2

We all know we should keep our programs up to date, after all each of them could have an unlatched security hole that was fixed in the latest update. However the average computer easily contains 200+ programs and only few of them actually contain automatic updaters. This leaves most of them open to all kinds of attacks. So ho do you deal with this? How do you keep all your programs up to date?

Thijser
  • 353
  • 3
  • 12
  • I'm really tempted to say "Don't use OSes and apps that are stupid enough not to centralise and automate app updates". There's no silver bullet: either it's made convenient for you or you have to manually do it. – Steve Dodier-Lazaro Oct 01 '14 at 16:10

3 Answers3

2
  1. apt-get update
  2. apt-get upgrade

If you are on Windows or OSX just enable "check for updates" in any important programs. All the ones I use have that option. Also, you don't need to update those "200" programs. I would say update any text editors, PDF viewers, antivirus etc. Some antivirus clients can alert you to updates to some programs as well.

Check out this article for other suggestions. http://lifehacker.com/5384140/five-best-software-update-tools

chubby_monky
  • 358
  • 2
  • 8
  • Your "etc" defeats your answer. Would it not be better to upgrade everything? How do you determine the "important programs" or what the "etc." should include? Although the first part of your answer is the answer for Linux, the rest is very "hand-wavy" and not helpful. – schroeder Jul 24 '14 at 19:12
  • I'm sorry, I was just trying to be helpful. Since there is no unified way to update everything in Windows or OSX. – chubby_monky Jul 24 '14 at 19:18
  • But your dilemma highlights the opportunity. How DOES one update software that does not have active updating in Windows? There are ways to do it. – schroeder Jul 24 '14 at 19:20
  • 1
    No dilemma - solution above - install a better OS :) – symcbean Jul 24 '14 at 22:35
1

I believe that ultimately you need to resort to the vendor informing you as to when there are updates to be installed, which might arrive in a variety of ways.

  • Notification of an automated update via the application itself
  • Twitter / RSS feeds
  • Newsletters / E-mail campaigns

Now with that said, I would almost always prefer an automated approach for a personal user. This means using things like Automatic Updates for Windows / OSX and allowing your applications to update automatically. Personally, this is how I keep my stuff up-to-date and I believe I have been very successful in thwarting malicious software from executing on my system. This also comes part-in-parcel with being an educated user, which allows me to spot threats.

"However the average computer easily contains 200+ programs and only few of them actually contain automatic updaters"

While this statement might be true, I think it could be argued that you really need to focus on a select few that act as common attack vectors. I have found that doing the following has a great track record of keeping computers clean.

  • Educate users on how to spot threats
  • Allow automatic updates to install for your OS
  • Ensure common attack vectors are patched asap - includes Flash, Adobe Reader / Foxit, Web Browsers, MS Office
  • Allow your Anti-Virus agent to automatically update itself
  • Unless you absolutely need it, remove Java (note that a common misconception is you need Java installed for JavaScript to run - this is not true)

In a production environment you'd want to ensure you tested your patches before deploying company wide. For this you could WSUS / SCCM / GPO to deploy patches and software to your machines, however this often involves keeping an eye on when patches are released. I make a point of frequently checking with vendors to see when patches are updated. It might sound tedious to some, however it's much quicker than NIFO'ing a machine.

DKNUCKLES
  • 9,237
  • 2
  • 37
  • 47
0

chubby_monkey posted a good answer for updating the programs.

You can also write scripts for each program, such as a curl script that checks the website and a regex parser to determine if there's an update. Then, if the download location or link is consistent enough, it can download and install the update automatically. Otherwise, it can notify you.

JVE999
  • 131
  • 5