The Importance of Security Updates
Security defects in the software products we use every day are found constantly. If not repaired, the defects allow criminals to take control of our computers as we visit web sites, view images, open documents, and/or even just sit on the network. Even if you do everything else right, these defects can allow criminals into your computer. Obviously its important that updates to fix these defects be applied frequently and regularly.
Unfortunately, due to the frequency of defect discovery (at least monthly!) and the number of different vendors that are represented on our computers, this is not an easy task. Mainstream platform vendors (e.g. Microsoft and Windows, Apple and Macintosh, RedHat and linux) have mature automated notification and installation mechanisms you can set up using StartSafe instructions that mostly take care of the baseline computer for you. But when you start adding products - Document readers like Adobe Reader, media players, browser add-ons, and other programs - things get a lot trickier. Moreover, those products are the most likely to be attacked these days.
A few of the products will help you by checking for available updates and notifying you when they're available. Unfortunately, most do not and many products for the Windows platform won't do so if the computer is operated with the recommended safer user account. None of the common products will update themselves automatically. You'll have to initiate and complete the update process yourself which may or may not be easy.
JMU owned Windows computers managed by IT have the most common third party updates applied to them automatically in addition to the Microsoft updates. Similar services are being considered for JMU owned Macintosh computers but there are no firm plans yet.
Operators of student and home computers (and JMU owned computers not joined to the IT domain or managed by IT) and people operating managed computers that install their own software unfortunately have to keep up with the problem manually. A task that is taking more and more time and becoming more and more important on a weekly basis.
A company that makes a product that can help with this task and that has had favorable reviews is Secunia. They offer a web based service you can visit with a browser that will check your computer for needed updates for a few dozen of the most popular programs. If you want, they will email you reminders on a periodic basis to rescan your computer. They also offer a program that can be downloaded and installed on home computers that can check for updates for thousands of programs. The latter program's license, however, only allows it to be used on home computers. It is illegal to install on JMU owned computers. As always when using a web service that requires downloading software, the terms and conditions and privacy policies should be examined.
Update sites for a few of the most common products are listed below:
Security defects without a fix
Sometimes security defects are discovered and made known to the public before a security patch is available. Sometimes these defects are even discovered and exploited by criminals before anyone knows there is a problem. Depending upon the product and defect, simply clicking a link or opening an associated document could result in a compromise. These types of defects are becoming more and more common, particularly in third party products.
Risk reduction measures include: