May/June 2020

Product Watch

Using End-of-Life Software Could Make Your Computer Sick

Daniel J. Siegel

Imagine preparing a meal using milk and other food after the “use by” date on their packages. Or, imagine using medicine months beyond the “discard after” date printed on the label. You wouldn’t do it because you might contract E. coli, listeria or salmonella. If the expired medication did not work as intended, not only could your medical condition fail to improve, but it could get worse.

So why do computer users often use software that is no longer supported by its developer? That means that the developer is no longer proactively protecting users from security risks, such as viruses, malware and ransomware. In other words, using unsupported software, often called “end-of-life” (EOL) software, may expose your computer and others on the same network to risks that could easily spread to other computers.

Thus, instead of reviewing the latest and the greatest, I am devoting this column to explaining why users must stop using old and moldy software. Consider Windows XP and Windows Server 2003. When Microsoft stopped issuing updates and patches, devices with these operating systems became significantly more exposed to security threats.

Numerous popular software products and operating systems have either reached or will soon reach their EOL. The most current example is Windows 7, for which Microsoft ended support on Jan. 14, 2020. This turned out coincidentally to be the same date that Microsoft released an emergency update for Windows 10, an update prompted by information provided to Microsoft by the National Security Agency.

Microsoft had previously explained the dangers of still using the software: “If you continue to use Windows 7 after support has ended, your PC will still work, but it will become more vulnerable to security risks and viruses because you will no longer receive software updates, including security updates, from Microsoft. Microsoft strongly recommends that you move to a new PC running Windows 10 to avoid a situation where you need service or support that is no longer available.” This statement turned out to be remarkably prescient in light of the emergent security update for Windows 10.

In addition to Windows 7, numerous other Microsoft products will end support in 2020, including most of the products included with Microsoft Office 2010 and 2016, such as Outlook, Word and Excel. End-of-life dangers apply not only to Microsoft products but also to numerous software and hardware from other companies. For example, support was scheduled to end on April 7, 2020, for the 2015 standalone/classic versions of Adobe Acrobat DC and on Oct. 1, 2020, for WinZip 21.5. Support has already ended for Windows 10 versions 1703 and 1803. To determine which version of Windows you are running, go to https://support.microsoft.com and type in “Which version of Windows operating system am I running?”

Many users never check to see if they are running unsupported software. But they should, and if they discover they’re using outdated products, they should update or upgrade immediately.

It is critical to note that using a firewall, antivirus software and other security suites does not protect against unpatched or unpatchable dangers and are an invitation to hackers to do their dirty work. Thus, there are many risks of running unsupported software, including the following:

  • Security vulnerabilities: Because manufacturers only release security fixes in limited (and always dangerous) situations, EOL products are replete with security hazards.
  • Software incompatibility: New software products are designed to work better with newer operating systems and other software.
  • By using EOL products, you may not be able to upgrade other software, which can also become security threats.
  • Lack of support: If your software is at EOL, there is probably no technical support for it, which means that any questions you have about how to use it will probably not be answered.
  • Unanswered questions can lead to mistakes, which can impact security and functionality.
  • Compliance issues: If your practice includes working with regulated entities such as health-care providers, who deal with sensitive and confidential information, use of outdated software could expose you and your clients to risks that could endanger their company or lead to fines and other risks.
  • Poor quality: The older your hardware and software, the greater the likelihood that these items are no longer under warranty. This leads to a greater likelihood of breakdowns and the increased costs associated with such breakdowns and repairs.
  • Slow performance: New software and hardware run more efficiently—that is, faster—than their older counterparts. End users, such as your staff, often do not realize how much time is wasted waiting for programs to load, for websites to appear and other computer actions. Upgrading to new hardware and software can dramatically improve your office’s productivity.

The Center for Internet Security (cisecurity.org), a nonprofit organization devoted to safeguarding private and public organizations from cyber threats, publishes a monthly End-of- Support Software Report List because it recognizes that “the process of finding [EOL] dates and locating all the instances of obsolete products can be a difficult and time-consuming task.”

There are situations when a firm may need to use unsupported or outdated software, but they are generally rare. When confronted by this situation, it is important to balance the benefits of running the software against considerations such as whether there is a newer, and supported, product that meets the firm’s needs. These decisions should be made on a case-by-case basis in consultation with the firm’s IT staff or consultants.

Because most firms do not inventory the software on every user’s computer, it may also be helpful to perform a network inventory. Fortunately, there are many products that can assist. One helpful free product is Spiceworks Inventory, which you can download. The program will automatically inventory all of the PCs, Macs, Windows and Linux servers, switches, etc., on your network, help you track warranties and the age of your system and provide other helpful reports.

In summary, end-of-life hardware and software pose huge risks for law firms. With appropriate planning, you can avoid the dangers of “curdled” software. Difficult or not, getting rid of EOL products should be a priority for every law firm.

Entity:
Topic:

Daniel J. Siegel

Attorney

Daniel J. Siegel is an attorney whose practice focuses on appellate law and providing ethical, technoethical and professional guidance to other attorneys. He is also president of Integrated Technology Services, a consulting firm that assists law firms with improving their workflows.