Let's face it, software isn't perfect. It's bad enough that bugs in the code occasionally make a game crash just when you were about to defeat the final boss and finish the level. What's worse is that hordes of cyber-criminals are constantly seeking far more serious flaws in operating systems and other software, vulnerabilities that will let them steal your passwords, install malware, and generally give you grief. The bad guys find a hole, the good guys release a patch, and you, the user, had darn well better install that patch.
If you're using Windows, you absolutely must turn on Automatic Updates to get all the important security patches. It's also worthwhile occasionally checking manually in Windows Update – just search for Windows Update in the Start menu – in order to see what non-critical updates are available. "But I heard that a bad update damaged some PCs," you say? That was years ago. Let it go, move on, and turn on Automatic Updates. Turning on Automatic Updates protects all your Microsoft software, including Office.
Mac users need to shape up too. Apple computer owners can often feel very smug about the security of their OS compared to Windows, but these days that’s a dangerous stance to take – there’s an increasing amount of Mac-targeted malware around. Mac users who get their software through the Mac Apps store should download all available updates, or at the very least all the security-related updates. It's a relatively painless process.
Your browser provides entry for websites around the world into your computer, including unsavoury sites. A browser vulnerability may let cyber-criminals install malicious add-ons, capture your passwords, or perform many other dastardly deeds.
Internet Explorer gets updated as part of Automatic Updates. Chrome downloads updates automatically and applies them the next time you restart the browser; you can also actively install an update when the wrench icon shows that one is available. Firefox also downloads updates automatically and installs upon restart. If an update has been sitting around for 24 hours it will pop up a notification. To be sure you're up to date, open the browser's About box. Firefox and Chrome automatically check for updates when you do so.
Toolbars, browser helper objects, and other plug-ins hook deeply into the browser. An attack that compromises a plug-in can do almost as much damage as a browser-based attack. Firefox users can go to the Add-ons Manager, then click “Check to see if your plugins are up to date” in order to identify outdated ones and get updates.
Chrome users can ensure that all extensions are up to date using a normally hidden button. On the Extensions page, check the box for Developer mode. This reveals a button labelled "Update extensions now." Still using Internet Explorer? You'll need to check add-ons individually for new versions.
Adobe Reader and Flash Player have been particular targets of cyber-criminal attack. To be sure your Adobe products are fully patched, check out Adobe’s product updates page.
It really shouldn't be necessary to say this, but you must make sure you’re using the very latest version of your antivirus or security suite. The bad guys invent new tricks, and the good guys invent new fixes. If you're using an old security tool you don't have the new fixes. And of course you'll want to receive new antivirus definitions automatically, the instant they're ready.
If you keep these essential programs up to date, you should stay safe from most known threats. There's still the problem of zero-day threats – ones for which a patch hasn't yet been created. However, plenty of outdated attacks still succeed against unpatched systems. Don't be one of those victims. For even stronger protection, run a patch management tool to check all of your applications for available updates.