Banking with Windows XP

Brian65

Anyone else still using XP?
Anyone know what makes XP users more vulnerable to online banking scams?
I've had scammers ringing me up pretending to be from 'Windows Technical Services' 'BT internet' presumably wanting to put a remote control on my PC - but I just hung up so never got as far as finding out exactly what the scam was and if that, or clicking on email links, makes it harder for them to scam you if you are running a different OS?
I use a Google chromebook now which I understand is safest because its only a bare bones internet browser, without all the bloatware and stuff on Windows to slow it down and perhaps make it vulnerable to hackers?
Got this email from Nationwide pasted below
Assistant at the local branch knew nothing about it, but searched her records and found a copy of the email circular, and could not elaborate on what was in it. (I got the impression branch staff aren't interested in helping with online banking because it's taking away their jobs.)
But just logged in from a PC running Windows XP so, despite the email saying 30 Sept, it hasn't started yet.

Copy and paste email circular to Nationwide customers;

We just wanted to let you know that from 30 September 2019, you’ll no longer be able to log onto the Internet Bank if you use Microsoft Windows Vista or XP. This will also apply to other building societies’ and banks’ online banking in the coming months.


What does this mean, and why is it changing?

Vista and XP are older versions of Microsoft’s operating systems, and Microsoft themselves no longer offer support for them. Because of this, building societies and banks can’t guarantee the level of security they’d like if they’re used for online banking.

If you have Windows 7 or above, you’ll be fine and can still use the Internet Bank. However, as Microsoft support for Windows 7 is ending on January 14 2020, you may want to start thinking about upgrading.


What to do next, if you are still using Windows Vista or XP

You have a couple of choices. You can either:

• Upgrade to Windows 8 or above: not only will this allow you to continue to bank online, but it will also mean you’ll get all the technical and security update support you need from Microsoft too, once Windows 7 support is withdrawn by them in 2020. OR • Download the Banking app: if you don’t want to upgrade, you can still access your accounts digitally by downloading our app to your smartphone or tablet, if you haven’t already. That way, you can check your balances, pay other people and generally stay on top of your accounts whenever, wherever. You can download the app through your app shop. Or you can find out more here.

We’re here to help

We’re sorry if this change causes any inconvenience, but hope you’ll understand that this has been introduced to keep you safe when you bank online.

Finally, if you decide not to upgrade or download the app, we’re always on hand in branch, or on the phone, if you prefer to manage your accounts that way in future.

Thank you for being a member.
Nationwide Digital

The_Fat_Controller

You need to be aware that the Google Chrome browser you are using is also likely to be well out of date and missing vital security updates, I am pretty sure the latest version of Chrome is not compatible with XP.

Proper support for XP ended in 2014, time to move on !

Zanderman

The_Fat_Controller wrote: »

You need to be aware that the Google Chrome browser you are using is also likely to be well out of date and missing vital security updates, I am pretty sure the latest version of Chrome is not compatible with XP.

Proper support for XP ended in 2014, time to move on !

OP isn't saying they use Chrome browser? They say they use a PC running XP and they also use a Chromebook.

Assuming that's correct, the chromebook, until that gets out of date (which it will, they have defined updating life-spans), is the system to use.

Unless OP is misunderstanding the term Chromebook and is using that to mean Chrome Browser.

jim1999

XP doesn't receive security updates any more, so when vulnerabilities are found they aren't fixed.

It also lacks a significant number of security features that were built into subsequent versions.

Home users should not be using XP, Vista or 7 any more.

Neil_Jones

Chrome hasn't supported XP since 2015.
Firefox dropped support in 2018 but it was an ESR release based on Firefox 52 which had its roots in 2017.
IE8 on XP hadn't been updated since 2014.
Opera hasn't updated since 2016 (but it is based on Chrome).

If you absolutely must stay with XP then Firefox ESR 52 will be your best bet, but don't use this long term.

I will not be surprised if fraud occurs on a customer's account and it turns out they're using old unsupported browsers/operating systems, it gets classed as customer negligence.

bowlhead99

Brian65 wrote: »

Anyone know what makes XP users more vulnerable to online banking scams?

