General discussion

Locked

The risks of obsolete and unsupported software

By debate ·
Does your organization currently use Windows 98? Does your company plan to upgrade before Microsoft discontinues support? Do you think that unsupported software carries additional security risks? Share your comments about the risks of obsolete and unsupported software, as discussed in the Oct. 4 Internet Security Focus newsletter.

If you haven't subscribed to our free Internet Security Focus newsletter, sign up today! Click this link to subscribe automatically:
http://nl.com.com/MiniFormHandler?brand=techrepublic&list_id=e044

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Not that simple

by Satur9 In reply to The risks of obsolete and ...

Upgrading O/S's and applications sounds fine, however much software was never _designed_ to be secure, also design compromises are often required and code often contains unintentional bugs (even patches can add bugs), therefore you should assume that all software is potentially insecure and plan accordingly e.g. limit the use of known insecure products (IE, OE etc) and evolve a layered security policy to manage the evolving system enviroment. Oh another consideration is an old PC may run Win98 and a personal firewall fine, but when running XP it runs low on RAM and crashes the firewall, anti-virus etc, also XP has many more vunerable services running by default and can handle much higher network traffic, oops!

Too many people (especially residential broadband users) seem to ignore the benefits of NAT firewall routers and personal firewalls * (as another layer) to protect computers running any O/S. I see and hear frequent stories about broadband connections being compromised because the ISP negilgently sold broadband connections with a basic broadband modem, this is nuts given the threats and the low price of routers now e.g. in the UK a good basic ADSL NAT firewall router with 4-way ethernet 10/100 switch costs 67UKP retail, that's cheaper than some ADSL modems (and any new O/S) even if you have to buy a 9UKP NIC! OK the ISP may see a little extra cost, but it's better than the high traffic/cost of zombie PCs!

* You should not rely on only software firewalls because these only work when installed/running (after OS is installed/patched/booted), and can occasionally crash and can leave your computer vunerable.

Selective IP/port/feature blocking can be futile since you don't know where the next vunerability will appear, the best basic policy is to block everything _both_ ways then carefully unblock/enable only the features you need now (for each security layer), not forgetting to limit access rights at user level as approriate. Secure use is also a factor e.g. only send confidential information offsite via a secure connection or in an encrypted archive, and use secure practices and software when accessing email/websites.

I'm reading the "Secure Coding" (O'Reilly) by some CERT/CC staff, to get better ideas, I recommend you do too, these is much in there which appears obvious but is not common sense in various security contexts.

Collapse -

Also there are always third party programs

by HAL 9000 Moderator In reply to The risks of obsolete and ...

That because of their limited use will never be rewritten for a new OS.

Currently I have several clients who use such a program that was written for NT4 and works very well on that platform but fails to work at all on anything else. Now this is an industrial program that is used for earthworks to get them to within a fraction of an inch and it saves them heaps of money. The basic program I think costs about $80,000.00 AU and then you need to buy all the laser equipment to go on site and on the plant which is considerably more but it saves its costs in a few months by not requiring the replacement of earth removed unnecessarily.

While Microsoft is attempting to get everyone to upgrade/migrate to a newer platform to work with there are quite a lot of business specific programs that are still around and in all likely hood will not be rewritten because of their limited market.

When you run into these types of programs which are literally worth their weight in gold it is impossible to tell the company to upgrade or for that matter even supply a new OS with new hardware to replace the broken hardware that is no longer worth repairing. My only advantage is that so far I've only run into these programs on site so they are not running on computers connected to the Internet for any length of time and even if they are connected it is by mobile phone for short duration through a VPN.

I would hate to think of what would happen if I was to run across one of these programs that where business specific in an office environment as I would not know how exactly to handle it if it was required to be on the network with an Internet connection. I'm just hoping I do not get the opportunity to find out first hand.

Col

Collapse -

Still using

by danklima In reply to The risks of obsolete and ...

In my company we are using 3 times Windows 98 and 3 times Windows Xp.And we are not going to upgrade,because some Dos software is not sometime working right under Xp.Until Microsoft support will be terminated,we will still use them.

Collapse -

Obsolete Software

by pricetech In reply to The risks of obsolete and ...

I plan to continue using w98 for as long as I need it. "Need" being defined by having to use a DOS disk for utilities such as BIOS upgrades and Hard Drive diags, and certain downloads which must extract onto a floppy disk, impossible under anything but 9x. Once these things go away, I'll put 9x behind me.

Unfortunately, I will probably be supporting it long beyond that, evidenced by the number of customers I have with legacy software which was obsolete years ago, but is still being "propped up" to use today.

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums