Chrome support for XP to continue after Microsoft ditches it - helpful, or dangerous?

Filed Under: Featured, Google, Google Chrome, Linux, Microsoft, Security threats, Vulnerability, Windows

Chrome and Windows XP logos Google has pledged to continue supporting its Chrome browser on Windows XP until at least April 2015, a full year after Microsoft officially ends support for the legacy platform in April 2014.

Google's rationale behind the decision is that some people will find the transition away from XP a difficult process, and that allowing them to ensure their browsers are kept free of vulnerabilities will ease that transition.

But could its decision end up dissuading people from moving away from XP in a prompt and timely manner?

Windows XP has now been superseded by three separate, fully-fledged Windows versions (if, that is, one counts the widely despised Vista). Its mainstream support phase ended way back in 2009, and the current extended, patch-only support period is rapidly drawing to a close.

This end of life has been described as a "perpetual zero-day", leaving lingering XP users exposed to all manner of dangers, many of which will likely be easy to reverse-engineer from bugs publicised by Microsoft itself after they are spotted and fixed on later Windows versions.

So the best advice is for anyone still clinging to XP to bite the bullet and move on to something else if at all possible. The deadline for the end-of-life has been well-known for a long time, so there's no excuse to be taken by surprise.

There are plenty of options available - people not keen to pay for newer and safer Windows versions can take their pick from all manner of well-built, well-supported and user-friendly Linux distros these days, and some have even suggested that Google's decision to extend Chrome support may be a sneaky tactic to persuade people to move to its Chrome OS.

But the main message a lot of people are going to pick up from Google's announcement is, don't worry, there's no big rush, you've now got an extra year to think about your options and finally get moving.

Don't fall for this. OK, so during that extra year there will be at least one browser being maintained and patched, but the rest of the OS, and likely most of the other software you're running on it, will be falling ever deeper into obsolescence and vulnerability.

The availability of a fully-patched Chrome could be more of a danger than a help - it could be giving a false sense of security and further delaying the switch to more modern platforms.

Patching shouldn't be a partial process - you should be keeping everything running on your system fully up to date. That means anti-malware products, browsers, office suites and PDF readers, and anything else you use, but most of all the core operating system itself.

Don't be lulled into thinking a well-patched browser is all you need to keep you safe. I know many people out there have developed a trust and fondness for XP that's going to be hard to break, but break it you must.

If you're still putting off upgrading from XP for no other reason than that you've got it, you're used to it and you like it, don't be tempted to keep delaying, just hurry up and move on.

It may be, of course, that you really have no choice. You may have XP embedded in some vital system which continues to run fine and isn't due to be replaced for many years to come, or you may have some legacy apps which will only run on XP.

In these edge cases there's not a whole lot you can do. But really, if such systems do need to stay in operation, you don't really need to use them to check your Gmail, keep up with your friends' holiday snaps on Facebook, or watch amusing cat videos.

Keep them running if you really must, but minimise their interaction with the web and keep them as secure as possible.


, , ,

You might like

24 Responses to Chrome support for XP to continue after Microsoft ditches it - helpful, or dangerous?

  1. Cheryl · 179 days ago

    Some of us cannot afford a new OS.

    • Dade Murphy · 179 days ago

      This was addressed in the article, see below:

      "There are plenty of options available - people not keen to pay for newer and safer Windows versions can take their pick from all manner of well-built, well-supported and user-friendly Linux distros these days, and some have even suggested that Google's decision to extend Chrome support may be a sneaky tactic to persuade people to move to its Chrome OS."

    • Dennis M · 179 days ago

      I am truly sorry that is difficult for you to purchase a new OS. If you fish around the Internet, however, you can get Windows 7 Home Premium for less than $100.00 (download only, no disk provided). I can't put where that is in this reply but it is out there. If you do not trust the source when you find it, then research that source (BBB, other business review places, etc.) to see what their track record is before you buy. It took me quite awhile, but I did find Windows 7 for quite a bit less than $100.00. I did not want Windows 8 because I do not want to do the "Cloud" and my computer has no "touch" feature in it anyway. I am very satisfied with Windows 7, after I got used to it. Once you get into it, you will find that It really isn't all that much different than XP.

