With more and more random software installed on our laptops, tablets, smartphones and other devices, more and more security risks are creeping in. Every piece of software is a security risk. Every piece of software naturally comes in an imperfect state, with human-implemented weaknesses and vulnerabilities yet to be discovered. Fortunately, many (but far from all) software vendors have systems in place to fix discovered vulnerabilities and weaknesses as quickly as possible. And with “auto-update” enabled, your device can just install this new version and keep you safe. Unfortunately, not all automatic updates are so automatic.
What is meant by “auto” can vary widely. Usually, it is expected that with the “automatic update”, new versions are quietly installed in the background. In other cases, the update process may be detailed with pop-ups and message windows, or even require a restart. But some “automatic updates” don’t even start automatically. In fact, they are not “automatic” at all, but require you to take action – take responsibility and get started by planning and initiating the update process yourself. And this is where the process fails. Lazy people like us. And so, lazily, we endanger the security of our devices.
We should not. Our digital life depends heavily on the security of our devices (see our Newsletter article on apartments). Just think of the mess you’d be in if a malicious, evil attacker gained access to your device(s) – your hard drive, documents, photos, and files. To your camera and microphone. To your keyboard and the keys you type. Malicious access obtained. The data has disappeared. The passwords are gone. Privacy gone. Privacy gone. Your digital life is gone. And with it your work, and the safety of CERN. Terminated. Game over. Bye.
To protect our digital lives – to protect our Organization too! – we must secure our devices as carefully as possible. We need to ensure that our entire installed software stack is always up to date. We need to make sure that “auto-update” really means “auto” and is set to be “auto”. We should allow software requiring an update to start its update process as soon as possible, either immediately or overnight. And we should refrain from postponing updates indefinitely. Ignore them. Delete them. Because a missing update implies an unpatched weakness and vulnerability. Because a missing update represents a risk – for your digital life and for the Organization. Manually intervening to make “auto-update” really “automatic” would reduce this risk. Thank you for securing your digital life. And CERN.
________
Would you like to know more about computer security incidents and problems at CERN? Follow our monthly report. For more information, questions or assistance, visit our website or contact us at Computer.Security@cern.ch.
Source : https://news.google.com/__i/rss/rd/articles/CBMiVGh0dHBzOi8vaG9tZS5jZXJuL25ld3MvbmV3cy9jb21wdXRpbmcvY29tcHV0ZXItc2VjdXJpdHktd2hlbi1hdXRvLXVwZGF0ZS1ub3Qtc28tYXV0b9IBAA?oc=5
