Using Old and Unsupported Software?

One of the most overlooked security threats to modern networks is the use of outdated and unsupported software. Applications written with older code or applications that are no longer supported by the software vendor sometimes leave gaping holes in the defenses implemented by security personnel.

Two recent announcements by software giants Apple and Adobe provide examples of the importance of keeping the software on a business network up-to-date.

Apple Computer announced that it will no longer support Quicktime for Windows, leaving the software, in the words of security company

    TrendMicro “. . .vulnerable to exploitation.” This will probably cause more than a few users to wane nostalgic.

    For years Apple Quicktime was the premiere vehicle for providing high-quality video on the Internet. Nearly every movie from the “Jason Bourne” trilogy to the “Lord of the Rings” epic relied on QuickTime to whet the appetite of the movie-going public. In addition, the software has been extensively used in the marketing and advertising industry to the point where it was almost essential on any computer used by someone in those fields. Unfortunately, all of that has changed.

    Apple announced in April 2015 that users of QuickTime for Windows should uninstall the software as it is no longer supported and TrendMicro released two advisories (ZDI-16-241 and ZDI-16-242) detailing two new, critical vulnerabilities. It is recommended that any Windows computer running a version of QuickTime have the software uninstalled as soon as possible.

    The other news affecting a ubiquitous software suite is Adobe’s announcement in May 2015 that they are no longer providing support or security updates for a host of their products. Support for Adobe Acrobat and Reader prior to Version 11 and all of their premiere graphics editing applications (PhotoShop, Illustrator, Elements, etc.) prior to the “Creative Suite” line has ended. Considering the exploits that have sprung up like weeds in a flowerbed plaguing Acrobat, it is advisable that all versions of that software be uninstalled yesterday.

    Adobe has completely embraced the Software as a Service (SaaS) business model and they are no longer supporting any applications that do not adhere to that standard. The reason most often quoted by Adobe is that they cannot guarantee the safety or security of files created with their software if they do not have control of the update cycle. Since all of their SaaS applications routinely connect to servers in the Adobe Cloud, they believe this mitigates any security risks inherent in the applications.

    What this means for the average business class computer user is that any of the above mentioned software should be removed from any and all computers in the corporate environment. The risk is simply too great to be running applications that could leave the network vulnerable to virus and malware infection. Worse yet would be for your network to be the vector for the dissemination of destructive software to clients or business associates.

    In the fast-changing realm of today’s software environment, the motto “Semper Vigilis” of the U.S. Army Security Agency would seem to pertain to all business networks everywhere.