Wednesday, May 13, 2009

To Update or Not To Update?

Early on in this blog, I encouraged you to keep Microsoft Windows updated with whatever Critical Updates that Microsoft pushes out. (BTW these are typically pushed on Patch Tuesday, unless something really serious comes up that Microsoft deems worthy of immediate attention. If you've got Automatic Notification turned on for Windows Updates - which you should - it's practically a sure thing that you'll get a popup on every single Patch Tuesday that there's new stuff to go get.)

However, for many years I took the attitude with my systems' applications that "if it ain't broke, don't fix it". As a for-instance: until fairly recently I had been loathe to update Adobe Acrobat Reader to a newer version, because all that newer Acrobat versions have seemed to do is get way bigger and more unstable, so I was running version 5 until only a couple months ago on one of my PCs (the current version is 9.1).

I really wish I could continue with that mindset, but unfortunately (if your system is connected to the internet, anyway) it just really isn't advisable anymore. New exploits (cracks in the armor) are being found at a dizzying rate for practically any popular application that in any way interacts with your network/the internet.

However, keeping everything updated on a rigorous basis can be a serious pain in the okole, as I realized only yesterday. In general I am not a big Apple Quicktime player fan, but because iTunes installs it automatically (and because some media on the web is in ".mov" QT format), it's on all of my systems. On some of those systems, I have iTune's automatic update notification turned off because I don't run iTunes on them on a regular basis - and so the QT format on at least one of them is fairly old. That's a bad thing, because according to the QT wikipedia entry, all versions prior to v7.5.5 have a cross-site scripting vulnerability. I won't go into CSS here, but the point is that I have potentially opened myself up to Bad Stuff that I might inadvertently encounter just by clicking the "play" button on a video at some site that I'm not terribly familiar with.

It's unfortunate that we've come to this point, because Acrobat is not the only application by a long shot that seems to get bloated with every new release - in many cases, with things that we don't care about, but that the creators stick in there just to keep it New And Fresh.

I thought about making a list of applications that you should consider keeping an eye on, but I've decided that it would be very long but yet ultimately incomplete. So just be mindful of the applications you use in your web journeys, not forgetting things like Quicktime (and Acrobat) that you might never run directly, but that are auto-run by your browser when you click on something neat.

No comments:

Post a Comment