ItsGeekToMe.co

Q: In answering a question recently (I.G.T.M. #474, August 21-27, 2016), you told the questioner that he should replace the Windows Vista operating system. Your comment seemed to imply that there was a security issue. I too have Windows Vista in my computer (a Gateway lap top). I would appreciate a few word concerning the risks I am taking be keeping Window Vista. The system has worked well for my purposes (e-mail, web surfing, and an occasional on line purchase). I also use the Cox security suite. This came as a complete surprise to me as I had no idea that I might be at risk.

– Merlin W.
Niceville, Florida

A: Considering how badly panned Windows Vista was in its day, I’m genuinely surprised by the amount of blowback I’ve received regarding my advice to reader Franklin B, whose PC is currently running a release of Windows that is, by my count, 7 releases behind the state-of-the-art.  I covered some of this in I.G.T.M. Issue #481 (available on my website by clicking here), but this is such a pervasive issue that there certainly is occasion to expand on that.  Issues of usability and instability aside, Microsoft stopped selling Vista way back in October 2010, and halted what it calls “mainstream support” for it in April of 2012.  That means that patches for bugs found in Vista itself will only be available to purchasers of “Extended Hotfix Support” which isn’t even available to consumers.  Certain security fixes actually are available, and according to the Windows Lifecycle Factsheet, which you can view for yourself at tinyurl.com/IGTM-0483, even that level of support is slated to end in a few short months, on April 11, 2017.  At that time, any new vulnerabilities that are discovered – no matter how severe – will not be patched, and users who insist on continuing to use the software do so at their own risk.

Whether your PC meets your personal needs is not the issue.  Quite frankly, unless you’re a hardcore gamer or someone who does high-end photo or video processing it is very likely that your PC’s capabilities are far in excess of what you actually need.  However, consumers always seem to want the best of the best, whether they need it or not, and PC vendors have been very happy to keep up with market demand for larger capacity, faster speed computers.  And every few years, Microsoft introduces a new version of its core operating system, with new “must have” features to tempt and tantalize, and with each new introduction, some older version of Windows hits the end of its pre-planned lifecycle, and is deemed “obsolete”.  Microsoft makes no secret about this lifecycle, and their intentions (see the Factsheet linked above).  The problem with all of this, and where the issue of risk actually enters the picture, is that your PC doesn’t run in a vacuum.  It is most likely connected to the Internet, where new threats are developed each and every day, and released into the wild.  Once there, they slowly travel across the Internet, waiting to encounter PCs with poor or no protection, or ones with unpatched vulnerabilities that they can exploit.  You might ask, “Why?”  Good question, but one to which there is no single answer.  The very first computer virus was a simple experiment in the early days of networked computers, just to see if it was possible for a piece of software to replicate itself.  These days, kids to it for fun, individuals and organized groups do it for (illicit) profit, and hackers do it to gain control of large numbers of PCs.  The reasons range from greed to simple vandalism. 

I’m more than a little surprised to see a reader comment like “This came as a complete surprise to me as I had no idea that I might be at risk.”  There are stories in the news all the time about identity theft, compromises at large data warehouses, and the like.  I myself have been harping for literally years about cybersecurity and the many dangers of the way we typically use PCs.  Many of you are probably too young to remember the Michelangelo virus in 1992, or Happy99, or even the ILOVEYOU worm in 2000, but in just the last 10 years there have been worldwide news stories about the Conficker worm, Heartbleed, Sasser, and the like, plus hundreds more that never even made headlines. 

This Geek’s bottom line: Literally every computer that is connected to the Internet is at risk, and the only way to minimize your personal risk is by keeping your software up to date.  For my money, that includes not running a version of Windows that was taken off the market over six years ago.  Your opinion may differ.  Feel free to share it in this issue’s comments section on my website.