Install the Updates!

Posted on August 12, 2003 at 02:06:09
The craze regarding the RPC/MSBlast exploit has led me to a very simple question: Why do people refuse to update their OS? Almost every major exploit released by hackers is related to a bug already discovered, documented and corrected.

The average person must think computer hackers are pretty stupid. When a patch for a bug gets released, often times it is accompanied by something called a "proof of concept." This "proof of concept" is basically the exact programming necessary in order to exploit the bug. It is released to prevent other programmers from making the same mistakes or to allow users to check their own systems for security. However, anyone can download this code. In an amateur hacker's mind, someone has already written the worm, all he needs to do is copy it and insert his own malicious attack on the compromised computer. Not upgrading a system to handle this new bug is basically the same as saying that hackers are too stupid to even copy someone else's code. Obviously, hackers are much more intelligent than this.

I personally check the updates for my OSes every day or so. It only takes a minute out of my schedule. No good reason exists as to why users shouldn't check for their updates at least once per week. If a user has an OS that allows it, he should set it to automatically grab the updates. Then, even the most forgetful person has helped ensure his safety. Barring that, he should make the errata page containing the updates his browser's homepage and check it when the computer starts. As most exploits now come through the Internet, users should also install a free firewall such as ZoneAlarm.

The question then arises as to why people don't update. Microsoft has some blame in users not updating their systems enough. The company must stress much more openly that major flaws exist in its operating systems, however unpalatable this may be. These flaws are still being discovered and, therefore, updates must be checked for very frequently. Microsoft is trying to conceal the fact that its OSes aren't perfect (and much more buggy than most of their competitors) by playing down the whole Windows Update system. What Microsoft doesn't realize is that outbreaks such as the Sapphire and MSBlast worms are much worse for its image than an admission that its OSes are buggy in the first place. Everyone deciding on major OS purchases knows Microsoft's OSes are buggy, and I bet enterprises just loved it when web traffic increased so much (due to the Microsoft related Sapphire worm) that even their patched machines couldn't be accessed.

Microsoft should enable the automatic updating of its software by default. It should also make disabling this system very convoluted. If the OS designers need help doing this, just have them talk to the people who wrote the "smart text" for Microsoft Office. That is not only enabled by default, it is the most convoluted system I've ever seen in major software.

Some people may have a feeling that installing these updates can mess up their machines. However, this is quite rare, and almost every time it happens the updates can be uninstalled under safe mode. Besides, a distant fear that an update might mess up a machine is much easier to live with than an almost absolute fear that an exploit such as MSBlast will find its way into a machine, definitely messing it up. Installing the updates is more than worth the risk. I personally have never had a problem with any updates. If for some reason a user does, he can check out this site's forums. The experts there would be glad to help.

Another reason people don't get the updates, at least with Windows XP, is because they pirated the OS. If this is the case, I can't take pity. These people were running the OS illegally, and it eventually came back to haunt them. Anyone who gets a totally cherry version of XP installed illegally thinking he will never have to update it (because he can't update it) is crazy. The updates are now so important that ignoring them will almost certainly land a user in hot water in the future. Microsoft has found another way to force users to legally obtain its software, however unintentionally.

For all these reasons, users MUST update their machines. Doing so is no longer a choice. With the old exploits, users could get around them simply by not engaging in "stupid" activities. However, these new exploits can propagate without the user doing anything at all. These propagations have the ability to wreak havoc on the Internet as a whole. Users who refuse to update shouldn't take down the rest of the Internet with them. That isn't fair. A user can either spend a minute every other day checking for updates or spend hours fixing exploited machines (possibly encountering data loss). To me, that seems like an easy decision.

Justin Weber

Click Here to view all of Justin Weber's articles.

Ask a Question!

From the Geek Dictionary
core - A reusable unit of logic, cell, or chip layout design and is also the intel...

Weekly Poll
Would you play for PlayStation Network?

Poll Finishes In 4 Days.
Discuss in The Lounge
Poll History

Recent Posts
parser message

need audio driver

Excel macro help

LAN Setup

Help Please! IBM Laptop completely locked up

Tom's News
VIDEO: An HD Tour of the Space Station

Samsung Launching AMOLED Phone Next Week?

Man Fined $1.5M for Leaked Mario Game Upload

Toyota Issues Recall Over Prius Braking Problems

Mario Creator Mentions New Nintendo Hardware

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE