Step 7: Update and Patch

Step 7: The last one :-) Update and Patch

Page Index:
SP2 for Windows XP
Updates for more Microsoft software
Microsoft update notifications
Keep Firefox and Thunderbird up to date
Keep your other programs up to date

The need to patch security holes is much more urgent than it was in the past. The bad guys know where to attack as soon as a patch is announced. And they are determined to succeed.

Job One: update Windows XP to SP2

Start by updating XP to SP2 if you want any security at all. Newer computers already have SP2 installed. (If you're still using Windows 98, don't expect to keep it secure at all.)

Access to the new "Windows Firewall", "Security Center", networking wizards, and other features will show up in the "Control Panel" after you install SP2 for Windows XP [Start > Control Panel]. It took me a while to find them. I expected to still see them in the Start menu -- silly me.

After you install SP2, be sure to use the new "Security Center" to turn automatic updates on. It has become too important to patch Windows promptly, rather than rely on your memory and motivation.

More on the Web about SP2

Install Windows XP SP2 via "Windows Update" [Start > Control Panel > Windows Update (link in the left column)], or order SP2 on CD

"Introduction to Windows XP Service Pack 2" (There are links to pages on installing SP2 there too.)

Updates for other Microsoft software

Microsoft Update supersedes Windows Update. It includes updates for most internet-facing Microsoft software like Outlook Express and Windows Media Player. It also includes updates for, maybe surprisingly, Microsoft Office, including Word. They're all tangled together with Internet Explorer too. Microsoft Update requires IE6 or IE7 (running in Administrator mode).

You'll find *tons* of information about updates for all kinds of Microsoft software at their excellent new security site. Also, see the next item.

Microsoft update notifications

Microsoft -- or any other sensible organization -- will *never* send software updates by email. Fake email messages are an easy and effective way to attack computers. Any message that purports to be a security update from Microsoft is bogus. Just delete it! Always go directly to the Microsoft website if you want to check to be sure.

On the other hand, Microsoft will send you update notices for Windows, Internet Explorer, Outlook Express and other programs if you ask. You can sign up for these notices with just your email address. They will direct you where to go at the Microsoft website from your browser to learn more and get the patches.

Caution

It's best to back up at least your documents before you upgrade Windows. Sometimes updates or upgrades just don't work out. You can be left with problems you can't correct, or even a computer that won't start. If you're running Windows XP, you'll probably be OK if you have a recent System Restore Point though.

Keep Firefox and Thunderbird up to date

You can have Firefox check for updates. From the Firefox menu, use Tools > Options > Advanced > Software Update > "Periodically check for updates" > and check the boxes for both "Firefox" and "My Extensions and Themes".

Check for updates to Thunderbird at the product page.

Keep other programs up to date

You need to keep more than just Windows and other Microsoft software updated. You won't have a strong defense unless you keep other programs patched. It's particularly important to keep programs that connect online updated -- security software, instant messaging, music services -- anything that faces the Internet.

Many programs have an item in the menu under "Help" -- something like "Check for updates" -- where you can do just that. Sometimes there is only a link to the main Web site, but you can check for updates when you get there

Another good way to learn about updates for your software is to go to the website for each program. I recommend that you do it at least once a month. There are also several websites that announce updates.

Update: Secunia now offers a [free] "Personal Software Inspector" (PSI). Use it to scan all the installed applications on your PC to find out which programs have important updated or are missing security patches. It is very thorough and gives you great info to help you find the updates that you need. You do need to download and install the Secunia PSI, but it's well worth the trouble.

Secunia has a very thorough Software Inspector online, which scans your PC to see if Windows and your other internet-facing software are fully patched. You'll find a list of the applications there that Software Inspector scans.

SANS Institute has very comprehensive information on security threats and solutions, including updates and patches.

You need to keep your security software up to date as well. Most of these programs offer automatic updates, which you should enable. [step 4]

Limit program rights

For the ultimate protection, run your internet-facing programs with limited rights. This will neutralize most present and future threats, because your internet-facing programs will not be able to carry out attacks against your computer.

• map of security section

• email security
• web smarts
• catalog of threats
• elements of defense
• 7 steps to security
• how to remove malware
• WiFi security

• attack vectors: deception the #1 threat; phishing #1 deception; poisoned websites; poisoned email; email attachments; downloads; spam (scams and phishing); hackers and worms; popup warnings
• malicious content: spyware; viruses and worms; trojans

In a recent test, unpatched XP SP1 PCs were vulnerable to 688 out of 752 malicious webpages, or 94%. Only 3% of fully patched XP SP2 PCs were vulnerable to the same threats. From Desktop Pipeline.

"The law, in it's majestic equality, forbids the rich as well as the poor to sleep under bridges, to beg in the streets, and to steal bread." --Anatole France