It is possible that flaws within software (called vulnerabilities) can allow hackers to remotely access and take control of your computer.
These vulnerabilities exist in the operating system (Windows, Linux, Mac OS etc) and the applications that are installed on your computer (browsers, media players, word processing etc).
When software providers also known as vendors become aware of vulnerabilities in their products, they often issue an update to the software to fix the problem. These updates are also known as patches. Similar to the way fabric patches are used to repair holes in clothing, software patches repair holes in software.
Most of the software that you have installed on your computer can be updated automatically if the computer is connected to the internet.
- Set your anti-virus and anti-spyware and firewall software to update automatically. New viruses and spyware are created every day, so it is important that your software is up-to-date and can detect new threats.
- Update your web browser to the latest version. Web browsers are regularly updated to fix security flaws, so it is important to update your web browser to the latest version.
On this page
- Why you need to update your software
- Understanding software versions
- Manual, automatic and semi automatic updating
Why you need to update your software
Hackers can trick software that contains the vulnerability into allowing them Administrator access to your computer. Once a hacker has this level of access they can view, copy or modify any files on your computer and, sometimes, even access other computers on your network.
Software vendors regularly discover, or get told about, vulnerabilities in their software and release updates to fix them. These updates are released as patches, service packs or entirely new updated applications. Patches are usually smaller files that make changes to existing files in your software and tend to be released quickly by the vendor. Service packs are a collection of patches that are bundled together. Service packs are generally only released once a year or so and normally contain all of the smaller patches that have been released for the product. Sometimes vendors will release a whole new version of a product that contains a series of patches. The new version may only have a 'point upgrade' (see Software versions below).
Understanding software versions
Nearly all software components contain a version number. You can get an indication of how much has changed between versions by looking at the increment in the version number. Most software will contain a three tier version number such as 3.12.6. The 3 is the major version, 12 is the revision and 6 is the minor revision. The differences between a major version eg version 3 and version 4 are likely to be major and will include new features and may even look completely different to the earlier version. The differences between a revision eg 3.12 and 3.13 are likely to be minor and may not be immediately noticeable to the user. These are commonly called 'point upgrades'.
A user is likely to find it impossible to tell the differences between a minor revision eg 3.12.6 and 3.12.7 as most changes at this level are likely to be to the code inside the application.
Security patches are most commonly revisions or minor revisions to existing software.
Manual, automatic and semi automatic updating
Modern applications and operating systems make it easy to automatically update software on your computer. For example, Microsoft Windows includes a feature called Automatic Updates that is normally turned on by default on most computers. This feature scans your computer for versions of applications and operating system files with known vulnerabilities and updates them seamlessly in the background.
When you install software that includes the ability to perform automatic updates it will generally prompt you to ask you to set options on how the updates should be downloaded and installed. These options will generally include an ability to disable the feature (manual updating), fully automatic updating (no prompting before downloading) and semi automatic updating, where you are told about the new updates that can be installed and you have a choice as to whether you want to download and install them or not.
Fully automatic updates are not always a good idea for software other than security software. Sometimes software vendors accidentally release updates that can break the application that are meant to be fixing due to an unforseen bugs in their code. Some patches will disable features of software that can't be fixed and made safe on purpose. Disabling of the feature may remove your ability to use that feature.
Generally, if a vendor releases a patch that breaks software, they will 'pull' the patch and stop it from being downloaded automatically and remove it temporarily from their website. This process can take several days.
Larger businesses have dedicated staff that install and test every patch on a test computer before releasing it to the rest of the computers on their networks. For smaller businesses this overhead is not practicable. A good update strategy is to have automatic updates set to "notify only" on all of your computers. If a patch is still displayed in the list a couple of days after it first appeared and hasn't been withdrawn by the vendor then it is likely that the patch isn't going to cause major problems. Having the option set to notify only also allows you to install the patches on one computer at a time to allow you to see if it is causing any issues with your other installed software.
Generally, fully automatic updating of your security software (antivirus, firewall etc) is recommended.