Secunia CSI7
About us
Careers
Memberships
Newsroom
Contact us
Blog
News
Articles

Hereís why other people donít update their software (Not you, of course. You know that security updates are important, right?!)

Get this blog as an RSS Feed
16:40 CET on the 19th October 2012
Entry written by Maria Eriksen-Jensen, VP of Business Development and Marketing.

This month is Cyber Security Awareness Month, The theme is “Our Shared Responsibility” – because making the internet safer is just that. Using this as a stepping stone I would like to give some attention to the specific area of PC software security, security updates, and the confusion/ misunderstanding I often hear when asking people why it is they don’t treat their private PC with the latest security updates. They say:

  1. “I didn’t know it mattered!”
  2. “It takes too long and I’m busy!”
  3. “I can’t figure out how to do it!”
  4. “I don’t have to, because it makes no difference”

… and to this, I tend to reply:

  1. Consider yourself enlightened - it does matter!
  2. No, there are solutions out there to help you. And are you really too busy to make sure you are secure online?
  3. Do not despair – there is help out there. It is actually fairly straight forward.
  4. Hmm, please give me a chance to explain (please continue reading) – and what better timing than  during Cyber Security Awareness Month.

To try and help people fully understand my four (very direct) replies above – and why it ultimately is a very bad idea to skip the security updates – I think we need to clarify and give answers to the following:


1.    Yes, private PC users do need to deal with security updates – which are…?
A security update is in fact a “security patch” that removes a vulnerability that has been identified in a software program. A vulnerability is a flaw in software code, that can be exploited by hackers.

The short answer: If you do not update your software with the latest security update, you cannot be sure that it is secure. Software has vulnerabilities, and these vulnerabilities work as a potential open door to your computer for hackers, who exploit these openings to gain access to your computer and everything on it – including your bank and credit card details, your passwords, and all your social media activity.
As NorSIS also states: ”Software programs that aren’t updated are one of the most commonly used methods by criminals to take control of private PCs. It is incredibly important to keep the programs updated.”

Try and have a look at this video to get a very basic explanation of the ‘vulnerability threat’ – you want to be like Tim ?


2.    No, all your software is not automatically updated
Some software vendors do – for example Microsoft Windows Update. However, for the vast majority of non-Microsoft programs such as Adobe (that you use to read PDFs), QuickTime, and Java (that you might use to run your online bank application) you need to take deliberate actions to ensure that vulnerabilities have been patched and your PC is secure. (*)


3.    No, security updates are not about features 
Security updates are not about cool new program features. They are about protecting your PC, ensuring that you have the version installed where the identified code flaw has been removed. So you do need to bother.

4.    Yes, you and your PC are very interesting targets to hackers
They are not after you personally – they just want your data, your passwords, or your ‘identity’. And sometimes they actually ‘just’ want to take control of your PC so that it can be used as a ‘host’ and be part of a larger attack (a botnet, for example).

5.    No, you are not untouchable
Short version: No one person knows enough about what software vulnerabilities are around at any given time to be able to protect themselves. It only takes one vulnerability in your PDF reader, then you opening an infected PDF attachment - then you’ve granted access…

(*) If you don’t want to spend a lot of time checking for software security updates, you can download Secunia’s free Personal Software Inspector (PSI 3.0) – if you want to it can even auto-update for you.

I would love to hear what you think
If you know of other reasons, or feel a need to address other misconceptions/ understandings, please share them here.

Stay Secure,
Maria Eriksen-Jensen
VP of Business Development and Marketing

Discuss this blog entry
A new thread in our forum is created. Activate the thread by commenting/discussing below.
Subject: Hereís why other people donít update their software (Not you, of course. You know that sec 
User Message
mogs RE: Hereís why other people donít update their software (Not you, of course. You know that security updates are important, right?!)
Expert Contributor 20th Oct, 2012 00:14
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 20th Oct, 2012 00:43
"I've got the latest anti-virus and firewall !!"....."What else is there ?"......doesn't seem to be the next (question),logical leap, in a growing cyber threat awareness. In fact it's oft where the story ends it seems.....it stagnates in a seemingly common misconception that " if it mattered"....the OEM or Security provider would be doing it....patching that is. There's often a hole in the understanding from the beginning.
I was very lucky when I got my first computer (not quite silver nor late developer !!), about four years ago.....in trying to familiarize myself with so many aspects of it; I just happened to stumble across Secunia psi.....even a few users in my family, and extended: ( sociological term ! ) hadn't, or were.nt able, to enlighten me.
It was fortunate too, then, that I discovered the forum.
Whilst I read with interest your blog....because of it's placement on the Secunia site....I found myself wondering if it were designed to preach only to the converted; or would be seen elsewhere(?).....again it would seem more co-ordination is needed between OEM's....anti-virus/firewall providors etc., and Secunia and the subject of patching.
Maintaining Secunia's integrity and impartiality must, it seems to me; tend towards a kind of separatism and not closer co-operation/lliason with other vendors in getting the message to the fore ( psi free with etc).......by it's very nature.All else seems to be a possibly unacceptable slow pace of education !!
I have nothing but praise for Secunia's efforts and provisions.....every month of the year !!
Thankyou for the opportunity of engaging in the "conversation "......regards........


--
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer