What Does Windows 10 End of Support Really Mean?

(Generated and lightly processed by AI)

First of all, thank you very much for having me. This is always kind of fun to do. If you haven’t read the blurb, yes, it’s about Windows 10 end of support. What I want to talk about today is just what end of support means. Is it really as serious as Microsoft would like you to believe? And what are your options if you can’t or just don’t want to upgrade to Windows 11?

Now, what’s neat about this is that honestly, having been in the industry for a while, this is not anything we haven’t seen before. So we’ve got a good sense of what to expect. I’m going to cover some of the options, which options might make sense when, and of course, a few gotchas along the way.

This is not going to be a death by PowerPoint presentation. We’ve got Windows 10 available to share if it makes sense to clarify anything along the way. The other thing I wanted to point out is that given the format of Zoom meetings, I think it’s probably best if we can save any questions for the end. I’ve got plenty of time to take whatever questions you might have about Windows 10 or honestly anything else.

So. Windows 10 end of support. Officially, it was last October the 14th. But of course, Microsoft can’t leave things clear. There’s now what’s called the ESU, or Extended Security Updates, available, which essentially push out that end of support date for another year to October the 13th of this year.

Now, you do need to enroll, which should be available in the Settings app, in the Windows Update section of the Settings app. There are what I would call conflicting or at least unclear requirements. ESU is no additional cost if you are syncing your PC settings. Many people don’t even realize that they are in fact syncing their PC settings, so they’re surprised when they get this for free. Supposedly you can redeem a thousand Microsoft Rewards points — I didn’t even know what those were until I went and looked and found that I had somehow accumulated something like 7,000 of them. There’s also this concept of a one-time purchase for $30, or whatever the local currency equivalent might be, plus applicable sales tax.

Here’s the thing: I’ve not yet run into anyone — not a single person — who’s actually paid any money for this. Most people, like I said, are syncing their settings. To be clear, I was really afraid of that when they first announced it, because it was my assumption, my understanding, that using OneDrive to back up was part of that syncing. Fortunately, it is not. OneDrive backup — if you haven’t run into it yet — is something to be avoided almost at all costs.

So it’s great, right? I’ve run into lots of people who have apparently done none of the above, and yet they’ve still been offered ESU. I’ve also run into people who in theory should be able to get ESU who for some reason are not. So I kind of classified it as Schrödinger’s end of support: it both has and hasn’t happened yet, depending on what’s inside of your ESU box.

I will have a collection of links to share with you sometime after this presentation. One of them is in fact to the Microsoft.com site that’s telling you all about what they’re saying about Extended Security Updates.

So, end of support — what does it really mean? Well, it’s a spectrum. To be honest, we’ve been at end of support for a long time already. Windows 10 has not been getting any new features. Windows 10 has not been getting any new bug fixes except for those that are security-related. That’s pretty much the state of Windows 10 since 22H2 was released in October of 2022, with few, if any, exceptions. When a bug’s been found in Windows 10, it’s not going to be addressed except if it has security implications — for example, maybe it’s some kind of vulnerability that a hacker or malware could exploit. Then that security-related issue would be addressed until end of support — October of last year, or October of this year with ESU.

There are a couple of interesting observations. There were many people who went through great pain to actually disable Windows Update, because they felt that the updates themselves would destabilize them. Put another way, they believed that the updates were riskier than the issues that the updates might resolve. Regardless of whether they were right or wrong — and of course I have opinions on that — they were running Windows 10, often for years, successfully, without any updates at all.

And back to this: end of support for the corporate, Education, and so-called IoT editions of Windows 10 extends further than the consumer editions. That implies that if something were serious enough to be fixed for those markets, Microsoft could provide it to the consumer editions as well. Doing so or not doing so is a choice that Microsoft is making using criteria that, honestly, they haven’t shared.

So, how serious is it really? Personally, I classify it as a big… meh. Microsoft would love for you to believe that some malware will come along and, because you’re not getting security updates, your machine will be compromised and all hell will break loose. My take is that the chances of that happening are very small.

I’ve even heard these wonderful conspiracy theories that malware authors have been saving up bunches of exploits for existing vulnerabilities that Microsoft doesn’t know about and hasn’t yet fixed. The story goes that as soon as support ends, they’ll unleash the Kraken and flood Windows 10 users with malware. My take is that this is even less likely. Malware authors aren’t that coordinated, and even then, they’ve been looking ahead to Windows 11 all along.

