Call us

General Enquiries

0845 838 2050

Managing obsolete software risks

Managing the risks of obsolete software platforms

According to guidance from the National Cyber Security Centre (NCSC) the risks of using obsolete software are significant and result from two compounding factors:

    • Absence of security updates increases the likelihood that exploitable vulnerabilities will become known by attackers
    • Latest security controls and protections are absent in older software, increasing the impact of vulnerabilities, making exploits more likely and making detection more difficult

Over time, new vulnerabilities in obsolete software are discovered that can be exploited by relatively low-skilled attackers. Products such as antivirus offer even less protection than achieved on up to date systems, as signatures are typically not tuned to detect attacks targeted at obsolete systems.

As high-impact security incidents become more likely to occur, the results can be catastrophic, effecting an entire organisation. Timely response to security critical events therefore becomes increasingly important if obsolete software is present, to reduce any compromise spreading. This can place significant demands on already overstretched security teams.

NCSC recommend therefore that obsolete systems should be treated as untrusted, as should processed data and files sourced from the Internet, even if originating from a known third party.

Convert obsolete client systems to thin clients

One mitigation recommended by NCSC is to convert obsolete machines to thin client devices and use them only as an access mechanism to trusted internal services. Web browsing and business productivity applications can be performed via Web Applications or a VDI environment running a patched modern browser.

The approach applies equally to third party organisations where their own devices are used within or to connect to your environment - for example, suppliers that manage services within your enterprise environment.

Paradox for IT Transformation

In collaboration with UK Government, Becrypt have developed Paradox, a secure operating system and management platform for converting legacy devices into cost-effective endpoints offering a modern browser experience.

To find out more, contact

Paradox Secure Desktop

Find out more