Why It’s Important to Update Software, Plug-Ins, and Applications

If you use a computer, you use an operating system and several kinds of software (e.g., anti-virus programs and Microsoft Office components) and web plug-ins (e.g., Flash and Java). And if you use a smartphone and/or tablet, each of those uses an operating system and several (or many) software applications. Furthermore, if you use internet-connected devices and systems — like fitness trackers, security monitors, thermostats, and even some cars — each of those has its own special software.

Operating systems and software are the brains of the devices we use — and, like real brains, there’s always more to learn. Developers and manufacturers are constantly making improvements and getting feedback, which means they regularly push out updated versions of software and mobile applications. These updates often deliver expanded functionality, but they just as often fix bugs and correct security flaws that were found in prior versions.

Updates that fix security flaws and out-of-date plug-ins are the most important, and they should be installed as quickly as possible. The main reason is because cybercriminals and scammers seek to exploit these known vulnerabilities, using them to steal confidential data, install malware, or gain access to personal or devices and networks.

In most cases, newer web browsers and mainstream app stores will enable automatic updates, either by default or as an optional feature. However, there will be plenty of times when you will need to initiate an installation on your own, either following a prompt on your device, or based on your own due diligence.

Here are some key pieces of advice to ensure you avoid as many software-based security holes as possible:

Pay Close Attention to 'Incremental' Updates

The differences between a “full” software release and an “incremental” update are found in the numbers. Software releases and updates generally follow a formula like X.y, where X indicates the full release (which introduces a new product or a major update to existing features/functionality) and y notes an incremental change or changes to the prior full release.

Incremental updates fix issues found with ongoing use of the latest release, and they often close security gaps. You will more frequently deal with incremental releases than full releases because full releases take a lot of development time and resources, and there are generally several months or even years between full software releases.

When an incremental update addresses a known security vulnerability, apply that update as soon as possible. (This list of updates to the iOS 9.0 release illustrates how incremental releases are used between full releases.)

Do Your Research

A quick online search can net you some helpful information, especially when an update is for a widely used product. If there are major security concerns, news outlets will have stories about them, and these details can help you to understand users’ experiences, and any actions you should take.

Research is particularly useful when you’re dealing with a full release or major incremental update. As noted in the prior point, a full release either introduces a new piece of software or revamps an existing piece of software in some significant way (introducing a new user interface, perhaps, or adding enhanced interactivity features). In most cases, the focus of a full release is to advance a feature set, not to close security vulnerabilities. In fact, full releases and more feature-rich incremental updates may actually introduce security vulnerabilities or system bugs that can negatively impact the user experience.

It can be to your benefit to let the early days following a major release play out prior to completing your own installation, particularly if you are updating a mission- or business-critical device, or if you are dealing with a system that is tied to your personal safety (like your car or a whole-house security system). A bit of research will help you identify negative impacts, the pros and cons of being an early adopter, and whether any risks are involved.

The recent iOS 10 release, which included a major overhaul of features and functionality, offers a great example of taking a more cautious approach and waiting for the dust to settle a bit before installing.

Wombat Security is a leading provider of security awareness training products that change behaviors and reduce risk. Learn more about how our unique methodology is helping organizations realize measurable results from their cybersecurity education programs. 

Update Out of the Box

It may sound crazy, but new gadgets can be out of date by the time you bring them home. This is particularly true of refurbished devices and systems, but is often the case with brand new items as well, as they can sit on shelves for months before they are purchased.

After products are manufactured and shipped, software improvements continue, so make it a priority to check for updates as soon as you can. Be extra cautious with consumer-oriented devices that are part of the Internet of Things (IoT). Due to high demand and intense competition, some devices are sent to market before they’ve been fully secured.

Another important tip: Change default passwords on all your devices (routers, exercise trackers, connected cameras, etc.). Default passwords for devices are frequently published online, and there have been known cyberattacks that exploited this type of information. A quick change can pay big dividends with security.

Go to a Legitimate Source for All Downloads

It can’t be overstated: Cybercriminals and online scammers are lurking around every virtual corner. That’s why it’s important to go to trusted sources for software and applications. Here are a few key pointers:

• Don’t click pop-up windows or random web pages that advise you to update software or plug-ins. These are almost always a trap. Instead, run a scan within the software itself or visit the developer’s website to check for updates.
• Stick to trusted application stores. “Homegrown” apps don’t have to go through the security checks required by more mainstream sources, which makes them inherently more dangerous. The bigger brands take security more seriously.
• Avoid pirated content. Yes, there are sites that claim to offer premium content for free (music, TV shows, movies, cracked software, etc.). Not only are these types of downloads illegal, they are also risky. These sites are not policed for safety or security, so you run the risk of exposing your devices to viruses, malware, and other dangers with any downloads.
• Stick with trusted developers and manufacturers. The simple fact is that every new piece of software, every application, and every connected device is a new gateway to your personal data and systems (and, potentially, your business data and systems). While security flaws are discovered in popular software and devices on a regular basis, trustworthy organizations want to close those gaps as quickly as possible to protect their customers. In contrast, rogue developers look to take advantage of intentional vulnerabilities for their personal gain.