Your antivirus can’t work alone – it needs Windows Update. Jane Hoskyn reveals why updates are more important than ever, and what you must do now
Patch theory
All software – from your operating system and Office down to apps and plug-ins like Adobe Flash Player (‘Flash’) – contains security holes. These holes (flaws, bugs, vulnerabilities - different words, same problem) all get discovered eventually. What matters is who discovers them.
If hackers find a hole, they can funnel zero-day malware into your PC. If software engineers find it, they fix it with a patch that you then install via Windows Update or other relevant sources. Luckily, the good guys usually find holes before hackers do.
Patch reality
But do these patches actually work? Flash is patched repeatedly, but it continues to develop holes. Two days before we went to press, hackers exploited Flash with another new zero day attack called Pawn Storm (www.snipca.com/18346). One day later, Adobe rushed out a patch (www.snipca.com/18347).
Meanwhile, stories abound of flawed Android patches (www.snipca.com/18348) and repeated attempts to patch a Microsoft hole (www.snipca.com/18349). You’d be forgiven for thinking these updates, which eat up hard-drive space, bandwidth and mobile data, don’t work.
Patch power proof
Our security team at Dennis Technology Labs (DTL, www.dennistechnologylabs.com) set out to discover whether patches are powerful or pointless. In its latest antivirus megatest, the team checked to see how much difference Windows Update, Java updates and Adobe updates made to security in Windows 7 – and the results were dramatic.
When the team configured Windows Update to install Windows patches automatically, Microsoft Security Essentials (MSE, www.snipca.com/18350) blocked 99 per cent of malware thrown at it. Without Windows Update, MSE only blocked 66 per cent. So a simple settings tweak made the antivirus 33 per cent more effective – an amazing result.
MSE is only available for Windows 7 and Vista, but the results are relevant for everyone because they prove the power of diligent patching. The team admitted they were surprised. “Using Windows Update regularly massively increases the level of protection,” DTL’s Technical Director Simon Edwards said.
What you must do
Windows 10 and Android deliver updates automatically, while many systems and software do not. That doesn’t mean you can be complacent in Windows 10 and Android, however.
Whatever version of Windows you’re using, go to Windows Update now and make sure it’s configured to install updates automatically. Even if it is, there may be ‘important updates’ that you have to install manually.
Do the same on your tablet and phone. Android updates automatically, but check you’ve got the latest patches anyway by searching for ‘update’ in Settings and tapping ‘System update’, then OK. IPad and iPhone receive updates automatically, but to install them you have to enter a password, and many people don’t bother. If that sounds like you, you shouldn’t be using iOS. Switch to Android or wait for Windows 10 Mobile to ensure you get updates as soon as they’re delivered.