We have already emphasized enough on the importance of updates for computers regularly, in our previous articles. However, in the past few months the number of updates have been growing oddly burdensome to the average user. The number has grown to such extent that keeping up with the updates is turning into a second job. The Patch Tuesday is no more significant as you may expect a critical security update releasing today midnight or a set of updates the next day, giving you no time to plan. You miss them and might fall prey to the security breach – and the software vendor will simply point out your failure of not staying updated.
The software vulnerability and the updates
The updates are too technical to understand. But in simple words – a software, like the windows or the browser, is made of millions of lines of programming code. The more the features in the software, the more it adds upto to the programming code. Errors are inevitably made, while typing out these millions of lines or patching them to work together, thus leaving vulnerabilities in the software. Hackers, these days, have become more sophisticated in finding out these vulnerabilities proactively. The software vendor also works proactively to patch up the vulnerability before the hacker exploits it. These patches are released as security updates of the software.
Increasing number of updates
For the lack of a better metric lets compare the number of security bulletins released for Windows between January and April in the past 3 years, respectively. It was 16 in 2009, 29 in 2010 and 34 in 2011. As you can see, they kept increasing every year. This is not the case with just Windows. A typical Windows user will be using the following applications in common:
- Mozilla Firefox
- Mozilla Thunderbird
- Adobe Flash
- Adobe Reader
- Java Console
- Google Chrome
- And then an antivirus or a PC protection software
And all these applications are as vulnerable as the Windows itself. And their vendors are also as proactive to release patches. And every time each of them releases an update the user will have to first download it from Internet and then patch it up with the main application. Of course each of them has a user friendly mechanism to update, but do you know what it takes to patch them all? Apart from time taken to patch, they will also consume your broadband till they are downloaded and the CPU memory till they patch up. The average sizes of each of these software updates and the number of times they were released this year are as follows:
- Mozilla Firefox – 1.6 to 2.8 Mb (Updated 4 times in 2011 till date)
- Mozilla Thunderbird – 1.6 to 2.8 Mb (Updated 3 times in 2011 till date)
- Adobe Flash – 2.0 to 3.0 Mb (Updated 4 times in 2011 till date)
- Adobe Reader – 10.0 to 18.0 Mb (Updated 1 time in 2011 till date)
- Java Console – 17.0 Mb approximately (Updated 2 times in 2011 till date)
Windows updates range from 17 Mb to around 900 Mb and above. Google Chrome is little tricky to measure. It is even little creepy to have an application like Chrome that connects to its maker, downloads and patches up – all by itself, without even the knowledge of the user. But it still consumes your broadband and CPU memory.
The antivirus or PC protection software updates are little different from the above. They download security definitions everyday. Few vendors like Norton Internet Security, provide real time updates which keep updating more than 10 times a day. However, if all the software applications installed in your PC are perfect, why will one require to maintain a PC protection software or update its definitions daily.
Overall, we can see that lots of time and energy of the user is consumed here, apart from the broadband. In previous year, a report released by Secunia says that a typical Windows user patches for every 5 days. The days might remain the same, but the amount of time taken has definitely increased. Few times, multiple updates may come up within one week itself.
More and more people are finding it uncomfortable to track and do the updates continuously. Where could be the actual problem? Are the hackers getting intelligent or the software vendors getting stupid? Whatever it may be, the updates job is very exhausting and getting even worse.