How to explain to traditional people why they should upgrade their old Windows XP device?

Question

This is an issue I'm recurringly facing: older people from my family (or people who my family members know) can be surprisingly reluctant to apply most basic security measures when they're using their PCs. The particular issues vary, but this time I'm struggling with a really egregious one: the refusal to upgrade from their ~20-year-old Windows XP PC. (Or is this an even older version of Windows? I don't really know as I did not see it yet.)

How can I explain that it is a bad idea nowadays to connect to the internet with such a PC?

I think that this question will only be clear and meaningful if I add an addendum about the mindset of such people... which seems to me to be really peculiar:

• They seem to have no notion of obsolescence of things. In their minds, a computer is in good shape if and only if it is capable to perform the tasks they need it to perform (eg. "receive this important document sent to my e-mail address, make such-and-such modifications to this document, send it back"). Thus if they're able to do this it is hard to explain to them they should buy a new PC.
• They remember the times of poverty, when it was irresponsible (and actually plain stupid) to replace things carelessly. In their times broken things were being fixed if possible, and only replaced if repairs were no longer possible. Some of them are still poor, so they may have actual (rather than just mental) reasons to refuse to spend a three digit sum on new things.
• They seem reluctant to understand how to operate stuff from the modern era. They seem to want a concise, clearly defined order of steps necessary to perform a task (rather than understanding of the abstractions of modern GUIs so that they can operate their PCs regardless of whatever it shows them). If anything strays from this clear order of steps (eg the computer shows them an unexpected dialog) they get confused and may deem their computer "broken" (and call me to "fix" it for them).
  • Actual example: "I don't know what happens, why can I not get to my e-mail inbox without all of this annoying stuff? It keeps displaying me these annoying messages about passwords and phone numbers! Please fix it for me so that clicking this picture will get me to my e-mail inbox!"
  • As a result, whenever anything changes in their computer (eg this WinXP is upgraded finally...) that interferes with their well-known, predictable order of steps / responses from their PC it is likely they'll say I "broke more than I fixed". They have a clear definition of "fixing" their PC... "make it behave exactly as it used to".
• When told about security (eg that a middle school kiddie next door could break into their PC) they tend to respond along the lines of "Am I working in a three letter agency?" or "Who am I, a millionaire? There's no reason anyone would want to target me!"

Actually, if I think about it, their point of view, even if fallacious, kind of makes sense... They simply treat a PC as a tool like that they're accustomed of, something like a hammer or a (traditional, simple, devoid of electronics) vacuum cleaner... Their approach, listed above, seems reasonable if they were talking about a hammer rather than a PC, I guess...

I'm running out of arguments. In the spirit of this question, may I ask how to talk to such old-timers?

Answer 1

(updated, at the bottom - "The 1950 car")

Forget talking about security.

Don't take the "SECURITY" road. Because if you talk about "security" alone, then chances are good that they are right, and you are wrong, and they'll be clear-sighted enough to realize it.

There is no computer that is completely secure, and there is no computer that is completely insecure. It all depends on what the attack surface is.

This point of view I'm offering will be exceedingly unpopular for the IT crowd, but acknowledge that for your average elder home user (I'm of course not referring to anyone else):

• the threat from an email (phishing, ransomware, etc.) is more or less the same whatever your base OS. It might be even be slightly less for 32-bit Windows XP, as the newer malwares are increasingly adopting the 64bit model. Granted, on XP a malware might be able to more easily self-elevate and wreck - in addition to everything the user deems important - also lots of things he cares not a whit about, from the OS itself to other, nonexistent users' and superusers' data. Here, the keyword is "BACKUP", not "fully patched OS" or "shadow copy" or "sandboxing". A backed-up XP is lots better than a non-backed-up Windows 10 Pro.

• the threat of a local exploit is virtually nil. They probably have the password, if any, sticked to the monitor anyway.

• remote exploits for XP are an extremely remote threat.

