The importance of software updates

T

Introduction

Annoying, aren’t they?  The software update pop-ups that seemingly appear more and more regularly whenever we use one of our many devices.  It’s tempting to just hit the ‘remind me later’ button knowing full well everything will continue to work the same way irrespective of if we update now, next week, next month, or not at all.  So why is it so important? Why is it a default recommendation in so much cybersecurity advice (we’ve recommended it plenty of times already here and here for example)

For the purposes of this article a ‘software update’ will refer to any prompted update coming from:

  • The operating system of your device (eg. Andriod, iOS, Windows, etc)
  • A program on your desktop or laptop (eg. your antivirus program, internet browser, word processor, etc) or Internet of Things connected device (eg. speaker & video doorbells)
  • A program (app) on your mobile or tablet (eg. Uber, Google Maps, etc)
  • A game on your gaming console

Why do people avoid updating software?

As alluded to above we believe people avoid updating software because the benefits are usually not seen or experienced, and the software continues to function as it always has.  Whilst some updates do improve the performance of the software it’s not often the main reason for the update.  Some of the main reasons people avoid or delay updating include:

  • Security Fatigue, the idea that people have become complacent with online security and desensitised to the risks – this would be the overarching reason
  • The time involved in downloading the update, it installing, and typically needing to restart after the update is installed
  • The timing of when an update is presented is also a reason.  Most programs prompt an available update when the user opens the program next (rather than when the update is released).  However, if the user is opening the program it usually means they’re looking to use it straight away so they tend to hit ‘remind me later’ and usually forget about it
  • Fear of change as updates can change the appearance of the software or the location of certain menus or functions.  This can be frustrating for some people, so they avoid updates
  • The volume of updates given how many devices we carry and how much more software exists now.  The good folks at buildfire did some research and found the average smartphone user has over 80 apps installed – that’s a lot of periodic updates!
  • Younger mobile users who have their mobile paid for by their parents tend to have a smaller data allowance.  They are typically more interested in using that data for social media and not ‘waste’ it on software updates. 

The importance and benefits of regular updates

The main reason it’s important to keep your software up to date is that no software is launched perfect or in an everlasting state.  Software updates therefore have two critical purposes:

  1. They patch security flaws and vulnerabilities already in the software but identified after its launch
  2. They protect the software from becoming vulnerable to newly created or emerging threats

Bad actors spend lots of time finding flaws or holes in existing software which would allow them to attack, infect, take control of, or steal data from the software or system.  To the second point above they also identify weaknesses in software and then code new malware specifically to exploit any potential weakness they’ve found.  Developers of software have to keep creating software updates for users (us) to fight back against the techniques of the bad actors. 

Depending on the nature of a software vulnerability and the malware that could be used to exploit it you also have another security-based benefit at play.  As discussed, staying up to date reduces your risks but given the nature of how malware typically spreads, you also indirectly protect your stored contacts from being sent that same malware

There are also non-security benefits:

  • Fixing or improving usability issues from user feedback
  • Adding new features to existing software or making that software integrate / compatible with other software
  • Performance improvements from speed to stability
  • Getting value for your money knowing developers are continually working on improving any software you’ve paid for (or continue to pay for through a subscription). 

How to check your software is up to date?

We’ve listed the path to manually check for updates on the most common software used today in the list below.  It’s strongly recommended that you turn on the auto updates option if you don’t feel you can remember to check for updates every few days.  Most devices will have an option to set a convenient time for this such as while you’re asleep or while you’re connected to your home Wi-Fi.  The latter also address the issue mentioned earlier regarding younger mobile users not being keen to use their data allowance on updates.  Setting auto updates on, at 2am, via home Wi-Fi is a great solution to many of the reasons people give for avoiding updating we listed earlier. 

Many are set to auto update already by the vendor, however it’s worth doublechecking that this is still activated – especially if you share the device with others who may have deactivated it previously.  Furthermore, you can alter settings related to that auto update such as a preferred time or network (such as your home Wifi).  Check these settings every so often too, bad actors may have the ability to switch of automatic updates and disable antivirus or antimalware software. 

