Become a Patron of Ask Leo! and go ad-free!
Transcript
So whatâs the risk of using unsupported software?
Hi everyone, Leo Notenboom here. I got a question this morning, actually, about, well, Iâll just read it to you. Cheryl asks, âCan you offer any suggestions on what to do if weâre using Google Chrome thatâs no longer supporting Windows Vista? Some of us (me) donât want to buy a new computer just yet? Is there a risk to using Chrome if itâs unsupported?â
Well, the answer actually depends more on you than anything else. I do want to clear up one possible path for you though that you didnât mention and that is simply that your machine is currently running Windows Vista.
It is possible, Iâm not saying itâs guaranteed but it is possible that it might actually support a newer version of Windows so it is possible that you may be able to upgrade Windows itself, either to 7, 8.1 or even 10, maybe and then have Google Chrome support that version of Windows. Thatâs a fairly major change but it does not require getting new hardware; you donât have to go out and buy a new computer to make that happen.
So I at least wanted to put that out there. Thatâs one possible path. Now I realize that itâs also not free so what Iâm not going to assume thatâs a path youâre going to take. The reason I say that it depends on you, well, first we have to understand exactly what it means for software to be unsupported. This actually came up earlier this week in I think a discussion elsewhere.
When software is unsupported, all that really means is that the software is no longer going to be changed: no new features or no new fixes for a specific platform. So you may find that Google Chrome will continue to be updated on Vista or not but none of the changes implemented in Google Chrome will be specific to Vista or will address any vulnerabilities or problems that are found on Vista.
Now, as I say that, itâs more likely actually that they will stop updating it completely on Vista, but it can go either way. It actually can, so what does that mean? Well, it means that Google Chrome will continue to work. I mean obviously itâs still a working browser on your system, and it will continue to browse things however you end up using your browser to navigate the internet, but what it really means is that if, for example, a vulnerability is discovered in Chrome, or in Windows or in something that can be exploited through Google Chrome, using Google Chrome, that exploit is not going to be fixed.
In other words, we donât know about it today. Sometime in the future it gets discovered and itâs publicly known, and then malware authors or others can go out and start using that exploit knowing that Windows Vista users are going to remain vulnerable to that exploit, essentially forever, if it involves something related to Google Chrome.
So, coming back to depending on you, what kind of a person are you? Are you someone who understands what it means to be safe on the internet? Are you someone who knows how to determine whether or not an incoming email is valid or not? If an attachment is safe or not?
If you are uncertain about those things, if you feel really uncomfortable about being to make those kinds of determinations, or if youâre someone who does install a lot of software or open random attachments or just go to places on the internet that you shouldnât go, then yeah, this is a problem and youâll want to fix it.
Iâll discuss a few options for fixing it in a second. In reality, if you can educate yourself, if you can start to feel comfortable about being able to determine what is and what isnât safe to do on the internet, you can probably continue to use Chrome for quite some time, probably until itâs time actually replace the machine for other reasons.
The one thing I definitely I want to throw into the mix here is, because there are no guarantees, please make sure that you are backing that machine up regularly and I mean full image backups so that if by some chance you happen to catch an infection through Google Chrome or through any reason, any vector that it may come at you, then once you discover that, you have the option of restoring your entire machine to the time before that infection incurred, and you can not do whatever it was that caused the infection.
Seriously, a backup is by far the number one way to protect yourself from just about anything, and Iâve been saying this to Windows XP users, the folks that are still hanging on to XP, and it applies now especially for Vista and especially folks such as yourself that are using Vista and Google Chrome. Keep backing up; make sure you are backing up daily.
My rule of thumb is monthly full image backups with daily incrementals. If you donât know what that means Iâve got a ton of articles on askleo.com that discuss how to back up and what those terms actually mean and how they keep you safe.
So backing up is your first line of defense if you continue to use unsupported software. Itâs advice Iâve been giving to Windows XP users; itâs advice that I now give to Windows Vista users, and obviously, as more and more software becomes unsupported on Windows Vista, it just becomes that much more important.
So, like I said, it kind of depends on your own comfort level and your own ability to really understand what is and is not a safe thing to do. If youâre comfortable understanding what safety really means for you, you can probably go on for some time. If not, if youâre concerned about this, then the options are kind of limited, to be honest. You can look for other browsers that do continue to be supported. I honestly donât have a list for you.
You can certainly look into browsers like Opera or Firefox or some others; I mean thereâs a bunch of browsers out there. One of the problems with several of the browsers is they arenât really completely independent browsers. They are browsers built on the same base as tools like Firefox and Chrome and Internet Explorer so it gets a little bit more difficult to understand which one is truly a different browser that actually might continue to be supported on Vista.