• inability to access new things, sites, and services, or to install new apps, and do anything else that the user is not interested in doing anyway... is no discomfort at all.

Actually, by openly acknowledging the above, you'll probably come across as more aligned with their way of thinking, which will help getting through what follows.

So... "WHY SHOULD I ABANDON XP?"

For reasons that aren't good for the elder home user, but are so for the rest of the world, the world is moving away from Windows XP. That's a fact. It's leaving Windows 7 behind, even.

This includes applications (such as antiviruses) and web sites.

Windows XP cannot use the more advanced protocols that the new sites increasingly adopt, and there are fewer and fewer maintained antivirus databases that are compatible with Windows XP.

So, by continuing using Windows XP:

• they will unable to access more and more sites (home banking ones, most surely).
• they will very likely be left without antivirus protection, which is bad whatever OS you run.

It's like you own an old 1950 jalopy. It still drives, why should you change it? Well, imagine some roads no longer accept cars without the new safety measures that you cannot install. Then those roads are closed to your 1950 rust bucket. Yes, it runs, but it might not take you somewhere, for no fault of its own. Or you no longer find some spare parts. You get the drift.

If you use Windows XP in a way that's secure even under these conditions (which means "it never connects to the Internet"), for example you run the house accounting, do a little word processing, print, and have a phone or tablet for everything else... then by all means you can continue doing so.

If you're okay with being unable to access several sites, or find it no big trouble to restart after a large ransomware attack - for example because ten years ago your favorite nephew gave you a DBAN CD with one-click bare metal restore kit for Christmas, and the CD still works - then by all means continue doing so.

In all other cases one should consider to put up with a change in user interface and a usually reasonable expense, and get oneself a new PC with Windows 10.

On that note, you should also verify what applications are now being used and what their closest replacements are. The main real reason for "not changing" is in my experience unwillingness and fear of learning something new. The more the new system resembles the old, the more easily it will be accepted.

The 1950 car

Several commenters have raised very good points, and/or observed that I've been somewhat unclear. Thinking about it, the "old car" is an analogy worth expanding.

First of all no, I am not advising or condoning "no security". Gramps' car is kept in good condition and is equipped with working brakes, alarm and spare tires - a backup, and an updated antivirus.

And Gramps, being Gramps, only ever uses the car to move between the city and his summer cabin upcountry. He sees no reason to get the new Windows 10 Hybrid zero-emission vehicle; to the contrary, he's very much afraid he'll have to re-learn to drive. He doesn't drive for pleasure, to him a car is just like a hammer or a shovel - it's a tool that does its job.

To get him on the new car, I feel we need to understand and accept, first, that all the newfangled gadgets are actually worthless to him, and actually several modern threats will not run against his car because it's too ancient. He simply does too little with the thing to have a significant attack surface, and that surface is already covered by his existing system.

The arguments we have are rather that he still needs updates for something (at a minimum, the antivirus) and those updates are likely to disappear since the user base for 32-bit XP antiviruses is dwindling, and fewer and fewer companies find it profitable to cater to his demographic. When they stop altogether, his "car" will find itself with "brakes" working worse and worse. Until the day he has need of them, because a mail arrives with a new virus, and, well. At the same time, he already has access to less and less resources. What if his bank drops XP SSL browser support? It would be like the nearby gas stations more and more supplying electricity instead of gas.

Another point to consider is how to transition. The fear is having to learn an unfamiliar way of driving. But in this case the metaphor fails, because there are extensions and configurations that can make Windows 10 very close to Windows XP in look and feel. Once this stumbling block has been overcome, chances are that the transition will be actually eagerly embraced.

(I got several relatives off XP, and am only now weaning myself out of Windows 7 in Classic mode. I can relate to those elders :-) ).

Answer 2

Most people (this isn't simply "old timers") think computers get broken into by a hacker sitting in a dark room personally trying to attack them by typing really fast. That's why you get responses like "What am I the CIA/Millionaire?". They simply don't see the value in anyone bothering to try to go after them. And if this were the correct model, they'd be right.

