Waiting for Service

On wednesday I wrote a brief post about someone I knew, who refused to install Windows Updates. (The Swiss Cheese Software)

I was discussing this with a colleague who also brought up the concept of 'Waiting for the Service Pack' before buying the next version of Windows. This is rather appropriate with Windows 8 just having being released.

The concept is, that before buying a new operating system, you should wait until the first service pack is released, so that they can 'work out the bugs' and you dont get buggy software.

This is one of those outdated beliefs that was true many years ago. Back when patches and service packs were delivered on CD because the internet connectivity was just so slow.

Here is what I believe that many people mis-understand the whole service pack concept. The "service pack" is just a fancy name for "collection of updates we have already released but are putting together into one huge download approximately one year after releasing the software"

That's all a service pack is.

You will actually get the same benefit from installing the software to start with and continually apply the updates as they are released.

So... Why "wait for the service pack" ??

The Swiss Cheese Software

I recently had a conversation with a friend who stated categorically, that she never performs Windows Updates. Never. As an IT guy this rang a few alarm bells, so I asked her why not.

She had been told by a friend of a relative who "works in computers" that updates just break other things and its best left as is. I realized that, this out-dated concept is more common that I had thought. It is up there with the other mis-beliefs, such as "Macs never get viruses" and "Always drain your battery to 0%".

So just to clear this up;

Updates fix previously identified problems and SECURITY HOLES - not installing updates is like leaving a window open all the time because the new one "might not fit"

Many years ago, back in January 2002, Microsoft started the Trustworthy Computing directive and  in 2004 started developing all of their software with the Software Development Lifecycle. A process to develop software along a specific set of guidelines (which can prevent problems with software from among other things, the update process)

Updates and patches may, on occasion, have some weird result on a limited number of computers (remember everyones is slightly different) but the overall effect is to keep your system running in a proper secure and safe manner. As time progresses, the software itself is getting better - for example; Windows NT4 had 7 service packs, Windows XP has had 3 - half of the Windows NT line. 

Did you know: A large percentage of viruses or cyber-attacks take place because the software has a vulnerability - or hole - in it, that they can take advantage of. The longer you leave the hole there, the more likely someone malicious will take advantage of it. An unpatched Windows XP machine, directly connected to the internet can be compromised in under 4 minutes?

So... the short of it is, with the rapidly changing threat landscape, you should keep your software up to date (and not just Microsofts) and install software fixes within a relatively short period after being released.

Apples Map Function Still Needs Work

A rather interesting release from the Victoria Police, in Australia  advises motorists in the area not to rely on Apple's iOS6 mapping application.

The report says that, local police have had to rescue stranded motorists from the middle of a national park, because iOS puts the town of Mildura around 70km away from its physical location. 

Police are extremely concerned as there is no water supply within the Park and temperatures can reach as high as 46 degrees, making this a potentially life threatening issue.

While I do use an Apple device, I am by no means a die hard Apple fan. But I also understand that this cant be 100% Apple's fault. They purchased their mapping data from another company (to move away from Google) so some of the blame must lie with them too.

Maps has been one of the biggest blunders recently with Apple in the press, and some employees even lost their jobs over it.

But have we come to expect too much from the tech giant? Have they raised the bar so high for themselves that one or two slipups can get blown out of proportion?

Read more on the Victoria Police press release here: http://www.vicpolicenews.com.au/more-news/11081-police-concerned-with-apple-ios-6-mapping-system.html

Image from Victoria Police news release. Purple pin is actual location of the town.

Source: http://www.vicpolicenews.com.au/more-news/...

Can You Go Anti-Virus Free ?

...or is this just another fad?

First there were 'Computer Viruses' which mostly targeted Microsofts software and required Windows Anti-Virus software to get rid of them. Then came Spyware,  needing options such as anti-spyware, to track down that stuff watching your every move. The big thing now? Straight out attacks.

For a while now, I have been asked by various people, if it is still worth running anti-virus. This question usually comes from those who have fallen victim to a drive-by browser attack.

These drive-by browser attacks take avantage of an exploit (a flaw or vulnerability in the software) to download a malicious program to your computer - usually without your knowledge.

So why are anti-virus programs, becoming seemingly inept at stopping this kind of attack?

It is in part, because, they are taking advantage of a flaw in the software of the web browser.

How Do We Combat This?

When this malicious software (mal-ware) first started appearing, it took hours to remove these blights and required a high level of understanding of the way they worked.

Thankfully, there are a number of anti-malware companies that offer software designed to look for this. Software such as Malware Bytes automate much of the process for removing common malware. 

Another Option

Zero Vulnerability Labs (http://www.zerovulnerabilitylabs.com/) has an idea. Why focus on removal, when you should be looking at the cause - these pesky holes.

Using their ExpoitShield software to block the actual software flaw that is being used to attack your system by detecting the exploit attack and stopping it in its tracks.

As noted on their website, "We do not intend to replace the antivirus or security suite but rather to complement and enhance it." which is smart - the more types of defence you have, the safer you should be. 

This software is still in Beta testing right now but I'm all for increasing protection and will be watching this software develop.

Of course, still one of the best ways to protect yourself is to ensure that you computer is fully patched - this means when you get the popups advising you that there are new Windows updates or updates to Adobe Acrobat. Annoying as they may be, they do close the open holes.

Read More on this at TechWorld - http://news.techworld.com/security/3401365/is-antivirus-dead-startup-launches-first-exploit-blocking-program/ or visit Zero Vulnerability Labs at http://www.zerovulnerabilitylabs.com/