I’ve prepared a list of computer safety tips for years. Over time, the advice to keep critical programs up to date has moved to the top spot on the list. You don’t have to spend all your time reading technology news but you do have to be able to identify which reminders are legitimate when they pop up from the system tray.
There’s a weird news story to illustrate why updates are important: the entire network of computers at the University of Exeter has been locked down and taken offline for days because a virus has been raging through it. The virus was able to spread because the computers had not been updated with critical updates for Windows that were published four months ago. Company and university networks run a Microsoft service named WSUS to roll out updates; some IT people turn off automatic installation of even critical updates for reasons that are hard to fathom, especially when something like this happens.
Here’s a roundup from the last few days.
Microsoft released a small crop of updates through the Automatic Updates system earlier this week. On many systems the updates could be installed without a system restart, the first time I’ve seen that happen in years.
There will shortly be an “out of band” patch for Internet Explorer, responding to the controversy over the attacks launched by China against Google and other companies. It will address a vulnerability that is able to be exploited in Internet Explorer 6, which has not been a secure browser for years for reasons far more profound than this particular problem. Some code will also be patched in later versions of Internet Explorer, although there’s virtually zero risk of a similar attack succeeding against IE7 or IE8. At this point it’s all spin – Microsoft wants to look quick on its feet to silence the chorus of critics who have sprung up to blame Microsoft/Windows/Internet Explorer for original sin and the presence of evil in the world. (This is not the first time this has happened.)
Meanwhile Adobe released patches for Acrobat and Adobe Reader versions 8 and 9, adding significant additional security features and fixing vulnerabilities. Adobe is also working on a new mechanism to install updates automatically, similar to the Automatic Updates feature in Windows.
Mac users would prefer that you not see them installing the first OS X security update for 2010, covering 12 serious vulnerabilities. Macs can be taken down if a Mac user is tricked into opening audio files or surfing to a rigged Web site – exactly the same sorts of things that the bad guys are cooking up for Windows and Acrobat and Internet Explorer and Flash and Java and Word and Quicktime. As I said six years ago:
Every vendor of a product that touches the Internet is responding to security attacks and issuing patches – every single one. Anyone who tells you otherwise is fooling you.
Stay up to date! If you’re not sure whether your system is up to date and I haven’t worked on it for a while, ask me to do a PC Tuneup!