Oh, updates. Between product improvement updates, security updates, bug fix updates, and other updates to updates, plus bad updates and malware posing as updates, we’re probably all a little gun-shy about the whole thing. A recent survey shows that people are kind of throwing their hands up in the air when it comes to deciding whether to update. Are updates a great way to keep your computer more safe from hackers and malware? Or do they carry the risk of introducing new, unknown security holes? Are they a potential risk to the joy of your computing experience? Or a magical gift full of fun and useful new features?
The short answer to all of those questions: Yes.
Say What? So Do I Update or Not?
Since I’m a security wonk, I naturally view software updates from a security angle. When I get the little notification that there’s a new update, I go right in and check what the update is. Then I ask myself a few questions:
- What vendor is it from?
- What details can I find on the update?
- Is it security-related, a bug fix, or new features?
There are certain products I get so excited about that I will immediately apply a new update, no matter what. But assuming you're looking at something that's not filling you with an overwhelming sense of excitement, what then?
- Security updates = get right now, especially if they’re a browser plugin or some other piece of software that’s frequently attacked. Odds are usually good they’re patching something that’s already been seen in the wild.
- Bug fixes = apply quickly (of course, if it’s a bug that’s plaguing you personally, you might be excited to see it anyway).
- New feature updates or really major updates without security implications = maybe wait a few days, depending on the product. Let the early adopters hash it out, and then you can make a more informed decision based on other people’s experiences.
Is the Risk Worth the Reward?
The fact of the matter is any time they change code, you take a risk. There’s a risk that a new bug will be introduced. Or a new vulnerability may be uncovered. Or the user experience will be altered in a way you hate. Or who knows what will stick in your personal craw. In terms of security though, it’s better to ride the front edge of the vulnerability wave rather than the back. By updating and closing old holes, you’re decreasing the number of known problems that attackers can use to get at you. You have just raised the bar on the skill needed to infiltrate your machine. In my book, it’s a good thing to be that much harder to catch than the next guy.
Just be sure you’re getting your updates straight from the source, meaning you’ve entered in the vendor’s website directly, at least to check the latest version number. Sometimes app stores may have outdated versions, and we’ve all heard of malware that disguises itself as update notices. It’s all about being safe rather than sorry.