IT security at the University of Bern

Always install them: The importance of updates

You know how it is: a pop-up window tells you that an update is available. Forget the "Remind me later" button and update right away. Updates are important for your digital security.

Why are updates needed?

Computers, laptops, tablets, and smartphones all run on software conceived, developed, and programmed by humans, and humans make mistakes. These mistakes can create vulnerabilities for cybercriminals to exploit.

Why so many updates?

To protect users, software manufacturers fix every known vulnerability as quickly as possible. Vulnerabilities are discovered through testing by the software manufacturers themselves, user feedback, or even through criminal hackers. As soon as the manufacturer has fixed the flaws, all users receive a software update.

How are updates installed?

Updates for the operating system are installed automatically by the manufacturers, such as Microsoft or Apple if you have enabled the "Automatic Updates" feature. This applies to all your devices like computers, laptops, and smartphones. This way it's very easy to be "up to date". At least as far as the operating system is concerned.

For programs that are not part of the operating system, or if the automatic installation of updates is disabled, the installation of a new update must be confirmed by you. If you have also deactivated the notification for new updates, you have to search for new updates yourself.

It is best to leave the function for automatic installation of updates enabled on all devices. This way, you can concentrate on other things. If you want to decide which updates are installed, you should at least leave the notification for new updates enabled. 

The faster you
update your
software, the
lower the risk.

Criminal hackers love flaws

When criminal hackers discover software flaws, they will try to make money out of them. Certain flaws can result in security breaches that can lead to malware being installed on your computer. Sometimes all it takes is a click on a carefully crafted web page or an infected email message. The faster you update your software, the lower the risk.

You deserve the best and latest

In addition to the security aspect, updates offer another advantage: manufacturers constantly develop their software and equipping it with new features. Some updates improve the software and its ease of use significantly: why not take advantage?

More information

The term malware refers to a program that performs unwanted or hidden functions (e.g., erase, destroy or alter data) on the affected computer. Malicious programs are fully functional and often self-contained programs created and distributed by savvy programmers with criminal intentions. Malicious programs are

  • Virus
  • Worms
  • Trojans
  • Bots
  • Dialer
  • Scareware
  • Grayware

More on malware.

A zero-day exploit is a cyber attack that occurs on the same day a weakness is discovered in software. At that point, it's exploited before a fix becomes available from its creator.

The curriculum vitae of a vulnerability can basically be divided into four time periods:

  1. A seemingly vulnerability-free period.
  2. Someone detects a vulnerability and reports it to the program's manufacturer, writes an attack program, or sells the information.
  3. The manufacturer develops an error correction (patch) depending on the significance of the security hole and publishes the patch - possibly together with a previously unknown security hole because even error corrections can contain security holes.
  4. The users install the update (the patch).

For the users of the corresponding software, the greatest risk of exploiting the vulnerability by an attacker is in the time window from the publication of the error correction to the same installation. This is because the vulnerability becomes known with the bugfix release, and malware is generated from these bug fixes quickly.

Therefore, it is important to install updates as soon as possible.

In a drive-by attack, Internet users are infected with the malware when they visit a website where the attackers have placed malware. It usually exploits vulnerabilities in the browser and plug-ins of the visitor to infect the computer. Such a process happens without the user being aware of it.