Google Chrome to abandon older versions of Windows and Mac OS X April 2016

Google Chrome icon

Back in November of 2015, Google made an unwelcome announcement which was some very bad news for older Windows and older Mac OS X users.

On their Google Chrome Blog posting at that time, Google announced that it will stop providing updates to Google Chrome for the following Windows and Mac OS X versions;

  • Windows XP
  • Windows Vista
  • Mac OS X 10.6 (Snow Leopard)
  • Mac OS X 10.7 (Lion)
  • Mac OS X 10.8 (Mountain Lion)

NOTE: Linux 32-bit Distribution users see the end of this article for your sad news too, but most of you are already aware of this since it happens this month!

This does not mean Google Chrome will stop working in these OS versions — which would almost be better security wise. Instead, Google has decided to simply stop providing updates to the installed versions of Google Chrome for these OS versions.

This is very bad news since Google Chrome has Flash built in (which is updated as needed with Google Chrome). These older versions of Windows and Mac OS X will be doubly vulnerable. Over the years, these users have gotten used to not having to update Flash separately like you need to do in other browsers like Firefox, Safari, Opera, earlier versions of Internet Explorer, Pale Moon, etc.
Because Flash is built in to Google Chrome, these abandoned users will not be getting the Flash updates either.

This will make these older versions of non updated Google Chrome extremely vulnerable to browser attacks from infected websites. Malware purveyors will quickly begin to adjust their attacks (if they have not already in anticipation of this change) to look for these older vulnerable systems using outdated/vulnerable versions of Google Chrome as new attack vectors for these abandoned Windows and Mac users.

Those thinking that being a Mac user will make you impervious to attack, think again. Browser attacks are one thing that every operating system including Windows, Macs and Linux have been subject to these days. Sure Windows users get hit more often but that is because they are the biggest user base and they have the largest target on their back, but Mac users and Linux users can still get hit at times if they have outdated operating systems, Flash, Java, etc. Even Android has been hit by a banking trojan these days – reported March 9, 2016 by ESET’s We Live Security Blog.

With other browsers, you could simply remove Flash from the system and be done with it if you were concerned about it and didn’t mind losing the ability to see YouTube videos and other Flash supported content on other websites. Although, with HTML5 support coming right along, that could be moot.

Some might be quick to blame Adobe Flash, but apparently this is not the case as Adobe is quick to point out in at least two places that they support these OSes:

Plus other browsers such as Firefox clearly still support these OSes and Flash on these OSes. However, they will have to update their supported browsers to NOT include Google Chrome after April 2016 unless Google rethinks all this for at least a couple of the newer, of the older, OS versions. 😉

If Google does not give a reprieve/stay of execution, once Adobe makes their final update to Adobe Flash in April 2016 and Google updates Google Chrome the final time for these OS version users that includes that last Flash version, it will apparently be the last Google Chrome AND thereby Flash update that these Google abandoned OSes will see Google based on the Google Chrome blog article posted November 2015.

Google has been very quiet on the subject since that date so no reprieve or stay of execution even for the newer OS versions to be abandoned; Windows Vista and Mac OS X 10.8 (Mountain Lion).

It seems quite harsh to drop support for these two OS versions (Vista and Mac OS X 10.8 (Mountain Lion)) since Google supported the earlier noted OS versions like Windows XP and Mac OS X 10.6 (Snow Leopard) for so many years! But there it is.

If you are using one of these older OS versions of Windows or Mac OS X, read it and weep for the loss of a great browser like Google Chrome, and make be wise to make the move to Mozilla Firefox newest version to-date 44.0.2 (STILL supports Mac OS X 10.6 Mountain Lion), or Opera (however NO support for Mac OS X 10.6 Mountain Lion, but does support Lion and Mountain Lion), which have not, so far, abandoned these users. But they are not the only players still in the game…

There is also another browser project that has gained a lot of popularity among Windows users — the Pale Moon browser. There are versions for Windows: Pale Moon, Pale Moon 64, Portable. There are also versions for:  Atom/XP, Linux and Android on the Download tab on the website.