Now, as I said earlier, we’ve seen this before. There are two great examples. When Windows XP’s end of service came along, there were worries that malware would be unleashed. It wasn’t. When Windows 7’s end of service came along, there were worries that malware would be unleashed. It wasn’t. So while there is certainly a risk, I personally am not convinced it’s a huge one. I suspect that other, more practical things are going to impact your decision of what to do.

So, what are your options? There are three.

**Number one: stick with Windows 10.** I’m a contrarian. I firmly believe that you can continue to use Windows 10 safely even after the end of support date, whichever end of support date happens to apply. It takes two things: practicing safe computing — which means not downloading things you shouldn’t download, not opening attachments you shouldn’t open, paying attention and not falling for phishing attacks — and two, keeping your security software up to date. Here’s what’s interesting: Windows Defender will keep getting updates into 2028, independent of Windows 10’s end of support. And of course, if you’re using third-party security software, whatever dates they’re publishing are the dates that would matter. But seriously, that’s it. Two things: safe computing, keeping your security software up to date. Honestly, safe computing is probably the most important, and theoretically these are things that you’re already doing.

**Option number two: upgrade to Windows 11.** I’m a contrarian — yeah, I like Windows 11. When I switched years ago, quickly after it came out, there were a few things I had to get used to, but to me they were minor in the big picture. It felt like Windows 10 but with a new skin. Not everyone feels that way, and trust me, given the questions and comments that I see every day, that at best is an understatement.

There are two things people run into. The differences are too jarring and upsetting to them — those could be user interface differences, the perception of data being collected, or the perception of things like OneDrive and Copilot being pushed on them perhaps a little more aggressively. And two, their existing computer doesn’t meet the hardware requirements.

There are, of course, possible solutions. Much of the controversy is the Start menu and the taskbar. There are tools like Open Shell, which is free, and Start 11, which is paid, though not expensive — both let you return to a Start menu and taskbar style similar to previous versions of Windows. In both cases, you actually get to select whether you want your taskbar and Start menu to look like Windows 8, Windows 7, Windows XP, or whatever you feel most comfortable with.

Sometimes the hardware requirements can be met. Some machines actually do have a TPM, for example, that you can enable in the BIOS. TPM — the Trusted Platform Module — is one of those requirements that Microsoft has said Windows 11 requires. I actually had to go into the BIOS/UEFI on my own machine and turn on the TPM in order for Windows 11 to work. It did, and I had Windows 11 very quickly thereafter. And of course, sometimes the hardware requirements can be bypassed depending on which requirement you’re running up against. There may be various workarounds — I don’t necessarily recommend them per se, but they exist.

**Option number three: switch to Linux.** It’s a very common suggestion, and absolutely a very viable option for many people — but it’s not for everyone. While concepts like programs, files, and folders are the same, there’s still much to learn about the transition. The user interface, for example, is often very different — more different than the switch from Windows 10 to 11. Many operating system details that you’re familiar with may have different names or different locations. Windows programs will not work. Yes, I know — there are libraries that purport to allow you to run many Windows applications directly, but my experience is that this is error-prone at best and often very slow. It’s absolutely worth investigating if you go this route, but what I would not do is rely on it as part of your decision to switch, because right about then, a Windows program you desperately need won’t fall into that category.

And of course, support can be tricky. There are good, welcoming places for Linux support, but too many have a reputation of being hostile to newcomers. Honestly, today I’d probably recommend using your favorite AI for Linux assistance. All that being said, there are equivalent programs — Office suites, email clients, and more — that you can switch to. And of course, browsing is still browsing. Anything you do in your web browser, which honestly is a lot these days, often just works.

Now, in my list of three, I have a fourth. I generally don’t mention switching to a Mac, mostly because the goal is to let you use your existing hardware, and all three of the options I’ve just talked about will generally do that. But if you want to use this as an opportunity to get a new machine and wave goodbye to Microsoft, Macs honestly are a fine solution. Many, though not all, of the caveats I discussed about Linux apply. I will add that the MacBook — whatever was released a few weeks ago — is a very tempting machine. Personally, I’m platform-agnostic. I spend my days in Windows, the Ask Leo! server is a Linux box, and my wife runs a MacBook Air. She’s had it long enough that I’ve forgotten which model. Like I said, they’re fine machines.

All right. I want to address some of the reasons or complaints that just aren’t reasonable.

*”Microsoft is forcing everyone to buy new machines.”* No, they’re not. I just gave you three legitimate ways to keep using your existing PC.

