Abu Dhabi, UAEMonday 19 August 2019

From Adobe to Windows XP: Forced upgrades aren't just about staying up-to-date, they could save you from hackers

It may be time for us to come to terms with the fact that when it comes to technology, we’ve never finished paying

Microsoft XP is exceptionally prone to hackers, according to softtware analysts. Shutterstock.
Microsoft XP is exceptionally prone to hackers, according to softtware analysts. Shutterstock.

Image software company Adobe sent out an email to customers last week that caused consternation.

It announced that the firm was immediately discontinuing a whole range of its older software (some of it launched as recently as 2017) and, under the terms of the agreement that its customers had entered into, they were “no longer licensed to use them”.

Overnight, use of that software effectively became an offence, and the choice facing the people who’d paid for it was stark: either stop using it, upgrade to a more recent version, or suffer the consequences. “You may be at risk of potential claims of infringement by third parties,” noted Adobe, ominously.

In consumer society, we assume that once we’ve bought something, it’s ours to use for as long as we like and however we wish. But Adobe’s announcement was another example of how software upgrades chip away at consumer control. In the words of privacy campaigner Cory Doctorow, this is a system designed “to treat you as a mere tenant, rather than an owner”.

Accept or uninstall: how software updates are holding us at gunpoint

Forcing us to upgrade software ultimately forces us to upgrade hardware, too, which can wreck our routines and cost us a great deal of money. “Your choice is to either accept or uninstall,” says Fennel Aurora at computer security firm F-Secure. “And as uninstalling is not an option for most people – especially for software that you have to use every day – it’s a false choice, it’s coerced consent.”

We know that on average, it takes about 20 minutes from connecting an XP device to the internet for it to be hacked.

Fennel Aurora

Refusing to play the upgrade game could almost be seen as a noble stance. Why buy something that’s notionally better, when the thing you’re using works just fine? Sticking with old software and old machines would seem to be a greener, cheaper choice that rebuffs coercive marketing and asserts personal liberty.

It also recognises how attached we can become to our computing environments; if we upgrade, software might be redesigned, features may change or even disappear, and the demands on our machines will increase to a point where they ultimately become obsolete.

Is this all a vain attempt?

Shunning software upgrades almost becomes an existential wail in a fast-moving world: “Why can’t things just stay as they are?”

The answer to that question isn’t straightforward. The upgrade refusenik might suggest that the primary motivation for urging us to upgrade is profit; that it’s part of a collusive, industry-wide plan to force us to spend money. At the same time, many of us really enjoy new things, and we derive great satisfaction – even excitement – from keeping our technology bang up-to-date.

The competition between tech companies to make money from that desire to is fierce, says Aurora. “The speed of change required to compete as a technology company is accelerating and upgrades are needed [for companies] to keep up with competitors: to offer new features, ensure everything is working correctly and make sure customers aren’t complaining.”

Why upgrades might also save you from being hacked

Tied inextricably to any commercial motive, however, is one clear fact: choosing not to update software has, from a security perspective, become dangerous. Aurora gives the example of Windows XP. According to online statistics service GlobalStats, of the 120 billion page views it analysed in the past year, some three-quarter of a billion of those were made on machines running XP, an operating system that was launched in 2001 and has been out of support since 2014.

“We know that on average, it takes about 20 minutes from connecting an XP device to the internet for it to be hacked.”

This astounding fact is a consequence of the rise in automated hacking; bots that wait for vulnerable machines to reveal themselves, and when they do, attack them mercilessly. There may be people out there with a lingering, nostalgic love for Windows XP and its 15-year-old computing environment, but Microsoft isn’t going to protect those people. They need everyone to upgrade, because the threat is real.

It’s difficult to convey how real that threat is; people tend to shrug and say “Who’d be interested in hacking me?” Bots, however, make no distinction between targets.

“Cybercriminals are looking for whatever makes them money,” says Aurora. “An easy one is ransomware. Bots encrypt all your files, and if you want them back you have to pay something like €500 (Dh2,000 ). They can install trojans, which steal your connection when you log into a banking app. There’s identity theft, which takes longer, but is more lucrative, and there’s straightforward extortion.”

The perception that such attacks are rare simply isn’t true, says Aurora. “Surveys suggest that something like 50 per cent of people have experienced some kind of cybercrime and that’s increasing, firstly because it’s automated, secondly because people just aren’t updating.”

The relentless upgrade cycle: is it a case of a lack of ethics in the software industry?

To counter this, tech firms have made efforts to automate upgrade processes by installing updated software on our devices quietly, in the background. ­Aurora suggests that the reason iOS and Android mobile platforms are more secure than the old desktop platforms is largely because of this policy. Selling software on a subscription model – as Adobe does – also helps to keep software upgraded and hackers at bay, but again, that loss of control causes resentment when it results in alterations to design or functionality.

There have been so many cases where companies push out security updates that also include things that nobody wants, for example additional surveillance within apps. There are really good reasons why users might be angry.

Fennel Aurora

As it turns out, Adobe’s swift retiring of its older product line was prompted by a legal dispute with a supplier rather than a security issue, but the effect is the same: it forces people to change their habits, and plants them firmly in a relentless upgrade cycle. “In large part this problem is down to a lack of ethics in the software industry as a whole,” says Aurora. “There have been so many cases where companies push out security updates that also include things that nobody wants, for example additional surveillance within apps. There are really good reasons why users might be angry.”

It’s not clear whether Adobe could (or even would) legally force its customers to stop using old copies of Photoshop, InDesign and so on. But ultimately, battling the upgrade monster is futile. It may also be time for us to come to terms with the fact that when it comes to technology, we’ve never finished paying. If we agree to upgrade, yes, we’re likely to end up locked into a system that exploits us. But maintaining a strong moral stance on the matter could leave us vulnerable to hacking, and potentially paying a price that’s far greater.

Updated: May 20, 2019 06:28 PM

SHARE

SHARE