Disabling automatic updates is a bad idea

“Updates always seem to want to install at annoying times!” | “It’s my system. I can do with it as I want.” | “I don’t use automatic updates, and instead I apply patches manually.” | “If it’s not broke, don’t fix it.” | “Updates change too much stuff.” | “Updates take ages.” | “I don’t trust Microsoft/Apple/Google!”

Update Progress

These are just some of the excuses heard most often by the good folks who are called to try and salvage data from a cyber-attack.

If you’re regularly delaying the roll out of patches and updates on your Mac or PC, cut it out. You’ve got plenty of excuses, but none of them really holds water.

Of course, you aren’t the only one to blame. Manufacturers like Apple and Microsoft are equally culpable. There is plenty of blame to go around.

So why should you not postpone those patches and updates. We have one word. It’s not a real word, but it’s well known: WannaCry. This malware’s ability to infiltrate and hold ransom thousands of computers is why it is essential to promptly respond to fixes sent by Microsoft or Apple. After all, an attacker can’t sneak through a window if the window has already been closed off.

Patching works for some, but not for most

But patching can be an agonizingly slow or irritating process, and they are useless if you don’t do them correctly and promptly. Promptly, by definition here, is hours; days if necessary, and certainly not weeks or months. Also, while it’s possible to manually update your operating system and apps, it’s a huge job, and demands that you keep on the ball all the time. One slip and you’re at risk from malware.

You can use tools such as Flexera’s Personal Security Inspector to help keep on top of things, but it’s more work for sure, and there are no guarantees that you aren’t going to download a duff patch and that the process isn’t going to be annoying. In fact, I can guarantee you it’s going to be more annoying.

As Flexera themselves point out, “on a typical private PC, you have to master between 25 to 30 different update mechanisms to patch approximately 75 programs, if you do not have an automated solution.” That’s a pretty big workload.

Automatic is still king

One thing that needs to end immediately is disabling automatic updates. No excuses. And yes, while that excuse may have some validity to it, you still need to do it.

And the most effective way to patch systems is to automate the process. And you mess with or disable these mechanisms at your peril.

Ten years ago, disabling automatic updates might have been something that you could get away with, but fast-paced malware is evidence that this isn’t the case anymore. The timespan from a vulnerability being disclosed to patches being released to a widespread attack can be a few weeks.

Patching is a major pain. It’s time-consuming, it messes with workflow, it is often inconvenient, and it can be a roll of the dice that you’ll break something or not. If you are a home user, you can roll the dice and take a chance, and if things go bad then you brought it on yourself. If you are an SMB or enterprise it’s an entirely different matter. Depending on the attack, are you really that confident your business can survive it?

Sources:

http://www.zdnet.com/article/stop-disabling-automatic-updates-people/
http://www.zdnet.com/article/here-are-the-bad-reasons-why-people-disable-automatic-updates/

Image: Pixabay

Posted in Uncategorized.