Cyber Security Awareness Month: Staying Patched
I am not going to get into strategies by corporations or large enterprises on how they manage their patches. This post is mainly directed toward home users with just one or a few PC’s.
One of the biggest threats to your home computer is out of date software. Hackers and other bad guys make their money by betting that you are too busy to keep your systems up to date, and all too often, they are right. But I’m not talking about your operating system. Most of the time the OSes come out of the box configured to keep itself up to date. I’m talking about the helper applications everyone needs to help their computer run.
Recently malware and worms have targeted the following non-OS software:
- Skype
- Flash Player
- Quicktime
- Real Player
- Microsoft Office
- Java
- Acrobat Reader
- Windows Media Player
- Anti-Virus Software
- AOL Instant Messenger
In order to update most of these applications, you have to either download the updates or run the updater programs that are associated with them. And these programs should be checked often to ensure they are up to date. At least once per month.
The software manufacturer’s website should contain the most up to date information on the programs and whether or not any patches are required. If the site won’t say, or you are curious if there are vulnerabilities in the software you are running that the vendor has not yet patched, you can go to SecurityFocus.com to search for vulnerability information.
One final word of warning. Just because you have updated a program does not always mean you are no longer vulnerable. Usually when a new version is installed, the old one is removed or overwritten in the computer. This is not true with Java. I was nailed with a nasty piece of malware that took advantage of a two-year old version of Java that was still on my laptop. It turns out that you have to manually remove your old Java versions to stay secure. The updater won’t do it for you, and hackers know this. They can write exploits that only call the old versions, and if its still on your computer, they’ve got you.
Happy Patching!
