Every software update alert that pops up on your screen has a backstory — and some of them are pretty dramatic.
When a software company gets wind of a bug or glitch inside a software program, it’s a race against the clock, says Chester Wisniewski, principal research scientist at cybersecurity firm Sophos. In the best case, the company found the bug before any hackers did. (Sometimes, independent “bug bounty hunters” make hundreds of thousands of dollars for reporting a single software vulnerability, Wisniewski says.) But many times, the hackers beat them to it, and companies must rush to patch the hole before more customers are attacked.
All that can involve thousands of hours of work, according to Wisniewski. But that doesn’t make us any less likely to click “remind me later” every time a software update momentarily distracts us from scrolling Twitter or Googling pictures of cute spiders. (Try it — it makes them less scary.)
According to cybersecurity experts, software updates may be the single best way to protect ourselves from cyberattacks — a threat that’s increasingly on the mind as Russia and Ukraine gear up for potential cyber warfare. But based on the National Cybersecurity Alliance’s 2021 Cybersecurity Behaviors and Attitudes Report, about a third of us don’t stay on top of updates. Survey participants gave reasons such as “it conflicts with my productivity” and “I don’t care.” It’s true that updates are often ill-timed and poorly explained, experts say, but installing the latest updates when they become available helps us sidestep common security problems such as theft and identity loss.
“If I have one piece of advice for consumers — whether it’s my mother-in-law or my grandfather or my next-door neighbor — it’s update your software,” says Caroline Wong, chief strategy officer at cybersecurity company Cobalt.
What’s a software update?
Computers — like the one on your desk or the tiny smartphone in your hand — are hardware. The programs that run on them are software.
When a software update pops up, it means the software maker has added new features or security fixes that stop bad actors from taking advantage of vulnerabilities in the software. Those vulnerabilities might be weird coding mistakes (writing software is hard) or just unforeseen paths a hacker could take to worm their way in.
Imagine that your software is a pair of pants. Vulnerabilities in that software are like holes in the pants. The longer you ignore updates, the longer you walk around with holes in your pants — and not in a cool way.
If software updates are so important, why have I been confidently ignoring them for years?
Because tech people are often bad at explaining easy things, according to Wong. Most software makers slap users with update alerts without telling them what the update entails or why it’s worthwhile.
Updates are also inconvenient. It’s tough to predict how long a software update will last, says Wisniewski, and few of us have the leeway to halt our workdays while we watch that little progress bar fill up. (He suggested blocking off a few minutes at the end of the day and setting a reminder to start the update.)
Are software vulnerabilities actually bad, or are you just trying to scare me?
They’re actually bad.
Hackers work constantly to find new vulnerabilities and exploit existing ones, Wong said. Skilled hackers can spin up malicious software in a day or so, but all it takes is an “internet connection and a brain” for someone less experienced to buy premade hacking software and try their hand at online theft, she said. Whether it’s malicious or a matter of need, there are tons of people across the world actively hunting for software to break into, according to Wong, and it’ll only get more common as life increasingly moves online.
“Literally every single update to Google Chrome, every single update to Windows, has things that were known to already be used by attackers,” Sophos’ Wisniewski said.
For instance, some of Apple’s recent computer, phone and iPad updates appear to fix a bug in the Safari browser that could give websites access to your browsing history and Google account information. Microsoft releases updates every month, and recent ones contain hundreds of security fixes for programs including Microsoft Office and Microsoft Teams.
But I like the old version of my software and I don’t want the features to change.
Learning whatever annoying new features companies thought you needed is worth the added security a software update gives you, Wisniewski said.
(Although if you’re attached to Windows 10, know that Microsoft says it will keep providing updates until 2025.)
I’ve been ignoring updates since birth. What should I do?
First, if a trusted program prompts you to opt into automatic updates, say yes.
Third, check for any updates you’ve missed.
On an iPhone, go to Settings, then General and Software Update.
On an Android phone, try going to Settings, then Software Update, and Download and Install.
On a Mac, go to the Apple menu, then System Preferences, Software Update and Upgrade Now.
On a Windows computer, use the search bar in the Start Menu to find “check for updates” in system settings. (As you’re checking for manual updates, turn on automatic ones whenever possible.)
And last, send crash reports when your software bugs out. These help software companies find bugs and stay a step ahead of hackers.