*”OneDrive [bleep] in Windows 11.”* While OneDrive is an expletive mess, I’ve got news: it’s a mess in Windows 10 as well. They’ve been pushing it hard. Now, there are ways to get rid of it.

*”Copilot [bleep] in Windows 11.”* Same thing. Copilot is separate, and it’s being pushed hard in many of the applications you’re using in Windows 10 as well. You can turn off and/or disable much of it, most of it, some of it — it’s been very confusing. And recent statements by Microsoft seem to promise that they’re actually pulling back on this aggressiveness as well.

*”The Recall feature invades my privacy.”* No, it doesn’t. Supposedly this feature takes a snapshot of what you’re doing periodically so that you can refer back to it — but it does not do that unless A, you have a Copilot Plus PC, and B, you explicitly turn it on. After the initial controversy, the Recall feature is off by default.

These are all issues to be sure, but many of them — I’ll even say most of them — are actually independent of the Windows 10 decision-making process.

One reason that might actually be a reason to move to Windows 11: someday, your favorite software package may stop supporting Windows 10. I’ve already heard reports of a handful of applications jumping the gun and doing this already. I’m not sure if it’s TurboTax or QuickBooks or whatever — given that today is tax day, I suspect we’ve all moved on from that — but you get the idea. Apparently some applications dropped support for Windows 10 like a hot potato. Realistically, as years go by, software may stop supporting Windows 10. But again, we’ve been here before. With the exception of a few outliers, we’re typically talking years — and honestly, it’s typically longer than the life of the hardware you’re using.

All right. What’s my recommendation? Bottom line: if your hardware supports it, or especially if you’re getting a new machine anyway, embrace Windows 11. I know that for some, that might feel like embracing the suck, as the Navy SEALs might say — but my experience is it’ll feel less sucky after you’ve used it for a while. Pragmatically, it’s the best way to make sure you’re running a fully supported system that’s supported by current applications.

Now, if you can’t — hardware doesn’t work, or you just can’t bring yourself to take it on — keep using Windows 10. You’ll be fine. Keep your guard up, of course, but honestly you should be doing that anyway, regardless of which OS or which version of the OS you’re running.

And if you’re feeling adventuresome, or you just want to give Microsoft the heave-ho, have a peek at Linux. I’ve actually got a course that I’m finishing up on switching to Linux. Particularly if you spend your days primarily in a web browser, it might be all you need.

In that same category — if a web browser is where you spend your days — another option I haven’t talked about yet are Google Chromebooks. In the Google environment, they support Google Chrome, Google Apps, Google everything. I liken it to an Android phone, only bigger — a big screen with a keyboard. They’re very lightweight, they tend to last a long time on battery. I’ve used them in the past and found them very interesting. Once again, it’s yet another alternative. It’s not one that lets you necessarily keep using your existing hardware, but if you are looking to get away from it all, it might be worth looking into.

So, that’s what I have to say about Windows 10 and its end of support. I’m very happy to take any and all questions at this point. Bob, I’m not sure how you want to handle that with your crowd, but by all means, keep them coming.

Q&A

Is there any improved security with Windows 11 over Windows 10?

Not explicitly. Remember that Windows Defender is essentially the same software on both platforms, which is one of the reasons that Windows 10 continues to get those security updates as you keep using it. For the most part, the short answer is, technically, no. Microsoft will tell you that relying on things like the TPM and a couple of other things does indeed improve your security. As a practical matter, I don’t necessarily buy into it as strongly for the average consumer to make the switch. It may have a big implication for corporate use — a lot of the changes related to Windows 11 are, I suspect, corporate-focused. But for folks like you and I, it’s nothing that I would base a decision on.

Windows 12 — that’s coming out. This year, was it? That’s what they’re saying.

There’s been absolutely zero information about Windows 12, certainly nothing from Microsoft. I think a lot of people — YouTubers in particular, for some reason — are using “Windows 12” as kind of a clickbait headline to try and get viewers. But there’s literally no information on it. Will it exist? When will it exist? What will it look like? Unfortunately, there’s just nothing we can speculate about.

Because some people say that if you bought Windows 11 now, Windows 12 would be so big a change they’d have to buy another machine when that came out. Is that a rumor, or…?

