Is Patching Your Computers Really the Safest Option?
Pinterest Stumbleupon Whatsapp
Advertisement

Where were you when WanaCryptor surged around the globe The Global Ransomware Attack and How to Protect Your Data The Global Ransomware Attack and How to Protect Your Data A massive cyberattack has struck computers around the globe. Have you been affected by the highly virulent self-replicating ransomware? If not, how can you protect your data without paying the ransom? Read More ? The highly virulent self-replicating ransomware (a ransomworm, of sorts) swept across most of Europe, the Middle East, and Asia, encrypting valuable and important files in the process.

The response was swift, as it had to be. But the infection still hit over 200,000 systems around the world, some in mission critical infrastructure. As such, Microsoft issued extra security patches for Windows XP, Windows Server 2003, and Windows 8.

Patching is usually the most efficient method of eradicating a glaring security issue How & Why You Need To Install That Security Patch How & Why You Need To Install That Security Patch Read More — except for when, in some cases, it goes wrong.

Don’t get me wrong. Patching is secure. It will keep your system safe. But there are certain ways of doing it that ensure you don’t make a bad situation worse.

Case Studies

There is a reason I led with the WanaCryptor story. In the post-infection hubris, a huge number of major organizations were attempting to patch their networks. While Australia was largely untouched by the ransomware, a number of hospitals connected to the Australian State of Queensland’s integrated electronic medical record system suffered outages after patching to protect against infection.

computer system updated
Image Credit: Rawpixel.com via Shutterstock

Queensland Health installed system-wide patches released by Microsoft, Citrix, and practice management specialists, Cerner. The patches rendered several patient record systems useless.

Broken patches aren’t new. Nor are they limited to a single industry, or system type. For instance, a Windows 10 update in December, 2016, was quickly patched after the initial update broke networking. That Microsoft has switched to a deliberately vague patch note system makes the introduction of a new, unspecified issue all the more frustrating.

Unfortunately, gamers more than any other group understand that a patch isn’t always welcome. To be fair, the impact of a game-altering patch isn’t quite as significant as a patch that breaks a medical system. However, it still causes distress for those involved.

Apple isn’t above patch issues either: an iOS 8 update was plagued with reports of fast battery drain, Wi-Fi drop-outs, random reboots, and more.

So I Should Stop Patching?

Absolutely not. As I mentioned, a patch is often the quickest, safest, and easiest method for companies to rectify any number of issues. Again, consider a newly released game. Quality Assurance testing seems to be on the wain in the 21st Century and buggy new releases are becoming de rigueur. The frequency of major patches on Day Zero or Day One is rising. In this instance, if you don’t patch, your game remains a buggy, potentially unplayable hellhole 5 Popular Games With Weird or Broken Physics 5 Popular Games With Weird or Broken Physics Sometimes, even the best games have problems. Here are some games that don't quite obey the laws of physics. Read More (not to mention a patch might make your save incompatible with other features at a later date).

“To patch or not to patch” isn’t a question we should have to ask ourselves — but, unfortunately, we do. Especially in scenarios involving older, outdated hardware (sometimes mission critical), or when there are more than a handful of computers at stake. The result of a patch gone awry in these situations can see entire organizations taken offline. At their very worse, a patch will introduce a new vulnerability. Why then does it seem that more and more major companies are delaying the introduction of updates marked “important” or “critical”?

Time Your Patch

Patch-phobia is nothing new. Before Windows 10 introduced mandatory updates, people would leave their system unpatched for months at a time. I know, I was one of them. And while Microsoft enforce their update system, they have allowed users some leeway. Not freedom of choice, mind.

The way not to deal with a patch is sticking your fingers in your ears and shouting “la la la.” Ignoring a patch for too long is, well, daft. However, timing the installation of patch is sensible. A large IT department might have the luxury of a test system. Furthermore, large, system-wide patches usually arrive later for enterprise and business solutions. But a small business doesn’t have the same redundancy.

In this case, the “wait and see” approach brings some benefits. Other users will install the patch first, and their systems will illustrate any horrendous bugs or breakages. In a similar vein, if there are significant issues, the patch vendor might rectify those issues before you install.

The balance lies in the evaluation of the importance of a specific patch. Can you afford to let another person or company be the guinea pig (potentially creating a semi-permanent zero-day situation 5 Ways to Protect Yourself from a Zero-Day Exploit 5 Ways to Protect Yourself from a Zero-Day Exploit Zero-day exploits, software vulnerabilities that are are exploited by hackers before a patch becomes available, pose a genuine threat to your data and privacy. Here is how you can keep hackers at bay. Read More ), or is it an instant, imperative installation?

How to Patch Safely

Again, we are not advising anyone to steer clear of patching. Vital security and system updates arrive via patches. Windows was a much more dangerous operating system before the introduction of forced updates. As with vaccinations, herd immunity works best — and simply put, people weren’t helping the herd.

Of course, you want to patch safely. Here’s how:

  1. Patch notes. Linux and Apple users can read patch notes as they hit the internet. Linux users are rarely, if ever forced to patch their system. Apple have only released one automatic patch (in response to the massive Network Time Protocol error back in 2014). Windows 10 users aren’t so lucky 5 Ways to Temporarily Turn Off Windows Update in Windows 10 5 Ways to Temporarily Turn Off Windows Update in Windows 10 Windows Update keeps your system patched and safe. In Windows 10 you're at the mercy of Microsoft's schedule, unless you know hidden settings and tweaks. We'll help you keep Windows Update under control. Read More . The Windows 10 Creators Update did introduce a new Pause Update button Windows 10 Creators Update Introduces New Pause Update Button Windows 10 Creators Update Introduces New Pause Update Button The Windows 10 Creators Update is rolling out to Windows 10 PCs across the world. The massive Windows 10 update is packed full of features, like the new Pause Update button. Let's take a quick... Read More , but that only provides a momentary stop-gap (up to seven days). It might, however, be enough to miss a bad patch, or at least a bad patch swiftly updated. In addition, Microsoft has all but removed detailed patch notes from the equation. (But you can try to find out more.)
  2. Virtual machine. Perhaps not an option for everyone, and again, Windows 10 users are likely working within a limited time-frame, but a installing a patch to a virtual machine running the same operating system can help with bad patch identification. A Windows 10 user could set their main system to Pause Updates for seven days, download the patch, and install in a virtual machine. If everything works, you can patch your main system.
  3. Make backups. One of the easiest ways out of a bad patch is to roll back to your last known good setup. It is a good idea to create regular backups of your system anyway, and this is another great reason.

Hope for the Best…

…but prepare for the worst. It is an adage that works quite well when we consider unknown patch territory.

If you’re preparing for the worst scenario, you’ll only be mildly surprised (or irritated) when that scenario lands on your keyboard.

Have you had a patch nightmare? Were you forced to update, or was it something you installed yourself? Do you regularly pause your Windows 10 updates? Let us know your patch-tips below, or share this article on Facebook or Twitter and continue the conversation there!

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. ReadandShare
    June 22, 2017 at 12:11 am

    I believe I am stating the obvious that Windows rollback is v-e-r-y hit or miss. To truly play it safe, I would opt for full system backup beforehand, and preferably using reputable, third-party software - such as Macrium. I would not use Windows' built-in system backup. I have been badly burned by both Windows rollback and Windows system backup.