Patch – or stay unprotected

There’s a moment when you check your phone or shut down your workstation and words urging you to update your software can leave you with your finger lingering over the ‘OK’ button. Here’s some advice, says Tim Stackpool: do it!

In a perfect world, once a piece of software is released, it would be free of flaws and vulnerability. But, given the variety of hardware and apps in the market, it’s accepted within the industry that some users will eventually find parts of the system that leave data available to hackers – or software that crashes in certain circumstances.

What does it mean for me?
When a new danger, malware, virus or ransomware is discovered, system developers will quickly find a way to close the vulnerability or ‘bug’, and release the ‘fixes’ to the market. That’s when you see the message urging you to update – whether for your phone, workstation or laptop, upgrades and ‘patches’ are part of the rolling support offered with any operating system to ensure your device remains safe from hackers and supportive of new applications.
For the busy EA, this message may seem to always appear at the most inconvenient times – in the middle of proofreading board minutes, booking flights or reconciling an Excel spreadsheet. Thankfully, you can often wait until overnight, or when you shut down your PC or laptop before needing to implement the update – but just make sure to make time at some point very soon.

The dangers
Over the past year or so, some of the vulnerabilities have been frightening – and when they’re discovered, they make the news, which, unfortunately, motivates armchair hackers to wreak havoc upon devices around the world before security patches can be developed and hurriedly released.

  • You may have heard of Meltdown and Spectre – two viruses that allow for data to be stolen while the hardware was processing information, separate to what the software might be doing at the time.
  • Similarly, ‘Heartbleed’ went looking for data left lying around in pockets of machine memory when apps were closed; delivered when a user visited a website unknowingly carrying the Heartbleed malware.

But, thankfully, some vulnerabilities never see the light of day as they’re quickly patched when White Hat hackers (the good guys!) discover the dangers early and have the vulnerability patched quietly while the world is none the wiser. For this reason (while not a 100 per cent safeguard) it’s also important to let your virus protection update its ‘definitions’ whenever it requests to do so.

Be responsible
In larger organisations, responsibility for this area lies with the IT department. Special commands are sent quietly to their workstations via the network; generally applying the updates when the device is shut down or restarted.
This can become more challenging, however, if your organisation entertains a Bring Your Own Device policy, as such update commands are not mandatory. If this applies to you, remember that the longer you wait before accepting the update, the more at risk you are to system crashes or hackers successfully violating your device. Also, always be sure that the update notification is legitimate, and not an imposter message from a hacker wanting you to click on a dangerous link.

A final thought…
Of course, these patches and updates are sometimes issued so frantically that they can actually cause other system failures, particularly when the patch interferes with virus protection software as both are trying to safeguard against the same thing. In this case, the entire system may crash or deliver the dreaded blue screen. In such instances, patience is required as protection systems will eventually address the problems – but only after recording feedback caused by those difficulties. At least your data is safe in the meantime.

 

THE EXPERT
Tech expert Tim is the technology writer for Executive PA Media. He can be heard on talk radio in his native Australia and is a tech presenter speaking at conferences and trade shows about technology’s impact on work and lifestyle
SHARE