contact person of your division/institution.
Contact person in the computing centre: If you do not have a decentralized IT contact person available, you can also contact the helpdesks of the computing centre, who will try to support you in case of a change within the scope of available resources.
 

Credits

Thanks for constructive comments, additions, corrections, hints to: F.Albrecht/UV-IT