Updating Your Software
This new page has pulled information together that was previously located in various locations across the site.
Update Your Device
One of the most important security measures you can take is to ensure every device is running a currently-supported operating system (Android, iOS, Windows, macOS, Linux). Update to the most recent version supported by your hardware.
WannaCry hit organizations around the world hard in May 2017, infecting over 200,000 computers in three days. Yet a patch for the exploited EternalBlue vulnerability had been available for a month before the attack. Updates and patches need to be installed immediately and have an automatic setting. — Check Point Blog
When your device's operating system is no longer supported, replace the device (take it offline).
Once you've determined that your device is running the most current operating system, check that all the apps (software) running on it are currently supported.
Upgrading Not Just About Features
Most people only consider the advantages of newer technologies and features when upgrading their software or hardware.
However, the ability to address security vulnerabilities is critical because this can greatly improve the ability of your device to defend against malicious attacks.
Otherwise, you risk not only your data, but your privacy.
Ensuring Your Software is Safe
All software becomes more dangerous to use unless it is updated regularly.
Run Current Versions Only
You should only run software (or apps) that is currently supported by the vendor.
Software is generally supported until the vendor releases the next major version. Minor software versions are generally provided without charge, but you should purchase the new version when your software is no longer supported.
At that point you'll need to either purchase that new version or uninstall the legacy version and seek out a currently-supported product.
Obsolete or Legacy Software
When it is no longer supported it is referred to as legacy software.
Obsolete? Upgrade or Uninstall
When a vendor declares a program or app unsupported, it needs to be replaced.
Replacing old software can be pricey, but there's a serious risk of data loss if your system isn't kept up-to-date. — Acronis
This also applies to operating systems such as Windows. When no longer supported, find a replacement.
Delete Unsupported Apps
If the vendor provides a newer supported version, you can update the app. This may require purchasing an upgrade, depending upon the vendor's support policies.
If the app was still useful and an upgrade is unavailable, then replace it with a newer, currently supported app. Be sure it is safe to use and respects your privacy.
Uninstall Legacy Software
Software requires eventual replacement for a variety of reasons.
Once software ceases to be regularly updated or is declared unsupported by its vendor, vulnerabilities are no longer being fixed.
Supported Software is Updated
As new vulnerabilities are discovered, supported software is updated to secure it.
Keeping your operating system and your applications up-to-date is the best way to eliminate the vulnerabilities to your data. You'll avoid crashes by ensuring your system is running the most stable, enhanced version of the software you rely on — and will close the gaps that can give hackers a toe-hold in your system. — Acronis Blog
Vulnerabilities in Legacy Software
When current software is patched, the revealed vulnerabilities are tested against legacy software to see if it can be exploited there. If so, malicious software is created or updated to attack that older software.
I strongly recommend using security software on all your devices.
- The state of software security ZDNet video.
Legacy software becomes increasingly more dangerous to run.
New vulnerabilities are not added to legacy (unsupported) software, but neither are they patched.
Over time, more and more of these vulnerabilities are discovered and exploited, making legacy software increasingly dangerous to use.
Legacy Software Defined
Legacy software is software that has been declared unsupported by the vendor. Not only will there be no new features or upgrades, but vulnerabilities will no longer be addressed.
No Security Updates
Legacy software no longer receives security updates.
There is little financial incentive for vendors to upgrade older software and it is often difficult or impossible to add security features without completely rewriting the program.
Newer, supported versions of the software, will continue to receive security patches.
Hackers will check legacy software for the same vunerabilities fixed in newer products, but those legacy products will not receive these security patches, making them more dangerous to use over time.
Be careful where you obtain software. Downloading and installing software from third-party sites can put you at risk.
Search for what others have said about a program using the program name as the search criteria. Blogs often provide interesting insight to the usability of such programs and their relative merits.
Keep it Updated
All software requires maintenance, especially security software which needs to be updated at least daily.
When a program is no longer maintained, uninstall it then find a currently-supported replacement.
Avoid Unwanted Programs
Krebs's 3 basic rules for online safety:
- If you didn't go looking for it, don't install it.
- If you installed, update it.
- If you no longer need it, get rid of it!
Scroll carefully through the installation option screens and de-select any extra software like Google Chrome, McAfee Security, etc. before downloading or installing the software you actually wanted to install.
Beta (or pre-release) versions of software is sometimes available. Only experienced users should test beta versions.
32- or 64-bit?
Software is often available in both 32- and 64-bit versions. 64-bit versions are faster but you can only run them on 64-bit systems.
You can install 32-bit software on 64-bit systems, but not the reverse.
The Operating System's Store
Use your operating system's store where possible, especially for mobile devices (Windows 10S won't software downloaded from the web).
- Apple Store
- Google Play
- Microsoft Store
Many apps on these stores have questionable experience and more than once there has been apps released that didn't follow proper security protocols thereby placing their users' privacy at risk.
Windows has a long history of supporting software from a wide range of vendors, much larger than any other operating system.
Only install software you've downloaded from a recognized vendor's site. See installation hints for suggestions to avoid problems.
What About Mirror Sites?
Mirror sites should be avoided unless they are listed on the vendor's site and contain the most recent version.
Unlike regular software, shareware allows you to try it out to see if it works for you. After the trial period, you need to purchase a license to continue using it.
While many shareware vendors provide excellent software and support, they are often one-person operations and support can disappear without warning.
I've used many shareware programs over the years, including NoteTab Pro which is used to build and maintain this site.
Open-source software is generally free and shares its program source with anyone that wishes to view it. This can provide for greater confidence in the software if it is widely used and vetted.
Freeware is similar to shareware, except it is free to use without purchasing a license.
I recommend searching for reviews or comments before using either shareware or freeware.
