Security firm aims to make installing updates as painless and invisible as possible.
Recent research shows that the typical PC user needs to install a security update roughly every five days in order to safely use Microsoft Windows and all of the third-party programs that typically run on top of it. In response, a Danish computer security firm says it will soon debut a free new service that silently automates the installation of security updates for dozens of the most commonly used software products.
The five-day figure comes from information collected by Secunia, which pored over statistics from some two million users of its free Personal Software Inspector (PSI) tool, a program designed to alert users about outdated and insecure software running on their machines. Secunia found that the typical Microsoft Windows user has more than 66 programs from more than 22 different software vendors on his or her computer.
Even though the current version of the PSI software includes links to the latest updates for each outdated application, many users still find the update process too cumbersome, says Thomas Kristensen, Secunia's chief security officer.
"Most users don't want to be bothered with all these updates," Kristensen says. "Even when we provide them with the proper download links for the updates, a lot of users to say, 'No, I don't want to click on all these things.' We'd like to bring down the number of users who quit the patching process at that point."
There is ample evidence to suggest that the average user can't be bothered to install security updates in a timely fashion--unless the process is more or less automated. In a study released last summer, researchers from Google Switzerland and the Swiss Federal Institute of Technology found that browsers which included silent, automatic updates--such as Mozilla's Firefox and Google's Chrome--worked far better and faster in successfully delivering patches than did the manual installation mechanism used by the browsers from rivals like Microsoft, Opera, and Apple.
When hackers increasingly are attacking software security holes before vendors can ship patches to plug them, timely patching is more vital than ever, says Wolfgang Kandek, chief technology officer at Qualys, a computer security firm based in Redwood Shores, CA, that helps companies manage patch deployment. Kandek says Microsoft made great inroads with Windows XP Service Pack 2, which prompted users to turn on automatic updates for the operating system. But he adds that too few major third-party software makers include similar auto-update mechanisms.
KarDo learns how to perform common IT support tests by observing what the experts do.
Security technologies make compromising computers hard, but not hard enough.
Ksplice uses new technology to build security updates for Linux that can be installed without restarting.
The notion that all computer users are essentially idiots and so circumstances require automation of malware patch installations or malware-blocking program updates to fight the onslaught of nefarious botnets or other malicious actions is just wrong, plain and simple -- whether legal under current EULAs is for some court to decide.
I won't allow ANY part of the OS or applications on any of my computers to perform automated update/patch installations, though I do enable most which have the ability to check for updates to do so (not Java or Acrobat, though because of their cumbersome and intrusive approaches -- Sun/Oracle and Adobe, are you listening?) so long as I am notified and given the option to choose whether and when to download and install said patch/update.
This is partly a holdover from having been limited to VERY slow dial-up Internet service until the past year or so due to lack of wired or wireless broadband access at my rural location, but also partly due to personal preferences -- I want the final say in what gets installed on my machine(s) and when that occurs. There's a classic 'slippery slope' from having anti-malware patches automatically installed without users' knowledge (in order to achieve greater and more rapid systemic protection from thieves and others with nefarious intent, a "good" objective) to having whatever else a vendor might wish to push onto users' computers that could unintentionally compromise functional utility or general capability on individual machines. (Let's not even contemplate what horrific "trial" options a vendor's marketing department might want to push out after the precedent is established....)
Fully automated patching without user interaction or awareness is just a bad idea -- the fact that the current MS Patch Tuesday updates resets Windows Updates to the default ("automatically download and install") without notification was an unpleasant and really irritating surprise that ought to generate serious and widespread condemnation, but probably won't.
I strongly prefer the approach which Secunia has taken with their online or resident scanners (which I use and strongly endorse), namely 1) alert me to the issue ASAP and give me the information on an available patch, but 2) allow me the choice on whether and when to resolve the issue(s).
I find your reply very refreshing because today many people want things done but don't want to deal with it. (That includes my family & friends too, LOL!) I am expected to repair, update, advise, and beautify a system that is 20 years old and looks like crap. Then they bad rap me when it won't run the way they want it too and tell me I don't know what I am doing. I have degree's in this art and pain. People have become complacent, they want it fast,now and for nothing!
I try to get my family to learn with simple little gestures of random thought. It is an absolute necessity that if we are going to have a computer that we take a few semesters at least at a community college to familiarize ourselves with the machine that will be helping us accomplish some of our tasks. We have come a long way since the Dead old System. Secunia, Open Office.Org, AVG are tools to do just that...help us accomplish these things. The Web Browsers have become quite a problem lately, and the more reason to have These smart and accomplished people assisting us with their brilliant Ideas. I couldn't do it all on my own, but it is going to take some work on my part to make educated decisions what to install and not install, it would be a totally chaotic www without it. I am so thankful and honored for the one's especially that do the open source coding, i.e Mozilla, Source forge and Secunia just to name a few. You all deserve so much for what you do. So in closing I would like to say to those that don't know your computers that well to fix the least little problem, get off your lazy arse and take a couple of courses. Nothing in life is free, hell even try the library if you don't want to pay, they have what's called books their.
Thank You for listening to me ramble.
Interesting capabilities. In the Tech Support mode where the PCs belong to a corporation I'd want to be able to isolate a few machines to "never" be updated. That way they could continue to run legacy software the company needs but which cannot be updated for legal or other reasons--such as publisher folding up business. Other PCs I'd want to automatically update with no user intervention or knowledge. I wonder if specific applications can be exempted from updates while others are automatically updated, on the same PC?
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
zephilix
1 Comment
there is already a similar software,360 safe. Seach updates for installed software is one of its function. What do you think of this software. p.s.,it is a chinese software.
Reply