×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

outdated software - cause problems when NOT in use?

outdated software - cause problems when NOT in use?

outdated software - cause problems when NOT in use?

(OP)
The following software identified a large amount of software on my computer that is out-of-date, vulnerable for various reasons, and subject to being exploited by hackers.
Secunia Personal Software Inspector:
https://secunia.com/vulnerability_scanning/personal/

Much of the software was easily removed or updated. However some cannot be easily upgraded without a cost.

My question is:  can software be exploited when not in use... or is it primarily a concern when in use?

Much of the software, I can limit to using while I am not connected to the internet.   Would that be a reasonable strategy to limit the vulnerability? Or can it somehow be dangerous even without using it?

Examples of the software in question
Adobe Professional 7.0
MS Word,Excel, Powerpoint, Access (all 2000 version)



 

RE: outdated software - cause problems when NOT in use?

Personally I wouldn't worry too much. Especially if you have a decent firewall on your router and good antivirus installed. You would have to open an infected file with the vulnerable software to get infected. So, providing you don't download any dodgy Office files AND open them, etc.. You will be OK.

That's my take on it anyway. I'm sure I'll be corrected if I am wrong.

RE: outdated software - cause problems when NOT in use?

Provided your default pdf reader, for example, isn't set to open a file inside a browser and/or is disallowed to use any active scripting (like opening a clicked URL), then you should be safe(r). an example workaround: http://www.adobe.com/support/security/advisories/apsa07-02.html another: http://www.pctechrx.com/DisplayAllInfo.asp?bId=16

By default, Secunia PSI scans all drives so it often picks up completely inert files and flags them as insecure. Like running CCleaner or installing some new software, always check the options and settings at every stage and check all options on the first opening of new software (and after any subsequent updates). The more you understand how your software interacts with other installed software, the safer you'll be and the easier it becomes to troubleshoot bugs and glitches.

RE: outdated software - cause problems when NOT in use?

Windows may have some additional vulnerabilities given the way it associates file types with applications, for example the icon - usb flaw but generally speaking unless these applications are server functions the answer is no.

In order to be exploited, the needs to be a window of vulnerability.  If you can keep that window to a minimum, you help mitigate the risk.  With applications like word and excel, it is possible for malware to take advantage of un-patched exploits, but the malware would need to get on to your system first.  If updating these applications is a problem (serious $$$), then consider focusing your efforts on good scanning utilities and being careful about intrusion vectors like file downloads.
 

RE: outdated software - cause problems when NOT in use?

The secunia program will also pick up outdated versions of java and flash player... and it's possible to have outdated versions of those programs installed along with the latest versions.

It's my understanding that old versions of those programs COULD be exploited, and should be removed. Is this correct?

RE: outdated software - cause problems when NOT in use?

I would agree that outdated copies of things like Java and Flash player should not be used.  I also think that there is little reason not to update them.  I would also include things like browsers, PDF readers, etc.  However, these kinds of applications don't typically have a significant (purchase) cost associated with them either.

Remember, it is possible to achieve a decent state of security to where you will avoid 99% of the threats using reasonable measures.  It isn't necessary to become Fort Knox, and trying to do so will often times cause more problems than what you are trying to protect against.

 

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close