Q: Microsoft no longer supports Windows 8. I have an old Lenovo that cannot be upgraded to even Windows 10. What are the real-life risks of running older programs and making online purchases on Windows 8? The computer is password-protected and running Defender.

— B. Orrico

A: The real-life risk is that since your operating system is no longer receiving security patches and updates, you may be targeted by malware that exploits a vulnerability in the operating system.

Related Tech Q&As

Read more from Patrick Marshall here >>

In May 2017 the WannaCry ransomware attack demonstrated the risks. The ransomware program got into an estimated 300,000 computers in 150 countries. WannaCry locked up data on those computers and caused losses estimated as high as billions of dollars. We’ll never know how many individuals found their data locked.

And with ransomware, paying the ransom is no guarantee of getting that data back.

The ransomware attack exploited a vulnerability in the Microsoft Windows operating system that had already been patched by Microsoft. But computers running the no-longer-supported Windows XP operating system, as well as computers that did not install the patch, were affected.


How likely is that to happen again? I’d be surprised if it didn’t.

For my part, if I was going to connect a computer to the internet, I’d want it to have the latest operating system security updates. If that’s unfeasible, I’d at least make certain that my data was regularly backed up on a device that is not connected to that computer.

And, of course, backing up data you care about is important even if your operating system is up to date. After all, an attack may target a vulnerability that hasn’t yet been patched.

Q: I can’t access my Facebook account, as it was hacked by someone whose photo now appears on the page. I cannot remember my password for the account, so cannot recover the account as per Facebook instructions. Facebook has no telephone contact information nor chat to help me. Should I just ignore the hacker from a security standpoint and create a new account, or is this a security risk for me?

— Robert Pilger

A: Actually, the password isn’t the issue, since the first thing a hacker generally does is to change the password, as well as two-factor authentication, attached email address, etc.

Facebook does offer guided steps for trying to recover your account. It will ask you to try to log in, but if your password doesn’t work, it will inform you that you may be able to get around that if you try to access the account using a device that you have previously logged in with.


Also, if the email address associated with your Facebook account has changed, you can undo the change. When an email is changed, Facebook automatically sends a message to the previous email account with a special link. You can click this link to reverse the email change and secure your account.

In short, you may have to go down several blind alleys to reclaim your account and in the end you may be unsuccessful. Even though it’s frustrating, it’s a good idea to go through the process, even if you need to get someone to help you. If you can’t reclaim your account, you’ll have a chance to notify Facebook of the problem, and they may be able to shut it down. That may save your Facebook contacts from receiving scam messages that purport to be from you.