There is also a Mac OS X version of Pale Moon 26.1.1 Unofficial available as of February 2016. As noted on their forum page:

Important note:
The Mac OSX version of Pale Moon is still very much in development. Your assistance in bringing this build to fruition is greatly appreciated, but you can expect there to be bugs and problems for a while yet!
Any specific bugs you find that don’t have their own topic yet: please make a new topic; one bug per topic please to keep things organized.
Please also note that these builds are currently created by BitVapor and Moonchild will likely not be able to provide insight or assistance due to lack of Mac hardware and OS/build knowledge for Mac.

Windows XP Vista No Support Yellow Strip Popup Google Chrome

Windows XP Vista already shows No Support Yellow Info band in Google Chrome

Those using these older versions of Windows (See image to the right), and Mac are already getting an annoying yellow warning info band across the top of their Google Chrome browsers.It is advising them to move to a more modern operating system. Wise move on Google’s part and it also servers to show that they  do not appear to be backing down from their November 2015 announcement.

That means Google Chrome users will need to do something to address the issues by either upgrading to a more modern operating system where possible, getting a newer computer with a more modern operating system since all of these operating systems are older and most have been abandoned by their creators anyway except Vista which is coming next April 2017 (preferable security wise), or barring all that, changing to a supported browser, or using an extension to address the old version of Flash issue (see end of article posting).

If you move to another browser, it will be very important to keep Adobe Flash updated since only Google Chrome in Windows 7, 8.1 and Windows 10, or on Mac OS X: Mavericks, Yosemite and El Capitan! will include Flash updates automatically with browser updates after April 2016.
NOTE: In addition, in Windows 8.1, the latest versions of Internet Explorer (IE10, IE11), and of course the new Edge browser on Windows 10 include Flash built in and updated for you like Google Chrome does.

Older versions of Windows and Mac are not the only users to be abandoned/axed by Google Chrome in early 2016. ALL 32-bit Linux distribution versions are also being abandoned — this month — March 2016 as noted in BetaNews, Slash Dot, and PCWorld and other news outlets back in November and December 2015.

Even though many and maybe even most computers these days are 64-bit, there are still a lot of 32-bit computers and 32-bit operating systems in use around the world today so this may be a move forward for 64-bit, but it is also a sad day for all the 32-bit hardware/operating systems worldwide.

Of course, there are still several browsers like Firefox, Opera and Pale Moon available for Linux 32-bit computers —  just as there are for Windows and Mac users. There are also some alternative browsers based on Firefox available (Pale Moon noted earlier here is included), and distro-specific versions of Firefox like Iceweasel in Debian Linux, etc.)

For all users of Google Chrome, there are some Flash blocking or control Extension possibilities that can protect everyone, but particularly these older users from having Flash run all the time if they choose to continue to use Google Chrome:

Advertisements

Malware infections tripled in late 2013 thanks to sneaky browser plugin, Microsoft says

Malware infections tripled in late 2013 thanks to sneaky browser plugin, Microsoftsays – PCWorld

A three-fold increase in Microsoft Windows computers infected with malicious software in late 2013 came from an application that was for some time classified as harmless by security companies.

The finding comes as part of Microsoft’s latest biannual Security Intelligence Report (SIR), released on Wednesday, which studies security issues encountered by more than 800 million computers using its security tools.

Microsoft has added detection of this malicious piece of crap to it’s  Malicious Software Removal Tool (MSRT), and let others know about it as well back in December 2013 according to the article.

We love you Facebook but privacy and security are important

[tweetmeme source=”franscomputerservices” only_single=false]UPDATED 5/22/2010*, 5/23/2010**: EDIT: Added additional links

Yes, most of us do love our Facebook, or at least we enjoy the feature set and keeping in easy contact with our friends and family, but some of us feel that it is not worth the expense of our privacy and security and potential malware infections due to rogue apps on our own or others’ accounts. But Facebook privacy concerns are heating up. Or the risks from other sites getting at our data:

New security hole in Facebook through Yelp (here on our blog last week, apparently fixed now)
, or having our chats exposed to people other than those we are talking to, even if they are our friends.

So, you think Facebook is safe? Hmmm. Really?

* Hackers can delete Facebook friends, thanks to flaw (By Robert McMillan at ITWorld May 21, 2010):

A bug in Facebook’s Web site lets hackers delete Facebook friends without permission.

