Software, like milk, has an expiry date. It’s called the software’s End of Life (EOL). And just like your milk, when it reaches this date it’s time to throw it out.
It seems obvious when it comes to milk, but people have less hesitation holding on to out-of-date operating systems and software. What many people don’t realize is it’s just as bad, just to your server and business’s health.
In fact, more than a whopping 99 percent of malware and viruses that target software vulnerabilities enter through your old, outdated software, according to BDNA president Walker White. They do this by going after known weak points.
“These products may remain on a network and are not removed because no one is using them, and no one has turned off their lights,” White said. “A hacker will exploit that kind of leftover artifact.”
Makes sense, right? It’s easier to go after an exploit you know exists rather than try to find a whole new one to exploit.
Running EOL Software: Dangerously Common
Despite the obvious security risks in continuing to use EOL products, up to 50 percent of the average large business’s hardware and software is out of date, according to a BDNA report last month.
When a software manufacturer declares the EOL for a product, they no longer produce patches for security vulnerabilities in the product. That means running EOL software is like leaving your business’s back door unlocked for hackers.
The older your software is, the easier it is for hackers to mass-produce a key for it. And once inside, it’s not hard to take what they want—from bank details to employee data.
Hackers Search For EOL Software Users
A business may feel they are too small to be noticed by hackers, that they somehow need to be aware of the business to try hacking it. What they don’t realize is that hackers often develop and use automated scanning tools to scour the internet looking for systems containing vulnerabilities. An unpatched, out-of-support device connected to the Internet is a security risk to your business.
A great example of people using software after it’s EOL are users of Windows Server 2003 and Windows XP. Since no more security fixes are now offered by Microsoft, both products are a minefield of security hazards. Firewalls and anti-virus software are not sufficient protection against these unpatched vulnerabilities—ones well known and coveted by hackers.
Overworked IT Staff Are Often The Cause
The thing is, IT staff may not even know there’s EOL software remaining on some machines. There’s so much to do and so little time.
“IT spends 80 percent of its resources just to keep the lights on and 20 percent on new development — if they’re lucky,” White said. “There may be a new version of a product, but because you don’t have a clear view of what’s in your environment, you can miss the old version in your upgrade process.”
Many of them feel there’s no fundamental drive to change something that’s designed well and still works well for a fixed purpose. But again, running EOL software is like leaving your business’s backdoor unlocked every night. Just because nobody has broken in, doesn’t mean the situation is okay.
What Can Be Done To Discover EOL Products?
- Take a Network Inventory. There are software products out there that will help you do this, such as Spiceworks. However, you don’t want to entirely rely on an automated scanner to detect EOL software products.
- Pay Attention to EOL E-mails. When you’ve bought or subscribed to software, often developers will go out of their way to remind you several times when it’s reaching it’s EOL. When you receive these e-mails, pay attention! They’re about the stop supporting your software, so you need to upgrade.
- Check Software Websites. If you know a machine is running a certain type of software, and you’re concerned it may be out of date, check! Software manufacturers proudly advertise their latest products. And Google is your friend; it’s not that hard to check when something is out of date.
Do you think that 50% of businesses running EOL software is an issue?
Leave your thoughts in the comments, tweet @BackupAssist or post to facebook.