Unfortunately, this is the wrong way to think about computer security. What people don't understand that the real threat is automation, and automated hacking tools. In reality the automation doesn't care if you're Bill Gates, or Bill Johnson from down the street. It'll break into your computer just the same.

In this sense, we should likely be using more of a disease model to talk about computer security rather than a criminal model. Diseases don't care about who you are, they'll infect you if you're vulnerable. Diseases don't "go after people", they're mindless things that infect the weak and avoid the strong.

This is much like computer security. The power of automation allows the bad guys to scan millions of IP addresses every day. Compromising an advertiser allows an attacker to put an attack vector into a trusted website that can compromise your security with a single click. They're not targeting anyone personally, they're targeting anyone who's vulnerable. People still running Windows XP and connecting to the Internet are incredibly vulnerable. They're the weakest of the herd, ready to be taken down by the infection.

If you use THIS way of talking about it, your relatives might start listening. Nobody wants to be the sucker or the weakling.

Answer 3

One possible response could be: "Because I can't support helping you fix it anymore. If you want help from me, in the future, you'll need to upgrade."

Yes, this is effectively holding your expertise hostage, but if you give them sufficient notice that you'll stop offering support at a reasonable point in the future, and explain that you can't afford the time that's being drained by the fact that the OS is so old it's causing these problems, maybe you'll be able to extract yourself from the situation.

Answer 4

The answer may very well be that you're wrong. Yes, this is counter-intuitive, but it may be true.

Whether or not using an XP machine is a problem depends a lot on your setup (mostly router, since even plugging in the cable is troublesome otherwise), on what you are doing, on who you are (yes, certainly, there are people who are more valuable targets than others), on your "overall stupidity", and... on your luck.

With an average present-day "home user" router in default configuration minus uPnP minus remote assist, the average home user is already surprisingly "safe" presumed that they don't do outright stupid things. But even if they do, it is demonstrably not a safe bet that they run into trouble and others don't (see below).

I'm using a NTLite-trimmed minimal version of Windows 7 Professional which, too, is considered old, obsolete, insecure, whatever. I don't care what people say.
I'll keep using Windows 7 until I have absolutely no other choice. Never had a single problem with it, and I do not want Windows 10.

Security is no issue. Well yes, I'm not precisely an octogenarian, so maybe that doesn't compare to your target audience. Just saying that using an old OS is maybe not the optimum for everybody, but it sure isn't automatically an issue.

My father who would be a member of your target audience (old, technically unsound, compulsive tamperer) uses a 20 year old XP computer. Computer and router set up by me once upon a time (but he insists on being an "administrator" and keeps playing around with things, so I honestly don't know).

He is the exact type of person that one considers a support and security nightmare. Calls you on the weekend because the computer doesn't work anymore, and he didn't do anything (except, disable a service, or delete a file from the Windows folder to see what happens).

He has the same password (which is a common word) on all sites, including sites that, well... you know. He is the type of person to subscribe to pretty much every newsletter.

Guess what, although I've spent countless hours re-imaging or generally fixing his computer which he broke himself, he hasn't ever been compromised. You'd think he should eventually have his computer cryptolockered, or someone might steal his money, or identity, or just guess his password, but... no. It just doesn't happen.

Also, you shouldn't think that Windows 10 is necessarily any safer when the by far biggest adversary is the one who made your operating system and who constantly runs surveillance on everything you do, listens to everything you say, and will steal your data without asking for consent. That same adversary has a killswitch built into your computer, too. Which they can, at any time, activate (or someone else who figures out how to do it).

Same goes for other components. You worry about a Russian teen running a port scanner while your top-notch router from a respectable Californian company uses Chinese firmware with a backdoor built right into it. Get your adversaries right first, then lean back, take a deep breath and repeat your mantra: "There's only so much you can do". And get over it.

