Why Should I use Automatic Updates?

In my role as an IT support technician and cybersecurity engineer in rural America, I see an interesting trend: computer repair necessitated by improper updating, especially in small businesses and home offices.

Although the official numbers are never published, Microsoft Windows in its various flavors contains a reported 50 million lines of code and Microsoft Office contains about 30 million. Herein lies the problem, because amongst this massive complexity are functional and security flaws.  The functional flaws are known as “bugs” while the security flaws are known as vulnerabilities.  Sometimes benign, bugs are discovered, tracked, and fixed through the  Microsoft updates:  software released in various ways and called security updates, critical updates, optional updates and service packs.

Security flaws, however, represent the biggest concern, because they can be exploited by the bad guys.  How?  Well, the malicious among us seek ways to compromise systems by sending specially crafted packets (traffic on the Internet moves in packets) so that the receiving system reacts in a predictable way, giving the attacker remote access or allowing him to retrieve your data. In some cases, the infected machine becomes part of a herd of enslaved computers called a botnet; in this scenario, the bot master (analogous to sheep herder) uses a group of zombie computers to perpetrate his crime: spewing spam, viruses, pornography and in some cases, the infected computers are used in an orchestrated attack called a DDOS or distributed denial of service.  If I wanted to keep your webserver busy and I controlled thousands of computers, it would be simple enough to have them all try to load your web page at the same time; your server cannot possibly handle so many requests and balks.

Am I Ever Really Safe?

The complexity of software and ingenuity of attackers creates a limitless playground, and keeping a computer safe becomes a matter of risk management and prophylactic behavior.  If you use adequate protective measures, including:

  • A malware program
  • An antivirus program
  • Windows updates
  • Software updates
  • A firewall
  • Run the computer as a user and not an administrator

Then you are reasonably safe.

What to do?

If your machine is connected to the Internet, you are at always at some measurable amount of risk!