Using Software with Security Updates
All software products, including operating systems and software applications, have a lifecycle. Any software products could reach their end of support date and become outdated. End of support refers to the date when the software vendor no longer provides security updates, patches or customer support, etc. Any new vulnerability discovered in the software product after its end of support will not be addressed by new security updates.
Potential Security Risks
Due to lack of security updates, attacker can intrude computer system by compromising end-of-support software product through unpatched vulnerabilities.
New security software may not be fully compatible with end-of-support operating system, resulting in limited protection of the computer system.
Encryption algorithm, Secure Socket Layer (SSL) protocol and other security standards supported by end-of-support software product may be less secure or become vulnerable to cyber attacks.
Check the end of support date for software products at the official website of software vendor and prepare a viable migration plan beforehand.
Uninstall end-of-support software products or upgrade to another software product that has security updates.
If there is a need to use end-of-support software product in the transition period, you should assess the security risks and adopt compensating security measures before using it.
Compensating Security Measures for Mitigating Risks
Pay attention to security news and information related to the software product and take appropriate responses, for example, stop using the product.
Use security software which can continue to support your computer system.
Enforce system hardening, such as disabling unnecessary software and services.
Use normal user account for daily work and avoid the use of administrator account whenever feasible because attackers usually run malicious code with the same access right of the logged-in user account.
Adopt software restriction tools to limit installation and execution of authorised applications only.
Use supported and up-to-date web browsers and plug-ins.
Avoid storing sensitive information or performing any sensitive operations such as e-shopping, stock trading or e-banking activities etc. on end-of-support computer system.