Use your computer fearlessly.




[ Security | Consulting | Research ]





Updates Do Not Provide Security

by Brent Kirkpatrick

(Date Published: .)



If updates are your only security strategy, you will get hacked.



Updates, alone, are insufficient for keeping systems secure. Indeed, it seems that updates are less useful than they used to be. Here, we will consider some of the reasons for this.

Some updates do not reach their intended audience. While certainly, it is possible that users may fail to download the update, this problem goes way beyond user behavior. The update server the user queries for updates may not have the most recent updates. The OS the user is using may not download an update it needs, because the OS is hacked. Similarly, the update server might be hacked. Updates might also be routed improperly. Finally, fraudulent updates might be downloaded instead of the authorized updates.

Updates sometimes need to be applied more than once. Suppose an update removes a worm from from your computer without patching the essential vulnerability. Then, when your computer is re-infected, you will need to re-apply the update to remove the worm. But, likely, you will not have access to the update to apply it again.

Updates also fail to provide security when they do not exist. Suppose that I know of a worm, and I know that there is no patch for it. It may be a matter of time until industry is able to produce a patch, but only if the worm can be properly captured, isolated, and examined.

Updates also fail when they are Trojan-updates. Avoiding those Trojan-updates takes careful attention to a number of features for network security.




Intrepid Net Computing provides a consulting service to educate your IT department on full-featured security and on the latest threats to security.







bbkirk@intrepidnetcomputing.com




© 2015, 2016, 2017, 2018 Intrepid Net Computing. All rights reserved.