Upgrade or die: Old vulnerabilities are prime targets

Anyone who remembers life before the Graphic User Interface can tell you that the older a system is the more vulnerable it becomes to infections, breakdowns and abuses of all kinds. Now, researchers at Fortinet have confirmed what you probably already suspect: The longer a vulnerability has been around the more likely it is to be exploited, and replacing unsupported legacy software is a good idea.

A recent white paper by security strategist Derek Manky examines attack patterns over the last 13 years and finds that despite a growing number of vulnerabilities being discovered over time, it is the older flaws that are the most popular targets.

Vulnerabilities that have been discovered since 2010 are barely being touched — fewer than half a million attacks a year — while 2003 apparently was a vintage year; there have been nearly 48 million attacks against vulnerabilities that were discovered then.

Related story:

Surprise: 57 percent admit to using pirated software

Bitter end: XP users grudgingly give way to Win 7

Overall, Windows XP is far and away the most popular target, with Vista coming in second. Windows 7 has barely been scratched.

Part of this is because of better software design, Manky wrote. It is harder to get a working rootkit for Windows 7 because it is better protected. It also is partly a matter of time. “The older the vulnerability, the more time there is for hackers to obtain the necessary code in order to create and execute successful attacks against users,” he wrote. Piracy also contributes to the problem, since unauthorized installations are not supported.

But mainly it is a result of a lack of adequate patch management, because these are all known vulnerabilities with fixes available. With the approaching end of life for the beloved XP, patching and updating will become more problematic. And with the imminent release of Windows 8, administrators are going to have to decide soon about upgrading to the newest — or at least a newer — version of the operating system.


About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Wed, Sep 12, 2012 Bob Seattle

Are we experiencing the front-end of Win8 marketing here...? "You really should upgrade because we're fixing what has been broken for years. That will be $249.95. Thank you."

Wed, Sep 12, 2012

@ Col. Panek, I agree Linux Mint 13 is wonderful, have it running on all my home computers.

Wed, Sep 12, 2012 Col. Panek Rome, NY

If you're going to upgrade, try Zorin or Linux Mint. I did, never looked back. There's a version of Linux that will run on any old hardware.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group