10 risky software that have passed their expiration dates

ten riskiest 00 title
Thinkstock

Expired

Applications that have reached the ends of their lives are no longer maintained by their original developers, and do not receive security updates. However, many users forget to remove these applications from their machines, or do not realize that they pose a danger.

"If a program is end-of-life, uninstall it," says Kasper Lindgaard, director of research and security at Secunia Research, which has compiled a list of the riskiest applications. "If you are no longer using a program, uninstall it so that you do not end up forgetting about it. If you leave it sitting in the background it may become outdated and unsecure."

In 2013, the number of end-of-life applications on user machines was between 3 and 4 percent, but it's hovered between 5 and 6 percent for the past 12 months.

According to a report Secunia released at the end of October, the following are the 10 riskiest applications, based on market share.

ten riskiest1
Thinkstock

Adobe Flash Player 18.x

Originally released: June 2015

The standard version of Flash Player 18 was superseded by Adobe Flash Player 19 in September, according to Secunia, though the extended support release is not yet end-of-life. Historically, the previous version of the Flash Player is typically the most common end-of-life program on user machines. In July, Flash Player 17 was the top end-of-life application, with 78 percent, and in April it was Flash Player 16, again with 78 percent. In January of this year, Secunia reported that Flash Player 15 was the riskiest application, with 73 percent. And in last October's report, Adobe Flash Player 14 was end-of-life but still on 77 percent of machines.

ten riskiest2

Microsoft XML Core Services 4.x

Originally released in 2009, support ended in April 2014. At that time, the application was on 79 percent of machines, and 43 percent of installations were unpatched, according to Secunia, so it was risky even while it was still supported. By this time last year, the application was still present on 76 percent of machines.

Many users do not know that this application even exists. In other cases, removing it might cause other software to stop working.

Oracle Java JRE 1.7.x and 7.x

Oracle Java JRE 1.7.x and 7.x

 Originally released in in 2011, support  ended in April 2015, though the extended support release is not yet end-of-life.

Java is commonly loaded by web browsers, making it a popular avenue for attacks. And, like Microsoft XML Core Services, it was typically unpatched. Before support ended, Java JRE 1.7 and 7 were on 44 percent of user machines, with 80 percent of installations unpatched.

Google Chrome 44.x

Google Chrome 44.x

Originally released in July of 2015, it was superseded by Google Chrome 45 in September.

The previous two versions of Chrome and Firefox browsers have made the top-10 list of Secunia's end-of-life reports for the past two years, as users take their time upgrading to the newest releases.

Google Chrome 43.x

Google Chrome 43.x

According to Clicky Web Analytics, which calculates browser market share based on traffic to over 500,000 websites, Chrome 43 had a slightly longer transition period than typical, possibly because of the summer season, when users were more likely to be away from a computer and not do the update immediately. Originally released in May of 2015, it was superseded by Google Chrome 45 in July.

ten riskiest6

Mozilla Firefox 39.x

Originally released this July, it was superseded by Firefox 40 in August.

According to a survey conducted by Mozilla a couple of years ago, most users fail to update their browsers either because they're happy with their existing setup and don't see any pressing need, or they don't have the time to do an upgrade and have postponed it until they're less busy.

Mozilla Firefox 40.x

Mozilla Firefox 40.x

Like Chrome 43, Firefox 40 was replaced in mid-summer, leading to a slightly longer than usual transition period. Originally released this August, it was superseded by Firefox 41 in September.

Adobe AIR 18.x

Adobe AIR 18.x

Originally released in June 2015. Adobe AIR 19, the current version, was released in September.

Adobe AIR allows developers to package the same application for multiple platforms -- Windows, Macintosh, iOS and Android. At least a couple of versions of Adobe AIR have been in every Secunia end-of-life top-10 list for the past two years.

Oracle Java JRE 1.6.x and 6.x

Oracle Java JRE 1.6.x and 6.x

Before support ended in the second quarter of 2013, Secunia reported that Java JRE 1.6 and 6 were present on 53 percent of all machines -- with a 75 percent unpatched rate. The following quarter, the software was end-of-life, but was still present on 39 percent of machines. It's been hanging around the longest of all the major end-of-life applications, as some users aren't aware they still have it, or retain older versions to maintain compatibility with applications. Originally released in 2006, support ended in February of 2013, though the extended support release is not yet end-of-life.

Adobe AIR 3.x

Adobe AIR 3.x

Adobe AIR 3.x was on the top 10 most vulnerable applications list in the fourth quarter of 2013, before support ended. It was present on 43 percent of machines, with a 52 percent unpatched rate. But that unpatched rate automatically becomes meaningless when an application goes end-of-life since hackers continue to find new vulnerabilities. Even installations that had been fully patched before will become vulnerable once support ends and the vendor no longer releases patches. Originally released in 2011, the successor AIR 4 was released in January 2014.