But thatâs one path to go. The other is, like I said, earlier, operating system upgrade is an option. If youâre really, really concerned and you donât have the money for an operating system upgrade, and you donât want to take that path, then the other thing, the only other thing that I can really suggest is an operating system switch. In other words, switching to a free operating system such as one of the Linux variants.
Those obviously will continue to be supported. They are going to be supported on your hardware. If youâre running Vista, thereâs a variant of Linux out there thatâs going to run, and Iâd be shocked if it werenât something as common or as popular as Linux Mint or Ubuntu. Either of those two will have with them a current versions of Firefox that continue to get supported and I believe you can actually get Chrome or Chromium as it is sometimes called to install on those operating systems.
But ultimately, it all really comes back down to you whether you feel comfortable. I think you can. I honestly believe that itâs perfectly possible for an individual to continue to use unsupported software as long as that they understand the risks that they are taking; that they make intelligent decisions about what they do and do not do on the internet; what attachments you do and do not open; when in doubt, donât open it. Thatâs the rule of thumb that applies everywhere but especially if you are running on unsupported software.
And backing up. Backing up is your ultimately safety net. If you canât insure that youâre running a good, daily backup of some sort of your entire system then pretty much no matter what damage malware might do, you can undo it fairly quickly without losing a bunch of information.
So thatâs my advice. If you can, consider an OS upgrade. If you canât, just stay safe. Be safe and start backing up. I hope that helps. For other folks who are watching this who are in this same situation, let me know what you think. If youâve got additional ideas that would help someone in this particular situation stay safe, again they are running Windows Vista with no path to upgrade and they are finding that Google Chrome is no longer supported.
How risky do you feel that is and what steps would you take to stay safe in a situation like that? Until next week, as always, by the way, as always here is the link for you to visit this video on askleo.com if you are watching it anywhere else come visit this link. This is where I have the moderated comments. This is where I actually read all of the comments that are left on this article and I appreciate everybodyâs input and ideas. Until next week, Iâm Leo Notenboom. Do remember to have fun, stay safe and of course, donât forget to back up. Take care, everyone.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
âIn reality, if you can educate yourself, if you can start to feel comfortable about being able to determine what is and what isnât safe to do on the internet, you can probably continue to use Chrome for quite some time, probably until itâs time actually replace the machine for other reasons.â â I kinda disagree with this. Education and caution provide no protection from things like malvertising/drive-by downloads/installs â which, as weâve seen recently, can be propagated via even well-known and reputable websites.
âSeriously, a backup is by far the number one way to protect yourself from just about anything.â â I kinda disagree with this too. Much of the malware thatâs out there today is financially motivated and designed to steal banking passwords/credentials, etc. Sure, a backup may â or may not â enable you to get your computer back to a pre-infection state but, by that time, your passwords and personal information could be long gone.
When it comes to OSes, browsers and browser plug-ins, the only good option is to use products that are supported. Using something that isnât supported could result in you getting an unpleasant surprise when you next check your bank balance.
An example to highlight the risks: a malvertising campaign in March of this year distributed both crypto ransomware and banking/credential-stealing malware via a compromised ad network that pushed ads to the websites of the NYT, NFL, BBC, AOL as well as numerous other well-known websites. The campaign used the Angler Exploit Kit which automatically checks for vulnerabilities in outdated/unsupported browsers and browser plug-ins, and then exploits those vulnerabilities to deliver its payload.
http://arstechnica.com/security/2016/03/big-name-sites-hit-by-rash-of-malicious-ads-spreading-crypto-ransomware/
As I said, education and caution provide no protection from such threats. And your antivirus program may not provide protection either as these attacks typically make use sophisticated obfuscation methods in order to avoid being detected (and there are tools out there that enable the bad guys to quickly and automatically obfuscate code and check the effectiveness of the obfuscation by testing it against every antivirus program on the market).
The bottom line is that itâs exceptionally risky to use an outdated/unsupported OS or outdated/unsupported programs.
Wow, Ray, you seem to have an extraordinary fear of all things Internet. Once upon a time, in one of these comments, you wrote â⊠you shouldnât be using an application which your do not trust âŠâ If thatâs the case, then at any moment, any OS or application can be vulnerable because it hasnât updated yet within the last hour (perhaps an exaggeration, but not really). I think Leo is correct that a userâs personal understanding of threats, pattern of Internet usage, and diligence in backing up are factors in Internet safety. If youâre a target of an attack because you clicked on the wrong link, an updated or âsupportedâ software is not likely to save you. There is a reason that software vendors have all sorts of disclaimers about damage to your system in their license agreements. My disclaimer: this is not an endorsement for using outdated software.
