How concerned should I be about my Chromebook's expiry?
June 6, 2020 1:10 PM   Subscribe

As of last week, my 6 year old Chromebook is no longer getting software updates - this is part of Google's stupid policy of limited software support. How concerned should I be about continuing to use the Chromebook? It would suck big time if someone cracked my Gmail password. However I won't be using it anymore for banking, Amazon or any other money-related transactions. Should I stop using it for email and Facebook?

I have read that the device can be turned into a Linux machine but I have no interest in doing that.
posted by storybored to Computers & Internet (7 answers total) 1 user marked this as a favorite
Not directly realted but you should enable multi-factor authantication for the Gmail account.
posted by WizKid at 1:33 PM on June 6 [1 favorite]

A 6-year-old Chromebook probably can't become a Linux laptop anyway, unless it was seriously top of the line back when it was new. So that probably isn't even an option. Mine is 5-year old and doesn't support Linux or using Android apps. The IT nerd in me wants to say you should never use a device not getting security updates, but I really don't know what the real risk is with a Chromebook is. This list of Chromebook exploits doesn't show any new ones for 2020 and only for 2019. Maybe keep an eye it and bail when there is something in the wild that could be dangerous to whatever OS level you are at?
posted by COD at 3:37 PM on June 6 [1 favorite]

I think assuming that Facebook/gmail is somehow firewalled against your banking is flawed logic.

In many cases vulnerabilities can cross apps in way that can be surprising, especially since Chrome basically has access to your whole google account, which in turn (may) have access to your passwords. I do think the security risk isn't huge, since this using this type of exploit would imply a fairly sophisticated and dedicated attacker.

However, considering the low price of Chromebooks and my experience with PC and android hardware in the past I'd look into moving to a new device. Over time you'll likely find more and more compatibility and performance issues that just aren't worth the time and effort to deal with.

As someone more or less in the industry, I'd like to make a somewhat biased excuse to the sunsetting of support. OS software is not cheap to maintain and verify and in some cases hardware limitations and changes can make porting bug fixes surprising complex.

I don't think it's an emergency, but I'd start thinking about a replacement.
posted by All Out of Lulz at 4:19 PM on June 6

The biggest concern is Chrome on the Chromebook. Will it continue to receive updates?
posted by nickggully at 5:04 PM on June 6

I would have two-factor authentication turned on for banking, email, Facebook, Twitter, really anything that supports it. It's just good practice, even if you have to resort to using the "we'll send you a code via text message" variety of that. Given the recentness of the machine going out of support, I wouldn't feel especially unsafe using it right now, but I'd set a time to decommission it in the near future - like, within 2-3 months or so - and I'd keep an eye on some trusted tech sites to see if anything big happens in the world of Chromebook security in that time frame, in case it needs to be replaced sooner. Chromebooks aren't a real attractive target but Chrome the browser is, and who knows what problems will be found in the future.

If you really want to keep it, however, I'd take a second look at putting Linux on it. Once it's installed (which is the tricky part), the Chromebook-specific versions of it work pretty well on even older systems. Until just recently, for instance, I had GalliumOS on my Lenovo N22 Chromebook - it ran, well, Chrome just fine, but it more or less became a regular computer with that on there. GalliumOS is based on Ubuntu too, so most anything that works on Ubuntu (which is the dominant Linux variant out there right now) ought to be fairly straightforward to install, and it'll get updates for a while. The main bit is getting it installed - that's a lot more fiddly than it would be on a regular PC - and making sure it'll run on your particular machine. (If yours runs an ARM processor, rather than an Intel Atom or Celeron or somesuch, then your options for Linux change quite dramatically.)
posted by mrg at 7:27 PM on June 6

As of last week, my 6 year old Chromebook is no longer getting software updates - this is part of Google's stupid policy of limited software support

Just how long do you think is reasonable to expect developers of a system that the developer makes little to no money on to keep putting out updates? If you don't care enough to put Linux on it, why should they care about continuing to support old hardware?

Anyway, unless you're of interest to the NSA, GRU, or similar organization, for the moment you're fine. There's not been a lot of exploits released for ChromeOS. At some point, there will be. But frankly, what a generic attacker cares about is your banking information or logging in to your travel rewards program and cashing out your free week's stay at Marriott. If they can't get access to that sort of thing, they're not really going to spend time going through your personal e-mail looking for interesting things because you're not that interesting. Hypothetically, someone might develop a cryptolocker that will work against Google Drive, until Google decides that the cost of duplicate storage that serves as an online backup is worth the cost of mitigating attacks.

In general, I'd recommend you upgrade to something supported but I'd also be you could go a year or two a minimum without having an issue. How much is surety worth to you?
posted by Candleman at 9:48 PM on June 6

Of the options considered here, I'd say Neverware is pretty much indistinguishable from ChromeOS for most uses, although it is a little fiddly to install.

edit: that said, Neverware has fallen out of support on 32 bit hardware, so if your machine is 32 bit you're pretty limited.
posted by wilko at 11:27 AM on June 7

« Older Maltese cross or a clever fake?!   |   Art: The Tiger is Out Newer »

You are not logged in, either login or create an account to post comments