Windows 10 End-of-life - what should average users do? Security expert opinion.

If you’re still using Windows 10, it’s really time to start planning ahead. When Microsoft officially announced that support for Windows 10 would end on October 14, 2025 many of us in the tech-verse expected that they’d probably end up backing down and moving that date further out. That hasn’t really happened. Well, sort of. It’s complicated. Over the last few months, I’ve fielded more questions on this than any other single issue, so here’s my take on the issue as a security pro.

What Does “End of Life” Actually Mean?

First of all, for those who aren’t aware, “End of Life” is the final phase of life for a piece of software (go figure, right?). It’s not the same as “End of Sale” which you’ll also often encounter in the corporate world. End of sale usually occurs many years before End of life and is essentially a vendor saying, “This system is no longer new enough to compete in the market, so we’re going to stop selling it”. Hardware and software which has reached End of sale (but not End of life) is still perfectly usable, still receives updates and support, and could well continue to perform it’s function for many, many years to come. Just don’t expect it to have all the latest bells and whistles (not a problem if you don’t need either those bells, or the whistles.)

End of life, on the other hand, is a vendor saying, “We consider this product obsolete, you should replace it, and we won’t be updating or supporting it any more”. So, in theory, when Microsoft ends support for an operating system, it means:

• No more security updates or patches.
• No technical support from Microsoft.
• No new features or compatibility fixes.

Windows 10 will still work after October 14, 2025—but without regular updates, it becomes increasingly vulnerable to security threats, especially as newly discovered exploits go unpatched.

Microsoft are very keen for you to hear this, panic, and either upgrade to Windows 11, or buy a new Windows 11 PC (which, in case you somehow missed it, comes with Co-pilot). While you do have some other options, and we’re going to talk about them now, let me stress, you MUST make a decision and take some action. Running an unsupported operating system almost guarantees you’ll be the victim of a cyberattack at some point, and just isn’t an option in 2025. Take this as your warning.

Don’t even think about running an unsupported operating system. You WILL be hacked.

So, should you just buy a new PC? The problem with the whole “buy a new PC” angle is that there are many, many systems which are still perfectly functional, but don’t technically meet the requirements for Windows 11. On the one hand, Windows 10 is now over 10 years old and (as a security practitioner) I do accept that there’s only so long you can keep supporting older hardware. On the other hand, Microsoft did promise that 10 would be the “last version of Windows” and many consumers are justifiably upset with the fact that that promise has been broken. It’s a toughie, but there’s good news - this isn’t really a full end-of-life scenario, at least not yet. Let’s look at your choices.

Upgrade to Windows 11 (Free, if eligible)

If your PC meets the Windows 11 hardware requirements, you can still upgrade for free. The requirements include:

• TPM 2.0
• Secure Boot capability
• A compatible 64-bit CPU

You can check compatibility using Microsoft’s PC Health Check tool. While I certainly have some privacy concerns with Windows 11, it’s important to be fair- it is a stable operating system (Cough, same Kernel as 10) and in a couple of years of running it, I’ve had no serious issues.

There’s tonnes of bloat, but it’s mostly fixable. If you can upgrade, my professional advice is short and sweet - do so - unless you’d rather try out Linux, which I’d also recommend.

Buy a New PC

If your current device is not eligible for Windows 11, Microsoft really, really want you to replace it with a new Windows 11 PC, which again, in case you somehow missed it, comes with Copilot. Depending on the use case for your system, this might be worth thinking about - newer machines do offer enhanced performance, battery life, and built-in security features. The TPM (Trusted Platform Module), which is the sticking point for many who want to upgrade but don’t meet the requirements, is actually a highly valuable security feature. It’s a small chip that brings an array of cryptographic capabilities to the table and makes many attacks much, much harder.

There are benefits to upgrading (and you can always repurpose your old system!), so if you were thinking about an upgrade anyway, or are fortunate enough to have some spare cash, you might want to hold your nose and buy your way out of trouble.

Just don’t replace your old Windows 10 PC with a Mac. Microsoft think that’s a really bad idea.

Stay on Windows 10 with Paid Extended Security Updates (ESUs)

So this is where Microsoft have given some ground - for those who (quote) “need more time before moving to a Copilot+ PC or other new Windows 11 device”, there’s now an option to join an Extended Security Updates (ESU) program for $30 USD. You won’t be getting any further tech support, and no new features - but this will help protect your Windows 10 device against serious security vulnerabilities, and is definitely better than no patches at all. It’s important to stress that this is a paid subscription, and the cost will increase each year, but if you’re not able to leave Windows behind or really do just need more time to upgrade, this could be a solid option that should protect you from at least the majority of threats.

I say “could” and “should” because it’s not really quite as good as it sounds. The stated goal of the ESU program is to cover “Critical and Important security updates” - when most people hear this, they’ll justifiably think “Oh good, critical and important updates are what I’m concerned about”. What you need to know, however, is that “critical” and “important” aren’t just adjectives in this context - they’re the top two tiers of Microsoft’s own vulnerability grading system. Furthermore, there are two tiers, “Moderate” and “Low”, that sit below this threshold. So, put more plainly, ESU will provide fixes for vulnerabilities which are deemed “Critical” or “Important”, but not for vulnerabilities deemed “Medium” or “Low”. - Oh, and it’s Microsoft itself that classifies the vulnerabilities.

Whether this is a sticking point for you is a question of your personal risk appetite. According to Microsoft’s severity rating scale, a Moderate vulnerability (which ESU won’t cover) is one in which the “Impact of the vulnerability is mitigated to a significant degree by factors such as authentication requirements or applicability only to non-default configurations.” If you’re using a non-default configuration or don’t have authentication configured (you should), you might start wondering if your $30 is really such a great investment.

The program will provide Critical and Important security updates but will not provide other types of updates or technical support.

– Microsoft

Issues aside, from a security perspective, the ESU program has got to be a good thing - I don’t tend to view it as true altruism from Microsoft, but the program will help to reduce the number of Windows 10 PCs that become prime targets on October 15th. If you’re planning on keeping Windows 10, at least for the time being, you must sign up for the ESU program to avoid becoming what hackers call “low-hanging fruit”.

Switch to Linux

Of course, if you’d rather not pay for ESUs and a new PC is beyond your means right now (or just not something you want to spend on), your best option (which might be the best option anyway) is to think about keeping your system and switching to Linux. Unless you move in technology circles, you may never have even heard of Linux - but here’s a dirty little secret - many, if not most, technology professionals prefer Linux (or MacOS, which is a sort of cousin to Linux) and not Windows.

Linux, unlike Windows, is free - it’s also secure, fast and often runs much, much better on slightly older hardware. It’s highly flexible and can be infinitely customised for your specific needs - developer, desktop publisher or just general home user, there’s a Linux system for you which also comes totally free of Microsoft’s invasive tracking and telemetry.

It’s true - in the past, Linux desktop support wasn’t that great, and it did take some degree of technical knowledge to get the most out of it, but today that’s just not the case. Many Linux variants (called Distros) are probably easier to use than Windows, and some Linux systems now very closely mirror the Windows desktop experience, so that switching over really doesn’t feel that foreign at all.

Besides, you might already be using a tonne of Linux without knowing it! Have an Android device? That’s Google’s highly customised version of Linux - run a smart TV? It’s almost certainly running on Linux. Used the internet recently? Yup - almost all web servers today run on Linux.

Whether you’re up for fully switching or not, this is a great time to at least try something new. If you feel like giving it a go, check out more here.