What happens if I want to use older (outdated software) on campus?
Software becomes outdated, and too risky to use, once the software’s manufacturer stops updating it. UC Davis policy prohibits use of unsupported software on machines that connect to the campus network, because unmaintained software is a common entry point for viruses and malware.
Every so often, anyone who uses computers at UC Davis will need to remove old software from their environments. This basic requirement to maintain software applies to faculty, students and staff who use individual computers, as well as to business managers and technologists who oversee complicated networked machines.
How will I know when software is outdated?
You should routinely patch and update your software. Once patches and updates are no longer available, then the software is no longer maintained, and you should stop using it. If in doubt, use a search engine to look up the software you’re using, or contact the manufacturer, to see if it is still supported.
IT Express no longer supports these operating systems: Windows Vista and earlier, or Mac OS X 10.11.6 and earlier.
I have outdated software. What are my options?
- Upgrade to a supported software. This is by far the best option.
- Physically isolate the machine that uses the outdated software. Do not allow it to connect to the campus network, or to any machines that connect to the campus network
- Mitigate the risk. The work necessary to do this will vary depending on the software and how it’s used. An exception to campus policy will be required.
I have software that is no longer supported, but is crucial to my work. Can I get an exception from campus policy?
Requests for exceptions to the policy can be granted in limited circumstances by department deans, vice chancellors or vice provosts. The request for an exception should describe:
- The system, including the function or business purpose, and IP address.
- The specific incompatibility, and the factors that prevent its resolution (e.g., a networked instrument for which all available firmware versions are unstable).
- The measures you are taking to secure the system.
- The risks to the campus and/or Internet community caused by continuing to use the software on machines that connect to the campus network.
- If extended support is available; reasons you are unable to purchase the support.
Please send a copy of the exception authorization, including the signature of the dean, vice chancellor/vice provost or their delegate, to Cheryl Washington, chief information security officer, at email@example.com. The Information Security group will review the exception for security risks, and will follow up with you as needed.
I manage a lot of machines, and don’t know what software they use. Help!
To obtain help, please see the next question. But one way to keep on top of the problem from here on out is to create and maintain an inventory of your systems, including the software they use. Then keep current on whether the software provider is continuing to update the software. If the software is no longer supported, then assess the risk presented by the continued use of the software in question.
My department doesn’t have the time or resources to update our software.
Departments that lack resources to address the risks caused by the end of software can obtain help on a recharge basis through IT Professional Services; contact them via IT Express.
Please direct questions to the IT Express Service Desk at 530 754-HELP (4357). Technologists with advanced technical questions related to the end of a software program can contact the IET security team at firstname.lastname@example.org.
For more information about cybersafety policy:
Please see http://security.ucdavis.edu/cybersafety.html