A software application security patching plan is essential in today's world. Organisations struggle to patch their devices, and have suffered the consequences. I don't want this happening to you.
This article is focused on how you can keep your devices patched to protect against software vulnerabilities that could be exploited and put your personal data at risk.
Articles on this subject tend to be focused on businesses with lots of devices and different software applications. I don't see many (or any, for that matter) that focuses on home computers users.
Therefore, I've taken the best practices businesses should follow, and adapted them for home users. The six-step plan for home users will, I think, at least generate some ideas for improving the security of your home devices.
This article also looks at the fundamentals of software patching, such as what it is and why it is important. We also look at how to automate software patching using native operating system settings, and 3rd party tools.
System patching is usually the process of applying or installing a small software program made available by the software vendor that fixes a specific issue with their software products.
Often this is a fault, or bug, with the software programming. The bug is often related to a vulnerability that could be exploited by cyber criminals.
The vulnerability could be, for example, a programming routine that is unable to process or handle the programming routines coded in a malicious ransomware attack program.
This could mean that the vulnerability allows the ransomware program to run its programming routines, and therefore infecting that device.
From here the malware can hold the device, or its data to ransom, and use the device to infect other machines (known as a worm).
The patch corrects the software product's programming, and effectively removes the vulnerability, so the malware in unable to exploit, or work properly when it is installed on to the machine.
Occasionally, patches improve software products by enhancing or introducing new features.
It is also the case that some patching includes the replacement of the entire software product with a new version. The previous version is removed from your device and the new version is installed.
Patching is important to protect against new and evolving cyber security techniques.
Patches should be regularly applied to both the device's operating system, and any installed software applications.
This is because software vendors either know or are made aware of vulnerabilities in their products that are being exploited in the wild, which means cyber criminals are targeting such vulnerabilities with their malware programs.
The consequences of a successful cyber attack can be catastrophic. Not only could they destroy or even sell your data, they could also subject you to identity theft and fraud.
The video below is a short presentation that explains the fundamentals of system patching.
However, before you watch, it is worth noting that you need a patching plan to ensure you keep on top of all the different patching regimes used by the different operating system and applications providers. This is the focus of the next section.
A software application security patching plan for the everyday home computer user must be robust, simple and take up a minimal amount of your time when the plan is put in to action.
This is the holy grail for most professional businesses, and one that often eludes even the largest of organisations.
Often distractions can mean security patches are not applied quickly enough, especially for newly disclosed vulnerabilities that are being actively exploited.
If they were not being exploited, they soon will be because details of the vulnerability are often released alongside the security patch to fix the issue,
This is where the software application security patching plan comes in to effect. Consider the following 6 steps to develop your personal patching plan.
1. Identify All Household Devices
Often referred to as an inventory, the first step of your plan should be to account for all the devices in your home, including desktop computers, laptops, mobile phones, tablets, broadband routers and even Smart TV's.
2. Review All Software
Each device will have an operating system and applications installed, including games and other entertainment packages. For each device note what is currently installed.
3. Follow Vendor Patch Release Announcements
Common software and providers such as Microsoft (Opens New Window), Apple, Adobe Reader (Opens New Window) and Google all publicise details of the latest patch releases for their products.
Understanding when this happens can give you an advantage for applying new patches early. For example, Microsoft releases the majority of their security patches on the first Tuesday of every month, which is also known as 'Patch Tuesday'.
4. Review Known Issues With New Patches
Not all patches work perfectly first time. Often vendors will recall new patches or even release updates to those patches when issues are reported. This can delay when new patches are applied, but sometimes it is worth the short wait.
5. Test Test Test
If possible, test the new patches on a device that is used less frequently, or has less impact if an issue occurs. This way you know the patches work before applying to your main devices.
6. Regularly Review Device Patching status'
Some time patching can get out of sync, especially if you have many devices to patch. A review every 3 months or so is all that is required.
In the next section we take a look at options for making the patching process much easier to implement.
No one wants a complication and time consuming software application security patching plan. This is where targeted automatic updates and specific software tools, if used correctly, can make all of our lives easier.
Below is an outline of my patching plan for a couple of my home device, namely a Laptop and an Apple iPhone.
Below are the screenshots for my Windows Update setup. Here I've specified my main timeframe I use my Laptop, so patches are not actively applied during this time and inadvertently disrupting my work with surprise reboots.
In addition, I have the option to receive updates for other Microsoft products when updating the operating system. This way any supporting Microsoft software, such as Visual Studio, are also included in any update activity.
Modern operating systems are fairly stable, so I have no issues with applying these patches quickly after release. So far. I have experienced no issues.
I tend to manually check for updates the days after patch Tuesday, and every Sunday thereafter, to catch any out of band releases.
For application patching I use the free Patch My PC product (Opens New Window). It is brilliant, and can be configured to automate your (consolidated) application updates silently, so there is minimal disruption, and frequently because application updates are likely to be issued on an almost daily basis across multiple application vendors.
The video below is an excellent overview of Patch My PC, and touches on all the different configuration options, from recommended patching schedules, to specific technical set ups such as creating a restore point before any application updates are undertaken.
I run this product once a week, manually, every Sunday. This is because I like to have some element of control about when application patches are applied to my main Laptop.
I have the recommended schedule set up on another device as a means of testing the updates before deploying across the other devices in the home.
My approach for maintaining the iOS and Apps on the iPhone is simple. All I do is manually check and refresh the Software Update settings (for the iOS) and the App Store for all installed applications. I do this one a week.
Updating software is here to stay, and I think we all have to take a level of responsibility for protecting our devices. We cannot rely on software vendors alone to keep the risk to our data at a minimum.
The software application security patching plan outlined above is something you can either follow to the letter, or take the appropriate parts and apply to suit your needs.
It is worth taking a quick look at professional articles on software patching, such as this one from White Source (Opens New Window).
Having been part of the technology industry for over 20 years, I can identify with the issues organisations have keeping their estates patched. I hope this article has been successful in bringing in some of the best practices from the IT world, in to your world.