Become a Patron of Ask Leo! and go ad-free!
Transcript
So what’s the risk of using unsupported software?
Hi everyone, Leo Notenboom here. I got a question this morning, actually, about, well, I’ll just read it to you. Cheryl asks, “Can you offer any suggestions on what to do if we’re using Google Chrome that’s no longer supporting Windows Vista? Some of us (me) don’t want to buy a new computer just yet? Is there a risk to using Chrome if it’s unsupported?”
Well, the answer actually depends more on you than anything else. I do want to clear up one possible path for you though that you didn’t mention and that is simply that your machine is currently running Windows Vista.
It is possible, I’m not saying it’s guaranteed but it is possible that it might actually support a newer version of Windows so it is possible that you may be able to upgrade Windows itself, either to 7, 8.1 or even 10, maybe and then have Google Chrome support that version of Windows. That’s a fairly major change but it does not require getting new hardware; you don’t have to go out and buy a new computer to make that happen.
So I at least wanted to put that out there. That’s one possible path. Now I realize that it’s also not free so what I’m not going to assume that’s a path you’re going to take. The reason I say that it depends on you, well, first we have to understand exactly what it means for software to be unsupported. This actually came up earlier this week in I think a discussion elsewhere.
When software is unsupported, all that really means is that the software is no longer going to be changed: no new features or no new fixes for a specific platform. So you may find that Google Chrome will continue to be updated on Vista or not but none of the changes implemented in Google Chrome will be specific to Vista or will address any vulnerabilities or problems that are found on Vista.
Now, as I say that, it’s more likely actually that they will stop updating it completely on Vista, but it can go either way. It actually can, so what does that mean? Well, it means that Google Chrome will continue to work. I mean obviously it’s still a working browser on your system, and it will continue to browse things however you end up using your browser to navigate the internet, but what it really means is that if, for example, a vulnerability is discovered in Chrome, or in Windows or in something that can be exploited through Google Chrome, using Google Chrome, that exploit is not going to be fixed.
In other words, we don’t know about it today. Sometime in the future it gets discovered and it’s publicly known, and then malware authors or others can go out and start using that exploit knowing that Windows Vista users are going to remain vulnerable to that exploit, essentially forever, if it involves something related to Google Chrome.
So, coming back to depending on you, what kind of a person are you? Are you someone who understands what it means to be safe on the internet? Are you someone who knows how to determine whether or not an incoming email is valid or not? If an attachment is safe or not?
If you are uncertain about those things, if you feel really uncomfortable about being to make those kinds of determinations, or if you’re someone who does install a lot of software or open random attachments or just go to places on the internet that you shouldn’t go, then yeah, this is a problem and you’ll want to fix it.
I’ll discuss a few options for fixing it in a second. In reality, if you can educate yourself, if you can start to feel comfortable about being able to determine what is and what isn’t safe to do on the internet, you can probably continue to use Chrome for quite some time, probably until it’s time actually replace the machine for other reasons.
The one thing I definitely I want to throw into the mix here is, because there are no guarantees, please make sure that you are backing that machine up regularly and I mean full image backups so that if by some chance you happen to catch an infection through Google Chrome or through any reason, any vector that it may come at you, then once you discover that, you have the option of restoring your entire machine to the time before that infection incurred, and you can not do whatever it was that caused the infection.
Seriously, a backup is by far the number one way to protect yourself from just about anything, and I’ve been saying this to Windows XP users, the folks that are still hanging on to XP, and it applies now especially for Vista and especially folks such as yourself that are using Vista and Google Chrome. Keep backing up; make sure you are backing up daily.
My rule of thumb is monthly full image backups with daily incrementals. If you don’t know what that means I’ve got a ton of articles on askleo.com that discuss how to back up and what those terms actually mean and how they keep you safe.
So backing up is your first line of defense if you continue to use unsupported software. It’s advice I’ve been giving to Windows XP users; it’s advice that I now give to Windows Vista users, and obviously, as more and more software becomes unsupported on Windows Vista, it just becomes that much more important.
So, like I said, it kind of depends on your own comfort level and your own ability to really understand what is and is not a safe thing to do. If you’re comfortable understanding what safety really means for you, you can probably go on for some time. If not, if you’re concerned about this, then the options are kind of limited, to be honest. You can look for other browsers that do continue to be supported. I honestly don’t have a list for you.
You can certainly look into browsers like Opera or Firefox or some others; I mean there’s a bunch of browsers out there. One of the problems with several of the browsers is they aren’t really completely independent browsers. They are browsers built on the same base as tools like Firefox and Chrome and Internet Explorer so it gets a little bit more difficult to understand which one is truly a different browser that actually might continue to be supported on Vista.
