One in Three Computers in Russia Still Uses Windows 7

According to statistics from Kaspersky Lab, 36% of computers in Russia are still running the Windows 7 operating system, for which mainstream support ended in January 2020. While outdated operating systems may continue to function normally, once support ends, they become easier targets for cyberattacks. When a system reaches the end of its lifecycle, vulnerabilities remain unpatched, making it easier for attackers to gain access to data.

Among home users, 37% continue to use Windows 7. The share is 34% among small and medium-sized businesses, and 35% among microbusinesses. For smaller companies, it is especially important to update operating systems in a timely manner, as they often lack dedicated cybersecurity resources. Currently, companies can still extend Windows 7 support for a fee, but only until 2023.

There are also users and organizations still running even older versions of Windows, such as XP and Vista, whose support ended in 2014 and 2017, respectively. However, their share is small—less than 1%. More than half (56%) of users have switched to Windows 10, the latest and currently most secure version of the operating system.

Why Users Delay Updates

“Many users are reluctant to install operating system updates, fearing changes to the interface and functionality or simply not wanting to spend valuable work time on it. However, updates are essential for fixing vulnerabilities that attackers can exploit to gain access to systems. Updates should be installed promptly, and critical updates should never be postponed,” says Oleg Gorobets, an expert at Kaspersky Lab. “It’s important to understand that as soon as information about a vulnerability becomes public, many attackers start actively exploiting it, targeting those who haven’t updated in time. If you know your OS will soon lose support, you should plan to replace it in advance, including upgrading hardware if necessary. Using unsupported systems is like leaving your house with the door unlocked—sooner or later, someone you don’t want will come in.”

Kaspersky Lab Recommendations

• Use a current, manufacturer-supported version of your operating system.
• Enable automatic updates if you cannot test OS updates before installation.
• If upgrading to the latest OS version is not possible, organizations should account for this in their threat model and isolate vulnerable devices from the rest of the network, removing internet-related tasks from them whenever possible.
• Protect machines running outdated OS versions with modern security solutions that can operate effectively on them. Kaspersky Embedded Systems Security, for example, works efficiently even on low-performance hardware and outdated operating systems.
• If possible, use advanced solutions with behavioral analysis and exploit prevention technologies, such as Kaspersky Small Office Security for entrepreneurs and microbusinesses, Kaspersky Security Cloud for small and medium businesses, and Kaspersky Security for Business for companies with more developed IT infrastructure. These solutions help reduce the risk of exploiting unpatched vulnerabilities in supported legacy systems (Windows 7 and earlier).