Fearmongers, on the other hand…
When I tell people it’s quite possible to continue using Windows 10 safely after the end-of-support date, I often receive variations of that comment in return.
While I don’t expect to change anyone’s mind, I want to explain why I feel that way and why the hype over an impending Windows 10 apocalypse is incorrect.
Become a Patron of Ask Leo! and go ad-free!
Continuing to use Windows 10 safely
Windows 10 won’t suddenly become unsafe when support ends. It’ll keep working fine, and security tools like Microsoft Defender will still get updates. If you’re careful with what you click, download, and run, and keep your security and other software current, you can stay safe without panicking or rushing to upgrade.
Windows 10 will keep running
What happens on that end-of-support date? Nothing. Seriously, your Windows 10 machine will run just as well the day after support ends as it did the day before.
“End of support” means that there will be no more updates to the operating system itself. No new features (though that’s supposedly been the case for a while), no bug fixes, and, perhaps of greatest concern, no security fixes. If Microsoft discovers a security vulnerability in Windows 10 after the end-of-support date, that vulnerability will (probably) not get fixed.
That last part, of course, is what has many people’s knickers in a twist.
Security software will keep running and updating
Windows Security/Microsoft Defender will continue to be updated through 2028. From the Microsoft page How to prepare for Windows 10 end of support by moving to Windows 11 as of this writing:
Microsoft will also continue to provide Security Intelligence Updates for Microsoft Defender Antivirus through at least October 2028.
This means that as new malware inevitably evolves, Microsoft Defender will continue to be updated to recognize and act on any new or old malware that might make it to your system. Even though Windows 10 itself won’t be “fixed”, should there be a vulnerability for the malware to exploit, Microsoft Defender will continue to protect you from that malware.
The same is true for many other third-party security packages. Their support is not tied to Windows 10’s schedule, and many, if not most, will continue to do their job for some time after Windows 10’s end of support.
Related
What Happens at Windows 10 End of Support?
The end of support for Windows 10 means Microsoft will no longer issue security updates. Here's how to continue using it safely.#145971
It’s highly unlikely there’s a backlog of exploits
Some folks speculate that malware authors have a collection of existing vulnerabilities in Windows 10 that they’re waiting to exploit until after the end-of-support date. The theory is they can then release malware exploiting those vulnerabilities without concern that the vulnerabilities will be fixed.
It’s possible, but not very likely. Counting on the restraint of malware authors to delay their activity seems like a weak justification for panic.
Will there be vulnerabilities exploited after Windows 10 end of support? No doubt. Will it be a flood? Highly unlikely. And even if there was, other approaches to safety will work to keep you safe.
Malware arrival is mostly in your control
Most malware arrives in one of three ways.
- You download and run a file containing malware.
- You open an attachment containing malware.
- You click a link that eventually downloads and runs malware.
This isn’t about blame.
In fact, it’s great news. The common thread here is you, and that means you are in control.
You can avoid most malware by:
- Being careful about what you download and run.
- Being careful about what attachments you open.
- Being careful about what links you click on.
And, of course, backing up.
You should be doing all that already. If so, you’ve already taken the most important steps to keep yourself safe, regardless of whether your operating system is being updated or not.
Related
Internet Safety: 7 Steps to Staying Safe Online
Online security is critical. Here are the key steps you can take to keep yourself safe on the internet.#2374
Some folks have already done this
While I recommend keeping your system as up-to-date as possible, not everyone feels the same way.
Some people explicitly disable or avoid Windows 10 updates for months, if not years. In other words, Windows 10 support ended for them long ago when they did whatever they did to prevent automatic updates.
They’ve been doing just fine. In fact, many of them consider Windows updates themselves riskier than whatever threat an unpatched operating system might pose. Some are even looking forward to the end of Windows 10 support so they can stop being concerned about which update will break what next.
I don’t agree with their position, but that doesn’t mean it can’t work. And it’s a good example of being able to use Windows 10 safely without security updates.
We’ve been here twice before
I have a strong sense of déjà vu. We’ve been here before. Twice, in fact.
Windows XP’s end-of-support date came and went. While many people continued to use it past that date, there was no “XPocalypse”, even though there were dire warnings from the naysayers. The article How Do I Protect My Windows XP After They Stop Sending Updates? should seem very familiar.
Windows 7 had the same kerfuffle. How To Keep Using Windows 7 Safely After Support Ends should, again, seem familiar.
In both cases, people elected to continue to use XP or 7 beyond its end-of-support date, and did so safely. Indeed, some continue to use those older operating systems even today.
There’s little reason to believe Windows 10 will be any different.
Related
No, Windows 11 Is Not Forcing You to Buy a New Machine
The most common complaint about Windows 11 is based on a fallacy.#179314
Perfection doesn’t exist
“But Leo, there could be problems! How can you advise people not to protect themselves?”
Let me correct you: there will be problems. There will be problems with unsupported Windows 10, and there will be problems with supported Windows 11. There will be problems with their alternatives. None of them are perfect. Perfect security does not exist.
