For security's sake, upgrade to a newer version of Office

Russell Caplan still uses Office 2003, which Microsoft will stop supporting next year. He asked if he will need to upgrade to a more current version.

You probably should upgrade before next April. After that month, Microsoft will no longer provide security updates for Office 2003 (or, for that matter, Windows XP). If someone finds a new vulnerability in one of the programs, Microsoft won't make and release a patch for it. Your copy of Office will remain vulnerable.

[Email your tech questions to answer@pcworld.com or post them on the PCW Answer Line forum.]

How dangerous is it to use old, no-longer-supported software? If the program is obscure, probably not too dangerous. But if it's something that millions use, it can become a tempting target.

I asked Veli-Jussi Kesti, Director of Security Products for F-Secure, whether an up-to-date antivirus program can protect PCs with an out-of-date, unprotected version of Office. "Antivirus programs will be able to pick up quite a few of [the] possible exploits for even outdated software," he told me, "but not all."

How serious the threat will be depends on whether malware authors target Office 2003. Right now, according to Kesti, "outdated Java, flash players and PDF readers are the most attacked software; having one of those is a very dangerous game even with an up-to-date antivirus."

For the moment, Office isn't heavily targeted, "but the threat is for sure there and if Microsoft really leaves the suite vulnerable," that could change. "As a rule of thumb, unsupported software is not as safe as up-to-date software."

If you choose not to upgrade despite these warnings, be very careful about loading Office files sent to you by someone else. Keep another Office suite--say, a free one like LibreOffice--around for opening them (and keep that one up to date).

Click for full size

And if you choose to upgrade, try out Classic Menu for Office 2010 and 2013. It makes the transition a whole lot easier.

Subscribe to the Security Watch Newsletter

Comments