The flaw was reported Wednesday by Steven Abbagnaro, a student at Marist College in Poughkeepsie, New York. But as of Friday morning, Pacific time, it had still not been patched, based on tests conducted by the IDG News Service on a reporter’s Facebook friends list.

* Fake joke worm wriggles through Facebook (By John Leydon at The Register May 21, 2010)

Shifty sorts have created a new worm which spread rapidly on Facebook on Friday.

The malware, for now at least, does nothing more malicious than posting a message on an infected user’s Facebook wall that point to a site called fbhole.com. Nonetheless, the speed of its spread on the social networking site has net security experts worried.

* Facebook Fixing Embarrassing Privacy Bug (by Robert McMillan at NYTimes on May 19, 2010):

Facebook is fixing a Web programming bug that could have allowed hackers to alter profile pages or make restricted information public.

Facebook Violates Privacy Promises, Leaks User Info to Advertisers (by Tim Jones at Electronic Frontier Foundation May 21, 2010):

A Wall Street Journal article today draws attention to yet another unexpected way in which Facebook’s privacy practices have not complied with its public statements and have disregarded users’ privacy rights. Just last week, when asked about Facebook’s privacy practices with advertisers, Facebook executive Elliot Schrage wrote:

We don’t share your information with advertisers. Our targeting is anonymous. We don’t identify or share names. Period.

As the Wall Street Journal report shows, this was not true. In fact, Facebook’s architecture at the time allowed advertisers to see detailed personal information about some Facebook users.

Much more in the article! Must read.

** Facebook privacy: Zuckerberg overruled? (By Richi Jennings at Computerworld IT Blogwatch May 19, 2010)

** Facebook Leaks Usernames, User IDs, and Personal Details to Advertisers (By privacy advocate Ben Edelman at BenEdelman.org on May 20, 2010):

Browse Facebook, and you wouldn’t expect Facebook’s advertisers to learn who you are. After all, Facebook’s privacy policy and blog posts promise not to share user data with advertisers except when users grant specific permission. For example, on April 6, 2010 Facebook’s Barry Schnitt promised: “We don’t share your information with advertisers unless you tell us to (e.g. to get a sample, hear more, or enter a contest). Any assertion to the contrary is false. Period.”

My findings are exactly the contrary: Merely clicking an advertiser’s ad reveals to the advertiser the user’s Facebook username or user ID. With default privacy settings, the advertiser can then see almost all of a user’s activity on Facebook, including name, photos, friends, and more.

In this article, I show examples of Facebook’s data leaks. I compare these leaks to Facebook’s privacy promises, and I point out that Facebook has been on notice of this problem for at least eight months. I conclude with specific suggestions for Facebook to fix this problem and prevent its reoccurrence.

The sexiest video ever? Facebook users hit by Candid Camera Prank attack (Graham Cluley’s Sophos Blog)

MASSIVE FACEBOOK ATTACK OVER THE WEEKEND (posted May 17, 2010 by Roger Thompson, AVG Blogs)

Facebook CEO’s latest woe: accusations of securities fraud (VentureBeat posted May 19, 2010 by Owen Thomas)

I sure hope that the BBC report is correct, “Facebook looks likely to cave into pressure from users and simplify its privacy settings in the near future.” But other places are saying Facebook is just simplifying the existing privacy settings.

I don’t think there are many people who have experienced Facebook that don’t love most of the features on Facebook–at least the ones that help you keep in contact with your friends and family, and share (on the Facebook site) your photos, videos, links to articles of interest, chatting, direct messaging, posting between yours and your friends/family members walls, sharing in holidays, or fun, happy, sad conversations, and more. But, Facebook is wrong about privacy – it really is still very important. It is important and for more reasons than many may think. Even the Wall Street Journal has acknowledged that Facebook, MySpace and other social networking sites are having to confront the privacy loophole.

But, when the trust that Facebook used to get people to sign up in the first place (a trust that your privacy is important to Facebook and will be protected by default – unlike MySpace, et al) is breached by that very same service, then there is a problem.

If you don’t remember the early days of Facebook, many of us do. Facebook did made claims that they would protect our privacy by default, that our privacy was important to Facebook. Zuckerberg made these ‘claims’ when they were trying to woo millions of MySpace’s users over to Facebook in Facebook’s early days. It worked too.

