outdated software - cause problems when NOT in use?

[electricpete]

The following software identified a large amount of software on my computer that is out-of-date, vulnerable for various reasons, and subject to being exploited by hackers.
Secunia Personal Software Inspector:

https://secunia.com/vulnerability_scanning/personal/

Much of the software was easily removed or updated. However some cannot be easily upgraded without a cost.

My question is: can software be exploited when not in use... or is it primarily a concern when in use?

Much of the software, I can limit to using while I am not connected to the internet. Would that be a reasonable strategy to limit the vulnerability? Or can it somehow be dangerous even without using it?

Examples of the software in question
Adobe Professional 7.0
MS Word,Excel, Powerpoint, Access (all 2000 version)

 

[stduc]

Personally I wouldn't worry too much. Especially if you have a decent firewall on your router and good antivirus installed. You would have to open an infected file with the vulnerable software to get infected. So, providing you don't download any dodgy Office files AND open them, etc.. You will be OK.

That's my take on it anyway. I'm sure I'll be corrected if I am wrong.

 

[satrow]

Provided your default pdf reader, for example, isn't set to open a file inside a browser and/or is disallowed to use any active scripting (like opening a clicked URL), then you should be safe(r). an example workaround:

http://www.adobe.com/support/security/advisories/apsa07-02.html

another:

http://www.pctechrx.com/DisplayAllInfo.asp?bId=16

By default, Secunia PSI scans all drives so it often picks up completely inert files and flags them as insecure. Like running CCleaner or installing some new software, always check the options and settings at every stage and check all options on the first opening of new software (and after any subsequent updates). The more you understand how your software interacts with other installed software, the safer you'll be and the easier it becomes to troubleshoot bugs and glitches.

 

[Noway2]

Windows may have some additional vulnerabilities given the way it associates file types with applications, for example the icon - usb flaw but generally speaking unless these applications are server functions the answer is no.

In order to be exploited, the needs to be a window of vulnerability. If you can keep that window to a minimum, you help mitigate the risk. With applications like word and excel, it is possible for malware to take advantage of un-patched exploits, but the malware would need to get on to your system first. If updating these applications is a problem (serious $$$), then consider focusing your efforts on good scanning utilities and being careful about intrusion vectors like file downloads.

 

[guitarzan]

The secunia program will also pick up outdated versions of java and flash player... and it's possible to have outdated versions of those programs installed along with the latest versions.

It's my understanding that old versions of those programs COULD be exploited, and should be removed. Is this correct?

 

[Noway2]

I would agree that outdated copies of things like Java and Flash player should not be used. I also think that there is little reason not to update them. I would also include things like browsers, PDF readers, etc. However, these kinds of applications don't typically have a significant (purchase) cost associated with them either.

Remember, it is possible to achieve a decent state of security to where you will avoid 99% of the threats using reasonable measures. It isn't necessary to become Fort Knox, and trying to do so will often times cause more problems than what you are trying to protect against.