This is part 1 of 10 of a series of relatively short posts that focus on things that everyone should think about to be safe when using computers. This is based on a class that I teach which can be found at https://chuckmcandrew.com/class/onlinesecuritybasics/. Feel free to use the class as is, or fork it on Github and make it your own.
Do your updates
When we think about hackers compromising computer systems, we often imagine them having secret exploits that no one else knows about. These are known in the security industry as “Zero Day Exploits”, and while they do exist, they are very rare. The vast majority of exploits that are being used today are for known vulnerabilities that software manufacturers have already fixed.
There is very little you can do about zero day exploits. Because they are completely unknown, not even antivirus programs will normally catch them. You can, however, protect yourself from almost every other threat out there by simply doing your updates. Software manufacturers are getting far better about quickly fixing security problems that are found in their products, but this doesn’t do any good if people do not update.
The situation is actually worse than most people think. It isn’t just the case that hackers may use exploits they already have on you if you don’t update. Hackers actively pay attention to security updates and work to quickly reverse engineer the updates to figure out the vulnerabilities they patch. This leads to many new attempts to exploit these vulnerabilities, placing those who don’t update at even more risk,.
If a program has an auto update feature, you should enable it. Some software is good enough to offer a choice between automatically doing feature updates and security updates. You should always do security updates, but feature updates are up to you. It is true that sometimes updates can be annoying, inconvenient, or even break things. Companies are working to make them less annoying, but the fact is that even if they are inconvenient, they are far less inconvenient than getting your systems compromised, your identity stolen, or you files encrypted by ransomeware. Even if an update does break something, it isn’t done maliciously and the company will be actively working to fix what was broken.
Updates are the most important thing you can do for security. Not just on your computer, but on your phone, your router, and anything else that has an internet connection.