Privacy by default. What is that exactly? When Facebook started out and pushing to try to gain membership, and about the time that MySpace went through a huge privacy fiasco because new users had to immediately change their privacy settings if they didn’t want the whole world to see all their information (it was all public by default on MySpace). And many users, just like many new users at Facebook, didn’t know to change their settings, or even think about it. Many users were just not that savvy to know why it was even important to share only some information with the world/public. Or even understand why that might be a prudent move. But due to the marketing used by Facebook, people started to understand that privacy was important and they wanted their friends and family to be in a ‘safer’ environment. A place where they could connect and share with each other without concern that their data would be made public. After all, Mark Zuckerberg said he did care about our privacy (unlike the other guys).

Then after Facebook gets all these users, and gets them used to the convenience and ‘hooked’ on the service, THEN Facebook just seems to keep changing the rules — little by little — chipping away at the privacy and security standards that got them all the users in the first place. Not long after I finally joined Facebook, they went through this pretty big, and I actually deactivated my account at that time too. When Facebook changed their tune, I came back. Now they are doing it again, and even though I really enjoyed the service, I felt the need to again deactivate my account.

So, tell me, why would Facebook be surprised when users get up in arms about all these changes, especially in light of other security problems and vulnerabilities within their newest ‘features’ as well as their existing features? One group has even created a Facebook Group entitled, “1,000,000 Strong to leave Facebook by July 4 unless FB respects our privacy is on Facebook” (See there can be appropriate public facing things on Facebook). And EFF’s various articles enlightening folks about the changes and affects of those changes and how you can mitigate them, at least most of the problems.

Features are a great thing except when the service starts to change your privacy settings for you, and they don’t bother to tell you about it until after they have done it. That is a real problem of trust, because, if even for a short time, your data is left to the search engine spiders to start indexing data that shouldn’t have been made ‘public’ in the first place without user permission.

So, then users start complaining, and getting no satisfaction from the service because the changes they made will make them a ton of money, so some users start deactivating their accounts — many users are upset with Facebook, and for good reason. A basic trust was broken and it wasn’t by the users.

But privacy issues are not the only issues. There are also other security issues as well; vulnerabilities and more vulnerabilities. And only God knows how many more vulnerabilities are known by the bad guys that expose users’ data that are not yet known to the good guys.

I had already checked and reset all my privacy settings multiple times since December 2009 when this fiasco starting getting into high gear, even before the now known vulnerabilities that still put users at risk made me say, ‘enough is enough’. I still struggled with the decision before I decided I could put it off no longer. Even the benefits for business, family and friends wasn’t worth security risks not only directly but indirectly by friends who might get hit with these vulnerabilities, or the potential for unwise decisions about their accounts where their data might overlap with mine.

It is not an easy thing to make a decision to deactivate, or go through the hoops (or even find a link to get information) on deleting your Facebook account. Especially when you enjoy the service. And the service really is a good service, if not for the bad decisions about security and privacy have caused, and of course there are those related vulnerabilities. Sure they fix the vulnerabilities when they are made public, but how long was your data, your information, exposed through these vulnerabilities before it was brought to light?

The Consumerist actually did an article on deleting your Facebook account since it’s not easy to find. It’s entitled, “Delete Your Facebook Account Forever” by Ben Popken (April 20, 2010).

And if you think they will figure out all the vulnerabilities and then it will be safe, think again. Facebook is 440 Million strong and growing. Just like the huge bullseye target on Microsoft’s Windows’ back, Facebook is the biggest target in Social Networking. Too big for the bad guys to let it alone. It’s a treasure trove of information (and not just aggregate information like Facebook sells, oh, no, this is the actual connections, the actual information linked to individual people that’s at risk). Between the vulnerabilities, as well as some decisions by users regarding Friends, their choices of third party Facebook apps, and their privacy settings, this could become a real nightmare, very quickly, and for some it already has.