But that’s one path to go. The other is, like I said, earlier, operating system upgrade is an option. If you’re really, really concerned and you don’t have the money for an operating system upgrade, and you don’t want to take that path, then the other thing, the only other thing that I can really suggest is an operating system switch. In other words, switching to a free operating system such as one of the Linux variants.
Those obviously will continue to be supported. They are going to be supported on your hardware. If you’re running Vista, there’s a variant of Linux out there that’s going to run, and I’d be shocked if it weren’t something as common or as popular as Linux Mint or Ubuntu. Either of those two will have with them a current versions of Firefox that continue to get supported and I believe you can actually get Chrome or Chromium as it is sometimes called to install on those operating systems.
But ultimately, it all really comes back down to you whether you feel comfortable. I think you can. I honestly believe that it’s perfectly possible for an individual to continue to use unsupported software as long as that they understand the risks that they are taking; that they make intelligent decisions about what they do and do not do on the internet; what attachments you do and do not open; when in doubt, don’t open it. That’s the rule of thumb that applies everywhere but especially if you are running on unsupported software.
And backing up. Backing up is your ultimately safety net. If you can’t insure that you’re running a good, daily backup of some sort of your entire system then pretty much no matter what damage malware might do, you can undo it fairly quickly without losing a bunch of information.
So that’s my advice. If you can, consider an OS upgrade. If you can’t, just stay safe. Be safe and start backing up. I hope that helps. For other folks who are watching this who are in this same situation, let me know what you think. If you’ve got additional ideas that would help someone in this particular situation stay safe, again they are running Windows Vista with no path to upgrade and they are finding that Google Chrome is no longer supported.
How risky do you feel that is and what steps would you take to stay safe in a situation like that? Until next week, as always, by the way, as always here is the link for you to visit this video on askleo.com if you are watching it anywhere else come visit this link. This is where I have the moderated comments. This is where I actually read all of the comments that are left on this article and I appreciate everybody’s input and ideas. Until next week, I’m Leo Notenboom. Do remember to have fun, stay safe and of course, don’t forget to back up. Take care, everyone.
If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,
Podcast audio
Download (right-click, Save-As) (Duration: 9:49 — 7.7MB)
Subscribe: Apple Podcasts | Android | RSS
“In reality, if you can educate yourself, if you can start to feel comfortable about being able to determine what is and what isn’t safe to do on the internet, you can probably continue to use Chrome for quite some time, probably until it’s time actually replace the machine for other reasons.” – I kinda disagree with this. Education and caution provide no protection from things like malvertising/drive-by downloads/installs – which, as we’ve seen recently, can be propagated via even well-known and reputable websites.
“Seriously, a backup is by far the number one way to protect yourself from just about anything.” – I kinda disagree with this too. Much of the malware that’s out there today is financially motivated and designed to steal banking passwords/credentials, etc. Sure, a backup may – or may not – enable you to get your computer back to a pre-infection state but, by that time, your passwords and personal information could be long gone.
When it comes to OSes, browsers and browser plug-ins, the only good option is to use products that are supported. Using something that isn’t supported could result in you getting an unpleasant surprise when you next check your bank balance.
An example to highlight the risks: a malvertising campaign in March of this year distributed both crypto ransomware and banking/credential-stealing malware via a compromised ad network that pushed ads to the websites of the NYT, NFL, BBC, AOL as well as numerous other well-known websites. The campaign used the Angler Exploit Kit which automatically checks for vulnerabilities in outdated/unsupported browsers and browser plug-ins, and then exploits those vulnerabilities to deliver its payload.
http://arstechnica.com/security/2016/03/big-name-sites-hit-by-rash-of-malicious-ads-spreading-crypto-ransomware/
As I said, education and caution provide no protection from such threats. And your antivirus program may not provide protection either as these attacks typically make use sophisticated obfuscation methods in order to avoid being detected (and there are tools out there that enable the bad guys to quickly and automatically obfuscate code and check the effectiveness of the obfuscation by testing it against every antivirus program on the market).
The bottom line is that it’s exceptionally risky to use an outdated/unsupported OS or outdated/unsupported programs.
Wow, Ray, you seem to have an extraordinary fear of all things Internet. Once upon a time, in one of these comments, you wrote “… you shouldn’t be using an application which your do not trust …” If that’s the case, then at any moment, any OS or application can be vulnerable because it hasn’t updated yet within the last hour (perhaps an exaggeration, but not really). I think Leo is correct that a user’s personal understanding of threats, pattern of Internet usage, and diligence in backing up are factors in Internet safety. If you’re a target of an attack because you clicked on the wrong link, an updated or “supported” software is not likely to save you. There is a reason that software vendors have all sorts of disclaimers about damage to your system in their license agreements. My disclaimer: this is not an endorsement for using outdated software.
