TechViews News …..
Most people and small businesses are still using hardware and software that is older than five to seven years old. In a general sense, that’s ok. But as the march of improved products and software moves forward, it leaves existing equipment behind. Older than five years is becoming too old to be trusted in today’s world of security breaches.
An old computer that’s still chugging along, running an old operating system and perhaps old programs and applications, doesn’t seem to be a big deal. After all, they still seem to work just fine. Why spend money on new equipment or software if it’s adequate and functioning?
Walker White, president of BDNA, a company that tracks and analyzes end-of-life (EOL) data for hardware, software and medical devices, says that the main problem with out-of-date software and legacy hardware is that once they pass their EOL cycle, the vendor no longer maintains or supports the products, resulting in security vulnerabilities and risk.
Here’s a look at the hardware, software and mobile device vulnerabilities you should tackle now to reduce risk and increase security.
Older PCs and laptops
White maintains that although software represents a much greater risk than hardware, many hardware vulnerabilities go unrecognized. The main problem with older computers is that a lot of that equipment doesn’t have components that are secure within themselves.
In a standard desktop computer, individual components can be upgraded by swapping with newer parts (such as LAN cards, modems, Wi-Fi cards, etc.). And unfortunately, this isn’t generally possible with laptops.
Old routers can be especially troublesome, too. Aimed mainly at small offices/home offices, old routers — especially those manufactured in 2011 and earlier — can have serious vulnerabilities.
Another consideration is the use of old hard drives in general. Deb Shinder, a technology and security consultant, trainer and writer, points out that even when old hard drives are not a direct security threat, they make you vulnerable to data loss because they are prone to failure.
Where hardware fixes and upgrades typically require plunking down cash, fixing software vulnerabilities often involves inexpensive or even free updates. The following list covers types of software that must be kept current, patched or replaced as soon as possible:
- Unpatched or out-of-date operating systems: In April 2014, Microsoft ended support for Windows XP, which means neither automatic updates nor technical assistance is available. According to Microsoft, even if you run some type of antivirus software on Windows XP, it has “limited effectiveness on PCs that do not have the latest security updates.”
- Unpatched or out-of-date productivity software: Running older versions of Microsoft Office, especially versions like Office 2002, Office 2003 and Office 2007, is risky. A common vulnerability is the potential for remote code execution when a user opens or previews a maliciously prepared file or visits a website containing content that exploits the vulnerability. If successful, an attacker can gain access to the user’s system, simply because the malicious code within the older version of that software gains entrance and runs in the background.
- Unpatched web browsers: Browser vulnerabilities are widespread; no browser is entirely free of security vulnerabilities. Common vulnerabilities include URL spoofing, cross-site scripting, injection attacks, exploitable viruses, buffer overflow, ActiveX exploits and many more. The bottom line: run the most current version of your preferred web browser and update it as soon as updates become available.
- Out-of-date plug-ins: An easy target for attackers are out-of-date browser plug-ins for software used on the web, and the plug-ins with the most vulnerabilities are related to Adobe PDF and Adobe Flash (also known as Shockwave Flash), as well as Java and Microsoft Silverlight. WordPress plug-ins have also fallen victim to a number of security vulnerabilities, so much so that WordPress offers a plug-in to check the vulnerability of other WordPress plug-ins.
Mobile and Internet of Things (IoT) devices
The explosion of mobile and IoT device use has made work and personal life easier in many ways, but has ushered in a bevy of security concerns at the same time. Here are a few of the more pressing concerns regarding mobile and IoT:
- Old mobile devices and OSes: Some devices with old OSes can’t be updated, and security updates are supported for a limited time. For example, the iPhone 3 and earlier models (those sold before October 2011) can’t run the latest version of iOS, which has lots of security features baked in. Android devices are more difficult to pin down because of multiple phone vendors with multiple products that run the OS. Keep in mind that Google provides security updates for Android for three years from release, and upgrades to a new version of Android for two years from release.
- Old IoT devices: According to Shinder, old IoT devices from “back before we called it IoT” that are network enabled, such as old IP cameras used for surveillance, don’t get regular updates and often are using insecure protocols. With the state of IoT security lacking in general, having older devices in the mix only makes it worse.
So, what to do?
If you aren’t in a position to buy new or replacement equipment then follow these simple guidelines:
- Keep your OS and applications updated and patched.
- Update the firmware on components that will allow you to do so, such as routers and card components.
- Keep your mobile communication devices updated with the latest software and learn to download apps only from trusted sources, such as the Apple Store or Google Play.
- For organizations that run Microsoft products, check the Microsoft TechNet security advisories and bulletins regularly or sign up to receive security notifications by email.
- Take time to let new equipment and software work out the bugs before you buy. Many new offerings are rushed to market before problems are identified and resolved.
Be Safe – Backup Your Data Regularly!
And don’t forget to take advantage of our FREE subscription to the TechViews.org Newsletter. A must-read if you are interested in Internet Security.