Wow, that's kind of shocking. I mean, I know pretty much nothing about security, and even I could tell that coding your own 'crypto' based on a formula cracked about 200 years ago is a bad idea. Let alone the whole 'no way to update the software except by manually upgrading it with an installer' thing.
But honestly, I'd say this the least of anyone's concerns with this company. The linked article also mentions some other security issues in their work when discussing a lack of security 'culture', and one of the most terrifying ones is this:
http://cybergibbons.com/security-2/terrible-website-security...
They don't seem to hash passwords, they send them across the internet in plain text, ban people with the equivalent of setting a cookie on the PC and then sell software as 'secure'. That's kind of terrifying.
