You are here: Home / Security / Update Your Software! (3/3)

Update Your Software! (3/3)

May 11, 2009 By Leave a Comment

Software UpdateThe third and final thing you can easily do to protect your computer is to keep all of your software up to date. I will be explaining why it’s important to do so and the consequences of not doing so. Sadly though, a lot of people don’t pay enough attention about this topic. They either underestimate the potential harm it could bring to them by not updating their software or they simply just don’t care. If an application works, then to them, there is nothing to fix! Unfortunately, that is not the case now days and I will explain why.

I know that you’re sick of hearing about how big the Internet is but you have to realize that although the Internet can be a platform to deliver awesome applications to your computer, allow you to communicate with all your friends overseas, email them and all that other good stuff, it can also be a platform for the bad guys to broaden their horizon and give them a much more bigger audience to attack. Sometimes the applications on our computers we use the most in our day to day lives can be maliciously abused and in turn used to attack our computers instead. You’re probably thinking how in the world can that happen? It’s not so difficult to grasp that idea once I explain in details what I mean.

Just think about this phrase for a second, “There is always someone smarter than the previous guy”. What does that mean in terms of software security and patches? Well, think about an application you are using right now. It could be Microsoft Word, your browser of choice, Adobe Acrobat Reader, your favorite instant messenger program and even the operating system you are using right now to read this blog. When the geniuses designed and wrote the application, they couldn’t think of all the ways that their coding can be ‘abused’ to perform some malicious action. Because of this, no one application can be totally secured. The authors can only do their best in securing their own coding. Once released to the public, everyone can now either download or purchase that program to use. To a casual user, the usual routine would be to download the application or unwrap it and put the install CD into their drive. Next they will install it and begin using the software without ever thinking as to what actually happens under hood. To a malicious attacker, they can do the same. However, they go into great depths trying to discover vulnerabilities in the application so that they can abuse it and use it to attack others who have the same application.

One very good example would be the Adobe Acrobat Reader application which I’m sure a lot of you know about. If you want to read PDF documents, you will need this application. Now lets say that I am the attacker. I found a exploit that allows me to inject some really evil coding into a PDF document and can take over your computer if I could simply get you to open the PDF document with Adobe Reader. I send the document as an attachment to your email and claim that you have been selected as a contestant to enter in a sweepstakes for a chance to win one million dollars. All you need to do is download and open the included attachment, fill out the form and email it back to me to be submitted. Will you do it? I hope not because once you open the attachment, then I win. My specially crafted PDF document have coding in it to install some malicious code on your computer so that I can take control of your entire computer without you ever knowing! Another quick example is your antivirus software which was item number one on the list which I have detailed here. Remember, a lot of antivirus products rely on signature files being delivered (usually on a daily basis) to your computer. If you don’t update your signature file for your antivirus software, then it’s worst than having none at all because now it gives you a false sense of security. You think you are secured by having a antivirus product installed but it doesn’t do you any good if you don’t actually update the software! No signature files means that newer viruses can sneak into your system undetected!

So how can this be prevented? Simply by keeping up to date with all the patches and updates Adobe and your antivirus vender issues for the Adobe Reader application and your antivirus software. These updates will patch or ‘fix’ the security holes other malicious users have tried to use for their malicious intent. If you have downloaded and installed the update prior to opening up that PDF document I’ve sent you, then nothing would have happened. You won’t get entered into a sweepstakes contest but your computer wasn’t compromised either! However, that isn’t to say that you should open up any kind of files from strangers. Remember, the best way to approach computer security is to not get infected in the first place and to do that, you need to practice safe computer habits which I’ll write about in future posts.

So now you’re probably wondering how in the world am I suppose to know when there is a security update for my application?! Worry not. Usually applications you use now days have a auto update function that when set, it will automatically check their status when run on your computer. If it finds that there is a newer version or a new update, it will either prompt you for installation or automatically install it for you. You really have to pay attention to updates issued by Microsoft for your operating system whether it may be Windows XP or Windows Vista. It’s imperative that you install these updates immediately.

There is also another free tool available that will check the status of your programs and applications installed to see if you are running the newest version. If not, it will let you know. This application is called the Secunia Personal Software Inspector. You can either have them check your computer from a simple webscan on their website or for a more comprehensive scan, download their free application and install it on your computer. This way, you have a quick and easy way to determine if you are up to date with all your software patches. I have linked their website down below so head over there for more information.


Secunia Personal Software Inspector


VN:F [1.9.13_1145]
Rating: 0.0/5 (0 votes cast)
WP Greet Box icon
X
If you enjoyed reading this article, you might want to subscribe to my RSS feed for updates on this topic.
Filed Under: Security Tagged With:


Shortlink:

Speak Your Mind

*


(humans only, please)

View in: Mobile | Standard