<< Run vulnerability scans on your websites | Use anti-virus software and keep it up-to-date >>

Apply patches and updates promptly

May 6, 2010 10:58 by author

This entry is part of the series Ten things you can do to improve IT security and reliability without spending money

In a previous blog post, I cited the SANS Institute study that listed un-patched client software as the highest priority risk. Interesting enough, this is a problem that most users or system administrators can easily address on their own. But all too often, we find the users just don’t bother.

The Problem
When you get a pop-up reminder on your computer that “updates are available” for a particular software, do you click on the “Install Now” button, or the “Remind me Later? In our work with clients we find that most people choose “remind me later”, either because (a) they are too busy to stop and take care of it at this exact moment, or (b) they figure the current version is working fine and they don’t really need the update.

Why this Happens
But let’s stop and think for a moment as to why the software vendor has released this update, which by the way is free. They’ve released it to patch some of the software vulnerabilities that the security researchers have found.

The longer you wait to apply that update the more time you are leaving yourself open to an exploitation of that vulnerability.

Every software vendor has vulnerability disclosures. A disclosure is when they acknowledge that a security weakness has been identified in their software. You might be interested to know that IBM’s X-Force security research team analyzed and documented 6,601 new vulnerabilities in 2009. Of course, all vulnerabilities are not equal; about 25% of these were classified as critical or high risk.

Which vendor had the most disclosures? I thought it was interesting that after holding the top vendor spot for three years in a row (2006-2008), Microsoft has dropped down to number three according to the IBM X-Force report. Apple has taken the number one slot, and Sun is in second place as the vendor with the most vulnerability disclosures for 2009.

The Solution
First, turn on Windows Updates. Depending on the settings you choose, this can automatically apply updates to all your Microsoft products, including Office.

Next, check all of the other software programs you use to see whether they have an automatic update feature. Most do, now, and it is usually found in a Tools or Help or About menu. If you find an automatic update feature, we suggest you turn it on. If you don’t find an automatic update feature, you’ll need to get updates from the software vendors website—and we’d suggest you do this about once per month.

And finally, when the reminders do come up, you’ll want to “Install Now.”

Think of this like brushing your teeth, it’s easy to postpone and not bother but it is certain to lead to embarrassment—or worse problems—later.

Tags:
Categories:
Actions: E-mail | Kick it! | Permalink | comment

Comments (0) | RSS comment feed

Comment RSS

Comments are closed

Calendar

Mo	Tu	We	Th	Fr	Sa	Su
30	31	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	1	2	3
4	5	6	7	8	9	10

View posts in large calendar

Mo	Tu	We	Th	Fr	Sa	Su
30	31	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	1	2	3
4	5	6	7	8	9	10

Mo	Tu	We	Th	Fr	Sa	Su
30	31	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	1	2	3
4	5	6	7	8	9	10

Pragmatix Blog

Apply patches and updates promptly

Calendar

Mo	Tu	We	Th	Fr	Sa	Su
30	31	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	1	2	3
4	5	6	7	8	9	10