    • JimBob · 179 days ago

      Kubuntu is fairly like XP. If your machine won't handle it try a small distro like Slax.

    • Kevin · 178 days ago

      It works well too

    • perq · 178 days ago

      Some of us can't afford a new computer that may be required to run post XP OSs. To expect senior citizens and non-techie others to figure out how to upgrade to Linux and go thru required leaning curves is the height of techie arrogance!

      • JimBob · 178 days ago

        Really?? I'm 60 myself. If you know how to boot your computer from cd, you can try out most of the Ubuntu flavors without installing. It will run S L O W, but it will give you an idea of the OS. Installation is pretty much point and click. Having used XP for a number of years, I can tell you there is little learning curve with Kubuntu. The major difference is the package manager. Out of the box, it operates much like Windows update manager. The key difference is that you install most software from it. Windows 8 is coming close to this but still has a way to go before it can match most Linux distros. While there are a few programs that have no Linux equivalent, Linux can match 90%+ of Windows apps.

  2. MikeP_UK · 179 days ago

    I feel it will dissuade people from changing. Chrome doesn't offer all the features common in IE and FF that many people use regularly. Opera 15 and 16 are designed to the 'Modern' GUI design so no menus that people actually like and find useful. So the ability to set your own preferences is either lost or hidden and inaccessible.
    So people will think, probably rightly, that W8+ is not for them as all the 'apps' on the 'Modern' interface are like that! Some of those you can install and use on the W8+ desktop are like earlier versions with menus - but not all!
    Personally I don't like the 'Modern' GUI and in my Preview version I have modified it so I have a real Start button (not what MS are trying to call a Start button on the 'Modern' GUI which isn't that same as the traditional button). It's not too bad with that modification, but not as good for work use as W7 is. Or XP for that matter.

  3. Lee · 179 days ago

    Hi, you say legacy apps may only run on WinXP but it they may still run on a Windows 7 machine with backwards compatibility mode running on the app itself.

  4. James · 179 days ago

    From an optimistic point of view, if your upgrade away from XP is running behind schedule and spilling past the XP Zero Day... A secure browser is at least one less problem to worry about for the machines that don't get upgraded in time.

  5. Andy · 179 days ago

    Not sure about this, can't normally trust Google software and besides running XP off line should not be a problem, turn your system into a dual boot system and when online use the new system. Also the new system will have better versions of software of previous programs that you may be using on XP. you never know until you search. But do it with the new system once loaded with all the anti virus and firewalls etc.

  6. Jake · 179 days ago

    My big problem with post-XP Windowses is the size of them. They're always described as better, and maybe in some ways they are, but if they're too big then other "improvements" are cancelled out. My xp shrinks down to about 900 mb, my win7 is more like 2.5 gb.

    If I replace my bike with one of those Bugsy Malone pedal cars, it may be safer, more comfy and have better rain-proofing, but it's no use to me cos I can't get it up the stairs to my flat.

  7. Herbie · 179 days ago

    "There are plenty of options available - people not keen to pay for newer and safer Windows versions can take their pick from all manner of well-built, well-supported and user-friendly Linux distros these days.."

    Which distro fully replaces Windows? Everyone I tried, while good in its own right, is not a viable replacement for the volume of software/hardware, new and legacy, that Windows can support.

    I am truly curious on which distro can fully replace Windows.

  8. Curmudgeon · 178 days ago

    So pointing the finger at google for continuing support for an Os is a bad thing?
    Why are sophos going to be providing support until September 2015? http://www.sophos.com/en-us/support/knowledgebase...

    Surely continuing to support windows 2000 is encouraging people not to move to the more secure windows xp?

    • Paul Ducklin · 178 days ago

      I think you're looking at slightly different things when you consider ongoing support for a web browser versus an anti-virus.

      Whether we like it or not, there are still sufficiently many business users with XP and even 2000 that to drop anti-virus support would reduce their security yet further.

      We'd love to see them move forwards, for security reasons, but we can't force them.

      What we are trying to do is to avoid is offering our customers newer versions of software that might prolong their reasons for sticking to 2000 or XP.

      For example, we have a management server for our products, but we require you to use Windows 7 or later.

      We don't make a web browser, but if we did, I'd like to think we'd prevent it working on XP when XP updates ended, so that people would stop browsing with it from the XP platform.

