We have all seen the headline "Company X will no longer support ABC software as of (insert date)," but do you know what it means?
When software companies release new versions of software, the old version is not shut down. A period exists when the old version is still available for sale, and performance and security features are updated. The typical first step in phasing out an old version is to reduce and eliminate the marketing. During this period, the focus is on selling the new version of the product while still supporting the old version with performance and security updates. In the second phase, the old version is no longer for sale but is still being supported with performance and security updates. In the final phase, the company stops supporting the old version completely. At this time, we see the news release "Company X will no longer support ABC software as of (insert date)." On that date, the company stops adding performance and security updates.
For example, Microsoft released Windows 1.0 in November 1985 and Windows 10 in July 2015. In between, Microsoft released dozens of products. For example, Windows XP was released in October 2001 and supported until July 2014. Windows XP has not been updated since July 2014. In short, no features or security patches have been added since July 2014.
When software is released, the company continues to work to improve the product. At the same time, cybercriminals work to find ways past security to install malware and to steal information or money. When a security breach is identified, the company works to identify the weakness and increase the security to prevent similar intrusions. The company will send a message to users to update the software as soon as security improvements are ready. When a company has product and security improvements ready a message is sent to users to update the software. The longer it takes for the company to identify a problem and create a new firewall, the longer users are at risk.
Many malware and ransomware attacks target older versions of software with known security weaknesses. Two situations where old software with security weaknesses exist are (1) users that have not installed an available update and (2) unsupported software. In the first instance, the user can simply install the update – hopefully before anything bad happens. In the second case, no security update is available nor will any become available. In the example above, security weaknesses that have been identified since July 2014 will never be fixed.
The weaknesses in unsupported software will be left to be exploited indefinitely by cybercriminals. Keep all of your apps up to date and don’t use unsupported software.