Your browser is obsolete!

The page may not load correctly.

The rules of ”basic hygiene”

Правила гигиены

Other issues in this category (103)
  • add to favourites
    Add to Bookmarks

Avoiding pitfalls when downloading and installing software updates

Read: 807 Comments: 1 Rating: 1

Monday, October 14, 2024

In this publication, we're going to talk about the precautions you can take that will allow you to press the 'Update' button with confidence and never risk losing your data.

Virtually any developer-supported application—free and commercial alike—gets updated every now and then. By releasing an update, a developer strives to add new features or make its product more secure and user-friendly. We already discussed the importance and benefits of regular software updates here.

However, situations when users apply an update and then encounter various issues—ranging from conflicts with other programs and faulty features to complete system failure—do occur. These incidents are usually caused by flaws in the update code, changes in the application's system requirements, and compatibility issues involving other installed programs.

That's what happened in July 2024 when millions of Windows PCs around the world displayed the Blue Screen of Death (BSOD). This incident was caused by a CrowdStrike sensor configuration update that disrupted numerous critical services around the world by temporarily paralysing their operation. The perpetrators also took advantage of the massive system outage and mounted attacks on the affected infrastructures by distributing a fake security update that actually installed malware. It is worth mentioning that smuggling malicious programs into target systems under the guise of legitimate updates is a common technique among attackers.

Users can get frustrated when, instead of improving an application or system performance, an update actually causes problems. These may include:

  • The app not working at all after being updated;
  • Settings getting reset to default;
  • Accrued loyalty programme bonuses vanishing;
  • The announced patch, new feature or tool not working;
  • Or a new feature does work, but one of the old ones doesn't anymore.

What can be done in a situation like that? First-off, stay calm. The problem is usually a temporary one, and a subsequent update or fix will be made available soon. If you need to make the application work properly as soon as possible, try to roll it back to the previous version. Some programs can do this automatically. In other cases you may need to remove the program and reinstall the working version manually. However, sometimes rolling back to a previous version may not be an option. Depending on the application you are having problems with, your system configuration and the severity of the failure, a rollback attempt may only make things worse. However, these complications are fairly uncommon on home PCs.

In any case, having up-to-date data backups is always a good idea. They will help you avoid severe losses due to various software or hardware failures and malware attacks.

To ensure a smooth transition to a new version, some developers test their updates on a small number of devices before making them available to all users. By doing so, they can identify issues beforehand and avoid devastating consequences—similar to those of July 2024. That's why sometimes a new version may already be available on a certain device and unavailable on others.

Unfortunately, cybercriminals use schemes involving software updates too. The most common one is disguising malware as new versions of legitimate programs. Note though that in this scenario, attackers don't distribute the actual updates but offer a complete malicious program as a new software version, which essentially is a phishing technique. The distribution methods include third-party software catalogues where hosted apps are never reviewed, phishing sites, file-sharing services, email and even instant messengers. Recently these methods and techniques were employed to disseminate fake banking applications.

On rare occasions, cybercriminals can find their way into a developer's infrastructure and inject malicious code into the next scheduled update. In less sophisticated attacks, perpetrators compromise an application’s official website and replace its distributions with fakes containing a malicious payload.

Despite the risk of such incidents, don't forget that software updates are essential for your programs to operate securely and effectively. Every time you update your software, you aren’t just getting an improved version—you are also ensuring that your data remains safe from new threats.

The Anti-virus Times recommends

It doesn’t hurt to exercise reasonable caution whenever you download an update. Follow these tips to avoid most of the unpleasant situations that can arise.

  • One thing to keep in mind if you use Windows is its standard system recovery tools. System restore points, Volume Shadow Copy Service, and Windows update backups will help restore a system if its operation has been affected by a faulty update.
  • Before you click 'Update', search the Web to find out what other people are saying about a new version. On forums and in social media, you can find useful information and some advice from those who have already applied the update.
  • If possible, install the update on a non-essential device to test it before deploying it in your current system.
  • Check the system requirements provided by the application's developers before actually updating it. Especially if you download and install new application versions manually. Perhaps, the new version will require a more recent release of your operating system or that you update some of its components or libraries. And if the program being updated also relies on some other application, make sure that the latter is also current.
  • Never download supposed new application versions from dubious locations—including links that others may provide online. On top of that, having your antivirus scan downloaded executable files—even ones retrieved from official websites—is also sound security practice.
  • If you doubt whether a certain software distribution file is legitimate, verify its integrity by comparing its checksum against the hash specified on the developer's website for this particular version. The most common cryptographic hash algorithms include SHA-1, SHA-256 and MD5. If the hashes match, you have downloaded the legitimate tamper-free distribution file.

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments