Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

What happens when applications die?

//
While I am not particularly concerned about my privacy (all that stuff on the internet was out there before the internet, it was just a little harder to find), I am not particularly trusting. I realize that TrueCrypt was open source and Lastpass etc are all paid services but what happens if they go belly up? What happens if they hire some idiot and all of their saving software goes up in smoke? I have a hard time trusting these services or any others for that matter and these are things that I want under my control.

Actually, what you describe happens more often than one might think.

Typically, it’s nothing as attention-grabbing as the TrueCrypt shutdown, but I do regularly hear from people who have been using an application of some sort for some time and suddenly find that the company’s no longer in business and there’s no way to get an update. In some cases, that means they can’t migrate to current versions of their operating system if they want to keep running that now-unsupported software.

It’s something I consider when using important software. Depending on exactly what software it is we’re talking about, there are often approaches that you can use to protect yourself from potential obsolescence or disappearance.

I’ll give you one hint: it’s one of the reasons I moved from Roboform to Lastpass.

Become a Patron of Ask Leo! and go ad-free!

Export as backup

For utilities that keep important data in proprietary formats, like password safes such as RoboForm, LastPass and others, I believe it’s critical that they also support the ability to export your data into a common and simple file format. They should support exporting everything to a text file, or CSV file that can be read by Excel, or a PDF file that can be read just about anywhere.

That way, if something ever does happen to the utility or its ability to provide its functionality, you have – say it with me now – a backup.

Not only that, but a backup that’s in a standard file format that you might be able to use, or that could be imported into a replacement utility.

This is one reason I stopped using RoboForm. It’s a fine password management utility, and I still support using it, but when last I tried exporting it was exceptionally difficult. In LastPass, on the other hand, exporting to CSV is a menu item.

LastPass Export ItemUnencrypted files as backup

With encryption utilities like TrueCrypt, the approach is a little different. TrueCrypt and utilities like it are tasked with encrypting or providing encrypted storage for important data files.

The approach to protecting yourself from the program “going away” is fairly simple:

  • Keep a copy of the program that works. Presumably you can always use your older version to access your data. This has proven true with TrueCrypt.
  • Backup your unencrypted data separately, using a different tool or mechanism. In the case of TrueCrypt, that means backing up the contents of a TrueCrypt drive or volume, not the encrypted volume itself.

As long as you have a copy of the files you need outside of the utility – albeit perhaps in a significantly less convenient format or location – then it’s no disaster if the utility actually stops working some day.

And as we’ve seen, the chances of it actually not working are slim-to-none as long as you keep a working version of the utility around.

Backups as security risks

“But Leo!”, I hear you saying, “We use tools like TrueCrypt and LastPass to keep things secure. Doesn’t keeping those unencrypted exports leave us just as vulnerable as not using the utilities at all?”

Well, sure, if you leave those unencrypted files where anyone can get at them.

Don’t do that.

To be clear: you must somehow secure those unencrypted backups. That could mean storing them offline in a secure location. It could also mean encrypting them with a different tool. If you, for example, encrypt your LastPass export using a tool like AxCrypt, then:

  • everything remains secure
  • you only lose access to your information if both tools become completely unusable (unlikely, as we’ve seen) at the same time (even more unlikely)

What I do

I follow my own advice, and do what I’ve described.

The unencrypted contents of my TrueCrypt and BoxCryptor encrypted files are backed up nightly. Some are backed up on servers that only I have access to. Others – the most secure information – is bundled into a .zip-like archive which is then encrypted using PGP public key encryption. (Those encrypted files are taken one step further and uploaded to backup storage in the cloud.)

You could do something very similar by just creating a password-protected .zip file of your TrueCrypt container’s contents.

I also periodically export my LastPass database1. That gets placed into a folder encrypted by BoxCryptor, which in turn gets backed up again using the technique I just mentioned above.

The practical risk

When it comes to popular and pervasive software like TrueCrypt or LastPass, my belief is that the risks are actually minimal. You probably don’t have to take the steps I’ve listed. (I do because my needs are probably above average, and I’m somewhat obsessive about backing up. 🙂 )

If the utility is destined to die, there’ll be lots of notice and you’ll be able to make other plans. Even though TrueCrypt’s demise was sudden, existing copies of the tool keep working, giving those so inclined plenty of opportunity to research and move to alternatives.

The real risks, in my opinion, are the smaller operators or software destined for a smaller market. There may not be an equivalent “common format” to export to, or the export functionality might not be a priority2. In cases like this, there’s little to be done, other than to stay on top of upgrades, if practical, or possibly keep a copy of the utility and an operating environment in which it works for as long as possible.

