Patching the Past to Protect the Present

Once in a while, somebody will ask me why Windows keeps bugging them. An icon will appear on the system tray (that space by the clock in the lower right of your screen) that announces new updates are available. New updates are available; new updates are available; new updates…  ”It won’t shut up,” a recent client lamented, and they were concerned that every time they allowed the update, then the system would restart, and that was just a big hassle, so it’s easier to ignore it… to put it off. Today, in fact, a user complained that they were repeatedly annoyed to upgrade to Microsoft’s Internet Explorer 8, and finally when they did it, the system still wanted more updates and patches. One of her software even announced that it was incompatible with the new version of the browser.

So what is this stuff? What’s patching all about?

Well, patching is all about downloading new versions of software code to your computer. When you install a program, it installs compiled versions of software that were great when it was first released. It’ll probably work okay, but since the program was made, flaws have been found and fixed. Patching is the act of applying fixes. Nearly all modern software on any device (phones, PC’s, game consoles, even kitchen appliances) will attempt to download those fixes if they’re connected to the Internet.  Once downloaded, the patch will unpack and over-write the older versions of software. And bingo-bango-bongo, you’re up to date.

There are various levels of patching.

1. Hotfixes usually refer to replacing a single executable or library (*.dll) file. A fix is made and published, and it’ll over-write just one file or a couple of them.

2. Packs are usually a number of files that are downloaded and updated, usually manually, and this is sometimes referred to a “service pack”.

3. Upgrades or updates are usually even larger patches that have a lot of complex changes to them.

.

.

For the most part, many software solutions will try to patch themselves without bothering/notifying the end user. More often the end-user isn’t aware of probable inconsistencies or issues that may surround applying the patch so, hey, what do they care, and they’ll frequently just answer “yes” anyway. However, software engineers are always conscious of people who prefer to be notified when system changes are applied, and they err on the side of caution: better to tell you about it and warn the user instead of finding something doesn’t work and they have no idea why.

If you’re not really interested in the techie details of a patch, Patching software may seem like a chore. “Yes” seems so obvious, and totally restarting your PC seems like a real time sink. Patching, though, really serves a great purpose, starting with – A: your stuff will likely work better if the software is up-to-date, and B: your system is less at risk than without the patch. If you’re feeling rather geeky today and want to see a listing of the vulnerabilities threatening your stuff today, visit the US Computer Readiness Team (US-CERT)’s  current vulnerability list; for a real kick in the pants, review the weekly technical bulletins; and if you’re a tech professional, subscribing to these US-CERT RSS Feeds is a total must. What you’ll find is a whole slew of bad news facing your phones, PC’s, Mac’s, browser and database software, browsers… just about everything that runs on a microprocessor. And it keeps coming! It’s endless! There’s new crap every day that can hurt your computers!  You see, patches fix these problems. People who don’t patch or ignore the process make their stuff more vulnerable, and they become the targets of viruses and worms that exploit the vulnerability.

Patching isn’t always easy though. Infrequently, there can be an incompatibility between the old software and the new software; something unexpected can happen to other software or devices on your system. One day something works, the next day something’s haywire, and for no obvious reason – real annoying! Luckily, that what technology pros help out with. Before applying patches, we research the known compatibility issues with the application portfolio (the software your company runs and that we’re managing). If there’s a known issue, we hold off, maybe do a little research, make a phone call to the vendor, or maybe just try to apply the patch on a test computer first to see if it works.  Hey, if we didn’t do this due-diligence, patching could really be a lot more painful. At least we’re lookin’ out for the little guy.

And there’s a direct correlation to security here: if you wait a while to apply hotfixes, service packs, or updates, your system becomes more vulnerable over time. You’re basically patching the past to protect your present. This kind of attention is dire when looking at mission-critical assets like servers, or, the boss’ PC, but it’s real important to everyone because the effectiveness of computer security is often measured by the weakest link. A neglected, unpatched little PC in a forgotten office can become the single backdoor needed to hack your network, servers, or data. That’s why we tech guys are all about updates and patches, and why we’re often found sitting around waiting for them to be applied (either downloaded or unpacked).

So the next time you’re thinking about putting off that patching, take a spin by the US-CERT – think again. Apply your patches… take your medicine, daily if you’re paranoid but at least once a week. Take the time to let the computer help you out by applying what it thinks is good for you to have.

R

Name (required)

Mail (will not be published) (required)

Website

Notify me of follow-up comments by email.

Notify me of new posts by email.