End-of-life applications pose security risks
Five percent of Saudi PCs using end-of-life applications, 17% have unpatched OS says Secunia
The software industry needs to do more to raise awareness of the dangers of out-of-date applications and failing to keep up with patches, according to security specialist Secunia.
In a recent audit of PCs in Saudi Arabia, Secunia found that five percent of all PCs contained out-of-date applications that were no longer patched, and 17% of PCs had unpatched Windows operating systems.
With the expiration of support for Windows XP, the risks posed by old applications is gaining more attention, both in the industry and from hackers, said Kasper Lindgaard, head of research for Secunia, creating security issues for users that don't update their PCs and remove old programs.
"The trouble with ‘end-of-life' programs is that they are no longer maintained and supported by the vendor and do not receive security updates. They must therefore be treated as insecure. If you identify and remove End-of-Life programs, you have made your PC a great deal more secure," Lindgaard said.
"Taking into consideration the market share of Windows XP and the fact that newly discovered vulnerabilities will be unpatchable for private users, we will definitely see a rise in attacks. The rise is due to the discovery of new exploits and to the fact that future patches to the other Windows operating systems will be reverse engineered by hackers. The hackers are seeking to discover which vulnerabilities were fixed by Microsoft, and subsequently, if applicable, changed and applied to Windows XP."
The most common end-of-life program found in Saudi Arabia is Adobe Flash Player 11, which was found on 59% of PCs that were sampled at end of March this year. Other common end-of-life applications included older versions of Java Google Chrome, Adobe AIR, Reader and Shockwave Player, Mozilla Firefox and RealPlayer.
Microsoft XML Core Services was the most widespread unpatched application which had the highest risk exposure.
Lindgaard said that while the type and degree of exposure in Saudi is no different to that in other countries worldwide, the risks are the same, and the industry should do more to communicate them.
"The IT industry has an obligation to inform and educate the users. Software vendors have a number of opportunities to communicate directly with them. For example, when they download or update the program, by messaging within the program's user interface and via communication campaigns through email and SMS. For strong brands with engaged communities, there is also the option to promote security messages through forums, social media, etc," he said.