Also, don't think that you're much better off overall if you're using Linux (or some other FOSS operating system or programs). Because, well, while the overall built-in malice is certainly lower, they have an entirely different class of problems.

Note that several of the highest profile security issues of the last years were not related to Windows XP or Windows 7, but actually to FOSS. Sadly, in reality, all bugs are not shallow given enough lines of code, given enough overzealous maintainers, and given enough personality issues. Not saying that FOSS is bad, but it's nowhere near a silver bullet either.

Answer 5

If their old XP machine is working perfectly fine for them then there is a good chance they simply use the computer for light web usage and email. If so you might have some luck moving them over to a lightweight linux distro themed to look like XP. This way its secure/up to date and costs no money since they can use the computer they have.

They seem to have no notion of obsolescence of things. In their minds, a computer is in good shape if and only if it is capable to perform the tasks they need it to perform

They remember the times of poverty, when it was irresponsible (and actually plain stupid) to replace things carelessly. In their times broken things were being fixed if possible, and only replaced if repairs were no longer possible

It still is irresponsible to replace a working machine with a new one "Just because". If it wasn't for security there would be no reason at all they should change anything.

You are having issues explaining this because it sounds insane to anyone not used to the new age of out of control planned obsolescence and capitalism.

Answer 6

Vulnerable computers are used in botnets for all sorts of things. Don't focus on someone attacking them, focus on them being used for things they heavily disagree with.

In case you are US based use partisan politics to your advantage. If you are based elsewhere, I am sure you can find a hot topic your elders care about.

"Uncle Jim, you know how the evil political party uses fake news to make the good political party look bad? And how they use bots to create fake social media profiles that share fake media articles and lies and propaganda? Well, these bots are remote controlled computers from innocent, law abiding <insert keywords this person agrees with> citizens like you. They use your computer because it is easy to access and easy to remote control with its outdated and insecure OS and software. They use it for <insert conspiracy (or truth) this person is most outraged about>!"

This isn't even too far from the truth. I honestly think that such botnets are one of the biggest issue with outdated vulnerable computers used by people who don't know better. And I also honestly think that the type of person you described could be receptive to this information. You just have to focus on something the person you talk to at the moment cares most about.

Answer 7

Explain to them what they will lose:

• Online banking: money!!!
• Email: the account, reputation
• Storage: old photos, documents

Scammers don't care how many letters you have, they try everyone and if your door is open they get in and wreak havoc.

Answer 8

This isn't an I.T. problem and you shouldn't treat it as one.

Some of them are still poor

People who are retired - particularly if they don't have a lot of income/savings - are very reluctant to spend money on stuff they don't think is a necessity. As an analogy consider someone with an old, rusty oven. Sure it may not be as efficient, hygienic...insert-whatever-argument... but they still need to eat and will therefore still use it. With a computer if it "works" and they are of limited financial means they will continue using it no matter what argument you present. You'll probably find this applies to other things in their life, not just their computer (therefore this is not specifically an I.T. problem).

The only points you can win on when it comes to cost is if:

1. They are frequently spending money on repairs or advice. If their maintenance costs are higher than a new computer then they are losing money. It's likely a new machine will have a warranty for at least 12 months. Do you charge for your advice or is it free? You'll find if it's the latter the conversation may go on for a long time!
2. For example - a sensitive account is accessed. They could lose money or become a victim of identity theft. As someone has pointed out, talking about security is usually a non-starter with a lot of people because they don't consider it to be a viable threat unless or until it happens. You could show them evidence (news articles, etc) of where it has happened to people. Equating this to the O/S they are using is a non-starter. Attacks have happened to people with modern hardware and patched OS's before anyway.

Anything financial should be explained in terms of what they could lose vs. what they would spend. If that's not a positive figure you've lost the cost aspect of the argument. Keep in mind these people have no desire to upgrade so trying to win them over with benefits/advantages (e.g. you can do A, B and C on Windows 10 and can't do that with XP) - they don't care and are unlikely to.