      As John said to conclude his article, "Keep [old Windows systems] running if you really must, but minimise their interaction with the web and keep them as secure as possible."

      • yuhong · 175 days ago

        Seems like all the dates in fact are set at ~1.5 years after MS ends extended support for the Windows version.

  9. John · 178 days ago

    Some XP laptops do not have drivers for Vista and up. Linux versions may run on them and drive the h/w, but much software will not run under Wine. Some have Vista but not Win7 drivers, and I would not use Vista as it appears to have been a problematic Beta release of Win7 for public testing.

    Firewalls, NAT, free anti-virus and keeping to safe sites have kept mine free from infection.
    My C drive has only the OS and programs and I take XML images just in case, but rarely need them, and only once for a virus from an injudicious choice of site.

  10. Gavin · 178 days ago

    I would venture a guess that many people adamant about using Windows XP today are not in a hurry to get secure or stay secure. Even Service Pack 3 came out well over 5 years ago.

    Does it help that Chrome self-updates whether you want it to or not, and stays secure? Yeah, it probably does. But will this make much of a difference to most of the XP users out there (exempting with a differential nod the XP users that also read security blogs like NakedSecurity)? I don't think so.

    The big issue I see is that most XP users are probably not running Chrome anyway, and won't have any particular knowledge or concern about the end of Microsoft support for their OS. I wish that were not the case, but I suspect it is.

    • JimBob · 178 days ago

      "I would venture a guess that many people adamant about using Windows XP today are not in a hurry to get secure or stay secure. Even Service Pack 3 came out well over 5 years ago"

      I know a few people who are still running Windows 95.

  11. Please note that Microsoft had announced that XP support beyond the 2014 *will* *be* *provided*, for paying customers.

    When you started using XP, you agreed to a business license that stated that the software would *not* be supported forever, for free.

    Dell sells cheap new PCs with Win7 or Win8, with monthly payments.

  12. Corey · 176 days ago

    I work for a small business with about a dozen XP workstations and a 2003 windows server. I don't think anything I scare the owner with would get her to upgrade those working machines before they die. About half those PC's could handle an OS upgrade (they were originally downgraded) and still function adequately, but really, its a non-starter for her because then the Accounting/Inventory system would also have to be upgraded.

    Sometimes tech people just have to make due with what they have available to them. So when I hear news like this with Google Chrome and see extended support from software providers like Sophos, I commend (not condone) those companies for helping me to do my job.

    My approach is going to be to keep as much data off the XP workstations as possible. Utilize the server with the slightly longer life span. Get stuff onto the cloud where possible. Then if a workstation gets infected, nuking it and re-applying an image isn't a big deal. Its not a perfect fix but its something.

    • Paul Ducklin · 176 days ago

      I'd be concerned that if the accounting system will only run on XP, it's obviously not being supported or upgraded (or if it is, it sounds like it belongs to a company that doesn't care much)...so perhaps it would be wise to seek alternative arrangements anyway, in case something breaks and simply can't be fixed?

      • Corey · 176 days ago

        No, the accounting system can be upgraded. Thankfully. It's just the $$ aspect of it. A Vista/7/8 machine would require a newer version.

        Upgrades will have to happen at some point. Workstations will die without possibility of XP replacement or the server will die or go out of date in July 2015. That will likely spark a change. Some people just don't like upgrading working systems because of a date on a calendar.

  13. Jon Fredricks · 174 days ago

    I will be one of those who will continue to use XPsp3 because there is a feature on XP that is not on Win7/8. I use this feature several hours every day. This is true of other Apps that I have that are old but new updates have discontinued features that I use more than other features on that particular App. In order to get around the security issue I am in the process of building a new computer that will dual boot into XP and Win7 and I plan on using Win7 along with Avast Pro, Malwarebytes, and Superantispyware when connecting to the Internet. My current computer I built 10 years ago and it is still working just fine. I hope that the one that I am in process of building will last that long and that I will be able to use XP and Win7 (I have purchased for a nominal fee Win8 CD but do not plan on installing it until it becomes necessary for security reasons.). I am 85 years old and according to actuarial life tables I have only about 6 more years to live but I am hoping that my new computer will last at least 10 years, like this one and that I last that long too.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.