10 old, risky applications you should stop using

[Batu69]

Here's a security hole problem: Keeping around applications that have reached the ends of their lives, are no longer maintained by their original developers, and do not receive security updates

Expired

Applications that have reached the ends of their lives, are no longer maintained by their original developers, and do not receive security updates are a problem. However, many users forget to remove these applications from their machines or do not realize that they pose a danger.

"If a program is end-of-life, uninstall it," says Kasper Lindgaard, director of research and security at Secunia Research, which has compiled a list of the riskiest applications. "If you are no longer using a program, uninstall it so that you do not end up forgetting about it. If you leave it sitting in the background it may become outdated and unsecure."

In 2013, the number of end-of-life applications on user machines was between 3 and 4 percent, but it's hovered between 5 and 6 percent for the past 12 months.

According to a report Secunia released at the end of October, the following are the 10 riskiest applications, based on market share.

Adobe Flash Player 18.x

Originally released: June 2015

The standard version of Flash Player 18 was superseded by Adobe Flash Player 19 in September, according to Secunia, although the extended support release is not yet end-of-life. Historically, the previous version of the Flash Player is typically the most common end-of-life program on user machines. In July, Flash Player 17 was the top end-of-life application, with 78 percent, and in April it was Flash Player 16, again with 78 percent. In January of this year, Secunia reported that Flash Player 15 was the riskiest application, with 73 percent. And in last October's report, Adobe Flash Player 14 was end-of-life but still on 77 percent of machines.

Microsoft XML Core Services 4.x

Originally released in 2009, support ended in April 2014. At that time, the application was on 79 percent of machines, and 43 percent of installations were unpatched, according to Secunia, so it was risky even while it was still supported. By this time last year, the application was still present on 76 percent of machines.

Many users do not know that this application even exists. In other cases, removing it might cause other software to stop working.

Oracle Java JRE 1.7.x and 7.x

Originally released in in 2011, support ended in April 2015, though the extended support release is not yet end-of-life.

Java is commonly loaded by Web browsers, making it a popular avenue for attacks. And, like Microsoft XML Core Services, it was typically unpatched. Before support ended, Java JRE 1.7 and 7 were on 44 percent of user machines, with 80 percent of installations unpatched.

Google Chrome 44.x

Originally released in July of 2015, it was superseded by Google Chrome 45 in September.

The previous two versions of Chrome and Firefox browsers have made the top 10 list of Secunia's end-of-life reports for the past two years, as users take their time upgrading to the newest releases.

Google Chrome 43.x

According to Clicky Web Analytics, which calculates browser market share based on traffic to over 500,000 websites, Chrome 43 had a slightly longer transition period than typical, possibly because of the summer season when users were more likely to be away from a computer and not do the update immediately.

Originally released in May of 2015, it was superseded by Google Chrome 45 in July.

Mozilla Firefox 39.x

Originally released this July, it was superseded by Firefox 40 in August.

According to a survey conducted by Mozilla a couple of years ago, most users fail to update their browsers either because they're happy with their existing setup and don't see any pressing need, or they don't have the time to do an upgrade and have postponed it until they're less busy.

Mozilla Firefox 40.x

Like Chrome 43, Firefox 40 was replaced in mid-summer, leading to a slightly longer than usual transition period. Originally released this August, it was superseded by Firefox 41 in September.

Adobe AIR 18.x

Originally released in June 2015, but Adobe AIR 19, the current version, was released in September.

Adobe AIR allows developers to package the same application for multiple platforms -- Windows, Macintosh, iOS, and Android. At least a couple of versions of Adobe AIR have been in every Secunia end-of-life top-10 list for the past two years.

Oracle Java JRE 1.6.x and 6.x

Before support ended in the second quarter of 2013, Secunia reported that Java JRE 1.6 and 6 were present on 53 percent of all machines -- with a 75 percent unpatched rate. The following quarter, the software was end-of-life, but was still present on 39 percent of machines. It's been hanging around the longest of all the major end-of-life applications, as some users aren't aware they still have it, or retain older versions to maintain compatibility with applications. Originally released in 2006, support ended in February of 2013, though the extended support release is not yet end-of-life.

Adobe AIR 3.x

Adobe AIR 3.x was on the top 10 most vulnerable applications list in the fourth quarter of 2013, before support ended. It was present on 43 percent of machines, with a 52 percent unpatched rate. But that unpatched rate automatically becomes meaningless when an application goes end-of-life since hackers continue to find new vulnerabilities. Even installations that had been fully patched before will become vulnerable once support ends and the vendor no longer releases patches. Originally released in 2011, the successor AIR 4 was released in January 2014.

Article source

[HX1]

Well, you will get CFi Shell Toys when you pry it from my dead cold archive....I still to this day have no valid option ( with the same options.. or manner of operating ) for controlling my Context Menu..same for Serif Font Manager X3... no option to virtually mount fonts out there.. or manage them quite the same way... SuperHashCalc.. ( I can't even read the site ) same thing...

Quite a few others in there... several others in there.. thankfully not Air or Flash... :P

Gets to me sometimes how moving forward we loose something in the development aspects of applications.. and the more advanced options that are needed...

[dMog]

you forgot the biggest one of all...windows XP

[exodius]

you forgot the biggest one of all...windows XP

Windows xp is not an application. :lol:

[jtmulc]

I count 6 applications, with multiple versions of the same program. If Firefox 40.x is too old and been superseded by newer versions, its stands to reason that all previous versions are as well.

[HX1]

Yeah, in a way good advise.. yet not as in-depth as it should be to explain it.. but then again who writes an article about penetration testing, and vulnerabilities on every app.. even the current versions?

[SURbit]

Yeah, in a way good advise.. yet not as in-depth as it should be to explain it.. but then again who writes an article about penetration testing, and vulnerabilities on every app.. even the current versions?

I'm with you there and to add how to check if your running which of Microsoft XML Core Services

and since it's a core system component how to remove or an update takes care on that.

I don't know a lot but I can read and then trial and error honing in on how to do something.