I've had scammers ringing me up pretending to be from 'Windows Technical Services' 'BT internet' presumably wanting to put a remote control on my PC - but I just hung up so never got as far as finding out exactly what the scam was and if that, or clicking on email links, makes it harder for them to scam you if you are running a different OS?

Got this email from Nationwide pasted below

You are perhaps conflating two different issues here.

Issue 1: convincing a user to do something silly to get around security

The scammers who ring people up pretending to be from BT or Virgin or Talk talk or Microsoft or [insert phone company or internet service provider or operating system developer here] are not really relying on you having a particular operating system which is no longer getting security updates from Microsoft.

Instead, they are relying on the person answering the phone being gullible and letting them talk you through completing various steps so that they can install software or find out key information about how to compromise your PC (maybe learning what files are in your pc, logging keystrokes you make when you next go to secure websites, giving themselves remote access rights etc ).

It is the same with the scam emails you might get purporting to be from your bank which say your details have been compromised and you need to click on a link to update your security details - leading you to a bogus website where you enter your real password or perhaps provide your PIN or a CVV for your card. They don't even bother to send you a dodgy file attachment these days (to hack your PC) because they assume users would find it suspicious. Instead they invite the user to visit there own site which is where they will do all the bad stuff.

In both types of scam, they don't really care that you are using an old operating system, because they are not relying on 'hacking' or breaking through the code of your operating system using some little-known 'exploit'. They are instead simply relying on the computer user that they contact to be dumb enough to do their bidding - literally doing all the hard work for them so that they can obtain your sensitive or secret info.

So when you say "what makes XP users more vulnerable to online banking scams"... these sort of scams - such as directing you to a fake website or encouraging you to sit on the phone and click buttons on screen to change your settings or install software - are not actually relying on you using XP instead of 7 or 8 or 10. When you go to put your personal information onto a scammer's fake website or install whatever software they want on your PC, it's not really the fact that it's XP that makes it easier for them, because all the hard work was done by you the user. But there is probably some statistical link between the number of people who would fall for those tricks and the bummer of people still using XP.

XP was released 18 years ago this month, and Vista about 13 years ago, and Windows 7 a decade ago. If someone is still using XP, because it handles the basics of what they need to do, and they don't yearn for something newer and slicker, or can't afford to upgrade - they may be less likely to be a security-savvy power user who is security conscious and well up on avoiding confidence tricks such as phonecalls and dodgy emails. So there is probably some sort of correlation that vulnerable older people are using older software and not frequently upgrading it to stay 'current'.

Nationwide isn't telling you to upgrade because you are likely to get 'scammed' through phone calls or fake emails that way if you have old software. They are telling you to upgrade because of:

Issue 2 - operating system software has flaws that can be leveraged to compromise a computer

Operating systems are complex beasts. Every so often, someone comes up with a new way to break them or break into them by running malicious code or other technical tricks.

So code can be hidden in files you receive or websites that you visit, resulting in your supposedly robust and safe system being forced to reveal information that it shouldn't or allow people who aren't the owner and user of the system to get your private info or control the PC. From time to time, new exploits are exposed and Microsoft releases security updates and patches all the time to paper over these cracks as quickly as possible when they appear.

Microsoft has patched or fixed lots of flaws in XP so far, but as it is software that was first launched in 2001 and superceded by Vista five years later, then 7, then 8, then 10, they have given up supporting it. What Nationwide and other banks are saying is that if you have a computer running an old operating system which Microsoft will no longer support, that don't want you to use their online banking products through that antiquated piece of kit. For all they know it could by now be riddled with viruses, password tracking software and other vulnerabilities to pieces of code that look innocent enough but are used by bad guys to get your info.

Clearly it is in the bank's interest to tell you or force you to move into the 2020s rather than do your banking on software created in the 2000s, because every time someone hacks your PC through some exploit that Microsoft didn't patch, they don't want you to be arguing that you never did this transaction and it must be the bank's fault.