This issue:

If anything strays from this clear order of steps

is a big one. If someone has had 20 years to get used to doing a certain set of common tasks and following a pattern they will be loathed to change that even if a new/alternative way seems "better" from someone else's perspective. My solution to this one with my parents was to print them a guide with screenshots about how to do common tasks like access their email, Word, transfer photos, etc when upgrading from XP to Windows 7 years ago. It was only a couple of pages long and next to the computer all the time. Simple and available.

No longer being able to access applications isn't an argument unless that's actually happened to them and they care about it. Saying "you might not be able to... " will usually generate a response "well, I can do now...".

When told about security ... they tend to respond along the lines of "Am I working in a three letter agency?" or "Who am I, a millionaire? There's no reason anyone would want to target me!"

It's very easy to find news articles and other evidence online of where such things have happened to an average person. Showing them a few of these may or many not be enough to change their mind.

The answer to this is simple:

Spend a short time only on convincing them with logical, realistic and accurate factual information. The key word here is "factual". Instead of approaching it like an argument, give them the facts, and do nothing else.

If they fail to get on board simply say you have advised them and are no longer prepared to do so, on the basis that you would feel irresponsible and be providing poor advice otherwise.

Don't feel guilty for this.

If those people went into a restaurant, car dealership, travel agent, etc and essentially said they had no interest in the products/services being discussed how long do you think the interaction would go on for? Providing advice even in a friendly capacity works on the same basis. If you're doing it free of charge you could be spending the time living your life or doing a million other (more interesting) things. It's not your problem to deal with and you shouldn't waste too much of your time on it. Follow this and you've done what you reasonably can.

Answer 9

They won't be able to use the Internet much longer

This isn't an idle threat or something overblown. Open up whatever browser they prefer (IE8, Chrome 49, or Firefox 52). Have them try to do... anything. Now, stop them and note the SSL notification. Windows XP SP3 has a barely functional SHA2 certificate implementation

With the release of Service Pack 3 some limited functionality was added to the crypto module rsaenh.dll. This includes the following SHA2 hashes: SHA-256, SHA-384, SHA-512. SHA-224 was not included.

If you're on anything prior, SSL isn't going to work well, if at all. The next time this changes due to security, they'll be out of luck, and Google estimates some 95% of sites are on SSL now. In other words, they're one CVE away from losing access to the Internet.

Then there's TLS. Slowly, but surely, TLS is being whittled down. Eventually only TLS 1.2 or 1.3 will be all that is available thanks largely to PCI compliance demands. Per this handy Microsoft chart, you can see XP does not support anything after TLS 1.0.

Offer to try Linux

If all they do is browse and do some basic things, you can wipe the machine and installing most Linux desktop distros. This would get them the latest browser again (Chrome and Chromium are available for most, as well as Firefox). Many distros work on older hardware and can be simple for a non-technical person to maintain (Mint is one such OS).

Answer 10

Would the potential for a ransomware attack get their attention?

Perhaps a not-so-far-fetched scenario is this: Someone else is using their wifi (e.g. another family member) who unwittingly installed a rogue program on their device. The rogue program scans all other devices on the network for known vulnerabilities. Because both devices are behind the router, the router offers no protection or firewall at all. The rogue program quickly exploits a known Windows XP vulnerability and installs ransomware.

Ransomware extortionists aren't selective. They don't care whether the victim works for a three-letter agency, or about the victim's net worth - they just demand the ransom.

Answer 11

I suggest that you explain it to them in terms of basic maintenace (like for cars or any other machine).

I suggest that you change priority though.

Automated, verified reliable local offline backups should be the overwhelming highest priority. (like oil in engine and non-bald tires). Explain that they can recover from nearly any breakdown with this. And breakdowns are more likely with older machinery thats not well maintained but can even happen with brand new expensive stuff.

Then the additional items like upgrades, 2FA etc etc can be described as additional maintenance. But you must accept it's optional. Some people will keep their car in oil and tyres but let the rest of it fall apart until they are forced to buy a new one.

