Patch time: Keeping your system and programs up-to-date

For all computer users, patching is an important aspect of keeping secure online. Need more information on exactly what patching is, why it’s so important, and how to stay up-to-date? Read on to learn more.

Patching explained
You are likely already aware that it’s important to keep your security software up-to-date in order to stay protected from the latest threats. But, other programs and software on your computer – not to mention your operating system – also need to be updated regularly in order for you to stay secure.

US-CERT provides a helpful analogy to explain what security updates, or patches, are. “Similar to the way fabric patches are used to repair holes in clothing, software patches repair holes in software programs. Patches are updates that fix a particular problem or vulnerability within a program,” US-CERT explains on its Cyber Security Tips page.

Why is patching so important?
You need to update your operating system, your security software, and all other programs on your computer on a regular basis. Why? Patching your system and programs is key to keeping malware from infiltrating your computer. Unpatched programs can become an entry point for an attack.

One case in point: the proliferation and ongoing threat of a much-publicized piece of malware, known most commonly as Conficker. This worm (also referred to as Downup, Downadup and Kido) began dominating the security headlines last March, due in part to Microsoft’s offer of a $250,000 bounty in return for information leading to the arrest of the malware’s perpetrators, as well as because of hype surrounding the predicted April 1, 2009 activation of the massive botnet of infected computers that it produced.

But here’s the important part in the updating context: one of the ways Conficker has been known to spread and infect computers is through a known vulnerability in the Windows Server service, the MS08-067 vulnerability. The patch that fixed the MS08-067 vulnerability was published in October 2008 yet Conficker continues to thrive, meaning people are still not in the habit of installing security updates. In fact, according to data released in April 2010 from Qualys, one in 10 Windows computers are still unpatched against the Conficker worm’s exploits; 25 out of every 1,000 systems are estimated to currently be infected by it.

How can you stay up-to-date?
It’s important to keep your operating system and programs up-to-date and install updates as soon as they become available. Below are a few quick tips on how to do just that.

• Use automated update options, such as turning on Microsoft’s Automatic Update feature. You can also choose to take advantage of mailing list notifications from some vendors that will inform you when an update is ready.
• Don’t click “remind me later’. For your security’s sake, install security updates as soon as they become available in order to protect your computer.
• Get the updates only from the product’s vendor, and through a trusted website. Remember: don’t blindly trust links in e-mail messages. Cyber criminals have been known to push patch-related scams through spam – directing a user to a malicious site or attachment, in an attempt to infect your system with malware.