Constantly patching the software on your PC is just as important as keeping your antivirus program up-to-date and running a firewall. Yet the numbers show that a lot of users are struggling with the task of keeping all their software up-to-date.
Research released in January 2008 revealed that only 5 percent of users are running fully-patched Windows PCs, while more than 40 percent have more than 10 insecure applications installed.
Another survey from December 2007 showed that more than 20 percent of all applications installed on users PCs have known security flaws for which patches have been released by the vendors of the products. That result was based on scans of more than 14.5 million applications on end-user computers.
The length of time between the release of security patches and the development of exploits targeting the security holes they address has been dropping for some time. Hackers exploit this period of time - the so-called "patch window" - to launch attacks against unpatched machines.
Microsoft delivers almost all its patches on the second Tuesday of each month, known as Patch Tuesday. In 2006, Microsoft released 49 critical, 23 important, and 5 moderate updates, while 2007 brought 43 critical, 24 important, and 2 moderate fixes.
If your software applications have automatic update features, then be sure to switch them on. If you have to download patches manually, then make sure that you do it from the actually Web site of the software vendor and that you didn't wind up on the download page following a link from an untrusted source.
On occation cyber-criminals have tried to sneak malware past users by disguising it as an automatic update to a popular software product. If you are in doubt if an update trying to install itself on your computer is the real deal, it might be a good idea.
