navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: when are end of life/insecure programs vulnerable?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as resolved.
taffy078 when are end of life/insecure programs vulnerable?
Contributor 13th May, 2010 16:14
Ranking: 408
Posts: 1,352
User Since: 26th Feb, 2009
System Score: 100%
Location: UK
This post was prompted by the Cyberlink PowerStarter thread and also that when reinstalling my programs to my Desktop this morning following a new hard drive, I saw those ever-so-familiar warning words "Adobe Reader/Flash"!

Can such programs be exploited at [u]any[/u] time or only if they are running when you are using the internet?

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003

Post "RE: when are end of life/insecure programs vulnerable?" has been selected as an answer.
ddmarshall RE: when are end of life/insecure programs vulnerable?
Dedicated Contributor 13th May, 2010 17:41
Score: 1219
Posts: 971
User Since: 8th Nov 2008
System Score: 98%
Location: UK
An attacker needs to get their exploit onto your computer. This could be via the internet, an infected Flash drive, CD or DVD. If you don't use any of those you should be safe.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
michaelsalis RE: when are end of life/insecure programs vulnerable?
Member 13th May, 2010 23:53
Score: 57
Posts: 141
User Since: 18th Feb 2009
System Score: 98%
Location: UK
Last edited on 13th May, 2010 23:54
hi Taffy

As far as I understand so long as you have an insecure program/plug in on your computer it is vunerable at anytime, particularly when online.

Of course especially with Flash as so many websites use it.

I could be mistaken in my understanding, however, I prefer to err on the side of safety.

My understanding is also that so long as you have a good security program it can stop any malware being actually installed on your computer even if attacked. Of course this is only the case if your software is upto date and the vunerability can be protected by your security software.



--
Michael
Toshiba Satelite A660
Intel i7
Windows 7 Ultimate
IE9

Toshiba Equium Laptop
Intel Centrino Duo
Windows Vista Ultimate SP2
IE9
Was this reply relevant?
+0
-0
puget1 RE: when are end of life/insecure programs vulnerable?
Member 14th May, 2010 00:24
Score: 0
Posts: 551
User Since: 21st Dec 2007
System Score: N/A
Location: US
Last edited on 14th May, 2010 00:33
"Zero" day virus are viruses that have come out for the first time and have not been seen by any malware, anti-virus programs thus a defense has not been devised. I have seen/heard of this once with a hijack of a address book. The battle of the hackers is to learn code and thus break it. It takes time on their part. That is why they play probability i.e. say 90 to 95 % of the world uses Windows therefore hackers devise code for windows . Using Linux greatly reduces the probability as not that many people use it anymore. Secondly, that is where Secunia comes in. By changing and updating your programs forces hackers to have to go back to the drawing boards thus keeping you safe for the time being. Things like streaming video/media because of using it for long periods again up the probability of hackers entering your p.c. that is why they use it. IT IS REALLY A GAME OF PROBABILITY or Russian roulette in which you are trying to stay ahead of the BAD guys. Hopefully, your firewall keeps them out during none internet sessions that is where the ole dial up gave a little more protection. None continuous connection to internet.

--
Gone to Linux permanetly












Was this reply relevant?
+0
-1
This user no longer exists RE: when are end of life/insecure programs vulnerable?
Member 14th May, 2010 08:33
Last edited on 14th May, 2010 08:38 Hi,

All Secunia Advisories (SA's) come with Criticality ratings, and explanations of how they can be exploited. To see more details about various Criticality ratings and other information, please see
http://secunia.com/advisories/terminology/

A "Zero Day" refers to a vulnerability, and not a virus. A "Zero Day" vulnerability is one that is being actively exploited by Malware, and which hasn't been patched by the vendor.

An "End Of Life" program is no longer supported by the vendor. This means that no more patches are revealed, and it usually won't be checked for vulnerabilities, and that if some are found, they won't be fixed.

Hope this helps.

Was this reply relevant?
+0
-0
taffy078 RE: when are end of life/insecure programs vulnerable?
Contributor 14th May, 2010 10:09
Score: 408
Posts: 1,352
User Since: 26th Feb 2009
System Score: 100%
Location: UK
thank you everyone. Very useful! I'm in the middle of reinstalling everything after having had my C drive replaced.
I'm sure I'll be back, especially re Shockwave!

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+