Date: 30 September 2011
Click here for printable version
If you are anything like me, then you probably have around 20 or so friends that you see (in person) frequently. These people are the ones that you might call on to help you move, or have a BBQ with. But there is one thing that I have found to be an instant friend magnet... "Understanding all that computer stuff". When it comes to fixing computers my friend count seems to skyrocket into the hundreds. So one thing I am always asking myself is "what gets you the best bang for buck when fixing someoneís computer". Normally I look at this from a security point of view; so with a little help and some research done by CSIS we take a look at what is best to update on a friends' computer.
Firstly I suppose I should say that I always recommend changes rather than just implementing them. So if someone wants to stick with software X, or continue to run as an Administrator (especially after sitting through my stories and "gentle" persuasion) then I donít stop them.
The first thing I check is to make sure that automatic updates is turned on with all current updates installed for both the OS and the AV software (if this is missing or expired, fix this first). This does two things; first it makes sure that we are starting on a solid ground (or as solid as you can get without a clean install), secondly it will mean future updates are installed saving everyone time in the future.
So where do we go from here? Well, my next point of call is the web browser, the tool that has probably resulted in more infections today than any other (remember without a browser, you don't have plugins). Internet Explorer is already taken care of with the OS patching (thank you Microsoft). Firefox, Chrome, Safari and Opera all have automatic updating, however I have found problems with Firefox and Safari when running as a limited user - so double check those are up to date.
On a side note, when software is up-to-date already, it is normally a good sign that there are no problems with the automatic updates (or its interaction with limited user accounts). If they are not up-to-date, check to see if it can install correctly as a limited user (if running as one).
This is the end of the easy stuff. Next comes Adobe Flash and Reader. Reader has an update feature, but again I have found problems with limited accounts sometimes. Flash player seems to require different plugins depending on the browser. In each browser, visit this Adobe site to see what version you have (if you don't have it installed - don't install it!). This is actually one of the reasons I switched (mostly) to Chrome; it keeps flash up-to-date for me!
So, do I make the right call? As it turns out, when put together I am right, but Java actually takes the number one spot for attacks. So next point of call is Java. I am sure I sound like a broken record, but again the automatic updating that Java has, has caused me problems with limited user accounts (possibly because all my limited user accounts also have software restriction policies or app lock policies in use).
The last on my "must check" list of software is Apple software (iTunes and Quicktime). While iTunes didn't make the CSIS list, Quicktime did. After this I normally look for any software that is either popular, has browser plugins, or connects to the Internet. This could take a long time, so it really depends on how much time I have available.
One last item that I hope you are wondering about. I hope every one of you is thinking "what about Microsoft Office!". That is a good question, I was hoping that it would have shown up in the CSIS report, but we canít get everything. The reason I have left Office off the list, is that you can include it in Windows update. Back in Windows XP it was called "Microsoft Update", but now is built into Windows 7 "Windows Update" control panel (still requires manual enabling). Make sure that you are getting updates for all Microsoft software, rather than Windows only.