Eventually something will "break" from their POV and force them to upgrade anyway.

For online threats show them as-local-as-possible newspaper articles about ordinary people like them suffering phishing/bot/banking/email/ransomware attacks. Explain this happens because all the hacking is automated these days so every single PC on the internet gets attacked sooner or later. And the least maintained ones are the weakest.

Answer 12

If they are into their cars, it might be an idea to compare it to an old car. Yes it works, but it's got no crash resistance, or theft resistance. Similarly old computers work, but they have no protection against miscreants who might try to break into it.

Answer 13

I've dragged a number of family members off obsolete platforms.

The "platform" and "security" problems are tightly intertwined, and it's also tangled up with the "support issue" generally. So I'm going to talk about selecting a platform that mostly resolves the security issues and we get the rest as a bonus.

You won't sway them with a complex argument, so keep it simple.

Spend no more than a couple of sentences warning them that computers like theirs are no longer safe to use on the Internet. And focus on making sure they know not to put PII such as Social Security Numbers, passwords or bank info on their computer. Then, you have to let go and let them fail.

Well, backup their personal data every chance you get. Don't leave the USB fob in the drive, hide it. And by the way, there's a very compact executable of Perl 4 that doesn't require any DLLs installed; just run it as an EXE file. Maybe you can set it up with AutoRun.INF.

The main thing is to stop supporting those systems. Do exactly what Microsoft is doing. This is where we enter into the area of personal boundaries. You simply have to level with them and tell them those systems are beyond support.

You choose, you support. I support, I choose!

The nightmare scenario is "I got this no-name tablet off Amazon Marketplace and this Apple Watch knockoff from Alibaba, make them work together" NO. My time is valuable and my support isn't free-flowing. Make a nightmare, you're on your own.

A condition of my support is I select the platform. Give them Hobson's Choice and they take it, or they're not your problem.

I'm a real jerk about that, but once you clearly set boundaries, people respond. At the end of the day, they want the thing to Just Work. And I tell them what Just Works, and they listen to me, and it Just Works because I know how to choose.

Back in the day, I made a certain choice many of you would object to, but after initial adaptation service calls dropped by 90%. Today I convert them to a certain tablet based on the criteria below.

Do not let them buy another desktop computer

For casual users who can still get by on XP, the age of the computer is done. The only conversation to have with them is which tablet they want. That boils down to large or small, and black or white, as I'll discuss soon.

They'll have to make a transition no matter what you do. Because a tablet is a system shock, they expect they will have to relearn everything, and they'll be more ready for it. The worst thing you can do is incremental upgrades where it changes fractionally; then they are sore about every change.

This will take care of all their internet based apps. For non-internet apps they may be married to, like AutoCAD 11, fine. Keep the PC til it dies, just ease it off the Internet i.e. When its internet connection breaks, don't fix it.

Now your security worries are on a modern platform that self-updates in a way that is Not Your Problem, and does not throw an endless sea of annoyances if you choose it toward that end. Tablet choice should absolutely not be based on your side of the religious war. It must be based on

• Security is tip top
• the availability of other support resources to them, e.g. The Nook support group at their retirement village. yeah, that exists lol.
• The durability of the hardware in question (take this 7 year old iPad 3, now at 84% battery after running an hour at 30% brightness; original battery, countless drops-on-floor, thanks Ballistic)
• The longevity of OS support (I've had 2 Androids obsolete out after 2 years, so not them)
• The smoothness of the UX (likelihood of them to be able to self-navigate and self-support)
• the ability of their apps to be stable over the years
• availability of apps
• reliability of feature-set. Both my Androids have an obsolete Bluetooth that can't talk to my FitBit. They are newer than my FitBit. (This took hours to figure out; exactly the kind of support we Don't Want To Be Doing!) So have zero tolerance for platforms full of annoyances like this.
• Cost is no object, because, as you've already stated, your time is valuable. Saving $50 on a tablet is cold comfort if it makes 50 hours of support. Craigslist is your friend.

