Advice Request Old Software is it ever safe to use?

Please provide comments and solutions that are helpful to the author of this topic.

Stopspying

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
I think that it depends on the software and the reputation of both it and its creator/vendor. I'll use ShadowDefender as an example here, the linked MT thread indicates users views on this software and the difference between how it has been maintained (the need for updating it) and the way that its website has been.

malwaretips.com

Advice Request - Is Shadow Defender officially dead now?

Some time ago I saw someone on MalwareTips saying that Shadow Defender got a new update. I think it was 1.5 as far as i remember. I still had 1.4 and decided to check the Website of the creator. It's been dead for days now and as he never really updated the software for a long period of time, my...
malwaretips.com malwaretips.com
 
  • Like
Reactions: Deletedmessiah, MegenM, Nevi and 8 others
F

ForgottenSeer 85179

ng4ever said:
Let say it is discontinued or the developer stopped updating it ?

Anyway to safe guard old software or not really? Does it depend on what it is ? Curious if it is possible is all.
Click to expand...
At worst (and most case) you can get infected by such software.
Only with AppContainer apps this isn't a problem yet.

Opc9 said:
You can try running the older program in a virtual environment. I use Sandboxie.
Click to expand...
I recommend Windows Sandbox / using Hyper-V.

Sandboxie is a security desaster:

NVD - CVE-2018-18748

nvd.nist.gov nvd.nist.gov
Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file.
Click to expand...
 
  • Wow
  • Like
Reactions: Nevi, show-Zi, Kongo and 2 others
Freud2004

Freud2004

Level 10
Verified
Well-known
Jun 26, 2020
440
ng4ever said:
Let say it is discontinued or the developer stopped updating it ?

Anyway to safe guard old software or not really? Does it depend on what it is ? Curious if it is possible is all.
Click to expand...

The obvious answer ill be old software is must less safe. But it doesn't work like that, depends on the developer of the software.
Some software developers concentrated in resolving bugs and security issues other just in the bugs of their software, so it's not a linear thing.
So, my recommendations its update the software if you can, but if some old software its real necessary why not.
Install a good security solution, it will help to mitigate the lack of updates of some software.
For example, until a month ago I use Rocketdock, it's a software that don't have support since 2007, but I really like that dock now I have replaced for nexus dock.
 
  • Like
Reactions: ng4ever, Nevi, show-Zi and 2 others
P

plat

Level 29
Top Poster
Sep 13, 2018
1,793
SecurityNightmares said:
Sandboxie is a security desaster:
Click to expand...

Sandboxie 5.26 is a very old version, it's been revised a number of times since then.

Current Plus and Classic versions are 0.7.4 and 5.49.7 respectively. The current developer acknowledged there were glaring vulnerabilities and he fixed them. I use his software now without qualms. :cool::whistle::coffee:

www.wilderssecurity.com

Sandboxie Technologies (SBIE Open source) (VERSION 5.33.6 ONLY!)

And for "conservative" users of Sandboxie (like me) it would be of interest to learn if Bo's and Special's critical remarks (= possible opening of new...
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
  • Applause
  • +Reputation
Reactions: ng4ever, SeriousHoax, Nevi and 7 others
show-Zi

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,464
I am interested in updating the files that are called and used, such as .dll.
My pc has a mix of different versions of .dll and .exe related to FFmpeg.
I recently read a topic about FFmpeg being updated. In this case, should I replace all the files with the latest ones?:unsure:
 
  • Like
Reactions: ng4ever, Venustus and Nevi
P

plat

Level 29
Top Poster
Sep 13, 2018
1,793
SecurityNightmares said:
That's not the point. The point is that user trust such software and if it use insecure stuff like that, it cant be trusted at all.
This isn't a simple bug, it's an fatal design error.
Click to expand...
Did you happen to read what the developer said in my Wilders link in post #7? What "insecure stuff" are you referring to? He fixed these vulnerabilities, he rebuilt a lot of SBIE code from scratch since it went open-source. There are several independent testers involved, he's not just throwing SBIE out there and saying: "It's safe, trust me." He has 22 contributors to his Sandboxie project alone,: check it out on his GitHub page.

If a security software is found to have "fatal design errors," I'll be among the first to discontinue its use. But one has to show me solid documentation. The developer is collaborating with independent testers since over a year already, like this one. I haven't heard of any recent Sandboxie bugs but you know something? HitmanPro got a patch to its kernel driver very recently. OMG a bug! 😱

www.wilderssecurity.com

Hitman Pro Support and Discussion Thread

We're currently having Trojan.FakeAV remnant detections in combination with Bitdefender and/or Trend Micro setups. We are working on solving these...
www.wilderssecurity.com www.wilderssecurity.com

OK, so some don't like Sandboxie, that's fine. BUT, give me proof of CURRENT issues! That's all I ask. 😒:whistle::coffee:
 
  • Like
  • Applause
  • +Reputation
Reactions: Deletedmessiah, ng4ever, SeriousHoax and 5 others
wat0114

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
620
If it's an old web browser not being developed and updated, then no way in my books would it be safe to use. Otherwise if it's some obscure utility for example, then it's probably safe to use. I think it really comes down to what hackers are targeting.
 
  • Like
Reactions: Behold Eck, Deletedmessiah, ng4ever and 7 others
jackuars

jackuars

Level 28
Verified
Top Poster
Well-known
Jul 2, 2014
1,717
If you are sure that the software is discontinued, just block the "old software" from connecting to the internet with a firewall, and let it run locally.

My preference would be for softwares that is maintained by their respective developers, unless the software that you are dealing with has no good alternative. Unless the software that you are using are critical to be updated, i.e browsers, password managers, antivirus etc, you are fairly safe.
 
  • Like
Reactions: Behold Eck, Stopspying, Deletedmessiah and 3 others
jackuars

jackuars

Level 28
Verified
Top Poster
Well-known
Jul 2, 2014
1,717
ichito said:
Except situation when outdated is firewall? :) I'm still using XP with Kerio 2.1.5 from 2004 :cool:
Click to expand...
I admire you for still using XP in this era, when support for Vista, Win 7 and Win 8 ended a good while back. If it's system resources that prevents you from updating, I got one word for you, "Linux".
 
  • Like
Reactions: roger_m and Venustus

Similar threads

Amnesia
    • Like
Advice Request Decade old Firewall hardware, a huge security risk or beneficial under the right usage?
Replies
9
Views
344
General Security Discussions
simmerskool
simmerskool
lokamoka820
    • Like
Advice Request Is It Safe to Delete Empty Folders Found by HiBit Uninstaller?
Replies
8
Views
461
System utilities
SeriousHoax
SeriousHoax
simmerskool
    • Like
    • Applause
Advice Request Manjaro & vpn
Replies
38
Views
917
ChromeOS & Linux
lokamoka820
lokamoka820

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top