âWow, Ray, you seem to have an extraordinary fear of all things Internet.â â Not at all. In fact, if you keep your system updated, run an antivirus program and exercise commonsense, itâs exceptionally unlikely that your machine will ever be compromised. However, if you donât do those things, then itâs much more likely that your machine will be compromised â quite possibly in the manner that I described above.
âOnce upon a time, in one of these comments, you wrote â⊠you shouldnât be using an application which your do not trust âŠââ â Indeed. If you have reason not to trust an app â say, because it comes bundled with questionable PUPs or because the developer has a bad rep and a woolly privacy policy â then donât use the app. Thatâs simply commonsense.
âIf thatâs the case, then at any moment, any OS or application can be vulnerable because it hasnât updated yet within the last hour (perhaps an exaggeration, but not really).â â Sure, anythingâs possible. Even if youâre a knowledgeable user who keep his system updated and always exercises commonsense, you could still be hit. But the chances of it happening are substantially reduced â in fact, theyâre close to zero.
What your are saying is totally logical. I am really on your side with regard to this discussion. When you play it on the safe side, i.e. being up-to-date on every aspect of your daily computing, you definitely reduce the chance of being hit by viruses, malware etc.. very good reasoning.
One thing that often happen when any software become unsuported on a given platform is that, although it continue to get devlopped and probably continue to work, itâs no longer been tested on that platform.
This may have no impact on you, but it can also mean that, after any update, that application may no longer work, or work erraticaly.
Here, Chrome is no longer been supported on Vista. So, the peoples working on Chrome no longer have any computer running Vista to test it on. The next update or version may or may not work correctly. Some addons and extentions may also fail to work properly or at all.
I think that Leo is sketching the right answers, but Iâd agree with Ray that continuing to use an unsupported browser is a very bad idea. Continuing to use, say, an unsupported scientific program that does some calculations or the like, would be much less of a problem. Actually, I have a few such cases. If the software does what it has to do, and youâre happy with that, thatâs good enoughâŠ. as long as it runs off line. However, if thereâs something a browser doesnât do very well, is to run on an airgapped machine :-)
So thereâs the security issue that Leo pointed out (and I agree with Ray that especially for a browser, thatâs a very, very serious issue !). But also, the web evolves, uses new protocols, updates old protocols, and so on, and if you are stuck with a non-evolving browser, thatâs going to work less and less well.
So no, if thereâs *one* piece of software on a computer that should remain up-to-date, it is your browser. If you use an old version of Mathematica, thatâs OK. But using an old browser is definitely no-go.
However, you should ask yourself the question: why do you want to continue to use Chrome, and what stops you from switching to one that is up-to-date ? Why do you want to continue to use Vista ? Whatâs more important to you, keeping the browser, or keeping the OS ?
If all you ever do is browse the web with Chrome, and you have essentially no other use for your computer, Iâd definitely switch to linux. You can install chrome on ubuntu http://askubuntu.com/questions/510056/how-to-install-google-chrome
The nice thing about linux is that it isnât a resource-hog, and a fairly old machine that came with vista will run like a charm under linux.
If you want to keep the windows way of doing because you also do other things on your computer, Iâd upgrade windows, although that costs money (that would be one of the reasons to switch to linux).
And finally, if browsing is only one of the things you do on your machine and you donât want nor free linux, nor spend money on a windows upgrade, why donât you use firefox ?
But no, donât continue to use an outdated chrome.
âContinuing to use, say, an unsupported scientific program that does some calculations or the like, would be much less of a problem. â â Yeah, browsers â and anything that plugs into the browser â are the big risks. Other things can be risky too â rendering engines in older email clients and macro handling in older versions of Word, for example â but the browser and its plugins are the main concern.
Itâs not clear if Cheryl, the original âquestion askerâ is technically competent in PC management [as some of us are] or just a âuserâ whoâs gone out and bought a PC to do some Computer related work. That answer will mean that the solution to her query is totally different based on her ability to tweak PCs.
However, one would ask why Google donât support Vista as a host for Chrome, as Vista is not yet âout of supportâ. Itâs not like XP, a dead product; Vista End of Life is 2017! For non-technical people who have trusted Vista software to work and be updated until Vista âEnd of Lifeâ, this decision by Google has let them down.
if Cherylâs is âwatchingâ these responses, perhaps sheâll let us know her requirements and capabilities; that is, do you need Windows? Can you install an Operating system? What sort of system have you got â memory, CPU, etc? and the more technical of us will come to her rescue.
âVista End of Life is 2017!â â Mainstream support for Vista ended in 2012; extended support ends in 2017.
Microsoftâs support policy states that EXTENDED SUPPORT includes ALL SECURITY UPDATES for vulnerabilities that affect the operating system. I have to agree with Julian here. One SHOULD ask why Google doesnât support Chrome on Vista â at least in regard to security issues. Microsoft continues to patch security holes in Vista (and in IE9 on Vista) thru April 2017. Shouldnât Google provide that same level of support for Chrome?
