Patches and Updates - why you should take it seriously

Any software you use is a potential source of vulnerabilities that could lead to a compromise of security or identity. The more commonly used a program is, the bigger target it represents and the more likely it is that a vulnerability will be exploited by the bad guys.

Most vendors of software release regular patches and updates - usually after a vulnerability has been discovered. If you don't update your software then you could be leaving your computer open to infection or worse.

Defects in clients like web browsers, email programs, image viewers, instant messaging software, and media players may allow malicious websites, email messages, IM messages, images, and sound files to infect or compromise your computer with no action on your part other than viewing or listening to the website, message, or media.

When Microsoft brings out a new version of Windows for example, online criminals quickly find vulnerable areas of the Operating System and will do so for the lifetime of the version.

Microsoft releases security updates or critical updates for Windows (and other Microsoft software) which protect against these on a regular basis - known as "Patch Tuesday" in the online community because it is generally a Tuesday in the USA when they are released. You can set Windows to automatically download and install them and I highly recommend that you do.

Other Operating System vendors also release updates and patches - such as Apple for their iOS offerings, and various flavours of Linux Open Source (such as Ubuntu) also send notification of updates when they are released for download and installation. Although with Linux it should become a habit to update on login or set it to do so automatically.

If you want to know when any other patches are released or vulnerabilities are discovered then fortunately there are some places you can sign up for email alerts and notifications.

Microsoft have a free service that sends alerts for vulnerabilities but you need to have a "Live.com" free email account to use it. It's worth signing up for if you don't mind them sending you the information - some of which will not be relevant to your Operating System or Applications but some will be.

There is another free service provided by US CERT (United States Computer Emergency Readiness Team) which sends emails for all discovered and reported vulnerabilities and provides links to Advisories on vendor websites. This alert really does send all reported vulnerabilities of which only a few may be relevant to you but if only one slips past you then it can cause a lot of work and heartache to resolve if the cyber-crooks or other nasty people manage to breach your computer's defences.

I have provided links to both sign up pages on the Safetey and Virus Info Links page

Be sure and be safe

When patches are available, vendors usually put them on their websites for you to download.

It is important to install a patch as soon as possible to protect your computer from attackers who would take advantage of the hole. Attackers may target vulnerabilities for a long time after patches are available but don't take the chance.

Some software will automatically check for updates, and many vendors offer users the option to receive automatic notification of updates by email. If these automatic options are available, I recommend that you use them. If they are not then I suggest you check the software manufacturers website regularly

Make sure that you only download software or patches from websites that you trust. Never trust a link in an email because attackers use emails to direct users to malicious websites where users can unintentionally install viruses disguised as patches. Also, beware of email messages that claim that they have attached the patch to the message as these attachments are often viruses