Security and the ‘if it ain't broke don't fix it’ mentality

"Why should I have to replace a computer that's working, even if it's 10 years old?"

That's not me speaking, it's a relative whose identity I'll protect (not that he would really care). There's a foundation of solid logic behind this argument, at least at first glance. The things I bought this computer for 10 years ago are things I do with it still, and it works. So why should I change it? It's possible -- not likely, but possible -- that this argument makes sense. But only if you're cut off from the world.

Security is the problem that makes your computer broken whether you know it or not. Your old computer is far more likely to be running old software. There's a decent chance it may not be capable of running current versions of software. So what do you do when someone sends you a .docx file and there's no way to read it in Office XP (2002)?

Just yesterday Adobe announced the end of life -- meaning the end of support -- for Reader version 9.x. This is a happy event, because Reader was, at one point, one of the most targeted programs on the planet and, with version 10, it became far more resistant to attack by running the most vulnerable parts of the program in a sandboxed architecture. Web browsers and parts of current Microsoft Office versions have adopted these sandboxing techniques too (in fact, Adobe got the techniques from Microsoft; they had their origins in IE7). Sandboxing uses CPU features which are common now, but which were once cutting edge. It also increases the processing and memory needs of the application. The end result: Your old computer is less able to run the more secure program.

And yet, we still find people running old computers and old programs all the time. A recent Microsoft security report described how there has been a rise in the exploit of vulnerabilities for old versions of Reader and Acrobat. These people are helpless against attack -- as long as they use Reader. Of course, if they were all that concerned with updates they might have updated to Reader X or XI by now. I don't pretend to understand the mentality.

Office is a little easier to understand because it costs cash money. It's easy to make the case that the copy of Microsoft Office you bought back in 2003 still does everything you need, even if it's a major security target and hasn't had an update in years. And then there's Windows XP itself, which (along with Office 2003) will receive its last security update next April. Running a version of Office prior to 2007 is unsafe and irresponsible. Tick tock..... Your computer is broken and it's not getting any better.

There's a case to make that the cloud and the app store model are the eventual solution to this problem. Updates are forced on us and, in the case of the cloud, it's impossible to run anything but the current version. Some people lament the loss of user control, but not me. User control has brought us far more trouble than it has been worth.

Photo Credit: ollyy/Shutterstock

15 Responses to Security and the ‘if it ain't broke don't fix it’ mentality

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.