I’ve been asking myself the question how important it is to update installed software on either desktops or servers that only run on demand to fix security holes. Say for example archiving software that only runs when you open it or an archive file or the JRE or JDK that I only use for one software, say for example Netbeans. What if my currently installed version contains some kind of security hole. Would it be really necessary to update that software, even though the Java or archiving software don’t always run in the background and listen to the outside through some open port?
This is the opposite of software that actually runs always in the background and listens to an open port, like web servers, and are more a security issue due to remote attacks or browsers that are used on a daily basis and can be attacked through malicious client side code, where the security threat is more obvious.
Is it really necessary to update such software with the latest security updates, even though there is more a risk of unstability due to frequent updating compared to being a victim of an actual attack?