Software updates can be annoying. They take time to install, move (or remove) features you use—and sometimes they even break things. Still, we recommend updating (and upgrading) your software whenever possible. The internet is a dangerous place.
Security Updates 101
The operating systems and applications you use every day almost certainly have security flaws in them. Writing software is complicated, and these flaws are regularly being found. When they are, they’re patched with security updates.
If you regularly install updates—many modern applications do this automatically—you’ll get the security update and you’re safe from that avenue of attack. If you don’t install the updates, there’s now a known attack that can be used against you. If you’re using an old and unsupported version of an application that isn’t getting these latest updates, that’s also a problem—you need to upgrade to a modern, supported version of the application that is getting them.
In other words, if you’re running Word 2000 on Windows XP, you’re in trouble. There are years and years of known security flaws that could be used against you—even just downloading and opening a DOC file could be dangerous.
What’s the Risk, Really?
There are many types of security flaws, but it’s very common for bugs to let seemingly legitimate files compromise software. For example, a specially crafted JPEG image or MP3 music file could exploit a known flaw in an application to run malware. A problem in a web browser could let a malicious website bypass your security and install malware. An operating system problem could let a worm compromise and take over your system.
With access to your computer, an attacker could install malware, execute a ransomware attack that holds your files hostage until you pay up, place a keylogger on your system that sends your passwords and credit card numbers to a criminal, or captures your personal data and uses it for identity theft. A RAT could even hide in the background and take compromising photos of you on your webcam.
You can protect yourself by ensuring your software is up-to-date. Be sure you’re using applications that are still supported with security updates, and ensure they’re set to automatically install those updates, if possible.
Not Just Web Browsers and Operating Systems
Vulnerabilities in web browsers can let malicious web pages take control of your PC or install malware. Likewise, security holes in operating systems are pretty dangerous and can let worms and other malware bypass your security.
But it’s not just about web browsers and operating systems. Other applications on your computer can have security holes, too. For example:
- Microsoft Office has had numerous security flaws, and not just in Microsoft Outlook or macros. That old copy of Word 2000 may still fit your needs just fine, but it has security flaws that could be exploited—all you’d have to do is download and open a malicious DOC file or perhaps even copy-paste a malicious image file into Word. Office 2010 is supported with security updates until October 13, 2020. If you’re using an older version than that, it’s vulnerable.
- File-archiving and unzipping tools like WinRAR, 7-Zip, and WinZip have had security flaws. If you download and open a malicious archive, it could install malware on your PC. Security fixes in newer versions of the file-archiving tools fixed this problem.
- Photoshop and other image applications have had a variety of security flaws that could result in malware attacking your system if you open a malicious image file.
- Media players like the popular open-source VLC media player, Apple’s iTunes, and Spotify have had bugs that could let your PC taken over when you open a malicious music or video file.
These are just a few examples. If there’s an application on your system that communicates with the internet or opens any type of file downloaded from the internet (even an image, text, music, or video file), it’s potentially vulnerable to some type of attack.
By installing updates when they’re available and ensuring you’re still using a supported version of the software that is getting updates—for example, not a too-old version of Microsoft Office or Adobe Photoshop—you’ve ensured your software isn’t vulnerable to any known security holes.
You Don’t Always Need the Latest Versions
Updates are necessary, but immediate upgrades to major new versions aren’t always required. While it’s a bad idea to use out-of-date software that’s no longer getting updates, many companies and developers support older versions of software with updates for a while before requiring you upgrade to the next big release. For example:
- Windows 8.1 Is Still an Option: While Windows 7 and Windows XP are no longer supported, Microsoft still supports Windows 8.1 with security updates until January 10, 2023.
- Microsoft Office Gets Years of Updates: You don’t have to pay for Microsoft 365 or buy the latest version of Office every time it comes out. If you own Office 2016, for example, it’s still supported with security updates until October 14, 2024.
- macOS Gives You a Few Years: Apple doesn’t have an official written support policy, but the company generally supports the three most recent versions of macOS with security updates. So, even after a new version of macOS comes out, you probably have about two years to stick with your current version, if you like.
- Firefox ESR Offers Slower Browser Updates: If you want a browser that changes less often, Mozilla offers an “Extended Support Release (ESR)” of Firefox. The standard version of Firefox gets major updates every four weeks, but the ESR version gets major updates every 42 weeks. However, Mozilla keeps the ESR version updated with security updates.
The above options are supported with security updates—and that’s what matters.
But What About…?
Sure, there are some ways around this. if you have an old PC that you’ve “air gapped”—in other words, it’s not connected to the internet—and you run some old software on it, that’s likely fine.
Of course, if you downloaded a malicious file and took it to that computer where it attacked an older application, that could result in ransomware locking access to your files.
Ultimately, it’s important to realize the risks—and there are risks—of running out-of-date software. You don’t always have to run the latest software versions, but you should run software that’s still supported with updates.
If you still depend on an old application that isn’t getting updates anymore, we recommend finding a more modern replacement for it. That likely means learning something new, but at least you’ll have secure, supported software.
Of course, you don’t have to follow our advice. You can run whatever you like. Just be aware of the risk you’re taking if you continue running unsupported software and exercise caution, whether that’s air-gapping your PC or perhaps even running the older software in a sandbox or virtual machine.