Google Chrome to abandon older versions of Windows and Mac OS X April 2016

Google Chrome icon

Back in November of 2015, Google made an unwelcome announcement which was some very bad news for older Windows and older Mac OS X users.

On their Google Chrome Blog posting at that time, Google announced that it will stop providing updates to Google Chrome for the following Windows and Mac OS X versions;

  • Windows XP
  • Windows Vista
  • Mac OS X 10.6 (Snow Leopard)
  • Mac OS X 10.7 (Lion)
  • Mac OS X 10.8 (Mountain Lion)

NOTE: Linux 32-bit Distribution users see the end of this article for your sad news too, but most of you are already aware of this since it happens this month!

This does not mean Google Chrome will stop working in these OS versions — which would almost be better security wise. Instead, Google has decided to simply stop providing updates to the installed versions of Google Chrome for these OS versions.

This is very bad news since Google Chrome has Flash built in (which is updated as needed with Google Chrome). These older versions of Windows and Mac OS X will be doubly vulnerable. Over the years, these users have gotten used to not having to update Flash separately like you need to do in other browsers like Firefox, Safari, Opera, earlier versions of Internet Explorer, Pale Moon, etc.
Because Flash is built in to Google Chrome, these abandoned users will not be getting the Flash updates either.

This will make these older versions of non updated Google Chrome extremely vulnerable to browser attacks from infected websites. Malware purveyors will quickly begin to adjust their attacks (if they have not already in anticipation of this change) to look for these older vulnerable systems using outdated/vulnerable versions of Google Chrome as new attack vectors for these abandoned Windows and Mac users.

Those thinking that being a Mac user will make you impervious to attack, think again. Browser attacks are one thing that every operating system including Windows, Macs and Linux have been subject to these days. Sure Windows users get hit more often but that is because they are the biggest user base and they have the largest target on their back, but Mac users and Linux users can still get hit at times if they have outdated operating systems, Flash, Java, etc. Even Android has been hit by a banking trojan these days – reported March 9, 2016 by ESET’s We Live Security Blog.

With other browsers, you could simply remove Flash from the system and be done with it if you were concerned about it and didn’t mind losing the ability to see YouTube videos and other Flash supported content on other websites. Although, with HTML5 support coming right along, that could be moot.

Some might be quick to blame Adobe Flash, but apparently this is not the case as Adobe is quick to point out in at least two places that they support these OSes:

Plus other browsers such as Firefox clearly still support these OSes and Flash on these OSes. However, they will have to update their supported browsers to NOT include Google Chrome after April 2016 unless Google rethinks all this for at least a couple of the newer, of the older, OS versions. 😉

If Google does not give a reprieve/stay of execution, once Adobe makes their final update to Adobe Flash in April 2016 and Google updates Google Chrome the final time for these OS version users that includes that last Flash version, it will apparently be the last Google Chrome AND thereby Flash update that these Google abandoned OSes will see Google based on the Google Chrome blog article posted November 2015.

Google has been very quiet on the subject since that date so no reprieve or stay of execution even for the newer OS versions to be abandoned; Windows Vista and Mac OS X 10.8 (Mountain Lion).

It seems quite harsh to drop support for these two OS versions (Vista and Mac OS X 10.8 (Mountain Lion)) since Google supported the earlier noted OS versions like Windows XP and Mac OS X 10.6 (Snow Leopard) for so many years! But there it is.

If you are using one of these older OS versions of Windows or Mac OS X, read it and weep for the loss of a great browser like Google Chrome, and make be wise to make the move to Mozilla Firefox newest version to-date 44.0.2 (STILL supports Mac OS X 10.6 Mountain Lion), or Opera (however NO support for Mac OS X 10.6 Mountain Lion, but does support Lion and Mountain Lion), which have not, so far, abandoned these users. But they are not the only players still in the game…

There is also another browser project that has gained a lot of popularity among Windows users — the Pale Moon browser. There are versions for Windows: Pale Moon, Pale Moon 64, Portable. There are also versions for:  Atom/XP, Linux and Android on the Download tab on the website.

There is also a Mac OS X version of Pale Moon 26.1.1 Unofficial available as of February 2016. As noted on their forum page:

Important note:
The Mac OSX version of Pale Moon is still very much in development. Your assistance in bringing this build to fruition is greatly appreciated, but you can expect there to be bugs and problems for a while yet!
Any specific bugs you find that don’t have their own topic yet: please make a new topic; one bug per topic please to keep things organized.
Please also note that these builds are currently created by BitVapor and Moonchild will likely not be able to provide insight or assistance due to lack of Mac hardware and OS/build knowledge for Mac.

Windows XP Vista No Support Yellow Strip Popup Google Chrome

Windows XP Vista already shows No Support Yellow Info band in Google Chrome

Those using these older versions of Windows (See image to the right), and Mac are already getting an annoying yellow warning info band across the top of their Google Chrome browsers.It is advising them to move to a more modern operating system. Wise move on Google’s part and it also servers to show that they  do not appear to be backing down from their November 2015 announcement.

