Automatic Updates and New Computers FAIL
Have you heard me rant about Automatic updates before?
Over the years I've been somewhat critical of auto update programs including Microsoft's own Windows Update mechanism. I've always told people to wait 5-10 days before installing a new update so the rest of the world can test it and report any problems.
Of course, there have been exceptions. Occasionally Microsoft has released security patches for vulnerabilities which we knew to be out there actively attacking on the web. During those situations, I've recommended you be the first on your block to download a security patch, typically available on Tuesday morning.
This week I had the privilege to spend some time with the folks at Microsoft responsible for automatic updates and security patches. While I've been asked not to share the exact process and procedures for creating Windows updates I can tell you I have more confidence in Microsoft then I used to.
In most cases, I will still wait 5 -10 days before installing a Windows Update, but I will be preaching to the world not to let the update be forgotten. Again, I'm not at liberty to share specific numbers but I can tell you there are too many people who aren't doing updates at all. The more machines out there not having updated security patches the more dangerous it is for the rest of us.
My new recommendation is to set your Automatic Update settings to "Download updates for me, but let me choose when to install them". Ideally, I would like this to say “Download updates for me, and make sure I don’t forget to install them”. Your settings can be changed in the Security Center applet in the control panel.
There are far too many un-patched Windows machines in the world and their problem could be our problem. They’re ripe to become at the control of the bad guys and available to launch attacks or fill our inboxes with spam. Tell your grandmother, tell your boss, tell your dry cleaner, run the Windows updater and make sure their machine is safe. No amount of anti-virus programs in the world can take the place of a completely patched Windows operating system.
Austin We Still Have a Problem
Unfortunately, there’s still one major problem that annoys the heck out of me. When you buy a new computer, it may include the latest service pack, but it probably won’t have all the available security patches installed. That means, the moment your connect to the internet, it’s ready to be attacked.
Computer OEM’s need to be more responsible and they need to ship machines with all the available updates! This goes beyond a well patched Windows OS. If they’re shipping with Adobe Acrobat, or Apple Quicktime they better not have been put on the disk image a month ago. They need to be the most currently available, patched version or they’re selling you a time bomb. If you’re buying a new computer don’t be afraid to ask the sales rep what third party software is installed and what especially what version it is.
Things to consider before you buy…
What version of Internet Explorer is installed?
Does it come with Apple Quicktime? RealPlayer?
Adobe Acrobat? Flash? Which versions?
My audience here at BitsFromBill.com isn’t that big so spread the word. Until customers start asking these questions, nobody at Dell, HP, Sony, Lenova, etc will take on the responsibility for their actions. Expect future rants from me on this topic.