Last Friday Microsoft Germany posted a PR piece that said, “Windows 7 can no longer keep up with today’s increased security requirements.” This morning the post is no longer available.

It seems Microsoft’s denigration of Windows 7 touched a sore spot.

Assertions made by Microsoft Germany—that Windows 7 has fallen behind the times, and it’s more expensive than Windows 10 due to “maintenance, lost working time due to increased malware attacks, or increased support requests”—have been hotly debated, both from a factual standpoint and from a logistical one: Why would a company pay to upgrade an operating system that’s being supported so poorly?

You can read an English translation of a cached copy of the original Microsoft Germany PR post here. It includes such gems as this:

Windows 7 is based on long-outdated security architectures. Three years before the end of the support, corporate customers in particular should deal with the transition to a modern operating system in good time. Companies and users who are on their way to Windows 7 with their sensitive data within three years are faced with enormous dangers. Already today virtually every company has to expect cyber attacks

German blogger and Windows expert Günter Born published a fascinating rebuttal on his blog, Born’s Tech and Windows World (English translation), that dismantles Microsoft Germany’s assertions one by one. Born points to a study published two months ago by Carnegie Mellon’s CERT/CC, in which Senior Vulnerability Analyst Will Dormann shows, with a great deal of supporting evidence, that Windows 10 cannot protect insecure applications like EMET can.

The basic point is that Windows 7 with EMET 5.51 can, in some common situations, protect your operating system better than Windows 10 can. Says Dormann:

Microsoft strongly implies that if you are running Windows 10, there is no need for EMET anymore. This implication is not true. The reason it’s not true is that Windows 10 does not provide the application-specific mitigations that EMET does.

Microsoft will be discontinuing EMET on July 31, 2018.

Born goes on to say he’s been running Windows for many years, and DOS before that:

Machines with Windows XP and then Windows 7 have been a solid foundation for my SoHo business… Windows 10 isn’t what I need as a SoHo business user. It’s focused on things Microsoft’s marketing identified as “good for the company’s revenue”.

Even if you accept the idea that Windows 10 is more secure than Windows 7 (depending on how you define “more secure”), poster messager7777777 on AskWoody makes a good point:

German M$ anti-Win-7 blogpost for businesses was likely referring to the much more expensive Win 10 Enterprise E3 & E5 editions which came with better security service packages via monthly subscriptions, eg Windows Defender Advanced Threat Protection, Credential Guard, Device Guard, etc.

Clearly, organizations that pay for Enterprise E3 or E5 licenses and have the staff necessary to implement and maintain the advanced security packages will have a more formidable defense than those who run Windows 7. But that doesn’t make Win7 obsolete, and it doesn’t let Microsoft off the hook from providing security patches to Win7 for the next three years.

If you choose to move from Windows 7 to Windows 10, that’s great. But if you decide to stick with Win7, you shouldn’t be bullied by ill-conceived PR … even if it comes from Microsoft.

By Woody Leonhard, source by InfoWorld

Visit ICT Hardware who is one of Microsoft Partner

Microsoft last week backtracked from a 2016 decision to offer Windows 7 and Windows 8.1 users only cumulative updates, saying on Friday that starting next month it will again provide Internet Explorer (IE) security patches as a separate download.

The change was a tacit admission by Microsoft that IE has lost its place of primacy in the enterprise, a fact supported by a disastrous decline in third-party measurements of the browser’s user and usage shares over the past year.

“Customers have requested increased flexibility for deploying the Security Only updates for Windows independently of the fixes for Internet Explorer,” Nathan Mercer, a Microsoft senior product marketing manager, wrote in a post to a company blog Jan. 13.

In August 2016, Microsoft announced that starting in October, it would offer only cumulative security updates for Windows 7 and 8.1, ending the decades-old practice of letting customers choose which patches they apply. The new maintenance model for Windows 7 and 8.1 was a direct transplant from Windows 10, which has always relied on cumulative updates.

Under the revamped regime, Microsoft issues two different security-related updates each month for commercial customers: “Security Monthly Quality Update,” aka “Monthly Rollup,” which includes both security and non-security fixes; and “Security Only Quality Update,” a smaller-sized package that contains just security patches.

Patch experts voiced concern over the new practice, pointing out that businesses would no longer be able to refuse one security update while accepting others. That approach had been useful when reports surfaced of a flawed update that broke software or enterprise workflows, or crippled Windows computers.

But when Mercer explained why Microsoft would deliver IE security updates separately from the rest of Windows’ patches, he implied it had little if anything to do with a potentially-bad fix. Instead, he said the change stemmed from the size of the updates.

“The Internet Explorer updates constituted a significant percentage of the total Security Only update package size,” Mercer said. “Package size is one of the primary reasons some enterprise customers choose to leverage the Security Only update (to optimize for smaller download in limited bandwidth scenarios).”

“With this separation, the Security Only update package size will be significantly reduced,” Mercer continued [emphasis in original]. “But you will need to deploy and install the Internet Explorer update to remain secure for the latest supported version of the browser.” That last sentence was an important clue to the real reason businesses pushed Microsoft to separate IE from the Security Only update.

If companies were still using IE, there would be no reason to isolate its patches from the rest of the month’s: They would still need to update IE. Whether in one or two downloads, the size of everything would have been similar, with zero bandwidth savings. Only if enterprises aren’t running IE does separating its updates make sense.

And clearly a lot of enterprises have abandoned IE.

According to web analytics vendor Net Applications, in December IE was used by 23% of those running Windows, a decline from 51% just 12 months before.

But industry research firms typically peg enterprises as accounting for approximately 55% of all Windows PCs. That means, assuming every consumer with a Windows system runs something other than IE — highly unlikely — at least half of the commercial Windows machines worldwide rely on a browser other than Internet Explorer.

Microsoft will provide a separate IE update on Feb. 14, the next Patch Tuesday, for those enterprises that deploy patches with Windows Server Update Services (WSUS), System Center Configuration Manager (SCCM) or a third-party patch management platform. Only firms that select the Security Only option will be able to eschew the IE package. Firms whose IT administrators choose the Monthly Rollup will continue to receive IE patches as part of the cumulative update.

Consumers or businesses that receive patches from the Windows Update service are automatically handed the Monthly Rollup, and so will not have a choice as to whether to download IE updates.

By Gregg Keizer, source by Computerword.com