Why you can’t ignore those automatic software updates
Grit your SAN FRANCIS CO teeth and let your computer update itself. That’s the advice of security experts, who say consumers should welcome those updates because they serve a crucial purpose highlighted by the victims of the Wanna Cry ransomware attack.
In the case of the massive cybersecurity offensive that hit computers in more than 150 countries last week, users who had installed a Microsoft-issued patch were immune. Those that hadn’t could be hijacked.
In a world where computers and the software that runs them are under near-constant assault, updates allow companies like Microsoft, Apple and Google to keep customers safe — to the annoyance of many us- ers. “Think of this whole thing between the hackers and us, the average people, as an arms race. The hackers find a vulnerability, the companies find something to counter it,” said John Otero, a professor at St. John’s University’s computer security program.
But too many consumers turn off updates or refuse to install them when they pop up, either because they like their programs as they are, or because they fear
the updates themselves may be malicious, or simply because it’s too much work or downtime.
A study by the Pew Research Center in January found that 14% of consumers never updated their smartphone’s operating system and 42% waited “until it was convenient.”
Younger users seem to be more onboard with updates. Pew found that 48% of younger users, 18- to 29-year-olds, had their smart- phones set to automatically install updates when they were available. But 13% still said they never updated their systems.
Microsoft significantly changed its update model with its Windows 10 operating system by allowing for automatically installed updates, with some flexibility about timing on the part of the user. Major upgrades can only be deferred for 180 days, with a 60-day grace period.
Many of the computers affected by WannaCry were running the Windows XP operating system, which couldn’t initially be patched because Microsoft stopped supporting the program in 2014 except for a high fee. In the case of WannaCry, Microsoft took the unusual step of issuing a free patch for Windows XP.
As attacks increase, companies are increasingly pushing out updates. “Apple used to only update their software once a year, and now they do it monthly, mostly for security patches. Microsoft used to be able to go a year for a big update,” said Daniel Ladik, a professor who specializes in digital marketing at Seton Hall University in South Orange, NJ.
Those ever-more-frequent updates also often include a mix of security and general software changes — to the frustration of users. They complain some updates force them to reset preferences or that the updates cause crashes. The frequency and glitches have given updates a bad name, leading some users to ignore these persistent reminders.