âShouldâ? Iâm not sure thereâs any requirement that they do anything at all. Google is perfectly free to make the decisions they choose to make at any time, without regard to what other software vendors (like Microsoft) have chosen to do. (And we are perfectly free to go elsewhere if we donât like those decisions.) My guess is theyâve done some usage/market analysis and determined that the costs of continuing to support it on Vista donât outweigh whatever theyâre comparing against. In other words itâs very likely a business decision.
Iâd guess that Google either wants to build features into Chrome that would not be easily supported by Vista and/or there are not enough people using Chrome on Vista to make it worth the companyâs while to support the combination. The companyâs decision could be partly due to hardware requirements too. The majority of people using Vista are likely doing so on decade-old machines â or possibly even older if the machines were upgraded from a previous OS â which may or may deliver a particularly good experience and which may or may not be more complex to support.
Microsoft has to support their older systems, because they committed to a support schedule when they released the software. Thatâs pretty much a marketing necessity with paid software. Google has made no such commitment when they released Chrome. Such a commitment wouldnât be expected with free software. The old saying, âYou get what you paid for,â kind of applies.
In March, Google also dropped support for Chrome on 32 bit Linux and pulled the download of the last supported version from their web site. So if you have an older computer, and/or have installed 32 bit Linux, you canât install Chrome unledss you saved the installer previously ⊠and if you do it wonât be a supported version. You can run Chromium which is almost the same thing. However not quite. Nexflix wonât run on Chromium, only Chrome.
I agree that having as much going for you as possible increases security odds, so running unsupported software is too much of a security odds decreaser to realistically contemplate for most users. As Pete says, Google has ceased support for only the 32 bit version of Chrome on Linux, and this may be the same on Vista. If Cheryl is wanting to keep her older machine and it is 32 bit, not 64 bit, the best option is to switch to a supported browser. Unless she has specific software not supported by Linux, switching to Linux would also allow for the machineâs useful life to be much further extended, and also remove the threat from the vast majority of Windows based malware.
For anyone looking for alternative browsers with continued support for Windows XP and Vista:
Pale Moon (an Open Source, Goanna-based web browser forked-off from the Firefox/Mozilla source code) pertains to the previous UI (non-Australis) and keeps up with all security/bug fixes that are applicable to its code base; a very familiar, efficient and fully customizable interface with a number of Pale Moon exclusive add-ons/extensions and themes rapidly growing.
Slimjet (a browser based-off Chromium v50 thatâs packed with versatile and customizable features) will support Windows XP and Vista as it contains most of their user share. Plus continues support for NPAPI plugins and conserves memory quite well with unloading idle tabs, as well as the memory optimization feature.
LINK: https://www.palemoon.org/
LINK: http://www.slimjet.com/
Leo, what are you recommending lately for encrypting flash drives? I see a comment on another Ask-Leo question from February of this year (2016) where you say that Truecrypt has not been compromised. But I canât find instructions on how to encrypt the entire flash/jump/usb drive. Can you do a video or two on this? Thank you.
TrueCrypt, and the newer, supported, VeraCrypt are good solutions.
Iâve stayed away from using TrueCrypt on flash drive as they can only be used on a computer where TrueCrypt has been installed by someone with admin rights. Since I might want to use my flash drive on a work, friendâs or public computer, I stick with encryption methods which can use portable programs like 7Zip (any zip file program would work). I believe AxCrypt also has a portable version. Those methods require more work than TrueCrypt or VeraCrypt, but that way you can use your flash drive on any computer.
https://askleo.com/how-do-i-password-protect-a-flash-drive/
http://ask-leo.com/encrypting_using_zip_files.html
Both TrueCrypt and VeraCrypt can be used in portable/traveler mode, but itâs a bit messy and still requires admin rights on the host machine. As you say, a password-protected zip file is probably a better option.
Since Chrome is connected with IE, Iâve avoided this â the only browser Iâve trusted in years is FireFox which continually updates & has remained independent from the MsFt guys. I still do not understand these people who insist on using only MsFt products when these are the ones which are so attacked by these hackers, et.al.
Would very much appreciate hearing comments as to why LO is not considered by many â although itâs superior to MsFtâs various Office programs ⊠FireFox is not hacked yet people insist on using IE or now Chrome ⊠⊠âŠ
I donât understand ⊠Chrome is not connected with IE.
In terms of security, there isnât much difference between Chrome, Edge and FF. All three provide a similar level of security â or, depending how you look at it, insecurity.
A ad blocker and or script blocker. And html mail disabled. And use email provider with good spam filters. Will go a very long way to avoiding most problems.