Keeping Microsoft Windows and Office Up to Date

Thursday, May 8, 2008 11:26
Posted in category Featured, Internet, Windows

Every month, most Microsoft Windows users receive a small prompting. It may be in a small yellow shield in the System Tray (part of the Taskbar) or a prompt to restart the computer. This is only a reminder of the bugs and errors that Microsoft is constantly fixing; also known as patches.

This article is not meant to highlight the need for tighter programming practices, the constant bombardment of patches pushed into users’ faces or a need to move to a more secure alternative. These are all valid points that deserve consideration in the future. Rather, I would dive into the reasons behind “patching” and the imperative need for users to keep their systems up-to-date.

In any programming project, the bigger the undertaking, the larger the amount of resources that needs to be managed. In the case of Windows, this titan weighs in at 40 million lines of code. Over the course of the past twenty some years, the concept and design has been the work of thousands of people including Software Engineers, Quality Assurance Testers and so forth. If we focus on Software Engineers alone, we’ll see that they come from all walks of life. Having a wide variety of employees leads to age gaps, differences in programming styles and varying knowledge levels in the art of programming. By grouping them into various divisions, teams and work groups, Microsoft manages to get many different pieces of software out to the consumers. But even with a workforce this massive, the building blocks are still the individual people; people with flaws, bad days, knowledge gaps and demanding tasks deadline. Ultimately, this can lead to flaws in programs we use every day.

These flaws, also known as bugs, are greatly varied. Some bugs are very small that they are barely noticeable. Other flaws might prevent a program from operating properly or even at all. Critical bugs are those which if exploited, would give unauthorized users complete and possibly undetectable access to a computer and all the information it contains. An exploit is another name for a way a bug can be used to gain access to a system or make it do things it normally would not. (Wikipedia has a much better explanation.)

There are many ways in which bugs are discovered. Before a company officially releases a software product, it generally go through rigorous internal testing. After the official release, bug may be discovered by research companies or in the worst case, hackers. Each discovered imperfection is categorized, prioritized and cataloged. The severity of the flaw greatly affects when it will be fixed, tested and released to the masses. For instance, a bug where the background picture is off color has a lower severity than an issue with Windows permits a computer to be compromised.

There are two possible scenarios that exist when bugs are found in Microsoft Windows or one of Microsoft’s tightly nit programs such as Internet Explorer. The best case situation is that the flaw is fixed and distributed to the public before it can be exploited. The less friendly scenario occurs when hackers with nefarious intentions discover the flaw and start attacking computers before a patch can be released. Amazingly enough, the best case situation isn’t the most perfect. This is because Microsoft has empowered the user to decide how and when patches are applied to the Operating System. This makes sense in some cases, but not the general case. When patches are released, Microsoft strongly encourages everyone to download and apply them.

But why the urgency? Why should a patch be applied right away? Could it really hurt to hold off a day or so? The answer is a resounding YES! When a patch for Windows it is available to the general public and doesn’t exclude any particular group, such as hackers. Hackers immediately begin to tear into the patch to find out what is being patched and how. By doing this, they can easily understand (reverse engineer) the flaw and exploit it to gain unrestricted access to all computers in the world which have not applied the patch. For example, there were patches released the beginning of April for Microsoft Windows and Internet Explorer. Exploits appeared on the Internet within three days of the patch’s release.

The same issue which plagues Microsoft Windows also affects other mainstream programs. Another example would be Microsoft Office. Various exploits have been found in all the Microsoft Office applications which can allow hackers to compromise machines by opening Word, Excel and PowerPoint documents created with the intention of exploiting certain bugs. An e-mail specifically designed to take advantage of a flaw in Outlook can easily give hackers and open door to your computer.

The key is to stay ahead of the hackers. One way to make sure your computer stays up to date is by turning on Microsoft Automatic Updates. This can be done from the Control Panel and opening System Properties. Once there, click the Automatic Updates tab and select the Automatic (recommended) setting. Most people choose the “Every day at 3:00am” option.

When it comes to Automatic Updates, “Set it and forget it” doesn’t apply here. Users should visit Microsoft Update on a regular basis to verify that there are no outstanding critical updates for Windows and Office. (If you don’t see a category for Office patches, there should be an option on the right to allow Microsoft Update to patch all Microsoft Products, including Microsoft Office.) Also, the Windows Firewall should be on by default.

Lastly, Automatic Updates, Firewalls and Anti-Virus software should be considered second line defenses. The first line of defense is the person sitting in front of the computer. Beware where you surf. Don’t say “YES” to a pop-up just because it’s too confusing to understand. Don’t open unexpected attachments in e-mails. Try to use common sense and if you have questions, ask or Google for answers.

If a majority of the computer in the world were kept up to date the amount of computer issues would reduce. There would be less botnet activity. Spam would decrease along with identity theft and other untold horrors.

You can leave a response, or trackback from your own site.

Leave a Reply

*