June 1, 2021
Good morning, everyone!
This week’s critical vulnerabilities:
Patch All the Things!
Last week I received an email from a faithful reader asking a really good question:
You put out these notices, which is really good, but I have no idea what to do. For instance, I have Adobe and use it many times every day. Should I be doing something to apply the patch?
How do I Patch my Things?
So, let’s talk about that this week! First, the easiest thing to do is turn on automatic updates. Ten years ago, we recommended NOT turning on auto-update because it tended to break applications on a regular basis. Today, however, the security implications of running unsupported software are so much more dangerous than the potential of breaking an app or two. So go ahead, turn on auto-updates. Remember, this is literally the number one most important, easiest, and free! step to take in securing your devices. If you are running software on your device with a known security vulnerability, you are cruising around the Internet with a target on your back. Seriously. This applies not only to the operating system, but also all the apps on your device.
I consider auto-update a no-brainer for mobile devices. It’s okay to implement a bit of control, for example by enabling automatic download with notification but allowing you to choose when to actually install (so it doesn’t happen at some inconvenient time) but don’t keep putting it off:
Because of the diversity of Android devices available, there isn’t a one-stop place to get OS updates. Google releases patches to the base OS, but it’s up to the manufacturers to apply those patches to their versions of the OS and make those available to users. Follow these instructions from Google to check for updates, Apps in the Google Play Store should automatically update unless you turn that off. You can see how to turn on auto-update on Samsung, LG and HTC.
Tech Advisor has a good reference with detailed instructions and a bit of background.
For MacOs, you can choose to Automatically keep my Mac up to date.
For desktop applications, whether on PC or Mac, there are a few standard places to look:
“Help → About” used to be the standard location for another link to “check for updates” – and typically this will pop up a box with an option to check “Keep my software up to date” or something similar. Nowadays, this option is often found under Tools, Preferences and/or Options. Because nobody likes a standard. At least software developers don’t. (Old joke in the software development world: "The nice thing about standards is that there are so many to choose from!")
For a few specific, very popular apps:
- Adobe Reader & Acrobat
- Java tends to be a bit more complicated, and I recommend not having it installed at all unless (1) you actually need it and (2) you keep it updated.
- QuickBooks and Quicken
- Zoom, GoToMeeting and Webex
- Box and Dropbox
I hope this is enough to get you going. From these links, you should be able to update anything you have. Go forth and Patch All the Things!
Talk to you again soon!
Security Awareness Training Goes Live Again!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Thankfully, live training is making a comeback! So wherever you and your employees may be, I can deliver a fun and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