Are you risking your computers – maybe your whole network – with outdated software?
In our last IT Consulting issue, we talked about server lifespan and what to do if yours is getting old. In this month's WOOF! we'll talk about the other side of the coin – the dangers of continuing to use outdated software.
Why Using Old Software is Risky
A few months ago, Sony's PlayStation Network was attacked by a large hacker group. They broke in and compromised millions of user accounts. It's almost become a weekly occurrence now. The list of those affected is a who's-who of enterprise class businesses.
In Sony's case, it turns out they were using an outdated firewall for their network. And they knew it
. They knew the firewall was out of date, and didn't do anything.
Why not? Chances are for the #1 reason businesses don't update software: They stick with what's comfortable.
New software is a change. There could be problems. You may need to learn how to use something new.
Or maybe it was the #2 reason: The expense.
New licensing, possible hardware upgrades, training time, consulting fees, etc.
All valid considerations. However, the question really is – do these negatives outweigh the serious dangers and recovery costs that come later?
- Security holes
- Inability to use new features (especially online)
- Hacking and data loss (client AND server side)
- Crashes, downtime
Is it worth these risks, just to stay with an old version of Windows?
The Biggest Dangers: Software That's Most Often Left Outdated
When was the last time your company updated these?
- Antiviruses, Malware Removal Apps. These are famous for being out of date on user PCs. Even though you can auto-update them.
- Microsoft Office. Everybody likes their own version. Office 2010 does include security updates with its menu changes, though.
- Operating Systems. Over 70% of all Windows computers still run XP! With many security applications dropping support, this becomes an unacceptable risk.
- Windows Servers. Nowhere is outdated software more dangerous than on a major server. One security hole, exploited by a hacker, can destroy your entire infrastructure. Are you still using Exchange Server 2003, SQL Server 2000/2005 or Windows Server 2003? There's a target painted on your servers right now.
- Database Servers. If your company slacks on database server updates, you risk long downtimes while patches are (eventually) applied. Or worse, someone breaks in (through a hole one of those patches could have fixed!) and steals or corrupts your database. How much would THAT hurt your business?
- Web Servers. Many companies deploy web servers internally for portals. These web servers are often set up so employees can access information from outside the network. These servers are attacked frequently. Simply keeping the servers up-to-date will thwart many of the techniques used to gain access. (For instance, moving to IIS 7 on the Windows 2008 R2 platform.)
- Password Security. A while back we discussed Password Complexity. A network that has simple password requirements can be hacked in minutes. Use our Password Strength Tester to see if you're vulnerable.
- Web Browsers. Over a third of the Web's users still use Internet Explorer 6. Not only does this leave you open to automated Web attacks; you miss out on new security features in up-to-date browsers.
- Plug-ins. On the same note, older versions of popular plug-ins (e.g. Flash) also put you at risk. The latest browsers notify you when a plug-in is out of date; it only takes 2 minutes to fix that. Weighed against 4 hours rescuing your computer from a crash, and…?
- Accounting Software. Think how badly a crash of your accounting software would hurt your business. Always keep it up to date with security patches or new versions. (If you use custom-built accounting software, you have some leeway here. It should still be patched, if any patches exist. If there are no patches after 1 year, switch to another app.)
- Backup Software. Survey results released in May reveal that 45% of companies use outdated backup methods. If your backups failed – when you needed them – how bad would it be?
- Firewalls. Remember what we said about Sony? A break-in is bad enough, but consider what came afterward – millions of their customers had their private information compromised. Could your business' reputation survive that serious of a hit? And what would be your legal liability?
What to Do
Take a good look at the software you use now. Ask your systems administrator to provide a list of all the software you're running, and to run an update check for the server software.
Being comfortable with the software you use is a good thing. But if that comfort turns into a server crash or security threat, it's not worth the risk. Keep your software up-to-date and retire software that's at its end-of-life.
Check your infrastructure software end-of-life status at: Microsoft Product Lifecycle Search
And remember – Businesses have a big tax break available in 2011 for replacing IT hardware/software. We wrote about it in a special WOOF! Alert. If you missed it, here's the link