Should you update? When should you update?
A recent study found the average computer is faced with 75 updates or software patches a year. That is for each computer, which means that many of us have two or three times that number. I feel like I get 75 a week.
We also get updates for our cellphones and iPods. It is quite common for me to sit down at a client’s computer to see that they have not updated their operating system nor key applications. When I start to run the updates they frequently ask, “How do I know what to update? How often should I update?”
Many of today’s updates are security patches, often in response to publicly released exploits that take advantage of a hole in the software to let the bad guys gain access. These bad guys are shrewd and sophisticated. Where once viruses, Trojans and the like were written by teenage boys intent only on proving their programming chops, the current strain of “black-hat hackers” are professional criminals intent on making money from getting control of your devices. They weaponize email and websites to achieve their goals. Although some malware still uses a shotgun approach, today’s techniques often use sophisticated spearfishing exploits targeted at specific software or configurations.
Commonly exploited applications are Adobe Reader, Internet Explorer and Microsoft Word. But any application, in any operating system can be a target. The bad guys identify a security hole, design a plan of attack and seed email and unsuspecting websites with their payloads. When the malware finds the targeted software it attacks. Unprotected and/or poorly hardened applications and operating systems (Windows XP comes to mind) are infected by these spearfishing attacks.
So the answer to my first question, “Should you update?” is yes, you should update. This applies whether you are using Windows or Mac computers. Macs are not invulnerable. They represent a small percent of the world market for computational devices, less than 5%. But they are rich targets that should attract the black-hats.
My second question, “When should you update?” is a bit harder to answer. If the patch is for an application or web technology, for example Adobe Reader, Adobe Flash, or Java, I suggest you update immediately. Be careful to uncheck any add-ons offered with the patch lest your browser become infested with extra, unwanted toolbars.
Operating system patches may warrant more caution. Many Windows users have automatic updates set for Windows updates. Others only have the Windows Update application notify them when updates are available. Macs only notify the user. Downloading and installing Apple updates is a matter of choice. I recommend you not wait too long to update after patches are issued.
Once Microsoft and Apple release updates the black-hats are likely to read the related documentation and design attacks for unpatched systems. You don’t want to be the prey for a spearfishing attack do you?
Last month, on Patch Tuesday, the second Tuesday of the month, when Microsoft released their monthly patches, a small number of Windows XP users reported that their machines blue-screened after rebooting. Many bloggers were happy to point a finger at Microsoft for borking these machines. It turns out the machines were infected with a rootkit that was the cause of the blue screen. One of the patches changed critical operating system files that the rootkit was using for its attack. When Microsoft patched these files the rootkit caused the blue screen. The owners of the affected machines did not know they were infected until the patch caused the blue screen problem. Microsoft immediately withdrew the patch and later reissued a revised version that removed the rootkit infection. Props to Microsoft.