Have you ever thought how much information about you is actually public on Facebook? Or even on the Internet in general? What about your family and friend connections, or business connections? What about your choices regarding purchases, what you like or dislike? Do you want them made public? And Facebook has much of that information in one place just ripe for the picking. And who would want to pick that information? Even in aggregate form it is very valuable data, but to bad guys, it is fodder for social engineering, phishing attempts in email, potential ways to get malware on your system by presenting it as though it is from people you are friends with, and so much more.

It’s an especially hard decision when you have gotten used to keeping in contact with friends and family through one particular service via browsers and mobile devices. And it really is great to have a place where your family pictures (your children and grandchildren, travel/trips, conversations between many friends and family, and so much more), are right at your fingertips and can be posted, responded to, and still be safe from the prying eyes of the general public. At least that’s how it was, or at least we thought it was.

Of course, Facebook makes it even more difficult to make the choice to deactivate or delete your account. When you choose to deactivate, which by the way, doesn’t actually delete your data (in case you want to come back), Facebook tries to use emotional blackmail, err, pressure to try to keep you from deactivating your account. As you are trying to deactivate, they show you some pictures of your ‘friends’ and talk about how you won’t be able to contact your friends and family anymore, or your friends and family won’t be able to contact you anymore. As if Facebook is the ONLY way to contact your friends and family?! It might make it easier, but it’s not the ONLY way to keep in contact with your friends and family.

Also, note that Facebook doesn’t allow you to delete your own account on your own — you have to actually contact them directly to ask them to delete your account — as if you were an errant child who couldn’t be trusted to do this on your own?! Even MySpace and other social networking sites let you delete your own account!

Oh, no. This is not about whether you would be able to delete your account, this is about another attempt to coerce you to stay with Facebook. Besides they don’t actually delete your data, oh, no. They still make use of that data in aggregate form, it’s just not linked by your name supposedly, after your account is deleted:

How Companies Are Using Your Social Media Data (by Leah Betancourt at Mashable)

Facebook Data Mining: Not Just for Advertisers Anymore (SCI Social Capital Inc.)

More on Facebook, Privacy & Data Mining (by Greg Sterling at ScreenWerk)

data-extraction-facebook (Google Code website)

End of Year Data: Facebook Currently Leads (Data Mining: Text Mining, Visualization and Social Media)

Facebook Data Reveal Secrets of American Culture (by Matt Safford at LiveScience)

Microsoft Inks Twitter, Facebook Data Mining Deal (by Jennifer Martinez at GIGAOM October 21, 2010)

The Man Who Looked Into Facebook’s Soul (by Marshall Kirkpatrick at ReadWriteWeb February 8, 2010)

Even though it has been stated that at least 60% of users are upset and are actually considering one of these options (deactivation or deletion of their account), with over 400 million active users worldwide and over $300USD million in annual revenue (estimated in 2008) and ranked #2 site on the Internet in May 2010 according to Alexa, does Facebook even care? Have we just become so much advertising and data mining fodder that translate to hundreds of Millions of dollars annually (Billions over time) for Mark Zuckerberg and company? Is that what it was all about from the beginning? If some articles are to be believed, Mark Zuckerberg may have played a good game when he told us he was concerned about our privacy right from the beginning.

And we even have some who think that malware and hacking haven’t caught up with it all on Facebook … yet. But I think we have determined that this is not really the case.

So, even with all that, maybe you still feel it’s safe to continue to with Facebook, what next? There are some very good places to study up on how to make yourself as safe as possible, and understand the account and privacy settings, and their implications, and how they interact with each other and with your friends and the public. Things like ReclaimPrivacy and others are cropping up to help folks deal with their Facebook privacy that is so complex. Who knows if this will be squashed by Facebook, but it could help out right now to help get your settings set.

WindowsSecret’s Complimentary portion of their Newsletter has an excellent article by Scott Mace called, “Tighten your Facebook privacy settings” with a great outline of the various areas and some great thoughts on how to keep yourself as safe as you can be on Facebook.


Facebook Security | Facebook Privacy | Best Practices at Sophos
(be sure to read through all the pages listed on the right side – like WindowsSecrets, Sophos goes through all the different facets of Facebook)

Fast Company also has an article to help called, “Online Privacy: Check Yourself Before You Wreck Yourself

It’s your life, it’s your data, it’s your choice…what will you do?

UPDATED 5/22/2010*, 5/23/2010**: EDIT: Added additional links