Cyber Security: Why Updates and Patches are Important
It’s a topic that just can’t be covered enough – cyber security.
In recent a recent blog post I discussed the importance of using strong passwords or pass phrases to protect your online accounts. But that’s just a starting point for keeping yourself secure. Over the next few posts I will dig deeper into things you can, and should, be doing to keep yourself secure in the digital world.
For this post, I’d like to touch on updates and patching.
How many times has this happened to you? You’re about to shut down your laptop and head out the door to an important meeting and you click “shutdown” on your computer and you’re met with:
If you thought a watched pot doesn’t boil, try watching Windows updates when you’re in a hurry to get somewhere! A watched computer never updates (so it seems)! But as annoying as these events can be, they are serving a critical purpose.
According to a report by Panda Labs, about 200,000 new malware samples are captured every day. That’s 73 million new threats each year and the number is ramping up year over year. Many of those malware variants are looking to exploit specific vulnerabilities in your computer’s operating system or applications. Although you have antivirus software on your computer (you do have it, right?), patching your O/S and your applications is yet another layer of protection.
What exactly is a patch? Quite simply a patch is a set of changes to a computer program designed update, fix, or improve it. Although many patches are issued for the purpose of improving a program’s functionality or usability, it’s the ones that address vulnerabilities that you really want to get onto your computer.
In 2017 the NSA (National Security Agency) warned Microsoft of an exploit to the Windows operating system called Eternalblue. I’m not going to get into how Eternalblue was developed (and who developed it), but the fact is the exploit exposed a glaring vulnerability that Microsoft had to address immediately.
In March 2017, Microsoft issued a bulletin that explained the flaw and that patches had been released for all versions of Windows that were supported at the time. For users who had automatic updates enabled on their computers, the patch was installed and their systems were protected from Eternalblue. However, many Windows users chose not to install patches, had automatic updates turned off, or will still on a version of Windows that was no longer supported. In May of 2017 the WannaCry ransomware attack was unleashed on the world. The impact:
- 200,000 victims
- 400,000 computers
- 150 countries
What made this attack so frightening was the speed at which it made its way around the world. Many of the infected systems were in the service and health care sectors. Kaspersky Lab reported that some 98% of the machines infected were running unpatched versions of Windows 7.
Hopefully your company’s IT department has a good patching program in place to keep machines current. At home here are some things you can be doing to assure your machines stays up to date:
- Don’t ignore messages advising that updates or patches are available for your computer. If you’re being advised there is a security update, then you’re computer is already vulnerable. The update is fixing a hole that is known to exist. Get that hole plugged ASAP.
- Don’t turn off automatic updates. It may not always be a convenient time to install an update, but not installing any at all is asking for trouble. If you’re not sure how to enable automatic updates for your version of Windows, do a quick Google search. It takes just a few clicks to turn that service on.
- If you are not yet running the Windows 10 operating system, consider upgrading. According to Webroot, Windows 10 machines are “twice as secure” as Windows 7 machines. Microsoft issues two “end-of-life” dates for their products. One is the end of “mainstream” support. This is when Microsoft will stop developing new features for the product. The other is the end of “extended” support. This is when Microsoft will stop patching and fixing the product. The table below shows when mainstream and extended support has, or will be terminated for Microsoft’s most popular operating systems. If you are running Windows 7 or prior, you should be thinking about an upgrade.
In my next few posts, we’ll explore some additional security topics and what you can be doing to keep yourself protected. But for now, if you are not patching your system, it should be the first thing you tackle. Patching is free and affords a high level of protection if done routinely.