Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Why Are There So Many Updates?

During a recent Q&A seminar I gave for average computer users, one question proved most popular…

Every time I sit at my computer, it says there’s an update available!

I understand. Really I do. It seems like every time you try to get something done on your computer, some little window opens and tells you that there’s an update available. You tell it not to bother you, but the persistent little devil keeps coming back.

bandaidsBut, listen. People. And please hear me. If you learn just one thing from me.. please learn this – those “there is an update available” pop ups are your friends. Learn to welcome them. Stop what you’re doing long enough to click on “Yes”.
I repeat: Just Say Yes.

Tip of the day: Thwart hackers, crackers, and ID thieves and let your software close its holes– let it download the patch. Answer those pop ups with the button-click, “Yes, download the update” and do so the first moment you see it.

It does not matter which IT security expert or professional source you ask, they will all tell you the same thing: a major method hackers use to  attack (networks and computers) is through unpatched holes in common software — like Internet Explorer, or Adobe Reader, or Real Player, or Word, or the operating system itself, or you name it.

The way the software industry protects itself – and us – is to issue “patches” of these holes (called “vulnerabilities”), so that when an Evil Doer launches the string of code that would “exploit” the hole (and give him command access to your machine), it no longer works like his vile buddies in the hacker forum said it would.
Patches are your machine’s best friend. (And so it kinda follows that patches are your identity’s and your privacy’s best friends too. Right?)

If it helps, when you see “update”, mentally substitute the word “patch”.

The main objection to updates I hear is, I don’t want to have it reboot.Not all patches (excuse me, “updates”) require a reboot; and most allow you to delay the reboot. But this is important enough that I say, Save your work, answer “Install”, and use the reboot as an excuse to stretch your legs and refill your coffee.

When I explain this “patches stop hacker exploits of vulnerabilities in your code” principle to folks, more than one has come back with the reply/thought, “So… CoolProgram 6.0 isn’t any good, then.” When I ask, why do you say that? They answer that it seems to ask to be patched quite often, while some of their other programs never ask to be updated. “It must have a lot of holes”.

This seemingly logical conclusion (on their part) is not usually the correct one. In fact, more often than not it is the wrong one; though it is true that some programmers make more of an effort than others. Let me explain.
Let us say there really is a little program called “CoolProgram”; and let us say that it is a slideshow widget; and let us say that it has sold about 5,000 copies. And let us also say that it was written in five minutes by a first-year computer programming student, with absolutely no aptitude for programming, as a class project (they received a C+) and let us further imagine that it contains more vulnerabilities (holes) than any other program on the market. With me?
CoolProgram would never be hacked. (And thus, never need an “update”.)

Why? How could that be? If it is so poorly written? Because of the number of sales. It’s much too low to interest a hacker. Also, the odds that “CoolProgram” is installed on a computer somewhere inside CitiBank, Pay Pal, the Pentagon, or on a website’s server, are next to none.
All you have to do is think like a criminal to understand– they want to hit the most targets, in the most places. This increases the odds of hitting paydirt, or makes for a larger botnet [to read my article about botnets, click here].
This is why Windows is hacked more often than Apple — Apple is on only about 5% of the world’s computers — and why IE is hacked more often than Firefox. [note: Today (mid-2010) Firefox is just about a large a target as IE.]

I’ve run longer than I intended, so I’ll wrap up with a recap of how it works:
1) Some criminal with programming skills finds a way to inject altered code into a program which gives him “rights” on a remote machine.
2) He posts his find on a hacker forum, or/and sells it to other hackers.
3) These hackers then start using this code to attack machines, and gain control of them.
4) Security experts take note of this new attack and notify the authors of the program being exploited.
5) The programmers of the affected program examine the way the exploit works, and try to rewrite their code to stop it. [PLEASE NOTE: they are “playing catch up” with the hackers.]
6) When they finally find the counter-code, they have to get it onto your machine, so they release a patch, or “update”.
7) A pop up window opens on your machine saying “here’s the fix; please install me”.
All this while the hackers are reaping the rewards and infecting machines.

So don’t delay. Don’t dally. Just Say Yes. Besides.. if you answer “later”, the pop up window will come back again.

Today’s free link: Keeping your programs patched and up-to-date is the most effective method we have of keeping the hackers at bay. The best tool I have found for evaluating your currently installed programs, and helping you get them patched, is a ‘scan’ I have posted here before, but the Software Inspector at Secunia is just too important, too good, and too easy not to mention again.