Windows 10 Operating System:

  • Click the Windows Icon / start button in the bottom left-hand corner
  • Select Settings
  • Select Update & Security

Apple Mac Operating System (macOS):

  • Click the Apple icon in the top left-hand corner
  • Select About This Mac
  • Select Software Update…

Android:

  • Select Settings
  • Select Software update
  • Select Download & install

Apple iOS:

  • Select Settings
  • Select General
  • Select Software Update

Apps:

  • Open the App Store (Google Play on Android)
  • Select your profile icon at the top of the screen (top left on Android). 
  • Updates will be visible (Select My apps & games on Android and updates will be visible)

Download and update from reputable sources such as the Apple App Store or Google Play store.  Bad actors create apps for a certain purpose but include malicious code designed to steal or access your data.  Reputable app stores assess and approve each app before listing it so avoid downloading apps from websites where possible.

Browsers:

Be aware most browser updates will require the browser to restart, this will usually close all browser tabs you have open so bookmark them if you need to. 

Firefox and Tor browser:

  • Select Firefox or Tor from the top toolbar when you have the browser open
  • Select About Firefox or About Tor
  • Select Update to and a version number will appear if an update is available

Chrome Browser:

  • Select the three-dot menu at the top right-hand corner
  • Select Update Google Chrome

Microsoft Edge:

  • Select the three-dot menu at the top right-hand corner
  • Select Help and feedback
  • Select About Microsoft Edge

Safari updates are managed through the Apple App Store.

Other Software:

Some software doesn’t have an auto update feature and some software will only allow auto updates on certain file types which may not include firmware.  This can create a false sense of security if you’ve activated auto update thinking you have all bases covered. 

Ensure you find out how software you regularly use or rely on is updated from the vendor, by searching online, or by looking around within the menu settings.  As you can see from the section above, the path to find updates is strikingly similar and shouldn’t be hidden away or difficult to find. 

Checking for updates can be done as part of a routine, for example you can do your mobile updates while you wait for your computer at work to boot up after logging in.  This helps eliminate the frequency of update requests popping up at inconvenient times when you most need to use that particular software. 

A few final tips

Before downloading any software for the first time (mobile apps in particular) read the user reviews first to check for any concerning themes (reduced device performance, not operating as intended, etc)

When you purchase a new device, it may have sat on the shelf for many months.  Check for updates straight away as part of the initial set up procedure

Remove software you never used or no longer use from your devices periodically to reduce the volume and frequency of updates.  Start with phone apps as these typically request more data permissions than necessary for their use.  Don’t just delete the app, instead:

  1. Open the app and check if there is a ‘delete my info’ or ‘delete my data’ option first (there may not be)
  2. Disable any integrations to your other apps
  3. Log out of the app
  4. Finally, uninstall the app

Conclusion

A bit of a short article today but we hope you can see the importance of keeping your software up to date and the ease it can be done with (such as the 2am auto update we mentioned).  We felt compelled to write this piece because software updates tend to be overlooked and underappreciated when it comes to having an impact in personal cybersecurity.  This is another simple habit to put into play to ensure you’re not the low hanging fruit bad actors can target, let them move on to the easy pickings who are running a three-year-old operating system. 

The final thing worth mentioning is software updates don’t last forever either, software End-of-Life (‘EOL’) is something to be aware of.  It refers to software vendors limiting (usually ending) their development and support of the software in question.  This means any vulnerabilities which still exist can become exploited, but they will no longer be policed for nor will a security patch be developed.  Thankfully software EOL dates are typically detailed in a vendor’s policy on the matter specifically, or the public domain generally (it isn’t a secret), and active users are informed well in advance through various communications.  Windows 7 EOL was on the 14th of January 2020, if you’re still using Windows 7 and wondering why you haven’t seen any updates for a while, this would be why.

References

Mobile App Download and Usage Statistics (2021) by biuldfire: Link

This article is written in line with our Terms & Conditions and Disclaimer. As such all content is of a general nature only and is not intended as legal, financial, social or professional advice of any sort. Actions, decisions, investments or changes to device settings or personal behaviour as a result of this content is at the users own risk. Privacy Rightfully makes no guarantees of the accuracy, results or outcomes of the content and does not represent the content to be a full and complete solution to any issue discussed. Privacy Rightfully will not be held liable for any actions taken by a user/s as a result of this content. Please consider your own circumstances, conduct further research, assess all risks and engage professional advice where possible.

Recent Posts

Contact us