, ,

Every year, SANS puts keeping your system up-to-date with current patches the most important thing you can do for system security. Why?

Security vulnerabilities are continually being found by security analysts and system crackers. As fast as they can, programmers and companies fix these problems in the code and release patches to fix them. Thus, the programs become more and more secure (as long as the program isn’t rewritten), and the vulnerabilities (hopefully) then will decrease. Old programs will thus have many vulnerabilities which are widely known – and thus systems running old versions will be much more susceptible to attack.

However, this also has to be balanced against the other risk factor: instability. Introducing new code and patches into an environment can result in more system crashes – a system that never changes (or changes very slowly) will be less likely to have crashes and will be more stable.

If not keeping a system up-to-date goes against your grain (and it should!) consider all of the risk factors: a system that is inside the firewall (and not in the DMZ) and has no extremely valuable data can be patched at a slower rate than a system which is exposed directly to the Internet. Also, if downtime is not a big concern (an hour or two, a day…) then it may be worth patching as soon as possible.

This suggests one thing: keep your home systems current with patches! If it is Internet connected in any way: patch it! Home devices are less likely to be secure and are more likely to be attacked than well-maintained corporate environments.