“Wow, Ray, you seem to have an extraordinary fear of all things Internet.” – Not at all. In fact, if you keep your system updated, run an antivirus program and exercise commonsense, it’s exceptionally unlikely that your machine will ever be compromised. However, if you don’t do those things, then it’s much more likely that your machine will be compromised – quite possibly in the manner that I described above.
“Once upon a time, in one of these comments, you wrote “… you shouldn’t be using an application which your do not trust …”” – Indeed. If you have reason not to trust an app – say, because it comes bundled with questionable PUPs or because the developer has a bad rep and a woolly privacy policy – then don’t use the app. That’s simply commonsense.
“If that’s the case, then at any moment, any OS or application can be vulnerable because it hasn’t updated yet within the last hour (perhaps an exaggeration, but not really).” – Sure, anything’s possible. Even if you’re a knowledgeable user who keep his system updated and always exercises commonsense, you could still be hit. But the chances of it happening are substantially reduced – in fact, they’re close to zero.
What your are saying is totally logical. I am really on your side with regard to this discussion. When you play it on the safe side, i.e. being up-to-date on every aspect of your daily computing, you definitely reduce the chance of being hit by viruses, malware etc.. very good reasoning.
One thing that often happen when any software become unsuported on a given platform is that, although it continue to get devlopped and probably continue to work, it’s no longer been tested on that platform.
This may have no impact on you, but it can also mean that, after any update, that application may no longer work, or work erraticaly.
Here, Chrome is no longer been supported on Vista. So, the peoples working on Chrome no longer have any computer running Vista to test it on. The next update or version may or may not work correctly. Some addons and extentions may also fail to work properly or at all.
I think that Leo is sketching the right answers, but I’d agree with Ray that continuing to use an unsupported browser is a very bad idea. Continuing to use, say, an unsupported scientific program that does some calculations or the like, would be much less of a problem. Actually, I have a few such cases. If the software does what it has to do, and you’re happy with that, that’s good enough…. as long as it runs off line. However, if there’s something a browser doesn’t do very well, is to run on an airgapped machine 🙂
So there’s the security issue that Leo pointed out (and I agree with Ray that especially for a browser, that’s a very, very serious issue !). But also, the web evolves, uses new protocols, updates old protocols, and so on, and if you are stuck with a non-evolving browser, that’s going to work less and less well.
So no, if there’s *one* piece of software on a computer that should remain up-to-date, it is your browser. If you use an old version of Mathematica, that’s OK. But using an old browser is definitely no-go.
However, you should ask yourself the question: why do you want to continue to use Chrome, and what stops you from switching to one that is up-to-date ? Why do you want to continue to use Vista ? What’s more important to you, keeping the browser, or keeping the OS ?
If all you ever do is browse the web with Chrome, and you have essentially no other use for your computer, I’d definitely switch to linux. You can install chrome on ubuntu http://askubuntu.com/questions/510056/how-to-install-google-chrome
The nice thing about linux is that it isn’t a resource-hog, and a fairly old machine that came with vista will run like a charm under linux.
If you want to keep the windows way of doing because you also do other things on your computer, I’d upgrade windows, although that costs money (that would be one of the reasons to switch to linux).
And finally, if browsing is only one of the things you do on your machine and you don’t want nor free linux, nor spend money on a windows upgrade, why don’t you use firefox ?
But no, don’t continue to use an outdated chrome.
“Continuing to use, say, an unsupported scientific program that does some calculations or the like, would be much less of a problem. ” – Yeah, browsers – and anything that plugs into the browser – are the big risks. Other things can be risky too – rendering engines in older email clients and macro handling in older versions of Word, for example – but the browser and its plugins are the main concern.
It’s not clear if Cheryl, the original ‘question asker’ is technically competent in PC management [as some of us are] or just a ‘user’ who’s gone out and bought a PC to do some Computer related work. That answer will mean that the solution to her query is totally different based on her ability to tweak PCs.
However, one would ask why Google don’t support Vista as a host for Chrome, as Vista is not yet ‘out of support’. It’s not like XP, a dead product; Vista End of Life is 2017! For non-technical people who have trusted Vista software to work and be updated until Vista ‘End of Life’, this decision by Google has let them down.
if Cheryl’s is ‘watching’ these responses, perhaps she’ll let us know her requirements and capabilities; that is, do you need Windows? Can you install an Operating system? What sort of system have you got – memory, CPU, etc? and the more technical of us will come to her rescue.
“Vista End of Life is 2017!” – Mainstream support for Vista ended in 2012; extended support ends in 2017.