Footnotes & references

1: In fact I took writing this article as a reminder to do so. 🙂

2: Occasionally it’s an actual business decision, intending to lock you into whatever software it is that you’re using by making it difficult to export and move your data elsewhere.

12 comments on “What happens when applications die?”

  1. AxCrypt is great, but for archival purposes, I’d use zip format encryption. It’s a ubiquitous format which I expect to be around a long time after AxCrypt is no longer supported. The application may still be usable, but an encrypted zip file can be open by several applications, so if you have it saved in the Cloud you’d be able to download it with any computer which will very likely have a program installed which can open it such as 7Zip, WinZip, WinRAR or even Windows File Explorer. I expect one of these to be around for many years.

  2. I still use TrueCrypt not only to create encrypted containers for storing sensitive data on cloud services but also to encrypt the drives on all of my computers. My rational is that until learning that TrueCrypt has been compromised, it’s still secure. I trust Leo to keep me updated on such matters, including the 5 other technology newsletters to which I subscribe. 🙂

  3. I use and have used for years, RoboForm. I like the features it offers beyond the storage of passwords, such as creating secure passwords, and filling out forms that require name, address, etc. As to backing it up, believe it or not, I still use a PDA, a Palm Zire 72. RoboForm provides a program that syncs the stored passwords onto my Palm when I do a daily update, so if I add any new passwords, the stored Palm version is also updated. The Palm goes where I go, so if I use another computer, I can just look in the Palm and get the password from there. I recently bought a new laptop using Windows 8.1 an RoboForm works fine on it. I also like the fact that RoboForm has not followed the latest trend that makes you “rent” the program and pay a yearly fee for its use. Once you buy the pro version, it yours.

  4. My neighbour who is clinging to an old version of Microsoft Money had the problem that this version does not run on any OS newer than Windows98. Yes, there is a newer version around, but he will not switch to that. Old habits, etc. So, to get him to change to a newer OS (Win7 at the time) I fixed this problem by creating a virtual Win98 machine with Money on it, – and nothing else – so now he is happy again. This approach can be used for any program that is not supported on new OS-es.

    • I had that same problem with MS Money when I went to Windows 7. Then I found on Microsoft’s website that they were giving away the latest version for free. They are no longer making it or supporting it so the online functionality no longer works but then my old version didn’t have online functionality, so I miss nothing. I don’t know is MS is still giving it away, but it’s worth checking the website.

      • I like MS Money better than Quicken so I run both and keep them current. I have messed up Quicken a couple of times since I was more familiar with Money. Quicken is getting more and more bloated, just like Money.

        I did download both regular Money & the business version before they were taken offline. Don’t know if anyone has it online any more. I use the regular version. I was able to reinstall it in compatibility mode easily when I got a new laptop.

        I MUST run it in compatibility mode in Win 7 X64 Home Premium. I do manual downloads from various banks, etc., since auto will no longer work. No problema.

  5. It’s not just the small operators. Microsoft killed Front Page without providing an upgrade or export path. My friend has poured his soul into a huge site based on Front Page, and when there is no longer an OS it will run on, he will lose his reason for living.

    • Gord Campbell —

      When you said “My friend has poured his soul into a huge site based on Front Page,” I wondered how you knew about me and when we became friends. ^__^

      I still update my site, use Filezilla to upload changes, and see no reason I can’t keep doing this forever.

      If it comes to the worst, the original data is on my computer. It will be painful — but possible — to copy/paste everything to a new application.

      Or so it seems from here anyway.

      (Tell your friend he’s not alone. And if he has a better solution, to please share it with me.)

      • Microsoft Money Sunset CAN still be downloaded from the MS Download site. I was curious and just downloaded it again in case my previous download gets corrupted.

  6. I opened the latest newsletter and was reading and I thought – someone who thinks like me and then I realized it was my comment from an article about password keepers. It was very gratifying. Thanks and keep up the good work.

  7. A simple way to re-use old dead applications with old no more available Operating System is to use `Virtual Workstation“ like from VMware or others. You save some space on your hard drive of say 5 GB for the then old operating system the old program used, and then install in that space the program and all its needed data. I was able to use a program created for DOS that worked on 16 bit systems and could be operated by Widows-XP of 32 bit which can operate 16 bit on computer with Windows-7 or now Windows-8.1 64 bit that can process only down to 32 bit. And thus I used that old program.
    But it for a long run, I imagine having to face it and convert the data using some newly available software is best. Mostly, so far at least, the 64=bit process 32 bit and if there is afuture 128 bit OS, it should process 64 bit and so on.

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.