“Free to Play” Games Manipulate Us
While free to download and play, many such games are very profitable. How else could they afford to advertise during prime-time television?
"Free to play" games manipulate us through many techniques, such as presenting players with a series of smoothly escalating challenges that create a sense of mastery and accomplishment but which sharply transition into a set of challenges that are impossible to overcome without paid upgrades. — Cory Doctorow
Think about the security of your device when installing new software.
Install Security Software
Secure your computer with security software chosen with care. This will protect your privacy and secure your system from exploits.
Not all security software is as effective. I recemmedn these products for Windows:
- ZoneAlarm Extreme Security is strongly recommended.
- ZoneAlarm Free Antivirus & Firewall is for personal use but doesn't provide the same level of protection.
Keep it Clean
Where possible, uninstall any unwanted software, such as programs installed with Windows 10. Regularly clear any unnecessary programs and data from your computer.
Effective Security Software
Traditional security products (antivirus and antispyware) are made to fight PC-based threats.
All current security suites and most antivirus software contains some form of antispyware/antimalware protection.
The Threat Landscape Has Changed
You need a security suite that protects you simultaneously from all possibilities.
Keep it Updated
Security software must be constantly updated to deal with emerging threats.
One study indicated that the time from the discovery of a vulnerability to when it is exploited is now four days or less.
More recently that window of discovery has narrowed to less than a day. Zero-day exploits are usable immediately (0 days until useful because they are generally undiscovered except by hackers and government spy agencies).
- Check for updates at least daily.
- Weekly scans are a bare minimum.
- Real-time scanning is critical for today's threats.
Secure Your Network
You cannot afford to be without an effective firewall. Today's computers and devices are continuously connected to the Internet.
No firewall is like leaving your front door open for anyone to walk into your home uninvited. Not everyone is polite enough to resist the temptation.
Your Privacy Threatened
“Nothing to hide” is a falsehood perpetrated by those profiting by collecting your information.
Your privacy has never been under attack as intensely as it is today. You need to protect yourself using legitimate privacy tools.
An effective hardware and software firewall combination is an essential part of your protection.
Your router not only secures your high-speed access to the Internet, but it allows you to share it between both hard-wired (LAN) and wireless (WLAN) computers, laptops, tablets, smartphones, game consoles, TVs and “smart home” devices.
While many issues have been fixed in newer routers, there are undocumented and unpatched vulnerabilities (zero day exploits) that both governments and hackers take advantage of to steal information from your devices.
More than half the routers currently in use are easily hacked. The recommendation is to replace your router if it is more than a few years old, especially if listed here.
Passwords are an essential part of life today. They are used for everything from accessing your email to the millions of websites and forums that require you to identify yourself using a username/password combination.
Single Sign-on Flawed
Never choose to log into a third-party site using your Facebook or Google account (single sign-on). Instead, create a new login account using a strong and unique password.
Long and Strong
Make your passwords long and strong using random upper and lower case letter, numbers and symbols (some symbols are not permitted by some sites or vendors). Generally, the longer your passwords, the harder they are to hack.
Protect Your Passwords
Increasingly, sites are using your email address as your identity, making it very easy to hack your other accounts if you use weak passwords or use the same password on multiple sites. The following is only one example of how password reuse can have significant financial repercussions:
A total of 5,500 CRA accounts were targeted in what the federal government described as two "credential stuffing" schemes, in which hackers use passwords and usernames from other websites to access Canadians' accounts with the revenue agency. — Times Colonist
Use a Password Manager
Everyone has far too many passwords today to manage strong and unique passwords for every site and account we hold on the Internet without using a password manager. Humans simply have too much difficulty creating and remembering effective passwords.
I strongly recommend LastPass to manage your passwords. LastPass is secure, encrypts the passwords BEFORE uploading them and can be shared between your various computers and devices.
Two-factor authentication provides additional security that isn't available with even a strong password. As implied by the name, two-factor authentication has two components:
The second device could be
- a cell phone number (recommended); or
- a specially-design hardware authentication device like the YubiKey (shown above) in combination with LastPass; or
- a second email address (less secure as it too could be hacked).
The authentication device is preferably something that is always with you and is inaccessible to potential hackers.
Unfortunately, it appears that it isn't that hard to hijack your cellphone's SIM card, after which they have access to the very two-factor security that is supposed to protect you.
Recovery Options Weak
Instead of hacking your password, the “Forgot password?” recovery option on a site can provide a much easier place to obtain unauthorized access to your email account.
People post too much personal information about themselves on public places including social media sites where the answers to typical security questions can be harvested. The nature of these questions are such that many are easily guessed such as:
- your favourite sports team(s);
- your favourite authors or movies;
- your best man or maid of honour at your wedding; and
- your home town or favourite teacher.
Many of these are items that you're prompted to include on your Facebook profile.
Protect Your Email Account
Some security protocols require you to respond to an confirmation sent to the registered email address for a requested password change. If your email account is protected by a weak password, this mechanism can be compromised.
There are many causes of data loss, including:
- hardware failure (hard drive or backup media)
- ransomware attacks
- lost devices
- theft or vandalism
- environmental disasters (fire, flood, earthquake)
More and more our private information is electronic and stored on our computers or devices.
From the dawn of civilization until 2003, humankind generated five exabytes of data. Now we produce five exabytes every two days…and the pace is accelerating. — Eric Schmidt (2010)
Planning for Recovery
The first step in planning for recovery is to ensure that you regularly backup all your data using reliable systems and schedules. The more frequent the backups, the less you might lose.
Having multiple generations of backups ensure that a problem with one can be resolved with an older backup (you might not get everything, but most of it will be there).
You should also plan for disaster by ensuring off-site backups either via cloud backups or physical backups stored offsite.
Unfortunately, cloud storage data is threatened by poor security and government data collection policies.