If you have a business reason to keep a Windows 7 system active past its 2020 end-of-life date, here's how to keep it from being a security liability on your network. Credit: Getty Images / Microsoft We’re coming up to the Windows 7 end of life date. January 2020 will be the last time Windows 7 will receive a security update, although customers with a premier support contract can purchase Extended Security Updates (ESU) for Windows 7 Professional and Enterprise through January 2023.Alternatively, when Windows Azure virtual desktop is released, you can purchase virtual desktop and ESU will be provided free of charge to allow you to transition to Windows 10. However, some might find neither option feasible or have a reason (as I do) to keep Windows 7 around to access older line-of-business applications. In my case, we need it to run older versions of specialized software to prepare historical calculations.Clearly, we do not want to expose our network and our systems to undue risk that Windows 7 presents. What can you do to isolate these potentially vulnerable and risky Windows 7 systems so that they don’t introduce risk into your network? Plenty. Here are your options:Block the machines from being able to browse the internet. Use the proxy trick from the XP era to keep older systems from the web. Enable proxy settings and use the same proxy server for all addresses. Select ”Do not use proxy server for local (intranet) addresses”. Then enter 127.0.0.1 into “Address of proxy” and 80 into the “Port” setting. You can also use these settings via Group policy to block it for certain users.Isolate the machine on a private network that isn’t able to access the internet.Virtualize Windows 7 and narrow the scope of the use of the system so that it’s only used when absolutely necessary. You will need to license the machine using software assurance to transfer it to a virtual machine.Install Microsoft’s Enhanced Mitigation Experience Toolkit on Windows 7. While it, too, is no longer supported, you can import the settings to protect popular software.Don’t log into the system with administrator credentials and use only limited user rights. If you have issues running a line-of-business application without administrator rights, use LUA Buglight to determine what registry keys or file locations need elevated rights.Disable autorun functionality.Review your Data Execution Prevention Protection settings and ensure they are enabled.Ensure you update to the latest version of Office and don’t use older versions of Office.Don’t open email on Windows 7 (and especially don’t follow HTML links).Ensure all final updates are installed as Windows 7 starts its final days. Ensure you manually scan for updates and review what optional updates you may not have installed in the past.All these steps won’t protect you from all unpatched vulnerabilities, so it’s crucial that you understand the risks you are taking by running unpatched software. If there is a need to keep an older operating system, do the best you can to isolate it from the rest of your production network. Then plan on retiring these systems as soon as you can. Related content news Is China waging a cyber war with Taiwan? Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports. By Gagandeep Kaur Dec 01, 2023 4 mins Cyberattacks Government news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe