I'd check the expiration on that can of Java.
Don't you just love updating Javascript Runtime Environment? Or better yet, have you ever not seen that little yellow shield icon down in the system tray?
The programs on your computer are always asking to be updated, and it can quickly go from annoying to borderline intrusive. Why do these programs need so many updates?
Generally, these updates fall under one of three categories: functionality updates, bug fixes, and the ever-pervasive "security update." I find that home and small business users tend to ignore the last kind, probably because a) they're the most common and, thus, the most annoying, and b) many users don't really understand what a "security update" is.
Well, if you learn only one thing today, it's that you shouldn't ignore them.
Risk
Online criminals have a myriad of reasons to try to gain access to your computer, whether it's to steal your personal information or to turn your computer into a remotely-controlled zombie. This is most commonly achieved through computer viruses and other malicious code, but that's why you have antivirus software, right?Well, yes, but online criminals do everything they can to try and 'hide' their bad code from your virus scanner. It doesn't always work, but they generally try to accomplish this by tricking another program on your computer into letting the bad code in (unbeknownst to your antivirus software). To this end, and in an effort to infect as many computers as possible, they focus on finding 'holes' in software that many people have installed already: Windows, Internet Explorer, Adobe Reader, Flash, Java, etc.
Of course, companies like Microsoft and Adobe are aware that their software is being leveraged to deliver malicious code, so they develop patches to fix known vulnerabilities and send them out to their users as security updates. Unfortunately, these are the same users for whom closing a dialog box asking to install updates is like a reflex. These updates are stopped dead in their tracks, leaving their associated security vulnerabilities unpatched.
Facts
Inconvenient or not, this kind of behavior is a mistake. Online criminals all but rely on the fact that users never install security updates, and design their attacks accordingly. That's right: computer viruses generally take advantage of security holes for which patches already exist. According to Orange, CA-based M86 Security, this is a trend that turns up consistently in their research. In the second half of 2010, the 15 most commonly exploited vulnerabilities had already been patched, meaning that basic software updates could have stopped all of them. Their most recent Internet security report concludes:We continue to see the most popular exploits targeting older vulnerabilities that have already been patched, with Adobe Reader/Acrobat and Internet Explorer remaining a consistent choice for attackers. Our research suggested that Java-based vulnerabilities would increase significantly, and they did. We continue to caution users that the best way to avoid becoming a victim is to ensure that all of their applications are updated to the most recent versions.
Following up on this recommendation, they go on to say:
Stay up to date. Keep Web browsers, add-ons/extensions, and desktop applications up to date with their latest versions. We have seen time and again that [internet] attacks target vulnerabilities found in old versions of Web browsers or applications. Organizations are not blocking the latest spam and Web threats simply because their products are not up to date.
What to Do
I'll admit that keeping so many programs up to date can be daunting, and to many it will seem like a significant drain on (waste of) their time. Fortunately, the most vulnerable programs all have automatic update features (automatic inasmuch as you will be notified whenever updates are available). Of the programs that ask, you absolutely should oblige the following:- Windows (via Windows Update), OS X (via Software Update)
- Internet Explorer, Firefox, Chrome, Safari (any web browser, really)
- Browser Plugins (especially for Firefox)
- Microsoft Office
- Adobe Reader
- Adobe Flash
- Java
It's hard to narrow down the list any more than that. Hackers are always on the move, and constantly target different platforms to keep computer users guessing. Early last summer, nearly 50% of all web-based attacks targeted Adobe Reader (via malicious PDFs), yet by October the Java platform had grown to become the most-exploited. The lesson here? Hackers target all common software packages, and your best bet is to keep all of them, not just some of them, up to date.
To find out which of your applications need to be updated, check out Secunia Online Software Inspector (Windows users only). Once you run the scan, you'll get a list of which programs are out of date, along with links to download the latest versions. The links you get, though, are to the software vendor's individual websites, which will generally require a complete (re)install of each program. I'd recommend using the update features of the individual programs instead, as they'll do a better job of getting you exactly what you need.
You know, those update prompts you've been ignoring?
;-)
011110010111010101101101
.png)