Search



Contact Us

Remote Assistance


Powered by TeamViewer

Rate Us!


How did we do? Rate us on WOMO!




Don’t neglect your software updates!

While it seems that PC’s and Mac’s seem to require patches and updates very regularly, don’t become complacent. Updates are provided free and automatically for a reason. A recent study of Windows Malware infections showed that most exploits target patched security vulnerabilities and (somewhat surprisingly if you believe everything on the internet) most of these are not actually Microsoft’s doing. The most likely entry points for malware into your system (in descending order) are flaws in Java, Adobe Reader, Adobe Flash Player and MS Internet Explorer. Only one of those is Windows only…

Java installs an automatic update notification when it is installed, run these updates!

Adobe runs automatic update checks as well for Reader and Flash, install these updates! One word of caution though for businesses with a caching proxy server, beware of the Adobe Updater fundamental coding flaw that Adobe won’t acknowledge. Adobe Updater is very impatient, if it does not start receiving its update within 15 seconds, it will request it again. If you have a caching proxy server (running Anti Virus checks on downloaded files for example), make sure the Adobe update sites are either blocked (install updates manually for the business) or exempt from scanning or it can burn your internet bandwidth very quickly (until you stop it). All Adobe needs to do is check for a proxy server in the internet settings and if there is one, extend the timeout. They haven’t yet.

Finally, dont use Internet Explorer unless you have to. Microsoft Cloud Service web interfaces such as Sharepoint work best with Internet Explorer and some systems management tools with web interfaces require it due to custom Active-X controls (Blackberry Server Express for example). A better alternative is to use Mozilla Firefox or Google Chrome and for even more protection in Firefox, install the “NoScript” plugin.

Finally, make sure you patch Windows and Mac’s all the time. It is pretty rare these days that patches break things but it does still happen from time to time. In a business environment, make sure you test updates properly before deployment. Home users should do a web search on the updates to see if people are reporting problems.

UPDATE: February 5th 2012.
I should have mentioned to make sure you keep your website back-end up to date if you use a content management system (or even just a database). There are many vulnerabilities in every CMS, they are usually patched quickly but if you dont apply the patches, you will become the victim of an automated hack. A client recently had their website hacked, fortunately it was a relatively benign, albeit alarming hack. The vulnerability was traced to a very old version of WordPress that was not even being used that was installed in a subfolder on the website and had been forgotten about. The hack installed a small shell onto the web server which give full control of the whole site, not just the old WordPress blog. Their main blog was up to date. Plugins are also likely points of entry into your web site, keep them up to date as well.

Posted in: Free Software, Security

Leave a Reply

Your email address will not be published.