This is the third in a 5-part series examining simple ways to protect your data from data breach and data loss without costing an arm and a leg. Part 1 of the series can be found here. These posts come from material that we present in our “Protecting Your Data” seminar for businesses. The presentation also has 1 hour of CLE credit from the Alabama Bar Association. Contact us to schedule a presentation or to find out when one is being offered.
What Patches Are
As much as everyone would like it new software never ships without any problems. Software vendors fix these issues with pieces of code called “patches” or “updates”. In the good old days you had to receive physical media, like floppy disks, that had the relevant updates on them to fix any problems – that’s if you were lucky enough for the software to get fixed. These days almost every major program will deliver updates to you via the internet, and most will either check for updates automatically, or will use a schedule to do so.These patches are used for several things. The original idea was to fix bugs in the software that keep it from functioning correctly. While updates still do that, more commonly they are used to address security issues that have been found to help prevent the spread of malware and to help prevent intrusions by attackers. Updates also are sometimes used to add features to the software. As you can see it is important to keep your computer and its software up to date.
Beware the Software Bundles
Unfortunately, these patches sometimes cause more problems than they solve. This can happen because the update itself may contain a bug which causes your system to malfunction. It can also happen due to “software bundling.” Software bundling is where the makers of software bundle other software with theirs. Generally they are paid by the makers of the software they are bundling to do this. They market it as a convenience to the user and say they are doing a service. What makes this more problematic is that you generally have to uncheck a checkbox or something similar during the install process to NOT get the extra software. Many users are afraid to touch anything during the install and always go with the default settings. This behavior is what the software bundlers count on.If the software vendor is already on the shady side, what tends to happen is that it bundles an even shadier app, that may bundle or download behind the scenes an even shadier app, etc.. Eventually you end up with flat-out malware on your system and all the “fun” that comes in dealing with that.If the software vendor is reputable then the software they are bundling is not nefarious, per se, but it can still cause problems with your computer. The most common legitimate programs bundled are anti-virus programs, such as McAfee, and browser toolbars, such as Ask. As previously discussed in the second part of this series, having two anti-virus programs is actually a bad thing, so if you already have one then this “helpful” feature suddenly increased your risk for infection. Toolbars, like Ask, hijack your search engine and do other shady things to your computer. These things are more of an annoyance than anything else.Some of the most notorious reputable vendors are Adobe, makers of Flash, and Oracle, makers of Java. These two companies make products which are widely-used. They therefore have large market penetration. When downloading any free Adobe program (Acrobat Reader, Flash, etc…) or Java, or any of their updates, you should be careful not to get any unwanted, bundled software.
Patch Anyway!
Despite the problems associated with patching, it is vital that you keep your system as up-to-date as possible. You should also install updates as soon as you can after they come out. Often the updates are for what are called “zero-day exploits”, which is where the vulnerability that is being patched is either expected to be exploited that day or it is already being exploited before the patch is delivered. Recently, one of the scariest exploits that we’ve seen is where just by browsing to a website that had been compromised and was hosting the appropriate code, an attacker could gain complete control of your computer. To help keep you up to date both Mac and Windows will either automatically update themselves or tell you about updates, depending on how they are set up.