Also available in different languages: German

Anyone who followed the news last weekend, probably knows that a Malware named WannaCry has infected a large number of computers of UK's National Health System and several hundred thousands worldwide . Computer viruses are nothing new, however, all* abuse the same problem: Outdated software. Because of that, I'd like to explain in this blog post why updates are so important. I also want to explain, how regular updates can severely reduce the infection risk.

* most Viruses anyways. There are only a few Viruses which use so called 0-Days (security vulnerabilities the software developer doesn't know about).

Why are there so many Viruses/Malwares/Trojans?

Malware (malicious software) is only able to infect a device (PC, Laptop, Smartphone, etc) which has software containing security vulnerabilities installed on it. Unfortunately, no software is perfect and therefore, this happens quite often. Most of the time, such vulnerabilities are fixed relatively fast. Then there is a new version for the software available and users of this new version are protected against malware which tries to exploit this particular vulnerability. For a best possible protection, it is important to ALWAYS install the latest version of all installed programs!

Compare that to a car: If something on your car breaks, then you should repair it (or let it get repaired) as soon as possible. Updates are just like repairs for a software with the nice benefit of sometimes getting new fancy features too.

How can I see whether there are updates available for XYZ?

Many programs have an entry "About" or "Help" in the top bar of the window (usually at the rightmost). There you can usually find information about the installed version, and sometimes even whether there are new updates available. Skype, for example, has a button "check for software update", as can be seen in the screenshot below:

Skype's menu entry to check for updates

Some other programs (mostly (Web) Browsers, such as Mozilla Firefox or Google Chrome, and Operating Systems, such as Windows, Linux, or Mac OS) have an auto-update-feature. This feature takes care of updating to a new version whenever one is available, saving the user from the hassle of doing it himself. I highly recommend to keep this feature activated.

Other programs (such as Android, Java, or Adobe Flash) typically inform the user with a notification (see the screenshot below) about a new update. New updates should be installed as soon as possible! Most of the time, this takes only a few minutes, however, it definitely pays off! To use the analogy from before: If the dashboard of your car tells you that something is broken, you wouldn't ignore this either, but rather fix it in the next service station.

Java informs about a new version

For programs which don't have such update mechanisms, updating is a tad more difficult unfortunately. In such cases, you have to visit the websites of the developer, to manually check for a software update. Even though this can be a lot of work (especially if you have a lot of programs), this should be done regularly.

Those of us who use Linux have a huge advantage. The builtin Package Manager always knows whether there are updates available for the installed programs. On top of that, it takes only a few clicks to update all installed programs to the latest software version, while you can continue working and surfing. See the screenshot below.

Updating under Linux is really easy! Here you can see the package manager from
Linux Mint, Cinamon Edition)

What should I do if there won't be new updates for a given software product?

Sometimes, a developer discontinues his work on a program. Then there won't be any new updates, leaving potential security vulnerabilities unfixed, ready to be exploited by hackers. In such a case, it is the best to look for an alternative, which is still supported and activaly developed.

A famous example is Windows XP (Link to Wikipedia). Anyone who still uses this, should switch to another Operating System right now. However, I think (hope) that today Windows XP isn't really used by private computer users anyways.

Another example is TrueCrypt (Link to Wikipedia), whose development was abruptly ended in 2014 . Its successor is VeraCrypt, is actively developed and fully compatible to TrueCrypt.

Which programs are the most important to be kept up-to-date?

The most important applications which should always be kept up to date are Operating Systems (Windows, Linux, Android, etc.), Web Browsers (Firefox, Chrome, Internet Explorer, Edge, etc.), Java, Adobe Flash Player, and generally any product with the name Adobe in it (such as Adobe Acrobat Reader, the popular PDF viewer).

However, the most important advice: DO NOT open links and E-Mail attachements from unknown people

The initial trigger for the Malware infection of UK's NHS (most probably) was that some employer opened a mail from an unknown sender. Correct behavior is at least as important as regular software updates. Whenever you receive an E-Mail from someone you don't know, ignore & delete it and NEVER click on links or attachements in this mail. The same goes for E-Mails sent by someone you know if you don't expect such a mail from this person.

Concluding words

Regular updates are very important for your computer's/smartphone's security. It is the most effective protection against Malware and often has the nice advantage of bringing new features. And now, have fun updating all your programs ;-)

Questions or Feedback?

If you have questions, feedback, or suggestions for improvement, please let me know. You can drop me a mail at any time to bafblox@tuta.io.