That means Google Chrome users will need to do something to address the issues by either upgrading to a more modern operating system where possible, getting a newer computer with a more modern operating system since all of these operating systems are older and most have been abandoned by their creators anyway except Vista which is coming next April 2017 (preferable security wise), or barring all that, changing to a supported browser, or using an extension to address the old version of Flash issue (see end of article posting).

If you move to another browser, it will be very important to keep Adobe Flash updated since only Google Chrome in Windows 7, 8.1 and Windows 10, or on Mac OS X: Mavericks, Yosemite and El Capitan! will include Flash updates automatically with browser updates after April 2016.
NOTE: In addition, in Windows 8.1, the latest versions of Internet Explorer (IE10, IE11), and of course the new Edge browser on Windows 10 include Flash built in and updated for you like Google Chrome does.

Older versions of Windows and Mac are not the only users to be abandoned/axed by Google Chrome in early 2016. ALL 32-bit Linux distribution versions are also being abandoned — this month — March 2016 as noted in BetaNews, Slash Dot, and PCWorld and other news outlets back in November and December 2015.

Even though many and maybe even most computers these days are 64-bit, there are still a lot of 32-bit computers and 32-bit operating systems in use around the world today so this may be a move forward for 64-bit, but it is also a sad day for all the 32-bit hardware/operating systems worldwide.

Of course, there are still several browsers like Firefox, Opera and Pale Moon available for Linux 32-bit computers —  just as there are for Windows and Mac users. There are also some alternative browsers based on Firefox available (Pale Moon noted earlier here is included), and distro-specific versions of Firefox like Iceweasel in Debian Linux, etc.)

For all users of Google Chrome, there are some Flash blocking or control Extension possibilities that can protect everyone, but particularly these older users from having Flash run all the time if they choose to continue to use Google Chrome:

Patch Tuesday Sounds the Death Knell for XP

Patch Tuesday Sounds the Death Knell for Win XP – Graham Cluley – Lumension Blog

So this is it.

The big one.

We’ve had false starts before, but this time Microsoft really *are* going to tell the world about security vulnerabilities in Windows and *not* patch them in XP.

As soon as Microsoft releases its regular bundle of security patches later today, the clock starts ticking.

Because malicious hackers and penetration testers will be exploring how they can reverse-engineer Microsoft’s fixes in more modern versions of Windows to see if they can be exploited on the no-longer-supported Windows XP.

And, trust me, although the numbers are falling – there are still plenty of home users and businesses running computers on Windows XP.

Much more in the article.

And Graham Cluley is right … Microsoft is NOT patching Windows XP this time for this critical IE/Internet Explorer vulnerability like they did May 1. However, they did patch many other things.

Oh, and don’t forget your Adobe updates for Flash, Reader, and more!

NOTE: Windows XP still garners 26.29% of total NetMarketShare – Choose Operating System by Version. Windows 7 is at 49.27% Between them Windows 7 and Windows XP hold 3/4 of all the global market share. Every other OS fits in the last 1/4 of the Operating System by Version pie.

Microsoft Patch Tuesday March 2013 – Flash and Java

Microsoft has released seven items in their Security Bulletin for March 2013. Most are for Microsoft Office, one is for Internet Explorer and two in Windows itself.

NOTE: If you are using Windows 8, in addition to the other Microsoft Windows, Internet Explorer and Microsoft Office updates, you will also get a Flash update. Don’t forget that Flash is built into Internet Explorer in Windows 8, just like Flash is included with and updated by Google Chrome. What that means is that you do not have to keep Flash updated for those two browsers – IE 10 in Windows 8 and Google Chrome  keep Flash updated for you.

More information at Security Garden blog.

You do still need to keep Flash updated for other browsers like Firefox and Opera, and Internet Explorer on earlier versions of Windows.

Also don’t forget that Oracle’s Java has had three, count them three, updates over the past month for Java. Make sure/verify you are at the latest version of Java: Java 7 Update 17.

 

 

IE10 is now available for Windows 7 – Finally

IE10 is now available for Windows 7 – Finally!!

It is great news that the most modern Internet Explorer browser will now be available for Windows 7.

Before today, IE10 was only available for Windows 8 and that only since about October 2012.

In SecurityGarden’s posting about this:

Key Improvements

Key improvements in IE9 include improved performance, security, and privacy.  Of major significance are the results of the independent testing conducted by NSS Labs, referenced below, in which IE10 with App Rep had a mean malware block rate of 99.1%.

More about CPU, Windows 7 32/64 bit requirements, check to see if your computer is 32-bit or 64-bit by clicking a link on the article,  and of course the download links, and more, all on SecurityGarden’s posting.

Oh, another cool feature of IE10, is one that is already built into Google Chrome. Flash is incorporated within IE10 and updated within the browser. Hopefully that will work out well over time for both browsers. And hopefully they will not fall down on their vigilance in being very fast in getting the Flash updates incorporated as they are released.

