There is an old adage: "If it's working, don't change it." Unfortunately, that is bad advice when it comes to computer security. Software is inherently ephemeral, and when a version goes out of support, it must be upgraded or replaced. When a patch appears, it must be applied, and the sooner the better because the bad guys decompile those patches to figure out what to attack.

   Microsoft, Apple, and the Linux vendors offer periodic patches to patch operating system (OS) bugs, but your applications must also be patched. Things such as Adobe Reader, Flash, Winamp, all of the IM Chat programs, your browsers, ... all must be patched every time a new version is released. Some programs check for updates when they are started, but if they are not started, they lie in wait to be activated and exploited by some attacker.

   Windows has an excellent solution called Secunia PSI, which is free for personal use. PSI scans all of your programs for vulnerabilities, and with your permission, automatically updates most of them. The first time I installed PSI, I found about 10 unpatched programs I had installed. And some were very unobvious, such as old versions of the Java JRE that were installed as part of other programs.

   Mac users can join MacUpdate, which has a free daily e-mail informing you of new and updated OS X products. It is a bit of a pain to use because they are not arranged in any order (I can tell), and also not dated, so you can't tell if the patch you installed yesterday has been updated. They also have a MacUpdate Desktop (free with ads) which scans your computer and informs you of available updates for your system.

   Linux releases patch the OS and applications that come with them, and if software is in repositories, you can add them to get those updates as well. But stand-alone applications that you install must be checked manually.

   As a result, I spend several hours a week (on average—sometimes it is a lot more) patching. This is time well spent, but it is not productive time. There ought to be a better way.



Add new comment


  • No HTML tags allowed.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions. Image CAPTCHA

Enter the characters shown in the image.