And I am advising them to protect themselves. I’m advising them to do so in ways that will allow them to stay safe when running Windows 10 beyond its end-of-support date.
Security is a spectrum, and our job is to adopt behaviors that stack the deck in our favor. Coupled with appropriate security habits, sticking with Windows 10 is not the disaster many make it out to be, just as moving to Windows 11 is not the nirvana some might have you believe.
Getting security fixes from Microsoft is only one piece of a very complex security puzzle. Would I rather that people use supported operating systems? Of course. But that’s a myopic wish and ignores the practical reality, which is that many cannot or do not want to update to Windows 11. That doesn’t mean they’re doomed.
Do this
Take responsibility for your security. Be extra skeptical. Be extra wary. Keep your security software as up-to-date as possible. If the software you rely on — especially security software — eventually drops support for Windows 10, then find alternatives that support it for as long as you need to run Windows 10.
Yes, someday you’ll update, probably when you get a new computer; but with sensible behavior, there’s no reason to panic about Windows 10 end of support.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
As Leo notes, being safe is more about personal practices than Windows end-of-life. Besides a Win-10 machine (that gets all the updates) we still have a couple Win-7 machines that are used daily without issue. I’ll suggest permanently disabling the ‘Win-11’ update notices if these cause anxiety.
Hi Leo
Thanks for confirming what I suspected. Your mailings are always a welcome addition to my inbox!
Thank you, as always, for your kind and level-headed advice. I admit, I was more concerned (miffed, truth be told), about the end of Windows 10 support than I had any need to be. If I had taken a few minutes to actually think about it instead of panicking, I could have saved myself some anxiety.
I am still somewhat miffed about the whole thing, but thanks to you, panic is no longer a part of the equation.
What Leo says in this article is factually true. There won’t be an apocalypse and we won’t all be destroyed by malware. I’m still using Windows XP and 7 on several computers, and using them online. But what’s curious is why you (Leo) should be “frustrated” and publish this article now. After all, it’s websites such as AskLeo that capitalize on the incessant hysteria of Windows OS vulnerabilities. Update, update, update – or else … What seems to be missing from this update frenzy is any discussion of what exactly you’re updating, how it protects you, what problems will it cause, and any understanding of specific publicized vulnerabilities. Granted, most of such detail is over the head of most people, and even IT professionals don’t have the time or resources to research the details.
For any business that uses or depends on the Windows OS, the evangelism to update is not a primarily technical issue, but a legal issue. If you don’t update, and don’t advice others to update, and something goes wrong, you get sued. That’s an unfortunate dilemma for businesses, but for home users there are more rational choices.
The fact is that Microsoft (Windows OS) faces a dozen vulnerabilities a day, with several being zero-day. Microsoft cannot keep ahead of the malware curve. Neither can the entire cyber security industry. Of course, this doesn’t mean to give up and not take digital security precautions, but don’t freak out about it. Today, your computer is already months behind the curve of all the yet unpublicized and un-fixed vulnerabilities that are out there. The good news is that as a home user you are not a primary target. The bad news is that if a hacker specifically targets you, no Windows update is going to save you, even if you’re a big corporation with bus-loads of IT personnel.
The purpose of this post was to concur with Leo’s assessment about the continued use of Windows 10. But, with regard to updates, the Windows OS is just one piece of it. These days, just about every application on your computer wants to constantly update. That’s another story.
” The bad news is that if a hacker specifically targets you, no Windows update is going to save you, even if you’re a big corporation with bus-loads of IT personnel.”
If it were true that if a hacker specifically targets a big corporation that bus-loads of IT personnel won’t protect a corporation, every corporation would have been hacked and decimated. Yes some breaches occur, but these companies are under constant attack and only a few are successful.
Above I said “every application on your computer wants to constantly update. That’s another story.” If you plan on using Windows 10 into the future, some of this story will matter.
So, Windows 10 won’t update after October 2025 (supposedly). But, if your applications keep updating, they might reach a point of incompatibility with Windows 10. Also known as forced obsolence. So, an application that you depend on may stop working. To avoid this you must also stop these key applications from updating, and keep (backup) copies of the installation packages for Windows 10.
That’s true. It’s not only a Windows problem. I have an old iPad. When it could no longer support updates, one by on my apps stopped working. You can asay many negative things about Microsoft that are all true, but Apple products are subject to the same problems. That’s just how technology works.
Hi Leo!
You’re right: it’s necessary to labour the point and to make the (microsoft’s) scales fall from user’s eyes! Your comparison is quite good with XP and W7: we already passed this supposed Armageddon, and… nothing at all occurred!
Thank you for daring to tell truth to the face of the World 🙂
I’m currently running Windows 11 on all three of my devices, including my older Dell Inspiron 5555 laptop PC that will never meet the Windows 11 hardware requirements. Even though Windows 11 is not officially supported on that computer, it does receive updates from Windows Update, so security is effectively maintained. I’m just not able to contact Microsoft for help if something goes wrong. Since I’ve never received help from Microsoft, even on the few occasions when I requested their help, I don’t consider that an issue.