This may drag you to a conclusion that is not compatible with how you like to use computers. You aren't them. Your singular goal is ease of support. Set aside your ideology and do what must be done.

Objections

In their minds, a computer is in good shape if and only if it is capable to perform the tasks they need it to perform

Then you don't need my help. Oh, it's broken? In my opinion it's obsolete and not really fixable.

only replaced if repairs were no longer possible

Hence needing my help. "My recommendation is this is beyond support, and I can help you select a new platform".

If anything strays from this clear order of steps (eg the computer shows them an unexpected dialog) they get confused and may deem their computer "broken" (and call me to "fix" it for them).

Not surprising. Windows circa 2001 was a zoo. Certain newest tablets have a very smooth UX that will resolve most of that for them, while lending a sense of confidence that they can experiment without worrying about how to break it.

it is likely they'll say I "broke more than I fixed". They have a clear definition of "fixing" their PC... "make it behave exactly as it used to".

"Well, clearly my attempts at supporting this are doing more harm than good, and aren't constructive. I leave it to you to decide whether I'm not very good, or whether I'm right that this platform is too obsolete to continue using. Either way, I can't help you with this. Best of luck!"

And you're off the hook. Yay!

Really, that kind of ungratefulness deserves a swift, sharp dose of Winston Wolf. "I'm here to help. If my help is not appreciated, lotsa luck gentlemen".

Some of them are still poor

In that case either you're one of people I care enough to support, or you are not. If you are, then I pay for the hardware. At this point we're talking a $250 tablet off Craigslist.

I'm running out of arguments.

Then you run out. It's not your job to convert them. Just say "no" to supporting their unsupport-worthy hardware, and let them fail. It's not the end of your world if they lose their data. You can't be responsible for that. You've told them what they need. Your responsibility ends there.

Answer 14

Perhaps the prospect of faster speed would get them to accept a low-cost used machine with a more secure OS.

Answer 15

Sorry to add yet another answer, but I don't think anyone has addressed this angle yet.

First, some caveats: the other answers are correct that people acquire their understanding of technology through painful trial and error and have very specific workflows memorized and anything that disrupts those is problematic. We should be compassionate towards the needs and perspective of these folks. The security risks are probably not overwhelming under the circumstances. Now on to the rest:

it is likely they'll say I "broke more than I fixed". They have a clear definition of "fixing" their PC... "make it behave exactly as it used to".

Think about what it would cost, on the open market, for enough of a skilled expert's time to deal with these requests. Computer repair is pretty much commodity-priced at this point, and it would still be prohibitively expensive. I get it, friends, family, mutual reciprocity, etc. But this is a hole with no bottom, and when they do get hacked they will probably blame it on something you did on top of everything else.

I think you need to start telling people you're too busy to fix their PCs for free, because you are. Ain't nobody got time for that, when 'that' is "figure out how to replicate my former workflow exactly like I had it, even though I couldn't describe it if you paid me but I'll know it when I see it".

And if you stop enabling their resistance to change, they are going to find one of two things:

1. That the status quo is acceptable even without your assistance.
2. That it isn't: they need to go through the discomfort of change.

But you are lowering the cost (both psychological and monetary) of maintaining the status quo, so it's unsurprising that they are resistant. It's not clear, to me, how much of a favor you'd be doing these folks by coddling them.

Answer 16

Some of them are still poor

Poorer than ever, most likely.

Don't forget to point out that you get much more for your money now than when they bought their computer. If they have updated their car in the last 20 years, make comparisons to that (air bags, less gas etc). In fact, chances are that you can get a decent-enough computer now for a lot less money than they paid for their XP-laden PC (most people with XP won't know that). Come armed with the price of a basic chromebook or something decent enough for their needs, so they know you're not exagerating.

