We should all know that keeping your operating system and applications up to date is good for security – but that’s not the only reason to update!
Updates: Operating System, Device Drivers and Applications. Oh My!
First, an admission: I am a compulsive updater. I love to have the latest version of everything. I’m even part of several beta programmes so I get some applications before they are ready to be shipped publicly. This does come with a risk though. Microsoft, and many others, have received bad press in the past for releasing updates that cause more problems than they solve. Living on the bleeding edge means you are more likely to find that exception that causes a crash.
Second: There are three primary updates you need to manage:
- Operating System: I’m referring to Microsoft Windows in this article but to complicate things, not only do you have to update MacOS or Linux – but lots of devices have an operating system installed on a chip on their circuit board – this is called ‘firmware’ and is basically the operating system that runs on a device like a printer, switch or router.
- Device Drivers: the sets of instructions the operating system needs to have to be able to to talk to network cards, video cards and all the other little bits and pieces that make up a computer.
- Applications: Microsoft Office, Adobe Reader, Internet Browsers (IE, Edge, Chrome, Safari, etc) and so many more!
We talked a little about updating for security purposes in IT Security 102 That No One Tells You and I’m going to focus more specifically on updates here.
Updates in a Critical Production Environment
In a high-availability, critical environment, like a bank or business where you must be 24/7/365, you should have a test system that mirrors your production network exactly so that you can deploy updates and test them before you roll them into production. You also need a rigorous test plan and a well documented change management process. This helps reduce or eliminate the risk of updates breaking things and keeping everything running smoothly.
Updates in a Non-critical Business Environment
Having a test environment is great if you have the money, infrastructure and personnel to do it – but most home users and small to medium businesses aren’t going to even consider the enormous cost to avoid a bit of downtime if something turns to custard.
As Jim mentioned in the Backups article, having regular backups will allow you to recover if something does go horribly wrong. Relying on backups is a lot less expensive but will cause some downtime while your systems are being restored.
So you’ve looked at the risk, evaluated your potential downtime and decided it isn’t worth running a test environment. Should you, like me, be obsessive-compulsive about installing updates? Probably not.
Unless there is a critical vulnerability that is made public – you are probably safe waiting a week or two to allow everyone else to test the update for you.
Why Update Everything?
So back to the original point of the article – we know that keeping your operating system up to date is obvious for security reasons. This also applies to application and device driver updates. Sometimes it can be the application or device drivers that provide the backdoor into your computer or network, bypassing the safeguards the operating system is supposed to provide. So for that reason alone it is important that you keep everything up to date.
But updates also frequently bring new features, improved performance, better reliability and better compatibility. If you are keen, they also come with patch logs or notes that detail each change the update makes which can help you decided whether or not you should update and how quickly.
Something to watch out for though is that many updates cannot be rolled back. While it is great when an application you use gets new features or a new interface – often the changes can leave you frustrated and trying to figure out how to do something that used to be simple! This is another place a backup can be useful if you really want to go back to the earlier version.
The Update Problem
Microsoft doesn’t do update management very well. By default, Windows Update does the bare minimum. It updates the operating system, provides some Microsoft Office updates and any device drivers that the device vendor has supplied and tested with Microsoft. That is a very small subset of devices though. Printers, for example, often only get the most basic drivers via Windows Update. To get the full drivers you have to go to the printer vendor and download them directly – bypassing Windows Update.
Microsoft does NOT update any of the applications you have (other than Microsoft Office) so unless the application vendor has written their own service for their application to check for updates and alert you to them, you probably aren’t going to know that some of your applications are out of date and potentially a security risk or missing out on some new feature or improvement.
This also presents another problem on a Microsoft Windows PC because a lot of vendors do include some form of update notification and your PC can get bogged down by Windows Update, Google Chrome, Adobe Acrobat Creative Cloud, Apple iTunes, Microsoft Office, and many others – all running their checks in the background to look for updates and notify you when they are available. Some applications are more considerate and only check for updates when you launch and, of course, a lot of applications won’t tell you at all.
And if that sounds like a mess, it gets worse! Some of these update utilities that run constantly in the background have also been the security holes that have been exploited in the past!
And Here’s the Sales Pitch!
If you are like me, this will probably sound like fun rather than a horrible, administrative nightmare. What can I say? I have strange hobbies!
But if you aren’t like me, then you might want to consider making it someone else’s problem. Keeping your environment up to date is just one of the things an IT Managed Service Provider (MSP) will do for you and I hope I’ve stressed how important that is, mostly for security, but also for performance, stability and improved features.
There are tools that can help automate the process, and most MSPs will use one of the many available tools to manage your devices. If you don’t have your own IT staff in house that can manage your devices, we’d be happy to help you out! Head over to our Contact page and get in touch.