Antivirus and Security patching are different types of threat prevention. Microsoft, through security patches, fixes exploits in the OS where threats will make their way through undetected. Security patches fix vulnerabilities in the OS itself.

When an OS reaches its EOL, further updates will not be supported. This means that any security exploits will remain open to those that know of their existence. Operating systems are very complex, bugs and exploits will almost always exist. To counter this, patches are rolled out constantly to protect users from people abusing these exploits. When a product reaches EOL though, the patches no longer are there to protect users when new exploits are discovered. This then leads to increased time investment from hackers into finding exploits, as they know they will not be patched out.

An antivirus is a software. At a certain point, software developers will stop supporting EOL operating systems. This means that eventually your antivirus will fall out of date as well and be open to attacks more easily.

Information protection:

• PCI
• HIPPA
• General Information management

Organizations that handle credit cards or other personal information will be subject to PCI compliance. This is the Payment Card Industry Data Security Standard. If an Operating System is no longer supported and security patches are no longer being released, PCI compliance will not be accomplished.

For organizations concerned with HIPPA violations, upgrading and keeping your OS up to date should be of paramount importance. A security breach would result in preventable legal issues and constituent information loss/leakage

The loss of other private information is also an issue. This would mean personal passwords, emails, banking information, etc. Anything stored on the computer, or even inputted into the computer would be liable to be seized for malicious intent.