Microsoft’s support policy states that EXTENDED SUPPORT includes ALL SECURITY UPDATES for vulnerabilities that affect the operating system. I have to agree with Julian here. One SHOULD ask why Google doesn’t support Chrome on Vista — at least in regard to security issues. Microsoft continues to patch security holes in Vista (and in IE9 on Vista) thru April 2017. Shouldn’t Google provide that same level of support for Chrome?
“Should”? I’m not sure there’s any requirement that they do anything at all. Google is perfectly free to make the decisions they choose to make at any time, without regard to what other software vendors (like Microsoft) have chosen to do. (And we are perfectly free to go elsewhere if we don’t like those decisions.) My guess is they’ve done some usage/market analysis and determined that the costs of continuing to support it on Vista don’t outweigh whatever they’re comparing against. In other words it’s very likely a business decision.
I’d guess that Google either wants to build features into Chrome that would not be easily supported by Vista and/or there are not enough people using Chrome on Vista to make it worth the company’s while to support the combination. The company’s decision could be partly due to hardware requirements too. The majority of people using Vista are likely doing so on decade-old machines – or possibly even older if the machines were upgraded from a previous OS – which may or may deliver a particularly good experience and which may or may not be more complex to support.
Microsoft has to support their older systems, because they committed to a support schedule when they released the software. That’s pretty much a marketing necessity with paid software. Google has made no such commitment when they released Chrome. Such a commitment wouldn’t be expected with free software. The old saying, “You get what you paid for,” kind of applies.
In March, Google also dropped support for Chrome on 32 bit Linux and pulled the download of the last supported version from their web site. So if you have an older computer, and/or have installed 32 bit Linux, you can’t install Chrome unledss you saved the installer previously … and if you do it won’t be a supported version. You can run Chromium which is almost the same thing. However not quite. Nexflix won’t run on Chromium, only Chrome.
I agree that having as much going for you as possible increases security odds, so running unsupported software is too much of a security odds decreaser to realistically contemplate for most users. As Pete says, Google has ceased support for only the 32 bit version of Chrome on Linux, and this may be the same on Vista. If Cheryl is wanting to keep her older machine and it is 32 bit, not 64 bit, the best option is to switch to a supported browser. Unless she has specific software not supported by Linux, switching to Linux would also allow for the machine’s useful life to be much further extended, and also remove the threat from the vast majority of Windows based malware.
For anyone looking for alternative browsers with continued support for Windows XP and Vista:
Pale Moon (an Open Source, Goanna-based web browser forked-off from the Firefox/Mozilla source code) pertains to the previous UI (non-Australis) and keeps up with all security/bug fixes that are applicable to its code base; a very familiar, efficient and fully customizable interface with a number of Pale Moon exclusive add-ons/extensions and themes rapidly growing.
Slimjet (a browser based-off Chromium v50 that’s packed with versatile and customizable features) will support Windows XP and Vista as it contains most of their user share. Plus continues support for NPAPI plugins and conserves memory quite well with unloading idle tabs, as well as the memory optimization feature.
LINK: https://www.palemoon.org/
LINK: http://www.slimjet.com/
Leo, what are you recommending lately for encrypting flash drives? I see a comment on another Ask-Leo question from February of this year (2016) where you say that Truecrypt has not been compromised. But I can’t find instructions on how to encrypt the entire flash/jump/usb drive. Can you do a video or two on this? Thank you.
TrueCrypt, and the newer, supported, VeraCrypt are good solutions.
I’ve stayed away from using TrueCrypt on flash drive as they can only be used on a computer where TrueCrypt has been installed by someone with admin rights. Since I might want to use my flash drive on a work, friend’s or public computer, I stick with encryption methods which can use portable programs like 7Zip (any zip file program would work). I believe AxCrypt also has a portable version. Those methods require more work than TrueCrypt or VeraCrypt, but that way you can use your flash drive on any computer.
https://askleo.com/how-do-i-password-protect-a-flash-drive/
http://ask-leo.com/encrypting_using_zip_files.html
Both TrueCrypt and VeraCrypt can be used in portable/traveler mode, but it’s a bit messy and still requires admin rights on the host machine. As you say, a password-protected zip file is probably a better option.
Since Chrome is connected with IE, I’ve avoided this – the only browser I’ve trusted in years is FireFox which continually updates & has remained independent from the MsFt guys. I still do not understand these people who insist on using only MsFt products when these are the ones which are so attacked by these hackers, et.al.
Would very much appreciate hearing comments as to why LO is not considered by many – although it’s superior to MsFt’s various Office programs … FireFox is not hacked yet people insist on using IE or now Chrome … … …
I don’t understand … Chrome is not connected with IE.
In terms of security, there isn’t much difference between Chrome, Edge and FF. All three provide a similar level of security – or, depending how you look at it, insecurity.
A ad blocker and or script blocker. And html mail disabled. And use email provider with good spam filters. Will go a very long way to avoiding most problems.