Why Do I Have To Keep Updating My Computer

With the release of the out of Patch Tuesday schedule update MS15-078 many are asking when this madness is going to end. It seems like every week there is a new software flaw that needs to be patched. The truth of the matter is that all software has bugs and if the good guys can find it before the bad guys and fix it, we are winning the fight. This particualr patch address a critical flaw in all supported releases of Windows. 

I've heard a number of comments from users of "not again", "will this ever end", and "maybe I should stop patching because it's just too much work", and "has anyone seen an attack using this flaw" .While it does seem like a lot of trouble patching is the only defense against exploits being developed by online criminal to break into computers running the effected software. If you stop patching or if Microsoft stops issuing fixes for these software bugs the criminals win.

There are  five basis steps to securing your computer: patching, running up-to-date antivirus, not click on links or opening attachments from unknown sources, run a current operating system that is currently support by the OS vendor, having a good password that is very long (passphases are more security than passwords), and turning on the firewall so that only needed network access is being used by your computer.

While this might sound simplistic but if you follow these five basic step you have are already doing more than some than many of the organizations that you have seen recently in the news.

My coauthor Valerie Thomas and I present at Derbycon 3.0 on building an information security awareness program.

My coauthor Valerie Thomas and I present at Derbycon 3.0 on building an information security awareness program.


Network defenders are not "cyber ninjas" nor "digital Swat teams"

Sad to see the New York Times misuse the word "hacker". Also adding crazy overblown adjectives like "digital Swat teams" and "sophisticated cybercriminals" does nothing to help tell this story any better.

What happened at OPM and in other federal breaches is basic steps were not followed. Simple things like using outdated operating systems, not have good password policies, lacking a good information security awareness program, and not properly patching is what got these agencies compromised.

Image source: http://ia.media-imdb.com/images/M/MV5BODg0NjQ5ODQ3OF5BMl5BanBnXkFtZTcwNjU4MjkzNA@@._V1_SX640_SY720_.jpg

Image source: http://ia.media-imdb.com/images/M/MV5BODg0NjQ5ODQ3OF5BMl5BanBnXkFtZTcwNjU4MjkzNA@@._V1_SX640_SY720_.jpg