Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

what software should one be updating


  • Please log in to reply
4 replies to this topic

#1 rp88

rp88

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:59 PM

Posted 03 June 2014 - 12:04 PM

most people's computers, mine included, have a huge number of programs installed some of which are rarely used(but crucial on those few occasions when you do need them). when it comes to updating software to fix vulnerabilities though which software does a user actually need to worry about. just windows, java, antivirus and their browsers (IE, FF, chrome) or everything including programs that are just used on your computer without any clear evidence of those programs having any interaction with the internet.  do things like word, GIMP, blender, powerpoint, printer drivers, 7z, vlc, paint, windows media player, excel, sketchup, outlook, access, publisher, ccleaner, adobe reader, microsoft office picture manager, windows photo viewer, etc need updating for security?

thanks


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


#2 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 03 June 2014 - 12:14 PM

In general terms, the answer is Yes.

 

Best of luck.



#3 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:10:59 AM

Posted 03 June 2014 - 12:21 PM

 I always keep up to date with Windows Updates, Adobe, Firefox, and Office (which gets updates via Windows Update), and my antivirus.  I run the free version of Malwarebytes every few weeks, and update it before I do.  I avoid Java because it's had too many reported problems.  I can't think of anything else I update unless I run into a problem.  I use Chrome, but it keeps itself updated automatically.  With drivers, I strongly believe if it ain't broke, don't fix it.


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 PM

Posted 03 June 2014 - 03:28 PM

You need to update at least all the programs that face the Internet, or that receive data from the Internet.

But it is not always easy to know if a program can get data from the Internet.

 

For example, you ask about Word: you definitively need to update Word. Vulnerabilities in Word are actively exploited by criminals. For example, they send you e-mails with malicious Word attachments.

 

But I'm sorry to say, it gets even more complicated than that.

 

There are also exploits that use a vulnerability in one program but need a component of another program to succeed.

A common example is a vulnerability in a program, say Internet Explorer, that is not exploitable because of ASLR.

But assume you also have a version of Adobe Reader on your machine, that loads a DLL without ASLR support into several process, like Internet Explorer.

The exploit writer will then use this Adobe DLL to bypass ASLR and successfully exploit your machine.

So the vulnerability is in IE, not in Adobe Reader, but Adobe Reader is instrumental for the exploit.

Upgrading Adobe Reader (with this Adobe DLL now supporting ASLR) breaks the exploit.

 

So in a nutshell, it's best to patch all programs.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:59 AM

Posted 03 June 2014 - 05:50 PM

Free Software Update Monitoring Tools:Note: Calendar Of Updates is an excellent resource to check on a daily basis for updates to popular programs.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users