How & Why You Need To Install That Security Patch
Updates can be infuriating. They’re also necessary – and putting them off can put you and your personal information at risk.
Yes, it’s annoying when Windows or OS X insists on updating – especially when you were starting to get some work done. But these and other updates don’t exist just to bug you: they protect you. And putting them off makes the job of anyone who wants to compromise your system that much easier.
What Do Patches And Hotfixes Do?
Security patches are designed to fix vulnerabilities in the software you use. What are vulnerabilities? Basically, they’re mistakes that mean the software can be exploited by hackers or malware.
Such vulnerabilities have real consequences. Remember last spring, when the Heartbleed vulnerability in SSL meant web users’ traffic was exposed? This meant criminals could, in theory, gain access to your passwords, credit card number, and more.
In the case of Heartbleed, website owners needed to patch their sites. Sometimes the vulnerabilities are on your computer, though, and in these cases you need to install a patch. This is why Windows and other programs are constantly asking you to install updates.
Wait…What? I’m Confused.
Let’s try a metaphor. Pretend you bought a security system for your house, because you need to protect an extremely valuable diamond.
Two years after the system is set up, the company that installed it for you notices a flaw: criminals who clap three times while bouncing on one leg cannot be detected. If the company that installed your security system offered to fix this vulnerability, free of charge, would you let them?
Of course you would. Think of patches the same way.
Why Do Updates Happen So Often?
Generally, the more complex a system is the more likely it is to have vulnerabilities. This is why operating systems, like Windows and Mac OS X, need updates so frequently: they’re designed to do all kinds of different things, meaning there’s a lot of things could go wrong.
Such updates typically come in two forms: patches and hotfixes. Both fix vulnerabilities, but do so in slighty different ways.
- Patches address a number of different issues, and sometimes even include new features. These are often regularly scheduled – Windows updates happen on Patch Tuesday , for example – and are sent to all users of a particular system.
- Hotfixes are smaller downloads, typically created quickly to to fix a particular flaw or problem. Because there’s not a lot of time for testing, Hotfixes generally aren’t released to the general public: instead, they’re offered if customers are willing to potentially put up with bugs for a quick fix to a given bug.
For most users, sticking to patches is ideal. For one thing, hotfixes aren’t tested throughly – meaning they could cause new problems. Additionally, anything solved by a hotfix today will likely end up in a patch eventually.
Patches Broadcast Vulnerabilities
So patches are good, but is there any hurry to install them? You don’t always need to drop everything you’re doing and install patches immediately, but it’s generally a good idea to install them as quickly as possible.
Security experts will tell you that a zero day vulnerability is a big problem. Essentially, these are flaws in software that no one knows about – meaning no one has developed a way to stop hackers and malware from taking advantage of them. Knowing about one of these vulnerabilities makes it easier to break in – it’s as if someone left their door unlocked.
Think back to our ridiculous example. If you were the person who discovered home security systems can’t detect anyone who claps three times and hops on one leg, you would have a lot of power. You could rob people with very little risk of getting caught.
That’s what a zero day vulnerability is: knowledge of an exploitable flaw in a system that no one else knows about.
Which brings us back to why you should install patches quickly. Whenever software developers release a patch, hackers and malware developers look closely at it to see what it fixes. Through this reverse engineering, they can discover exactly how to compromise systems that aren’t yet patched.
Coming back to our example: if a would-be robber found out that the home security system company was fixing the clap-three-times-hop-on-one-leg bug, and also knew that you never bothered to let them fix it, they’d know exactly how to steal your diamond. The security company is, in a way, teaching robbers about the flaw.
That’s the last time I’ll use that example, I promise. My point: the existence of a patch is in some ways a blueprint for would-be criminals to exploit unpatched systems. For this reason, it’s best to install them quickly.
Of course, frequently criminals find out about vulnerabilities before a patch is issued – earlier this year, for example Google announced vulnerabilities in Windows before Microsoft could patch them. It’s an entirely different conversation, but worth reading up on.
How To Stay Up To Date
Now that you know what patches are, and why it’s important to install them quickly, you might be wondering: how do I install them?
It depends what kind of computer you’re using. If you’re on Windows, you should set Windows to install security updates automatically .
There are lots of good reasons to be running the latest Windows patches , so take this seriously.
Other programs, like Adobe’s Flash, will periodically ask you to install updates. Ideally programs wouldn’t do this, and some don’t: Google Chrome, for example, installs updates without bugging you. But generally, if a see a prompt to install an update, it’s a good idea to go ahead and install it.
Mac users can find the latest updates in the Mac App store. Here you can install fixes for OS X itself, as well as for all the software you installed using the store. Mobile systems, such as iOS and Android, work similarly. Whatever your systems are, it’s a good idea to make sure everything is up-to-date.
Do you install patches quickly? If not, why not? Are there any misconceptions about security you wish people would stop spreading? If you want to chat about this and more, I’ll be around in the comments!