Is the public sector ready for the end of Windows 7?
Today marks two months until Microsoft ceases support for its decade-old operating system. PublicTechnology discovers that government is tight lipped about how widely the technology remains in use across Whitehall
On 22 October 2009, Alexandra Burke was number one in the charts, Manchester United were top of the Premier League table, and Nick Griffin – who controversially appeared on Question Time that night – was the UK’s most talked-about political figure.
Clearly, a lot has changed since then.
But also among the headlines was something that has shown a little more sticking power: Windows 7.
The operating system, which went on sale on that day, is still in widespread use. Having superseded the unpopular Vista, the software was an immediate success. It sold 450 million copies in its first two years after release – equating to more than 650,000 PCs upgrading to the software every single day.
Its installed base has remained strong ever since; it was not until earlier this year that it was finally overtaken by Windows as the world’s most widely used desktop OS.
Data from NetMarketShare shows that about 27% of all PCs around the globe still run on Windows 7.
In the UK, the figure is about 18%, according to Statcounter research.
But, although it still appears to be in rude health, the product is swiftly approaching its end-of-life date.
From 14 January, Microsoft will no longer provide free technical help with the product, nor any updates to help protect against new threats. While extended support is available until as late as 2023 – although this will require escalating payments.
14 January 2020
End-of-support date for Windows 7
Percentage of PCs in the UK that still run on Windows 7, according to Statcounter
Number of computers across BEIS, Cabinet Office, and CPS – all of which have been upgraded
Number of NHS PCs – out of a total of 1.37 million – that are on Windows 7, as of June 2019
22 October 2009
Release date of Windows 7
Microsoft warns that any computer running an unsupported version of Windows 7 “will be at greater risk [of] viruses and malware”.
“Microsoft strongly recommends that you move to Windows 10 sometime before January 2020 to avoid a situation where you need service or support that is no longer available,” the vendor says on its website.
With just two months left until the cessation of support, many public sector entities have admitted they are still unready. Many more. PublicTechnology research has revealed, are remaining tight-lipped on the subject.
As of June 2019, some 1.05 million NHS computers across England – out of a total of 1.37 million – still ran on the 10-year-old operating system.
PublicTechnology recently submitted freedom of information requests to a wide range of public-sector bodies, including all central government departments, seeking data on how much of their computing estate still runs on Windows 7.
Several departments responded that they have already upgraded their entire organisation to a new system. These include the Cabinet Office, which has updated 6,551 machines, the Department for Business, Energy and Industrial Strategy, with 5,685 PCs, and the Crown Prosecution Service, with 9,557.
The Office for National Statistics said that, while almost 60% of its computers – 5,089 out of 8,570 – still run on Windows 7, it plans to upgrade to Windows 10 across the board by the end of March 2020.
Most departments, however, refused not only to disclose this information – but even to confirm or deny whether they held it. Those that did so cited FOI exemptions allowing non-disclosure in cases where an increased vulnerability to crime outweighs the public interest in transparency.
In several cases, this decision was maintained following an appeal in which it was pointed out that the arbiter of the FOI legislation, the Information Commissioner’s Office, had itself been happy to disclose that 927 of its 1,037 computers still run on Windows 7, pending an upgrade programme due to complete sometime in December.
Following an initial refusal endorsed by an internal review, the Department for Exiting the European Union told PublicTechnology that any public knowledge or inference of the operating systems it uses – whether Windows 7 or newer iterations – “could assist those with malicious designs in the planning of cyberattacks on DExEU”.
“Because of the purpose and function of DExEU, the information which it has in its possession is often of a very sensitive nature,” it says. “The theft of such information by parties which are intent on causing harm to the UK would compromise national security. Hence the need to reduce the threat to such information by neither confirming nor denying which operating system is used on computers owned by DExEU.”
HM Land Registry is another government organisation to conclude, after an internal review that it is exempt from confirming or denying whether it holds information on its operating systems.
The ICO found that a complaint from PublicTechnology about HM Land Registry’s decision was “eligible for further consideration”. The issue is now being examined by one of the regulator’s caseworkers.
Keep an eye on PublicTechnology later this month for a full rundown of our research on the public sector’s readiness for Windows 7 end of life, and analysis of the security implications.
PCS blasts plan new plan after criticising series of ‘failed ideas’
Home Office agency to work with French IT heavyweight
Deals awarded to Post Office and Digidentity also include the transfer of data to government
Unions counsel against attempts to instigate ‘big bang’ return to offices
Higher Education institutions are some of the most consistently targeted organisations for cyberattacks. CrowdStrike explores the importance of the right cybersecurity measures.