Older software is less secure, so always use the brand new version
June 14, 2007
Myth: “Older software is less secure than the newest release, so always upgrade to the brand new version as soon as possible”
The most obvious reason this cannot always be true, is that you will hear the opposite said just as often and with as much conviction!
So where does the truth lie between these two opposing extremes? Quite apart from the cost to your business in terms of buying software and disrupting operations, retraining users and so on, you have no way of knowing that a newer product is necessarily more stable than its predecessor.
It is true that if you do some research on a ten-year old piece of software you will find many more references to security weaknesses than for current versions, but in many cases that can be attributed to the length of time people have had to discover them. Often these weaknesses will have been fixed through the release of patches or minor upgrade versions.
In some cases this will mean that the lesson has been learned and a newer version will not be vulnerable to the same problem, but as more features are added and programs become more complex, there is an increasing chance of introducing new errors.
Don’t use old software without patching it
It is also clear that if you use an old version with all its flaws intact, you are putting yourself at risk – not just of a security breach but of system crashes, loss of data and so on. Make sure you install all the updates (also called service packs or ‘patches’) made available by the software authors to minimise this risk.
You should also pay attention to the lifecycle of the product, since many manufacturers will have a cut-off date after which they provide no new fixes, even if serious problems are discovered.
The simple advice would be to use a reasonably recent version that will not go out of support while you are still using it, and keep it as up to date as possible when fixes are released.
Some might argue that you should never use the very latest brand new release until it has had a while for others to discover the flaws and get them fixed before you suffer, but the very latest version will also have had the least exposure to malicious parties attempting to find the holes in it. Only you can decide on this depending on your overall approach to risk, but whatever you do, keep it up to date.