Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Learn to love the pop up

I understand. Really I do. It seems like every time you try to get something done on your computer, some little window opens and tells you that there’s an update available. You tell it not to bother you, but the persistent little devil keeps coming back.
But, listen. People. And please hear me. If you learn just one thing from me.. please learn this– those “there is an update available” pop ups are your friends. Learn to welcome them. Stop what you’re doing long enough to click on “Yes”.
I repeat: Just Say Yes.

Tip of the day: Thwart hackers, crackers, and ID thieves and let your software close its holes– let it download the patch. Answer those pop ups with the button-click, “Yes, download the update” and do so the first moment you see it.

It does not matter which IT security expert or professional source you ask (and loyal readers will have read this here, also), they will all tell you the same thing: the number one way hackers attack (networks and computers) is through unpatched holes in common software — like IE, or Adobe Reader, or Real Player, or Word, or the operating system itself, or you name it.

The way the software industry protects itself –and us– is to issue “patches” of these holes (called “vulnerabilities”), so that when an Evil Doer launches the string of code that would “exploit” the hole (and give him command access to your machine), it no longer works like his vile buddies in the hacker forum said it would.
Patches are your machine’s best friend. (And so it kinda follows that patches are your identity’s and your privacy’s best friends too. Right?) When you see “update”, mentally substitute the word “patch”.

When I explain this “patches stop hacker exploits of vulnerabilities in your code” principle to folks, more than one has come back with the reply/thought, “So… CoolProgram 6.0 isn’t any good, then.” When I ask, why do you say that? They answer that it seems to ask to be patched quite often, while some of their other programs never ask to be updated. “It must have a lot of holes”.

This seemingly logical conclusion (on their part) is not usually the correct one. In fact, more often than not it is the wrong one; though it is true that some programmers (or more typically, team of programmers) make more of an effort than others. Let me explain.
Let us say there really is a little program called “CoolProgram”; and let us say that it is a slideshow widget; and let us say that it has sold about 50,000 copies. And let us also say that it was written in five minutes by a first-year computer programming student, with absolutely no aptitude for programming, as a class project (he/she received a B-) and let us further imagine that it contains more vulnerabilities (holes) than any other program on the market. With me?
CoolProgram would never be hacked. (And thus, never need an “update”.)

Why? How could that be? If it is so poorly written? Because of the number of sales. It’s much too low to interest a hacker. Also, the odds that “CoolProgram” is installed on a computer somewhere inside CitiBank, Pay Pal, the Pentagon, or on a website’s server, are next to none.
All you have to do is think like a criminal to understand– they want to hit the most targets, in the most places. This increases the odds of hitting paydirt, or makes for a larger botnet [to read my article about botnets, click here].
This is why Windows is hacked more often than Apple — Apple is on only about 5% of the world’s computers — and why IE is hacked more often than Firefox.

I’ve run longer than I intended, so I’ll wrap up with a recap of how it works: 1) Some criminal with programming skills finds a way to inject altered code into a program which gives him “rights” on a remote machine. 2) He posts his find on a hacker forum, or/and sells it to other hackers. 3) These hackers then start using this code to attack machines. 4) Security experts take note of this new attack and notify the authors of the program being exploited. 5) The programmers of the affected program examine the way the exploit works, and try to rewrite their code to stop it. [PLEASE NOTE: they are “playing catch up” with the hackers.] 6) When they finally find the counter-code, they have to get it onto your machine, so they release a patch, or “update”. 7) A pop up window opens on your machine saying “here’s the fix; please install me”.
All this while the hackers are reaping the rewards.

So don’t delay. Don’t dally. Just Say Yes. Besides.. if you answer “later”, the pop up window will come back again.

Today’s free link: Keeping your programs patched and up-to-date is the most effective method we have of keeping the hackers at bay. The best tool I have found for evaluating your currently installed programs, and helping you get them patched, is a ‘scan’ I have posted here before, but the Software Inspector at Secunia is just too important, too good, and too easy not to mention again.

Copyright 2007 © Tech Paul. All rights reserved.

Share this post :

November 23, 2007 - Posted by | advice, computers, PC, privacy, security, tech | , , , ,

No comments yet.

Post your Comment/Question

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: