Blog: Cybersecurity

Keeping Up to Date

July 7, 2015 - by Synoptek

Generally speaking, one of the first things anyone does with a new computer (either purchased or freshly provided by IT) is to install all the programs that you’ve come to rely on. Take a moment to think of all the programs that you use every day and which of them you have installed yourself. Examples include Adobe Reader, Flash Player, your favorite web browser, instant messaging clients, word processing software, multimedia players such as VLC, an email client, and so on.

How many of these programs rely on Internet access to be useful? They allow you to remain connected, open downloaded files, and view Internet based media (videos, websites, etc).
Therein lies the problem. Because the information processed by these programs is sourced from the Internet, it is subject to change and a potential source of malicious activity.

PLUGGING THE HOLES – IT Security Awareness

When performing a quick review of the major security breaches over the last few years, the vast majority of them have boiled down to “Someone clicked on something they shouldn’t have”. The “Ground Zero” user either opened an attachment or clicked on a link (generally sent to them via email). But what makes attacks like this effective?

The answer: out of date software!

Granted, some attacks are considered “Zero Day” meaning that their existence is unpatched and unknown, however, each month, software vendors release updates to their programs that close these holes; sometimes closing dozens and dozens of holes.

Imagine if you had a program that you have not updated for months. How many different “ways” are you leaving open to exploitation?

Looking at web browsers as an example, when you click on a link you are calling the resources of that website from the Internet to your web browser. If you have a browser that is out of date, and that web site is malicious, the attacker could take over your computer through that method.

INSTALLING UPDATES

It has become increasingly more common for programs to include some method of auto-updating. When those programs ask to update, if at all possible, install those updates. All too often, the updates patch against malicious activity that is actively being used.

For programs that do not auto update, some include a method for manually checking for updates. With others, you may have to check the location where you originally obtained the installer for an update.

There are some third party programs and websites that can help you find programs and plugins that are out of date.

  • Secunia PSI is a great solution for personal or private computers.
  • FireFox has a web page that can check your web browser for out of date plugins. Qualsys also maintains a browser check page which is not FireFox specific.

PATCH DAY

Pick a day each month and think of it as Patch Day. Put it on your calendar and go through your most frequently used programs and check for updates.

Here is a list of popular programs to start you off:

  • Adobe Flash Player
  • Java
  • Web Browsers: Chrome, FireFox, Opera
  • Multimedia: VLC
  • Instant Messaging Clients: Pidgin, AIM, Yahoo, Trillian, Adium
  • PDF Readers: Adobe Reader, CutePDF, Foxit, Evince, SumatraPDF
  • Virtual Machine Software: VirtualBox, VMWare

CREDITS AND ADDITIONAL RESOURCES

Secunia PSI

http://secunia.com/vulnerability_scanning/personal/

FireFox Plugin Check

https://www.mozilla.org/en-US/plugincheck/

Qualsys Browser Check

https://browsercheck.qualys.com

Related Insights

Blog

How to Successfully Arm Your Organization with Endpoint Security Management

Blog

How to Select a Strategic Data Breach Prevention Partner

Blog

5 Considerations for Cybersecurity Risk Management

Blog

How Can Healthcare Companies Stay Vigilant When Giants like UHG Have Fallen?

Blog

Healthcare Cybersecurity: Increasing Threats Require Increased Capabilities
View more Insights

Talk to Experts