Orig post: 11/23/07

Today’s quote:Computers are magnificent tools for the realization of our dreams, but no machine can replace the human spark of spirit, compassion, love, and understanding.” ~ Louis Gerstner

Your Internet Today:

Nope. No problem here. All systems are ‘go’.

Copyright 2007-2012 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.


>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<


March 20, 2012 - Posted by | advice, computers, Internet, tech |

8 Comments »

  1. Hey, what about Mozilla???” I have some add-ons that don’t work with V 3.6. And I want ’em! They still continue to update V 3.6 (It’s 13 days old now) but they are up to Version 12 Beta 1. Wassup Mozilla? Got a bunch of rookie software engineer wannabees working over there? I want to update Firefox to the latest version, but I still can’t do it due to add-on incompatibilities!

    Like

    Comment by balmy33 | March 21, 2012 | Reply

    • balmy33,
      As I was reading this, a pop-open balloon told me that v11.0 was available…

      Yes, I think Mozilla’s Firefox “upgrades” (different than “updates“) are out of whack. And I know several dozen ex-Firefox users who left simply because of the hyperactive “evolution” there, and constant changing. Two whole version changes in one month? Makes me wonder what they’re smoking over there…

      (I don’t think the developers at Mozilla want to think the reason you use their ‘product’ is because of the [3rd party] Add-ons.. That’d be kind of an ego hit.)

      Like

      Comment by techpaul | March 21, 2012 | Reply

      • An ego hit for sure, but the folks I know who use Firefox say the add-ons are the only reason they use the product at all. I have a stinking suspicion that Mozilla is fully aware of that fact… But, I do agree with your assessment.

        Like

        Comment by balmy33 | March 22, 2012 | Reply

        • balmy33,
          I use Firefox simply for the AdBlock Plus and NoScript “add-ons” (I do not care to see advertisements for *stuff* I do not want or need [or anything else] nor do I wish to have my machine infected and Identity stolen [and used to defraud] because I happened to visit a website). It’s that simple.

          But if things keep progressing at the rate they are progressing.. I may switch to a text-only browser.. and live without all this “Web 2.0” ‘cool stuff’.

          I have to hope the switch to IPv6 and DNSSec will produce some positive results (but I ain’t holding my breath).

          Like

          Comment by techpaul | March 22, 2012 | Reply

  2. Unfortunately…Updates are still viewed as a NUISANCE to the average computer user; in a way of not wanting to be interrupted with what they are doing; they don’t want to take the time to up-date. ..(especially teenagers who text 200 times a day.) they are too busy/preoccupied to pay attention to updates.

    Also, many people STILL don’t understand the “importance” of the updates, or the real “meaning” of the word updates.

    A good suggestion Paul…as you said here to “mentally substitute” the word PATCH… which is a stronger word…that (“one time” was understood as Urgent)… people paid attention to the word.PATCH. Perhaps the word PATCH should be used along with the word UPDATES; when that reminder window pops open on the screen. …(but bad for software businesses…ha!)

    Like

    Comment by Gaia | March 21, 2012 | Reply

    • Gaia,
      It is (one of) the price(s) of cybercrime.

      And I for one am tired of it.

      Like

      Comment by techpaul | March 21, 2012 | Reply

  3. TechPaul,

    Excellent article (and advice). I’ve noticed the past two weeks Microsoft has released updates (patches) where the user is prompted to reboot and if you don’t reboot, it will perform the reboot automatically. When I see this happening I know this is “major” and is important to follow through.

    Again, excellent article…

    Rick

    Like

    Comment by Ramblinrick | March 21, 2012 | Reply

    • Rick,
      I have come to be convinced there is a major disconnect between people and their magic boxes, and so I have been trying to “spread the word” of some of the basics (everyone should know) for over four years now..

      Use good passwords..
      Don’t open email from strangers..
      Use a reputable antivirus and keep it up-to-date..
      Etc.

      Maybe if Good Morning America had ‘segments’, more people might know that using the same password for every account is not smart…………………………………

      Always good to see your name here. Thanks for the support!

      (Folks, no. There’s no such thing as the “Netherlands Online Lottery”)

      Like

      Comment by techpaul | March 21, 2012 | Reply


Post your Comment/Question

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: