When contemplating updates to your business software, the motivation can vary greatly between vendors and applications. It is important to understand the reasons for updating software. From our perspective, updates are driven by need and performance. Updates are typically designed to patch vulnerabilities, improve functionality, and/or implement bug fixes. Unfortunately, there are other instances where software vendors choose to design incompatibility into their software. More about that later.
In this article, we are discussing what can be considered optional software updates. We feel that security-specific updates should be considered mandatory.
The Primary Reasons to Update
When speaking in a technical sense, the term vulnerability means that there is a “hole” or a weakness in a given software. These vulnerabilities live within the software code that makes up the program. These vulnerabilities - and their closely related exploits - are exposed over time. When a vulnerability is exploited by a hacker, or anyone else, it can then become common knowledge quickly. In response, software publishers employ their programmers to write “fixes” or “patches” that are then distributed as updates to the software you already own.
The EternalBlue exploit is a recent example of such a vulnerability. EternalBlue leverages a Microsoft Server Message Block protocol (SMB) weakness that allows attackers to execute malicious software code on remote computers. The exploit was employed by the WannaCry ransomware. An intelligence leak about the existence of EternalBlue became common knowledge across the Internet. As Microsoft and security vendors scrambled, hundreds of thousands of computers were attacked.
Updating for new or improved functionality is more straight forward. Features of the software that may not be ready at release - or may be unusable until a related component is available - may prompt future updates with updated functionality, or capabilities. Other such updates may install relevant information from a third-party such as the government. For example, you may periodically update your accounting software to install current payroll tax tables.
You may be familiar with the term “bug” or “software bug”. A bug is a problem in the software that was undetected, or unresolved, before the software was released. Bugs can be within a single software, or a reaction by one piece of software to another. This type of bug is considered an incompatibility, and is analogous to a drug interaction in healthcare. You may be experiencing known bug symptoms and not realize it. Generally, all software should be updated with bug fixes. Of course, there are instances where updates can create new incompatibilities.
The Industry Migration to Software as a Service (SaaS)
Over the past six years or so, the Information Technology industry as a whole has been shifting from the traditional model of purchasing software outright (and using it as long as you choose) to the SaaS model. In the new paradigm, software is hosted centrally and served to you in a web browser. The best example may be Microsoft’s Office 365. SaaS services are billed periodically and are continually updated. The benefit to the end user is lower upfront costs. The benefit to the software vendor is annuity; you can now be billed perpetually for the software you used to update when you had no choice. Why sell once what you can lease forever?
It is important to note that this new model spilled rapidly into hardware. A few short years ago, you could purchase a security appliance with every expectation that the vendor would deliver security updates with no recurring charge. Today, with few exceptions, you must buy the same security appliance with a subscription service. In some cases, if you fail to renew the subscription you not only receive no further updates, you may also have to pay a reinstatement fee back to your expiration. As consumers, we do not endorse this change, but there is an argument to be made.
Incompatibility by Design
Without elaborating on industry conspiracy theories on this topic, we will offer a few basic examples. The leader in the incompatibility by design race may have been accounting system software such as QuickBooks and Sage 50 (formerly Peachtree). These companies have passively enforced a multi-year, forced refresh cycle for many years. Most back-office personnel may recall a message from such systems to report that an upgrade is required to post and file tax data. There are few options, if any, and once the data is converted it may be unreadable by the prior version(s) of the software.
The other recurring topic we are seeing is two-fold. The first is Microsoft Office compatibility with the many versions of the Microsoft Exchange e-mail system. You can have an Exchange system in your building on what is referred to as an Exchange Server, or you can use a hosted system such as Office 365. The second is the internal Exchange incompatibility to migrate from legacy versions of Exchange.
Referencing the first topic, if you are still using a Microsoft Exchange 2007 server and would like to upgrade to Microsoft Office 2016, you may receive the following message:
Stop, you should wait to install Office 2016. You won’t be able to receive mail from a current mailbox. Outlook 2016 is not compatible with Exchange 2007. You may want to contact your mailbox provider or system administrator about this issue.
To be clear, Microsoft Office 2016 is not compatible with Exchange 2007.
As for the second topic, your ability to migrate that same Exchange 2007 to the latest version is equally disturbing. In short form, an Exchange Server 2007 cannot be migrated directly to an Exchange Server 2016. Technically, this is because you “Can't install Exchange 2016 in a forest that contains Exchange 2007 servers” (incidentally, this is the title of a Microsoft technical document). Your options are to install an intermediary Exchange Server 2010 or 2013 to begin the migration process, or move to the Office 365 perpetual lease plan.
In summary, software updates fall somewhere between nice-to-have and absolutely critical. The right IT Partner can help guide your decisions with your best interest in mind.
Would you like more frequent tech news, scam alerts, and new product info? Follow us on Facebook!
And, of course, call WinTech for all of your IT needs at 540-722-2122!