21 Sep Managing Unsupported Operating Systems and Software Is Critical
Managing outdated software is a critical part of cybersecurity. Why? Because unsupported operating systems and/or software have known vulnerabilities that can easily be exploited by hackers. Computers running unsupported operating systems and software aren’t protected against ransomware and data breaches. Yet, most businesses do not replace old software to protect themselves, which also hurts their efforts to comply with cybersecurity regulations and legal requirements.
Everyone understands the importance of promptly installing security patches and updates. However, older versions of operating systems and software hiding in networks that can no longer receive security updates are often overlooked.
As per the United Kingdom’s cybersecurity guidance:
When a product is no longer supported by its developer, there are limits on the measures that will be effective in protecting against new threats. Over time, new vulnerabilities will be discovered that can be exploited by relatively low-skilled attackers.
Developers have lifecycles for their software and expect it to be uninstalled when it no longer qualifies for patches and security updates. However, this leads to three problems:
- Vendors don’t always do a good job of communicating upcoming end-of-support status to their software users.
- When it is communicated, users don’t act because they don’t understand the risks involved in using software that can’t be patched.
- The software continues to be put to use even though it becomes a huge risk from the day security updates cease, with the risks growing as the software continues to age.
It’s even confusing when the world’s largest software developer changes its lifecycle standards. Microsoft used to release an operating system and continually patch and upgrade the software until its end-of-support date (usually about 10 years from its introduction).
With its new ‘Modern Lifecycle,’ Microsoft releases “feature updates” of its operating systems — for example, Windows 10 version 1909. The feature update receives security patches for 18 months and then it must be fully replaced with a current feature update. If you continue to use Windows 10 version 1909 after 18 months, it becomes a growing risk as new Windows 10 vulnerabilities are identified and patched in current versions. You can search for Microsoft’s lifecycle by software version here.
How Network Detective Pro Can Help
Two reports you can create using Network Detective Pro identify unsupported operating systems and software.
The Client Risk report lists Active Computers and their operating systems. In the image below, you see the unsupported operating systems we discovered (highlighted) in a recent assessment.
In the Full Detail report, you can review the software programs listed in the Major Applications list (as highlighted below). The report even gives you a roadmap to the devices running old software.
We flag software we know is unsafe, like Adobe AIR and old versions of Microsoft products that are usually easy to spot because Microsoft includes the date in the product name. Since the software has a lifecycle of 10 years, you just need to add 10 to Microsoft Office 2007 for example, to know that it became unsupported in 2017.
Unsupported software may be out of sight and out of mind, but hackers know to look for it. Network Detective Pro helps you quickly identify and address this critical risk. Sign up for a free demo now.