Chrome trumps IE as world’s top browser

Chrome trumps IE as world’s top browser – Computerworld

StatCounter says Google’s browser edged Microsoft’s for the week’s No. 1 spot; Chrome on pace to take May, too

Google Chrome eclipsed Microsoft's Internet Explorer for the first time last week, according to an Irish metrics company. (Data: StatCounter.)

Google Chrome eclipsed Microsoft’s Internet Explorer for the first time last week, according to an Irish metrics company. (Data: StatCounter.)

This is quite understandable since Google Chrome has most of the same great extensions as Mozilla Firefox, as well as tab separation/sandboxing, active updating happens behind the scenes, and it has built-in Flash plugin so users don’t have to worry about keeping Flash updated separately since Google Chrome takes care of that.

And for those who use more than one OS, it is also cross platform.

I use Google Chrome in Linux, and as a alternative browser in both Mac and Windows, although my main browser in Mac and Linux is still Firefox for the most part.

Still, I am impressed by the money being paid out for Bounties for vulnerabilities in the Google Chrome browser. I really like that they are so pro-active about getting vulnerabilities corrected.

Google Chrome certainly makes life easier!

Adobe Flash Zero Day Bug Emergency Patch

Adobe patches new Flash zero-day bug with emergency update – Computerworld

Adobe today warned that hackers are exploiting a critical vulnerability in its popular Flash Player program, and issued an emergency update to patch the bug.

“There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message,” the Friday advisory said.

All editions of the Flash player are affected, but those abusing this vulnerability are targeting Internet Explorer with this current exploit and Adobe is giving it their Priority 1 status:

The update was pegged with Adobe’s priority rating of “1,” used to label patches for actively-exploited vulnerabilities or bugs that will likely be exploited. For such updates, Adobe recommends that customers install the new version within 72 hours.

In this case of course it’s already actively being exploited. So don’t wait! Don’t be a target, get your Adobe Flash Player update today!

Religious websites riskier than porn for online viruses: study

Religious websites riskier than porn for online viruses: study – Raw Story

Web wanderers are more likely to get a computer virus by visiting a religious website than by peering at porn, according to a study released on Tuesday.

“Drive-by attacks” in which hackers booby-trap legitimate websites with malicious code continue to be a bane, the US-based anti-virus vendor Symantec said in its Internet Security Threat Report.

The same article, or variations on the theme have been have been run by many news/technology venues such as InformationWeek, NYDailyNews, WallStreetJournal Blogs, CSO Online, PCWorld, etc. Many created their own stories from the report, so well worth a read.

Where did all this information come from:
Symantec Internet Security Threat Report – 2011
Symantec Logo - Confidence in a Connected World - Click to view Malicious Code Threat Report 2011

Malware in 2011
By analyzing malicious code we can determine which threats types and attack vectors are being employed. The endpoint is often the last line of defense, but it can often be the first-line of defense against attacks that spread using USB storage devices, insecure network connections and compromised, infected websites. Symantec’s cloud-based technology and reputation systems can also help to identify and block new and emerging attacks that haven’t been seen before, such as new targeted attacks employing previously unknown zero-day exploits. Analysis of malware activity trends both in the cloud and at the endpoint can help to shed light on the wider nature of threats confronting businesses, especially from blended attacks and threats facing mobile workers.

Corresponding to their large internet populations, the United States, China and India remained the top sources for overall malicious activity. …

The reference about religious sites?

Moreover, religious and ideological sites were found to have triple the average number of threats per infected site than adult/pornographic sites. We hypothesize that this is because pornographic website owners already make money from the internet and, as a result, have a vested interest in keeping their sites malware-free – it’s not good for repeat business.

And here’s just one more small area of the report:

Exploiting the Web: Attack toolkits, rootkits and social networking threats

Attack toolkits, which allow criminals to create new malware and assemble an entire attack without having to write the software from scratch, account for nearly two-thirds (61%) of all threat activity on malicious websites. As these kits become more widespread, robust and easier to use, this number is expected to climb. New exploits are quickly incorporated into attack kits. Each new toolkit version released during the year is accompanied with increased malicious Web attack activity. As a new version emerges that incorporates new exploit functionality, we see an increased use of it in the wild, making as much use of the new exploits until potential victims have patched their systems. For example, the number of attacks using the Blackhole toolkit, which was very active in 2010, dropped to a few hundred attacks per day in the middle of 2011, but re-emerged with newer versions generating hundreds of thousands of infection attempts per day towards the end of the year.
On average, attack toolkits contain around 10 different exploits, mostly focusing on browser independent plug-in vulnerabilities like Adobe Flash Player, Adobe Reader and Java. Popular kits can be updated every few days and each update may trigger a wave of new attacks.
They are relatively easy to find and sold on the underground black market and web forums. Prices range from $40 to $4,000. …

The whole report is well worth a read! There is only so much you can put into an article.

Much more in the report!