Also point out that the less money you have the more you should be worried about getting your bank account cleaned out by drive-by pirates. And that they probably lock their front door, at least occasionally, so locking this door should also be a priority. Remind them that they will probably have a harder time getting down the stairs/to the bank eventually, and that establishing good practices in online banking now is in their long-term interest.

Then try to talk them into at least not paying for AOL..

Answer 17

How about a good old-fashioned layer of counter-attack guilt-tripping?

"Remember how Uncle Joe/Mrs Jones down the street got their bank account broken into last year, and lost thousands, and it took their daughter at least 3 weeks of constant phone calls to detangle the situation? Well, if anything like that happens to you I am going to be the one who gets stuck with fixing the situation. So please, please I beg you, let me do just a few things to keep you from going down that road before it's too late."

If you have the right kind of relatives, you will easily be inspired to insert suitable aggravating circumstances "do you want me to lose my job because I spent 6h a day on the phone with your bank, mom?" or "what did I ever do to you to deserve this kind of hell?".

Do let them know that going down the seat-belt-less road of XP security is not without costs, and that the costs will be mostly born by you, the grandchild/nephew who adores them but will be bummed if you spend your entire holiday trying to retrieve the only pictures from grandma's 90th birthday from their ransomed/crashed hard drive. (In fact, don't hesitate to bring a usb stick and help yourself to a backup, just in case.)

In the same vein, showing up with a shiny chromebook for the holidays and acting very hurt if they don't immediately let you show them the ropes, one app at a time. They don't have to know it only cost you $200, or that you got it used on craigslist, being mysterious is totally expected here.

Answer 18

Often, older (users in general) won't care about security. As for me, what convinced my own parents is that websites worked less and less.

My speech to them: "XP is old. Firefox developer said 'XP is old, so we won't make updates: it's too hard'. So you have a old web browser. So it doesn't understand some recent internet websites, the same way an old man speaking old French cannot understand a modern young kid. So, if you want to use the modern websites, you need a modern 'computer' (actually, a 'modern Windows XP', you don't need to change your physical stuff)"

They got it, and are now using Ubuntu (because "Modern XP means Windows 10, which will cost like 100€ or so, while Ubuntu is free")

Rule of thumb: "it's insecure" is a call for discussion; "it doesn't work" is a call for action.

Answer 19

What are Your Problems?

• Outdated OS
• under powered Hardware

You said some of them don't have the money or see the need to buy new Hardware. I could agree with that. I mean i don't buy a new car every-time something new is out there. But drive without seat belt? That's like "drive" the internet with an outdated OS.

They say why should someone target them? It's hard to say i so hard but it is just because hey are old. It is very popular to target older People because they are mostly not so tech-sawy like these 7,500 victims that losses 10$ Million

The Question why someone should target them is just: because you exists and are can be targeted. When someone with a bad mindset thinks he could get money of this person, he tries. And he tries with many many e-mails, to all possible adresses, tries all the possibilities to get something that he could make money from it. He don't really choose someone because he can get much, but because he get it's easy.

Think about a normal thief on the street: would he more try to steal from a fit, muscular, maybe military Men, or an old Woman? And how many of that type of person could be stolen, with the minimal effort?

So update the OS could be very significant to encounter many issues which could harm them, there family, (Business)Partners (the PC of them could be used to send Scam E-Mails to there Family and/or Partners), and every other Person outside the World (if they are part of a Botnet). In some countries they could also be legally in Problem if his PC (and they are used just because they is are old and not really suspicious like a young little Hacky boy) is used in a Cyber Attack (like be part of a Botnet to DDoS a Service or send Scam E-Mails).

It can be possible to upgrade the OS without the Hardware. It can be tried and tested. Change will come, an that is something they must accept, else they could also drive a car without seatbelts, they weren't needed back there. PC's are jut faster with evolving and it can be very hard for many people, not just older ones. Some of them need more help on that. And some just need more "honey" to make something very attractive so they don't want to see there problems they have (new UI is not always the best thing in the world, but to have something that saves me 30 Minutes everyday is very nice)