Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Is an Up-to-Date Browser Secure on an Out-of-Date OS?

Using new tools on old platforms.

Security!

An up-to-date web browser is important, but it's not the whole picture, by far.

With support at an end for Windows 7, many people are concerned about the security ramifications of continuing to browse the internet with it.

As Windows XP users discovered, many browsers continued to support XP long after its end-of-support date.

Were they secure?

To answer that, we need to dispel a common myth.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Given that there is no such thing as perfect security, all we can do is stack the deck. Using an up-to-date operating system is more secure than using one that isn’t, regardless of browser. Using an up-to-date browser is more secure than using one that isn’t, regardless of operating system. Whether it’s secure enough depends on your own ability to stay safe.

The myth of perfect security

There is no such thing as “secure”.

It’s not an absolute state; it’s a range, a spectrum.

You can be more secure. You can be less secure. But there’s no such thing as completely secure.

Believing there is could lead you to let down your guard.

An up-to-date web browser

An up-to-date web browser is certainly more secure than one which is out-of-date, regardless of what operating system you run.

That up-to-date browser will have the latest fixes for security issues and vulnerabilities. It may also have additional improvements, including, but certainly not limited to, security-related issues.

So if you have the opportunity to update your browser, do so. And if your favorite browser happens to stop being updated for whatever operating system you run, you probably want to find a new favorite — if you can.

An out-of-date operating system

An out-of-date operating system is less secure than one that is current and up-to-date, regardless of which browser you happen to run.

That’s why folks in my position always advise that you keep it as up-to-date as possible — even to the point of upgrading to the latest version of Windows when your favorite version is no longer receiving updates. Windows 7 and Windows XP both fall into that category.

But what If you can’t — or just really, really don’t want to?

Secure enough?

The real question is, can you be secure enough with whatever combination of browser and/or operating system you happen to be running?

The answer depends on you.

There are people who continue to run Windows XP, which is years out of date, and seem to do so with enough security for their purposes.

Presumably, they have an up-to-date browser, but even if not, their ultimate security is determined by their actions. If they regularly do things that are risky, they have (much) less protection from the consequences of those actions if their software is out of date.

If, on the other hand, they know how to proceed with care, the combination may be secure “enough” for their needs.

Know thyself

To know if you’re secure enough, you need to understand your own ability to handle the risks of your actions.

Many people fall into either of two extremes:

  • Overconfidence: an overinflated sense of “I know what I’m doing”, when in fact they’re not quite as secure and knowing as they think they are. These folks often end up in trouble.
  • Under-confidence: a level of fear and/or paranoia preventing them from doing just about anything.

Most people are somewhere in between. Being honest about your own abilities — and educating yourself so as to fill in the gaps — is your best strategy.

When in doubt? Keep everything as up-to-date as possible.

It’s not perfect, because perfect doesn’t exist — but it’s “more secure” than the alternative.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Podcast audio

Play

15 comments on “Is an Up-to-Date Browser Secure on an Out-of-Date OS?”

  1. Now that XP is so out of date, I wonder if there are still many hackers working to find cracks. It’s the lowest hanging fruit but there might be so few people using it that it’s not a major target anymore. When Windows 7 goes unpatched, Windows 7 holdouts will be a much larger target group and XP will move to a kind of security by obscurity status. I can’t imagine anyone targeting Windows 98.

    Reply
  2. Well…at 69 I’ve seen every version of windows and browsers (Netscape) from 3.1 to 10. I understand you get comfortable with what ever OS you’ve had over its life. However change is always close at hand, sooner or later you must deal with it. I simply look at it this way; its a learning opportunity and we are never to old to teach the dog new tricks, I strive every day to learn something new…LOL! I will say this about the progression of Windows…I did by-pass 8 and 8.1…what a quagmire Microsoft made! Windows 7 got me through to 10… Windows update had yet to offer me 1809 so I did a manual update last night and yes…Leo…I did a backup prior to…I do a weekly image and daily data backup and I have DropBox synced to my important files and all devices.

