Why Are There So Many Updates?
During a recent Q&A seminar I gave for average computer users, one question proved most popular…
Every time I sit at my computer, it says there’s an update available!
I understand. Really I do. It seems like every time you try to get something done on your computer, some little window opens and tells you that there’s an update available. You tell it not to bother you, but the persistent little devil keeps coming back.
But, listen. People. And please hear me. If you learn just one thing from me.. please learn this – those “there is an update available” pop ups are your friends. Learn to welcome them. Stop what you’re doing long enough to click on “Yes”.
I repeat: Just Say Yes.
Tip of the day: Thwart hackers, crackers, and ID thieves and let your software close its holes– let it download the patch. Answer those pop ups with the button-click, “Yes, download the update” and do so the first moment you see it.
It does not matter which IT security expert or professional source you ask, they will all tell you the same thing: a major method hackers use to attack (networks and computers) is through unpatched holes in common software — like Internet Explorer, or Adobe Reader, or Real Player, or Word, or the operating system itself, or you name it.
The way the software industry protects itself – and us – is to issue “patches” of these holes (called “vulnerabilities”), so that when an Evil Doer launches the string of code that would “exploit” the hole (and give him command access to your machine), it no longer works like his vile buddies in the hacker forum said it would.
Patches are your machine’s best friend. (And so it kinda follows that patches are your identity’s and your privacy’s best friends too. Right?)
If it helps, when you see “update”, mentally substitute the word “patch”.
The main objection to updates I hear is, “I don’t want to have it reboot.” Not all patches (excuse me, “updates”) require a reboot; and most allow you to delay the reboot. But this is important enough that I say, Save your work, answer “Install”, and use the reboot as an excuse to stretch your legs and refill your coffee.
When I explain this “patches stop hacker exploits of vulnerabilities in your code” principle to folks, more than one has come back with the reply/thought, “So… CoolProgram 6.0 isn’t any good, then.” When I ask, why do you say that? They answer that it seems to ask to be patched quite often, while some of their other programs never ask to be updated. “It must have a lot of holes”.
This seemingly logical conclusion (on their part) is not usually the correct one. In fact, more often than not it is the wrong one; though it is true that some programmers make more of an effort than others. Let me explain.
Let us say there really is a little program called “CoolProgram”; and let us say that it is a slideshow widget; and let us say that it has sold about 5,000 copies. And let us also say that it was written in five minutes by a first-year computer programming student, with absolutely no aptitude for programming, as a class project (they received a C+) and let us further imagine that it contains more vulnerabilities (holes) than any other program on the market. With me?
CoolProgram would never be hacked. (And thus, never need an “update”.)
Why? How could that be? If it is so poorly written? Because of the number of sales. It’s much too low to interest a hacker. Also, the odds that “CoolProgram” is installed on a computer somewhere inside CitiBank, Pay Pal, the Pentagon, or on a website’s server, are next to none.
All you have to do is think like a criminal to understand– they want to hit the most targets, in the most places. This increases the odds of hitting paydirt, or makes for a larger botnet [to read my article about botnets, click here].
This is why Windows is hacked more often than Apple — Apple is on only about 5% of the world’s computers — and why IE is hacked more often than Firefox. [note: Today (mid-2010) Firefox is just about a large a target as IE.]
I’ve run longer than I intended, so I’ll wrap up with a recap of how it works:
1) Some criminal with programming skills finds a way to inject altered code into a program which gives him “rights” on a remote machine.
2) He posts his find on a hacker forum, or/and sells it to other hackers.
3) These hackers then start using this code to attack machines, and gain control of them.
4) Security experts take note of this new attack and notify the authors of the program being exploited.
5) The programmers of the affected program examine the way the exploit works, and try to rewrite their code to stop it. [PLEASE NOTE: they are “playing catch up” with the hackers.]
6) When they finally find the counter-code, they have to get it onto your machine, so they release a patch, or “update”.
7) A pop up window opens on your machine saying “here’s the fix; please install me”.
All this while the hackers are reaping the rewards and infecting machines.
So don’t delay. Don’t dally. Just Say Yes. Besides.. if you answer “later”, the pop up window will come back again.
Today’s free link: Keeping your programs patched and up-to-date is the most effective method we have of keeping the hackers at bay. The best tool I have found for evaluating your currently installed programs, and helping you get them patched, is a ‘scan’ I have posted here before, but the Software Inspector at Secunia is just too important, too good, and too easy not to mention again.
Orig post: 11/23/07
Today’s quote: “Computers are magnificent tools for the realization of our dreams, but no machine can replace the human spark of spirit, compassion, love, and understanding.” ~ Louis Gerstner
Your Internet Today:
Nope. No problem here. All systems are ‘go’.
Copyright 2007-2012 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.