Security geeks often talk about keeping your computer "patched". Here’s what we mean and why it’s so important.

In a perfect world, all the code on your computer would do exactly what it’s supposed to do and nothing more. In the real world, new code was added on top of existing code to fix a problem or to add some new feature until, over time, the code became too complicated to test for every possible scenario. Hackers found ways to exploit the holes in the code. By sending just the right command in just the right circumstances, they could make the computer do something it shouldn’t – like give the hacker permission to install software and take control of the computer.

When such a vulnerability is discovered, the developers who made the software have to figure out how to plug the hole – how to change the code just enough to stop the hacker without shutting down the new feature they added or interfering with some other application. “Patches” are the bits of code to be added to your computer to fix that hole. (Patches can also be used to add a new feature or fix something else in the program but for now we’ll stick to security patches.)

At work, your IT team should be responsible for keeping your core applications up-to-date and fully patched. For your home computer, you should set your computer to automatically update the software whenever new patches are available. That’s the safest way to be sure that you have the latest code protecting your computer. While most vulnerabilities are found in the operating system (those core instructions that the computer needs just to turn itself on), more and more vulnerabilities are being found in applications – Word, Adobe, QuickTime, RealPlayer, etc. No modern application is completely safe. In Windows, you can set the updates through the Control Panel. (Look for something like Automatic Updates or Windows Updater.) In other programs such as Quicken, you usually set the updates via Tools/Options or Preferences.

Of course, there’s no such thing as a free lunch or perfect software. Sometimes, the patch will fix the program but will also break some function that some other program needed to run. When that happens, you must either decide to wait (and hope that the developers at one of the two companies will send out yet another patch to fix the breakage) or take the risk and reverse out the last patch. Unless the patch broke something that’s absolutely mission-critical, you are almost always better off leaving it in place.

Incidentally, Microsoft has been releasing a packet of security updates on the second Tuesday of each month (so-called Patch Tuesday) for several years now. Some hackers are now exploiting that pattern and holding their latest virus until the second Wednesday so they have the most possible time before they are shut down. Even if you stay fully patched, there are no guarantees in life.

Leave a Reply