By Dave MacDougall – Business Development Consultant at Think4 IT Solutions
FOLLOWING ON from the last discussion on SPAM, the “good guys” have to fight back to close the doors the bad guys leave open. It’s like a big game of cat and mouse.
This can be done via patch updates. Most commonly the updates are from your security provider as long as you have a valid licence. If you had a licence and have left it to expire you will only receive the latest patch updates up to the date of expiration.
The second most common patch is to block vulnerabilities from your browser where most of the hackers gain details about you. A small simple malware program can be injected into your browser code and remember every key stroke made when in a browser session.
They’ll know which bank you bank online with, along with your security details such as username and security questions. These are then fed back to the spammers’ HQ and sold on. This is why is good to have a decent security package and to keep it up to date.
To ensure you can install the latest patch updates, you must also be up to date with your service pack. From a Microsoft perspective, these go hand in hand to also help give your device better performance.
While products are available from manufacturers (Microsoft, Adobe, Sophos, etc) they will have a timeline as new products come through. Once a product has been discontinued you will more often than not find the product support will also cease, typically 24 -36 months after.
Once this happens there are no more patch updates, so hackers take great delight in knowing once they found an opening it will not be closed. The only way to secure yourself against such situations is to update your package and move with the times.
For example Windows XP has been discontinued for some time and support will cease from Microsoft on April 8, 2014. Any business still using XP beyond that date will not receive patch updates to any security issues. There are many different routes to upgrade that won’t break the bank.
Many business have a tight security policy with various firewalls and will also have a small test environment to deploy the latest patches to, to make sure they don’t interfere with any bespoke software a company maybe using. There are many patches that once installed don’t actually take effect until your device has been restarted.
It has been known for a ‘bad-patch’ to be sent out as the vendors are under pressure to release a fix-patch to a major breach as quickly as possible and these can go wrong. In 2012 Sophos hit the headlines when they did such a thing, but many other vendors have done so without such attention being drawn to them.
Adobe also had a ‘zero day exploit’ when their product when installed in a default manner allowed hackers to bypass security as it was turned off. It was down to the user to know what was required and to turn the security on in settings. Again, a quick patch update installed will change the settings.
You must be logged in to post a comment.