The process of creating software can be complex, often involving multiple people trying to get different systems with different architectures to work together. Sometimes, this process can lead to vulnerabilities in the software that the developers don’t realize are there — vulnerabilities that a bad actor might discover and take advantage of to get your data. When developers become aware of such a vulnerability, they can create a patch that fixes it, which they then make available in the form of an update for people who use that software.
Keeping your software up to date is a crucial part of keeping your devices and information secure.
By installing software updates, you protect your computer from exploits that might be widely disseminated in malicious circles. Of course, hackers and scammers are aware of the power of updates and might try to trick you by disguising their malicious software as a helpful update.
Thwart their tricks by keeping these things in mind when updating your software:
- When downloading or installing a software update, make sure you’re getting it from the website or service of the company that created it. File-sharing services such as Dropbox, OneDrive or Google Drive have no verification process for their file contents, so even if something is claimed to be an official update, you’d never know until you tried to install it — and then, it would be too late.
- Don’t delay installing updates when they’re available, no matter how many programs you have open. Not all updates require that you restart your computer, but even for the ones that do, saving your work and reopening your programs is a lot easier than leaving a vulnerability open, then trying to get money back from a hacker or needing a new computer because you can’t get a virus off your current one.
- Software from legitimate companies usually provides an option to update that software automatically when an update is available. Once this feature is enabled, the software will give you a notice when it’s time for an update or may even install it unobtrusively behind the scenes. Consider enabling automatic updates whenever available. Remind yourself to periodically check for updates (quarterly, as a rule of thumb) for software that doesn’t update automatically.
- Scrutinize any urgent prompt you receive to install an update, especially if it asks you to fill out a form or download something from a website that requires a login. If it were urgent, the provider wouldn’t put barriers between you and the update. In particular, you should be skeptical of any prompt or alert to run updates that are delivered to you in your web browser via a pop-up window or tab. These are almost always fake and should not be followed.
At Metropolitan State University of Denver:
The Information Technology Services team is always keeping track of software and security updates for the various programs used by the University, ensuring that our students, faculty and staff have a secure and stable technology environment from which to pursue their goals. Updates for software that is available Universitywide, such as computer operating systems or program suites such as Office 365 or the Adobe Creative Suite, undergo thorough testing before being released through the University’s official software and asset–management services, Software Center (for Windows) and Self Service (for macOS). Updates for individually or publicly licensed software can also be installed once they’ve been vetted and approved for use.
For more information on software updates in the MSU Denver technology environment, including instructions for how to install or update software on MSU Denver computers through the University’s asset-management services, please see What Is Self Service/Software Center on MSU Denver computers? on the ITS Knowledgebase.
This is part of a series of articles for Cybersecurity Awareness Month. MSU Denver is proud to support the 20th year of this far-reaching online-safety-awareness-and-education initiative, which is co-led by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security.