Software updates can be annoying. They take time to install, move (or remove) features you use ̵1; and sometimes they even break things. We still recommend updating (and upgrading) your software whenever possible. The Internet is a dangerous place.
Security updates 101
The operating systems and applications you use every day almost certainly have security flaws in them. Writing software is complicated and these shortcomings are found regularly. Once they are, they are patched with security updates.
If you install updates regularly – many modern applications do this automatically – you get the security update and you are safe from this attack. If you do not install the updates, there is now a known attack that can be used against you. If you are using an old version that is not supported by an application that does not receive the latest updates, this is also a problem – you will need to upgrade to a modern version supported by the application that downloads them.
In other words, if you run Word 2000 on Windows XP, you’ll be in trouble. There are years and years of known security flaws that can be used against you – even just downloading and opening a DOC file can be dangerous.
What is the risk really?
There are many types of security flaws, but it is very common for bugs to allow seemingly legitimate files to compromise software. For example, a specially crafted JPEG image or MP3 music file may exploit a known bug in a program to run malicious code. A browser problem could allow malicious websites to bypass your security and install malicious code. An operating system problem can cause a worm to compromise and take over your system.
With access to your computer, an attacker could install malware, perform a ransomware attack that holds your files hostage until you pay, place a keylogger on your system that sends your passwords and credit card numbers to a criminal, or captures your personal data and uses it to identity theft. A RAT can even hide in the background and take uncompromising pictures of you on your webcam.
You can protect yourself by making sure your software is up to date. Make sure you use programs that are still supported with security updates, and make sure they are set to automatically install these updates, if possible.
RELATED: Do you want to survive Ransomware? How to protect your computer
Not just browsers and operating systems
Browser vulnerabilities can allow malicious Web sites to take control of your computer or install malicious code. In the same way, security holes in operating systems are quite dangerous and can allow worms and other malicious code to bypass your security.
But it’s not just about browsers and operating systems. Other applications on your computer may also have security holes. For example:
- Microsoft Office has had many security flaws, and not just in Microsoft Outlook or macros. The old copy of Word 2000 can still fit your needs perfectly, but it has security flaws that can be exploited – all you need to do is download and open a maliciously crafted DOC file, or maybe even copy and paste a malicious image file into Words. Office 2010 is supported with security updates until October 13, 2020. If you use an older version than that, it is vulnerable.
- Tools for archiving and packing files as WinRAR, 7-Zip and WinZip have had security flaws. If you download and open a maliciously crafted file, it may install malicious code on your computer. Security fixes in newer versions of the file archiving tool solved this problem.
- Photoshop and other imaging software has had a number of security flaws that could lead to malware attacking your system if you open a malicious image file.
- Media player Just like the popular open source VLC media player, Apple’s iTunes and Spotify have had bugs that could allow your computer to take over when you open a malicious music or video file.
Ultimately, it’s important to realize the risks – and there are risks – to running outdated software. You do not always have to run the latest software versions, but you should run software that is still supported with updates.
If you are still dependent on an old application that no longer receives updates, we recommend that you find a more modern replacement for it. It probably means learning something new, but at least you have secure software supported.
Of course, you do not have to follow our advice. You can drive whatever you want. Just be aware of the risk you take if you continue to run unsupported software and be careful, whether it’s airing your computer or maybe even running the older software in a sandbox or virtual machine.
RELATED: How to use Windows 10’s new sandbox (to test apps securely)