I’ve heard those rumors, and that’s exactly all they are — rumors. There’s absolutely nothing to substantiate that. The problem is that a lot of people see what Microsoft did with Windows 11’s additional hardware requirements as possibly setting a precedent. Is it a situation where every subsequent version of Windows is going to require some random change to my hardware that’s going to push me to buy a new machine? I don’t know, clearly, to be honest. But like I said, there is zero data to say one way or the other. So at this point, I wouldn’t put too much stock into any rumors about Windows 12.

Another question about security. Windows 11 has the TPM. TPM would be a location for storing passkeys. So Windows 11 is more easily going to support passkeys. I guess I’m just wondering — does Windows 10 support passkeys in general, and is there much of a difference between using Windows 10 and passkeys?

In theory, again, TPMs are going to store passkeys and a bunch of other credential-related information more securely. But from a personal computer, from an average computer user’s point of view, those just aren’t as big a threat for us. Again, they are in the corporate world — corporate environments get attacked very differently than individuals do, and as a result, requiring a TPM for secure credentials such as passkeys might make more sense for them. But again, I’m going to come back to that statement: yes, TPMs are probably more secure than previous Microsoft credential storage techniques, but it’s not something I would necessarily use as a decision point in deciding whether or not to switch to Windows 11 as a consumer.

Could you very quickly and easily explain what a TPM is, maybe?

Quickly and easily — there’s a challenge. The best way to think of it: they sometimes refer to it as a “secure enclave.” It’s essentially a way where access to its contents is very strictly controlled at the operating system level. In other words, it’s not like I can write a piece of software and have it go in and extract the contents of the TPM. It has to be done by a very specific piece of the operating system in a very specific way. On top of that, everything in the TPM, as I understand it, is strongly encrypted, so even if you could get at the internals, what you would get would be useless — just encrypted junk. That said, I don’t have the deepest knowledge of what goes on inside a TPM; I’m basically just repeating my understanding of what I’ve read. But that’s the way I understand it works: it’s essentially just a more secure place to store certain encrypted data.

Thank you, Leo, for your presentation. It’s very helpful. My question is, you talked about a course you’re doing on switching to Linux. Could you give a little bit more info about that?

I’m sorry, could you repeat that — you’re asking about my course? Okay. I explicitly was not going to turn this into a sales pitch, so please, this is not a sales pitch. Askleo.store — you’ll see that one of the online courses listed there is a course called *Linux for Everyone*. It is, I want to say, about 90% complete. I’ve got a couple of chapters still remaining. It is currently on sale just because it’s not done, and it’s a wonderful opportunity for early adopters to influence what else I throw into the course. But it’s essentially just walking you through installing Linux, looking at the differences, understanding some of the things you may or may not encounter along the way. In this particular case, for those who are aware of the differences, I’m using Linux Mint as my example, but it is just an example — a lot of what I talk about applies to many other Linux distributions. But yeah, askleo.store. Have a look.

Can the TPM stop attacks from the outside?

It does not stop attacks. If something gets onto your machine, you’re still under attack. What the TPM does is protect your data from that attack.

Rootkits have been around for years and years. A simple explanation of a rootkit: it’s a program that buries itself deep in the operating system, and that’s where the trouble begins. Will the TPM stop that?

Again, I don’t believe so. There are other mechanisms in Windows that supposedly address that kind of thing. If you’ve ever run things like the System File Checker and so forth, those are often the kinds of things that will stop rootkits. One of the characteristics of a rootkit is that if you were to open Windows File Explorer on a folder, a rootkit would prevent its own files from being displayed — ever. Which, as you say, means the rootkit had to get in there earlier. But that implies that the rootkit had to modify some things that it’s supposedly not supposed to modify. That’s where things like Windows File Protection come in and will either detect, alert, or even revert those changes. I say “sometimes” because obviously the definition of a rootkit is very broad — it can operate in many different ways. But again, the TPM is mostly about protecting your data on the machine, regardless of the attacks that may or may not be happening.

With the new secure boot certificates expiring next year — we’re going to be coming up on that — what should we be looking for? What do we have to do?

Keep running Windows Update. Really, in theory, it’s supposed to be that simple. The certificates that are installed in your UEFI are certificates that can be updated, which is one of the reasons UEFI is dramatically different from BIOSes of the past. With the old BIOS, you couldn’t really update any data — all you could do is do a firmware update, and it was a painful process. With UEFI, you may notice that you’ve probably already taken some updates to your UEFI, and one of those updates may, as I understand it, include the new set of secure certificates for boot.

Thank you again for having me. This was a lot of fun. Take care, everyone.