Last week in the "JoshMeister On Security" blog, the topic was about Apple’s Mac App Store, and the fact that software available from this store may not be the latest version.
The blog’s author – Joshua Long – uses the web browser Opera to illustrate his point. While Opera software recently published version 11.11 of Opera, the version available from Mac App Store is version 11.9. The JoshMeister blog points out – correctly – that this may jeopardize those who purchase Opera from App Store, as they will not get the latest version, which often has incorporated new security updates.
From the blog:
Users who rely on the App Store to tell them whether their software is up-to-date may not be aware of the security risks and may continue to use an unsafe version of the Opera browser.
The reason for this delay seems to be that Apple needs time to perform its approval procedures before any product is placed on its Mac App Store.
However, this issue is not restricted to Mac App Store. The point the blog makes is just an example of a more general problem, which includes software for all popular operating systems:
Software downloads from anywhere except from the vendor may not be the latest version.
This may be the case for downloads from
- resellers’ web pages,
- software webshops,
- popular download sites,
- result pages from web searches,
and perhaps the one source that you can be almost certain that is outdated:
- program installers available from CDs/DVDs.
The reasons for why the software is outdated may be perfectly legitimate, and in some instances a sound part of the provider’s quality control regime. Nevertheless, it will often be some delay between when the vendor makes the latest installer available as an Internet download and when this is populated among other entities that distribute the software installer.
Using older versions of software is a dangerous activity. Most malicious software exploits vulnerabilities that are known and usually patched by the vendor. If you are running a previous generation of popular application, there is a high probability that this has vulnerabilities known to cybercriminals and exploits exist. Exploits may even be available for purchase from the many commercial malware kits; see e.g. this security article from Norman.
In order to avoid running outdated and vulnerable software, you should follow some easy procedures:
- Check if there is a "check for new version" option in the application.
If yes, run this immediately after installation.
- If the application has any kind of "check for updates by regular intervals" option, you should turn this on.
- If there is no update option available from within the application, you should visit the software vendor’s web site to check if you are using the latest version.
If there is a newer version available, you will most likely have a safer Internet presence if you update to the later version (by following the vendor’s updating instructions).
Leave a reply