Now that I have Windows 11 installed on that computer, and I’ve created a full system image of Windows 11 on that machine, I intend to revert back to Windows 10 so I can see how things go, both as EOL approaches, and after that date passes.
I don’t anticipate any issues with using Windows 10 following it’s EOL because I already use all my computers as if they’re not supported.
I always check every hyperlink (both on web pages and in email messages) before I click them.
Before accessing an unfamiliar web page, I do my research to determine whether it’s benign or not, usually using the Virus Total website. Virus Total accesses dozens of sites and reports their results. For example, Steve’s Studio previously reported as malware in Firefox (the browser stopped me from accessing the site), but now it can be accessed successfully/safely (the maintainer fixed something?), and no longer gets that return, even in Virus Total (reports as malware from 3 out of 97 sources).
I use what I describe as Cognitive Security, which includes everything I’ve described above as well as a generally significant attitude of skepticism regarding everything coming from the Internet, including anything I read, listen to, or view. The fact that I found it on the Internet doesn’t make it true. We must all remember that many people post their opinions as if they’re facts. While opinions may be based on facts, most aren’t because they’re based more on emotions/attitudes. Never blindly believe what you find on the Internet, especially if it fits well with what you already think.
If you exercise caution, combined with significant skepticism regarding everything you encounter on the Internet, you can continue to use Windows 10 after it’s End Of Life this coming October, at least until there is no longer any security/anti-malware software that supports it. When that time comes, I suggest you look for a supported alternative.
My2Cents,
Ernie
My previous post (above) was mostly opinion. Here I want to give some (hopefully) constructive advice for continued use of Windows 10, with some more security. The objective is to disable many of the ports into your computer (ports built into Windows). This presumes that you’re not logging into your computer with a Microsoft account (i.e. you’re using a good old local password log on).
1. Windows has built into it several applications (apps, packages, whatever) that are designed to connect to other computers on the internet. Turn these off, or better uninstall them. These apps are waiting to receive connections from the outside and go by various names: Remote Desktop, Remote Desktop Connection, Remote Desktop App, Windows Remote Assistance, Windows App (the latest, aka Microsoft Remote Desktop, as opposed to just Remote Desktop), Quick Assist (aka Remote Assistance), and Microsoft Remote Help. Leo has had several articles about the general topic, but to find and kill all of these will take some research and time (must get into Group Policy, Registry, Services, etc.)
2. Other methods to connect to your computer are in the various Windows Game Box apps and Store apps. Look at all the settings (and again, Group Policy, Registry, Services, etc.)
3. If you haven’t already disabled all of Windows features for telemetry, do so. There are dozens of these: cloud content, dynamic content, cloud search, auto driver update, customer improvement, activity feeds, third party suggestions, data collection, inking and typing recognition, etc. You may trust Microsoft, but remember Microsoft’s history with daily vulnerabilities. These are ports into your computer.
4. Services: there are many services that you do not need (as a typical home user). There are too many to list. Sorry, but you need to do serious work to investigate and disable these. Just a few curious examples: phone service, telephony, payment and NFC service, wallet service. These all can have connections to the outside world.
5. Don’t use Microsoft Edge browser – just because it is huge target.
I had said I still use Windows XP and 7. That’s because those are much easier to secure. Things will get much worse with Windows 11 when we have this same old discussion – soon.
Those planning to continue using Windows 10 after it goes EOL in October and are concerned with a lack of further security updates might consider a subscription to 0patch (https://0patch.com/). It was originally developed to provide security updates for Windows 7, which they continue to support, at a very reasonable cost.
Indeed, several Windows 7 boxes under my wing have been utilizing 0patch since Win 7 went EOL and have continued to operate flawlessly (the only real issue being currently-supported browsers; fortunately, Mozilla continue to provide a supported version of Firefox ESR 115.x, and Supermium a regularly-updated chromium browser, for Win 7).
Does anyone know of a case where a computer was infected/corrupted without the user doing anything (wrong)? Let’s take Windows 8.1 with all default settings after a clean install: Would an attacker be able to install malware or gain access to data?
Only if the computer is NOT connected via a router. Meaning it’s connected directly to the internet without any protection.
(And, in rare cases, if other computer(s) on the same local network are themselves infected.)
The good news is that this is now extremely rare.
Thanks for your reply, Leo. Your answer surprises me somewhat, since you make the computer’s security dependent on the presence of a router in front of it. Not that that’s wrong, but you don’t mention this argument at all in your blog/video. So, if the router is so important for network security, one could simply say: The mere existence of a Windows 8.1 PC on an internet-connected network isn’t inherently a risk. It depends on what the users is doing with it. Do you agree?
I’m not sure I understand your objection. It’s long been the case that putting a computer “naked” on the internet has involved high risk. A firewall of some sort has always been strongly advised. While Windows built-in firewall is better than it was, a router’s NAT acts as one of the best defenses against externally-initiated intrusions.
Behind a NAT router I don’t consider the mere act of being connected to the internet a huge risk. The risk transfers to what you do with the machine yourself.