Blog / Why is keeping software past its EoL so dangerous?
Let’s talk about EoL (End-of-Life) software.
As regular readers likely know, I’ve harped on using software beyond its End-of-Life (EoL) date in the past. There are plenty of reasons why it’s a bad idea, not the least of which is that pretty much every regulation and/or privacy law on the planet says (and I’m paraphrasing here): “Don’t do it.”
So why exactly is using unsupported software a bad idea, or is it just a cash grab by software companies? Honestly, that last part depends on the vendor so be sure to vet any vendor before getting involved with them, but regardless of occasional unscrupulous business practices, there can be serious consequences for using deprecated software. Foremost among these is having an insurance claim for a costly attack get refused, as most cyber-insurance policies these days include clauses specifically requiring organizations to only use live, actively-supported applications.
Need another reason to avoid EoL software? How about the fact that it’s not tested for vulnerabilities? When developers end support for an application, there’s no more reason to test it for vulnerabilities. Once software has past it’s EoL the company that developed it is no longer responsible for it, kind of like when a car warranty expires.
Why are we talking about EoL now?
There are two main reasons for bringing up software EoL again now:
- Windows 10 will be going to reach its EoL in less than two years now (Oct 25, 2025).
- When you’re talking about replacing the OS for your entire organization, two years isn’t nearly as long as you might think.
- Exchange 2013 reached its EoL nine months ago (Apr 11, 2023).
- Exchange 2013 was released eleven years ago to the day (Jan 9, 2013) but is still used by a lot of organizations all over the world. Exchange servers are typically connected directly to the internet via SMTP and OWA (Outlook Web Access) so using a deprecated version can be especially dangerous.
Although it may sometimes be necessary (for a variety of reasons), in which case appropriate steps need to be taken (frequent backups, isolation, etc.), using software past it’s EoL date is always a risk. To paraphrase the old saying, it’s better to have cyber insurance and not need it, than to need cyber insurance and not have it. The last thing you want to do is jeopardize your coverage; even if it’s unrelated to an attack, just having EoL software in your tech stack will likely torpedo any chances you have at successfully making a claim.
Today’s Shakespeare quote comes from Titus Andronicus: “If one good deed in all my life I did, I do repent it from my very soul.”
If you’d like help preparing for the EoL date of your software or OS applications, contact TRINUS today and we’ll be happy to help out with some stress-free IT.