Check for Updates

In today’s world, nearly every program can check for updates, some even do so by themselves. Yet many people consider it a hassle to do on their own personal computers, and many corporations have a hard time deploying service packs and even small updates across their entire organization. There are always excuses, “I don’t have the time” or “There’s nothing of value to hackers on my computer” are the two most infamous. (P.S. Most hackers install the value onto your computer: Trojan viruses, DDoS utilities, and so on.)

What are Updates, Hotfixes, and Service Packs?

Companies often collect data about their software, whether from a bug report form, or even from adding “customer experience tracking” to their products. This data is often used to develop new versions of their software and correct issues that customers are reporting. Updates (previously called “Hotfixes” for Windows) are small code snippets or applications (sometimes EXE files, sometimes DLL files) that correct either a vulnerability or functional issue with the software you’re using. These can range from the benign issues (like the About Me page not working), all the way to a buffer overflow issue, where an attacker can run any code on your computer by exploiting the issue. Service Packs, as they relate to Windows, are simply a large collection of these fixes and sometimes add extra functionality.

I’m not at risk!

Well, according to a book I recently read, you are. Pardon my memory, as I forgot the name of it. This book states that the best case scenario is that your computer will be online for 30 minutes (without updates installed) before hackers are already knocking on its back door. While you may wonder why they picked you, it’s actually a random attack. Hackers use IP scanners, along with a plethora of vulnerability scanners to detect what sort of computer you’re using (Windows version, username, and so on). What this does is generate a report on their system of computers that were found to be exploitable.

What would they do with my system?

The reasoning for hacking varies greatly from person to person. Script Kiddies are novice hackers that usually use utilities developed by better hackers to achieve results, and usually are detected by firewalls, good logging methodologies, or by foolishly letting you know that they’re in your system. Advanced hackers can exploit -and- discover new issues with a system, often doing great deals of damage if they want. The reasons for taking control of a system are easy, they can copy your software, documents (ID Theft anyone?), your license keys, copy viruses to your system, and use them as a staging ground, and the best: staging attacks directly from your computer. These sort of attacks are installed and wait dormant until either a programmed time, or some sort of signal is sent. Once it runs, it can brute-force websites, run a distributed denial of service attack (DDoS), and potentially be part of taking down large companies like Google, Facebook, and Microsoft.

Of course you’re liable for the attack, because it originated from your computer. This may sound like a crock, but trust me, it isn’t. While the hacker can also be liable, what says that another compromised system didn’t infect yours? It would be a hard path to follow. In the United Kingdom, there are actually laws dictating that it is your responsibility to secure your own computer, and if you fail and it is used for an attack, then that’s your fault. While the US may be different, I doubt it.

My software just updates automatically

That’s good — in most cases. Microsoft has made leaps and bounds in security from the old Windows 9x days, but there are still problems. What happens if an attacker disabled your automatic updates? What about those “optional updates?” Firefox is also great with updates, and automatically notifies you of them. This does not mean you shouldn’t check periodically anyway.

A few software packages I use that are notoriously bad when it comes to updates:

Notepad ++

This is a really great program, but the maintainer of the code has made five revisions to a version I had. I kept clicking the “Check for Updates” button, and it would say “No new updates.” Thankfully, I checked the site and found that there were quite a few.

In the past I contacted the owner about an issue I had, and told him also that the update button always returned “No updates”, he said he simply “hasn’t triggered the update notification yet.”

Personally, I think this should be transparent. The site should handle the notification as soon as he adds it.

Pidgin Instant Messenger

I could rant and rave about the memory consumption issues I’ve had, and the fact that they delete my complaints off of SourceForge. But this is beyond the point. I use Pidgin because it’s much easier than managing AIM, YIM, and MSN with three processes. That, and the fact that I can’t stand AOL makes Pidgin a nice alternative for an AIM account.

This is another application that never “self-medicates.” You have to check manually for updates.

I have too many computers

This might even apply to network administrators…

For people with a ton of computers to look after, you may consider WSUS, or Windows Server Update Services, which allows you to quickly deploy Windows Updates across your entire infrastructure.

Firmware Updates

Cable modems, routers, switches, hubs, printers, harddrives, BIOS, motherboard, video cards, and so on. These have updates too, usually. Refer to your specific manufacturer for details on the updates.

Linksys is generally excellent at providing updated firmware for their routers, whereas XFX requires you to register the serial of your motherboard to get updates for their products. So take note next time you buy hardware and software — make sure you can keep it updated and secure.

My largest project is without doubt YouN00b. This site was built on the foundations of a reliable and highly functional site, and is my first practical use of my “MMTbb” forums I developed. The site houses everything from social networking, to auctions, to article submission and rating. The site is 100% PHP with a MySQL backend.

My newest project is MMT Software. I use this site to distribute Windows applications, and server scripts I have developed. It is my hope that maybe one day this site will become profitable, and I can start developing even better software. I am currently looking for Beta Testers for a few of my server scripts.

Then this site Robert Lerner is my portfolio site. This site is built to help me secure a career in the web development field. While currently I have no results whatsoever from it, I’m sure this will change down the road. The folder /blog/, you’ll probably have visited (like right now).

A long-term project is Park Reference, which I want to get all US parks listed by activities, features, maps, comments, ratings, and so on. While I do manage quite a few sites, I can’t help but go outdoors at times.

Other less-developed sites can be found in my portfolio as well.

During my visit, I witnessed an employee telling a customer that “Macs don’t get viruses, there are none.” This enraged me. I’m and avid Windows / PC guy, I think Linux is good if you want to remember the old days where there’s no programs, and I think Macs are for the people who really don’t do anything with their computer but draw pictures, browse the internet, and write papers.

Let us gather some facts for this entry:

In December of 2009, Microsoft Windows holds 93.74% of the market share. This means that more than 9 in 10 people use Windows.
According to MacRumors, Macs do have viruses
According to Princeton University, Computer Virus is defined as:
“a software program capable of reproducing itself and usually capable of causing great harm to files or other programs on the same computer”

If you’re going to design a virus, it only makes sense to exploit the most common medium around. This allows the best possible chance of your virus reaching a broad audience. Why Macs do have viruses, I cannot answer.

What about Linux?

Same answer, the market share is too small for it to be opportunistic.

Both Linux and Mac users — go to the store, and find some software, or better — games for your computer. No software company will bother with these platforms alone, because it’s not profitable. Face it, Windows controls computers right now, and if you want to accomplish anything with your computer you should use it.

I’ll make this the first WordPress entry for this particular blog. Of course, if you want to see more of me in the meantime, you can either visit the root of the site, or contact me and tell me you want to buy me a beer.

Anyway, I currently am unemployed, and am seeking employment. I have 17 years of programming and computer experience from QBASIC to VBASIC, and xHTML, CSS, PHP.

I can usually do some pretty cool stuff with a computer too. But I intend to show you that later on. For now, enjoy.