What Is a Secure Update?
Security updates are applications released by software makers that replace vulnerable code in a program or system with new code designed to improve security by neutralizing unintended vulnerabilities.
It is hard to imagine, but before the widespread use of the Internet, software was fire-and-forget. Businesses had one shot to make their software perfectly and distribute it to their customers. Now businesses have the capability to update their software whenever they need to. Generally speaking this has improved the functionality, productivity, and security of computers everywhere.
Microsoft, for example, releases updates for all of their products on the second Tuesday of the month. These “Patch Tuesdays” as they have become known are used to correct coding errors, add new features or functionality to existing products, or close security vulnerabilities so bad guys can’t use them.
Every software company has their own patching system in place. Some do it on a schedule, some on an as needed basis, and some do it daily. One of the responsibilities of a network administrator is to strike a balance between installing patches quickly and assessing the impact those patches might have on a company’s productivity.
For example, a new patch may close a security vulnerability by temporarily restricting a key capability of a piece of software temporarily while a new, more comprehensive solution is coded for release. The network administrator must decide if the security risk posed to the organization outweighs the productivity loss that will be triggered by the loss of a key software feature.
In the consumer realm, patching is even more complicated. Some programs patch themselves automatically in real time, while others patch themselves automatically but take weeks to install the patch. It is accurate to say both programs automatically update themselves, but in the online world, 2 weeks might as well be a year. The two programs are not equal from a security perspective.
The bad guys are also aware that consumers can be easily confused. For example, if a user needs to install an update to secure Adobe Reader, a pop-up window may appear notifying the user that an update is required and ask the user to click a button to initiate said update.
The bad guys are also creating popup windows that look exactly the same as the legitimate update windows. When the user takes the action the popup suggests, they end up infecting their PC.
How are users supposed to know the difference between a real update alert and a fake one? The answer is they can’t unless they take on the role of network administrator and make it their job to research every application every day to determine if there is an update. If a user clicks on every update prompt they will eventually get infected. If the user clicks on none of the update prompts, an unpatched vulnerability will lead the user’s PC to become infected. Individually patches are easy, but taken in the aggregate, they can become very complex.
There are third-party patching solutions like Secure Updater that offer the benefits of a network administrator-like patch awareness to end users for a very low monthly price. These solutions are almost a necessity for today’s modern Internet user.