Are updates actually important?
Yes, yes they are. Let’s just get that straight right off the bat. Software updates for anything connecting to the Internet are increasingly crucial as digital thieves find more and more lucrative ways to steal your Greenbacks and ruin your life. Here's a real-life example of how that could happen.
What’s that? Priceless family photos? Let me lock down your computer with a virus that uses high-grade encryption – and hold your files at ransom until you pay up.
“What did I do to deserve this?”
... you wail, as your lament forever-gone images of loved ones who left you too soon – finding yourself unable to pay the exorbitant fees, or just incapable of understanding the strange currency the miscreant demands his earnings in.
In the best case scenario, you didn’t do anything. You faithfully let your computer run it’s updates on a daily basis before you shut it down for the night, your antivirus protection was subscribed and up to date – and you still got hit.
“What?!” You stare at your screen blankly. “Isn’t this article in favor of updates?”
Yes it is. But I’m not going to sugarcoat it - everyone needs to have a better understanding of what is necessary to protect against these threats, so we’re going to take it a just a bit deeper than ‘updates = good.’.
If you take away one thing from this article, let it be this: Security always has, and always will be a catch-up game.
The reason why you got infected with ‘Ransomware’ in the example of above wasn’t your fault at all. The reason was that Microsoft, (who provides security updates for Windows) and your antivirus vendor of choice (Symantec, Mcafee, etc) were a step behind on defending you against the particular strain of virus you contracted. And this is always how it will be. They cannot fathom every change a hacker will make to gain access to your system. They can only defend you against the viruses they ‘catch’, study, and send you updates for.
And therein lies why you should update. Why you NEED to update – to be as secure as you possibly can be. While updates can never be fully ‘up to date’ - they help immensely, so you aren’t vulnerable to every attack ever created.
So, what do you need to make sure is updated?
- Your Operating System (Windows, Mac OS, Linux, Android, or iOS)
- Your Web Browser (Firefox, Chrome, Opera, or Internet Explorer)
- Your Antivirus (avast!, AVG, Windows Defender, Microsoft Security Essentials, ESET, Norton…)
- Your applications (Microsoft Office, Adobe’s suite that is too long to list here)
For all the complaints about Windows 10, there is one huge bonus to using it. Security updates are automatically applied for the Home edition. This is a big for users that always put off or ignored updates, unknowing of the threat.
Since 10 is the latest and most updated – I recommend it to consumers.
My favorite web browser is Google Chrome, because it is the most up to date on security patches, and updates in the background 90% of the time - with no needed interaction from you!
My mobile Operating System of choice is iOS, aka, an iPhone or iPad. Apple seems to be the only mobile manufacturer that takes updates seriously, and that’s a huge problem – because Android currently has the largest market share. Thousands to millions of users are vulnerable on older Android devices, with no way to update – since manufacturers of Android devices often don’t offer them, or they are even shipped to market… OUT OF DATE ALREADY. This is a terrible disservice to their clients, as phones now hold the keys to our whole mobile lives.
The antivirus I use is Windows Defender, and it is baked into Windows 8 and 10. In 10, all updates are automatically applied through Windows Update. One less thing to do!
If you are on a Mac, my go-to antivirus application is Avast.
Now that we’ve got an idea of what and why - let’s go back to our example. How did you get infected?
It's called a 'drive-by-download', and malware has been using it for some time. It's one of the most scary things I have to educate my customers on.
There is code (in things like Internet Explorer's Active X and Adobe's Flash) that allows for the browser to call for a download and run, even if nothing was clicked.
This explains further: https://blogs.mcafee.com/consumer/drive-by-download/
To protect yourself, I recommend using Chrome+Adblock/NoScript addons due to the frequent automated updates, blocking of known malware, and blocking of potentially dangerous code. Also, this Ransomware blocker from MalwareBytes can potentially save you if it still gets on your system. http://www.bleepingcomputer.com/download/malwarebytes-anti-ransomware/
PS: This concept is why some in the security community have all their endpoints (client machines) run Adblockers. Advertisement networks have been known to facilitate drive by downloads on major websites: http://336699.org/the-responsibility-of-ad-networks
That’s it for now! Check back soon for a detailed guide on how to set things up like this.