One of the big tech stories at the start of this year is that Microsoft is making Windows 7 End-of-Life (EOL). EOL means no more security patches and a general scrabble in IT departments to track down all Windows 7 systems and update them to Windows 10.
Upgrading is easy enough if it is a desktop system for a user. But what about your measurement and automation systems? Can you risk upgrading them? Why should you?
Reasons to Upgrade
There is one primary reason - security.
What EOL means is if new security vulnerabilities are found, Microsoft won't fix them - but hackers and thieves will still have access to them. No patches leave these systems vulnerable to risks like ransomware which took down large parts of the NHS a couple of years ago.
For this reason, you may find IT prevent any Windows 7 machines connecting to the corporate networks.
Risks of Upgrading
When you have special-purpose systems, then they are often designed and tested as a whole, so if your developers built your system on Windows 7, it probably hasn't been tested on Windows 10.
There aren't many significant changes which make it likely to fail - but it isn't something you should try on a live system. You will need to engage with the developer to test on Windows 10 and confirm an upgrade will work.
Can I Just Disconnect the Network?
In security terms, "air-gapping" means running a system off the network with controlled access to remove the risk of someone getting into it.
The classic air-gapped system from Mission: Impossible (1996)
I have seen customers where there are still Windows XP systems running air-gapped.
Air-gapping does substantially reduce the risk of infection. No network connectivity removes the system from your IT systems preventing it from spreading viruses, and no internet access reduces the risk of infection in the first place.
However, some malware can spread through USB sticks, so if you are transferring data from the system, this needs to be a consideration. The risk is lower here - especially if the other PC is up to date - but in high-risk situations, you may conclude it isn't enough.
Summary
So to bring it back to the question - should you upgrade?
Each path has risks:
- Upgrade and risk the software breaking. This can be mitigated by working with the developer to test this first.
- Don't upgrade and risk being vulnerable. This can be mitigated by airgapping the system.
If the software is modern and you have a good relationship with the developer then I would generally recommend upgrading - your IT department may force you anyway!