Brian65

Zanderman wrote: »

OP isn't saying they use Chrome browser? They say they use a PC running XP and they also use a Chromebook.

Assuming that's correct, the chromebook, until that gets out of date (which it will, they have defined updating life-spans), is the system to use.

Unless OP is misunderstanding the term Chromebook and is using that to mean Chrome Browser.

Yes I do use my new chromebook for banking now, but still use my trusty Windows XP PCs for everything else.
There seems to be some confusion over Google Chrome Browser updates. Google have defined life spans for updating Google Chrome Browser when its running on other operating systems like Windows. But the Google Chromebook only runs Google Chrome - Google have no defined life span for updating that. My understanding is that since its free software, Google have no incentive to keep bringing out new operating systems and disowning previous versions like Microsoft do.
I just wondered if anyone knew what the Windows XP vulnerables are. Could you avoid them by not clicking on suspect links, not dowbnloading suspect attachments, or letting the scammers that ring you up talk you into doing anything on your PC - so they can control it remotely or install keystroke loggers etc?
I notice that Nationwide have started sending a code to my mobile or email before they let me log in now - irrespective of whether I am logging in from Windows XP or my new Google Chromebook.

Incidently my new Google Chromebook (a Lidl special offer at £180) was a bit of a pain finding where everything was, after being used to knowing where everything is on Windows XP.
But now I am finding out where everything is, I am very impressed with it.
Its lightning fast, and it was easy to copy my Excel spreadsheet into Google spreadsheet, and now updates share prices automatically. And its saved to Google Cloud so I can access it from any other PC - if my Chromebook gets lost or broken I haven't lost any data.

AnotherJoe

Brian65 wrote: »

Anyone else still using XP?
Anyone know what makes XP users more vulnerable to online banking scams?]

Nothing at all. You've misunderstood. The issue with XP is not scams where they log into your PC with your cooperation under the guise of being tech support or similar.
The issue is that it's much more open to malware that could then compromise your bank account access, through, for example, being able to access your login details.
The secondary but still very real issue is, there's a cost to supporting multiple platforms and since XP is not supported by Microsoft that's an obvious one to drop.
Finally, with today's compo culture, it's only a matter of time before someone who was defrauded (as opposed to scammed) claims that because the bank allowed them to use XP that implied it was safe.
So, three strikes and you're out

Brian65

AnotherJoe wrote: »

The issue is that it's much more open to malware that could then compromise your bank account access, through, for example, being able to access your login details.

Could you avoid that by not clicking on links, downloading attachments, or letting cold callers talk you into doing anything on your PC?

AnotherJoe

Brian65 wrote: »

Could you avoid that by not clicking on links, downloading attachments, or letting cold callers talk you into doing anything on your PC?

No. You could minimise it by not doing those but there are vulnerabilities in XP where merely by visiting a compromised web site you can be infected with malware (and MS have stopped fixing those vulnerabilities in XP)
And note, a compromised web site could be as innocent as, for example, a perfectly respectable website that provides ads and the ad itself is compromised. This happened a few years ago with ads on the Telegraph and others.
And if you aren't clicking on links, that pretty much destroys the point of using the Internet.

EdSwippet

Brian65 wrote: »

But the Google Chromebook only runs Google Chrome - Google have no defined life span for updating that. My understanding is that since its free software, Google have no incentive to keep bringing out new operating systems and disowning previous versions like Microsoft do.

Google commits to updating Chromebooks for at least five years, though they actually update for six and a half, to allow for a product's marketing cycle. The update is both operating system and browser, because the two are pretty well inseparable on a Chromebook. After that, you may or may not get further updates, depending on the capability of the hardware. Details here:

https://support.google.com/chrome/a/answer/6220366?hl=en

I have two Chromebooks. After sterling service, my old Samsung one finally stopped receiving operating system and browser updates late last year. I now use it as a lightweight Linux system, through Crouton. Its keyboard had become flaky (wore out the backspace key!), so it was time for a replacement anyway.