    I guess I’m off subject being this is about browser updates…so let me just say if you don’t keep your system updated your asking for trouble be it browser, software or OS… I stopped using IE back in the XP days and I have no desire to try Edge or “talk” to my computer! Leo, I’m in your corner and thanks for all the help you’ve provided over the years!

    Reply
  3. Chrome quit updating for XP quite a while ago, and FF recently followed suit. Now Chrome just nags you every time.

    Reply
  4. I can honestly say that I have never been hacked and have not needed to reinstall Windows in 20 years or more. I have a Windows 8 computer, but I also have a WinXP computer that I built myself years ago and I do not want to give it up, period. All the warnings that came out when Win XP was retired are simply not true, at least for me. I installed the Avast Secure browser which is obviously built upon Chrome to my Win XP machine thinking it would show my online banking site that I had a newer version of Chrome so I could continue to bank online, but it sees it as the outdated version even though it is secure. I can still bank using Firefox, but for how much longer I don’t know. So, I am going to try the User Agent switcher add-on and see if that can fool the online banking system. Again, I believe that using scare tactics to force people to abandon perfectly good hardware and software is a scam that can be ignored by more astute users.

    Reply
  5. I installed Windows 7 when I made a new computer in 2013. I miss Windows 2000. I hope I never have to do another clean install. Reinstalling dozens of applications is painful. Changing all my preferences in the OS and all applications is torture. I only had to restore a backup image a few times since 2013. I am happy with my system.

    I tried Windows 10 when it was released. It installed the latest video card drivers that do not work. Replacing my video cards for ten monitors would cost too much. I plan on using Windows 7 until my 120th birthday, at least.

    Reply
  6. I still use Windows 7 … and (“eeek!”) XP, the best MS OS ever. I make backups. So if the bad guys destroy my laptop, I will start over — with XP and Win7 — although this has never been necessary. I have used both McAfee and Norton security suites. Both have proved sufficient in protecting my relatively simple needs: email, MS Office documents, news, and surfing. (Yes, I use spyware-heavy and update-uncontrollable Win10 at work … simply because I’m forced to. And at home I also do not use the latest version of Firefox because it stopped supporting my needed add-ons a couple years ago … and within the last few days as well!)

    Reply
  7. I still am using windows xp & have sophos anti virus which has stopped updating but yet I keep getting emails to renew my subscription.I haven’t yet contacted them as to what exactly I am updating for, as I am waiting to close to the end of my subscription to decide.I love xp & hate to lose it altogether.
    my question is, do you think I am still protected? Is there another antivirus that I can download to protect my xp ?
    Thank you for any & all help on this
    Norma

    Reply
    • If your subscription has not yet ended but you’re no longer getting updates I would assume XP is no longer supported. I don’t currently have a recommendation for security software for XP.

      Reply
      • thank you . I only use it to get email nothing important.I do have a laptop using window 10, which I do not like but dealing with. at all ,thinking of going to a MAC I suppose I will have to let xp go soon :(
        thank you for your help
        Norma

        Reply
        • If you only use that computer for email or web surfing, you might consider installing Linux on that machine. Linux Mint is very easy for Windows XP users to use. It comes preinstalled with lots of free software, including a web browser (Firefox), an email program (Thunderbird) and a great Office Program similar to MS Office (Libre Office).

          Reply
  8. Never say never. I’m planning to stand pat with Win7 & Firefox for the foreseeable future, expect lots o’ folks are. But down the road something will likely come along to warrant an upgrade … OS, browser, necessary applications, etc. Staying abreast is the best defense so if and when things go south I’m ready to act … be prepared and all that. In the mean time I’ll continue to spend far more time fishin’ and plinkin’ than browsing, more wary of bears than hackers. Looking forward to the firestorm of articles and comments when Win7 maintenance ends, that’ll make for some interesting reading, don’t ye doubt!

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.