Microsoft's biggest Patch Tuesday ever is October 12th, and if you don't pay attention, you just might get hacked.
For the last seven years, Microsoft has issued its security fixes on the second Tuesday of every month - i.e., Patch Tuesday. This day is an important one for Microsoft users, as the software is often criticized for being buggy and insecure. In the latest patch, Microsoft is fixing 49 vulnerabilities, including four critical, 10 important and two moderate fixes.
But here is the problem: The day after Patch Tuesday is known in the hacker community as "Hack Wednesday."
Here's why. As soon as Microsoft releases its patches, hackers scramble to reverse engineer them. Huh? That's right - although Microsoft has already found the problems and fixed them, the patches still have to be downloaded by you - the user. Until you do, the Microsoft security update is essentially a treasure map for hackers. These online criminals know that a lot of users don't bother to install their updates right away - so for these people, the security fixes actually work against them.
Bottom line: If you're not one of those proactive consumers who pays close attention to security news and is diligent about installing the latest Microsoft patches (and then waiting for your computer to restart), come Wednesday, you're going find yourself a big fat target for hackers.
In a way, poor Microsoft is damned if they do, damned if they don't. The same goes for the users of its products. So what should we do?
- UPDATE Immediately. As soon as Microsoft releases its patches, you have to accept and install them. I know it's a bit of a pain, because you may have to restart your computer, but it is definitely worth it.
- Buy good RELIABLE anti-virus. I realize that in bad economic times, we all want to pinch our pennies. But anti-virus is too important to skimp on. You need to spend a little cash to get yourself good, solid anti-virus - not the ultra-cheap or freeware kind. Real anti-virus that has firewall capabilities, strong analytics and updates automatically. I say "reliable" as there are far too many fakes out there. Ensure that this is a reputed global brand and not a fake anti-virus that will in itself be the "hack."
- Stop using Internet Explorer ... unless you have a very good reason to do so. Switch to another browser like Firefox, Chrome or Opera.
- Don't do stupid things - like open suspicious emails, or, worse, click on the hyperlinks or download the attachments included in suspicious emails.
- Stop having faith in tiny URLs. Social networks are a growing attack vector for hackers - and tiny URLs, which conceal the true destination of the link, are a great asset for these guys.
It probably seems like a lot of work just to protect your computer, doesn't it? That's because it is - we're at the peak of the trend right now. And the steps I listed above won't protect you from everything - it will just improve your security. This problem is only going to get worse over the next few months and years, until the industry is finally able to get serious about "cloud computing" and more progressive anti-virus protection, both of which will take the computer user out of the security equation.
So fear not, computer users - help is on the way. And here's how:
- The Cloud, Baby: In the coming years, get ready for the biggest paradigm shift in computer history - at least since Steve Wozniak and Steve Jobs invented the personal computer in the mid-1970s. Because in a short matter of time computing will move en masse to "the cloud" - i.e., software will be provided and housed on the Internet, instead of on each person's computer. This means that companies like Apple, Microsoft, Google et al will be solely responsible for implementing security for their software - all you'll have to do is trust them.
- A Prophylactic for Your Browser: The IT security industry is also looking at innovative tools like Web "filters" - a prophylactic for your Internet browsing experience that will come between you and the infection. This is a re-thinking of the current anti-virus model: you get infected, anti-virus cures you.
- Hard-Coded Computers: Think of this as a vaccine for your computer or other networked device. Computer scientists are researching ways to hard-code these devices to make them more resistant to infections - particularly of the "zombie-computer," i.e. botnet, variety. In fact, analysts believe that Intel's recent purchase of McAfee for8 billion was to enable the company to make safer, more secure computer chips.
- Crowdsourcing Anti-Virus: McAfee and Norton know when a computer virus like ZeuS is on the rampage - but how about a smaller attack that targets a group on a social network, or maybe the company you work at? Symantec is developing an anti-virus application that utilizes crowdsourcing to help it catch under-the-radar threats.
So help is on the way. But, in the meantime, make sure you add an Outlook calendar alert for Patch Tuesday each month. And if you're reading this on a Mac, don't feel superior. Apple patches are increasingly necessary too.
For more info, go to Microsoft's security page or Apple's security page.