Friday, July 17, 2009

Understanding Patches

Cyber Security Tip ST04-006

When vendors become aware of vulnerabilities in their products, they often
issue patches to fix the problem. Make sure to apply relevant patches to
your computer as soon as possible so that your system is protected.

What are patches?

Similar to the way fabric patches are used to repair holes in clothing,
software patches repair holes in software programs. Patches are updates that
fix a particular problem or vulnerability within a program. Sometimes,
instead of just releasing a patch, vendors will release an upgraded version
of their software, although they may refer to the upgrade as a patch.

How do you find out what patches you need to install?

When patches are available, vendors usually put them on their websites for
users to download. It is important to install a patch as soon as possible to
protect your computer from attackers who would take advantage of the
vulnerability. Attackers may target vulnerabilities for months or even years
after patches are available. Some software will automatically check for
updates, and many vendors offer users the option to receive automatic
notification of updates through a mailing list. If these automatic options
are available, we recommend that you take advantage of them. If they are not
available, check your vendors' websites periodically for updates.

Make sure that you only download software or patches from websites that you
trust. Do not trust a link in an email message—attackers have used email
messages to direct users to malicious websites where users install viruses
disguised as patches. Also, beware of email messages that claim that they
have attached the patch to the message—these attachments are often viruses
(see Using Caution with Email Attachments for more information).
______________________________
___________________________________

Both the National Cyber Security Alliance and US-CERT have identified this
topic as one of the top tips for home users.
_________________________________________________________________

Author: Mindi McDowell
_________________________________________________________________

Produced 2004 by US-CERT, a government organization.

Note: This tip was previously published and is being re-distributed
to increase awareness.

Originally Published at: http//www.us-cert.gov/cas/tips/ST04-006.html

No comments:

Post a Comment