April 06, 2020 | Research
  • Share:

Software & System Updates for More Security

Every well-updated system is generally far more secure against cyberattacks than one that is out of date. That's why major corporations also use special patch management solutions. These sophisticated solutions are normally beyond the reach of small companies and private users. But there are other good tools that can keep systems and applications up to date and provide for security.

Software updates for systems and applications

offer more security under Windows, MacOS, iOS and Android

zoom

Cyberattacks on PCs are very often mounted using so-called exploits. These are malware programs directly targeting a security vulnerability in a software application. A bug fix in the form of an update is often sufficient to evade such an attack. Most operating systems prompt the user to perform system-relevant updates or even carry them out automatically. By contrast, users running installed third-party software still have to perform their own updates. It is also urgently recommended to do so, as time and again, the PDF tool, Adobe Acrobat, for example, has been notorious for having severe vulnerabilities. Tools such as Java or the well-known Flash software are also frequently-used exploits for attackers. Here is an overview and a checklist showing you how you can make most applications fit and safe.

System check for Windows & MacOS

With operating systems for desktops, updating a system is still easy. Things become more complicated when updating installed applications; but more on that later. Windows and MacOS provide internal updating tools for the traditional operating system updates. On MacOS, it can be found under "System Preferences" and "Software Update”. On Windows 10, everything is found under "Settings" and "Update & Security". Normally, the tools are configured to automatic updates.

Compared to Windows 7 or 8, the new Windows 10 no longer allows constant disabling of system updates, which is considered an increase in security. Now users are only allowed to pause updates.

With MacOS, there is also an option for making everything automatic. In order to achieve this, it is often sufficient under "System Preferences" and "Software Update” to check the box on the query "Automatically keep my Mac up to date".

Windows automatic update feature

Since Windows 10, system updates are mandatory and for security reasons can now only be paused

zoom ico
MacOS updates for system and apps

With MacOS, Apple installs not only new system data but also updates the apps where desired

zoom ico
Configuring the Patch My PC update tool

Before the tool can launch the updates, it needs to know the language in which the updates are to be downloaded and installed

zoom ico
Patch My PC updater

The tool for individual PCs can be quickly configured and where needed, it is able to update a large number of installed applications

zoom ico

1

Windows automatic update feature

2

MacOS updates for system and apps

3

Configuring the Patch My PC update tool

4

Patch My PC updater

Program updates for MacOS

In terms of program updates, the Mac and Windows worlds could hardly be more different. For MacOS, almost all installed programs can be updated via the App Store – almost exactly as with the mobile iOS. If a software application is not from the App Store, in most cases it will independently notify the user that a newer version is available, offering it via a link. That is why Mac users normally require no special update software. If you want to make sure that all applications are definitely up to date, then you can use the MacUpdater from CoreCode, for example. The tool runs through all installation applications, checking for updates. If any are available, then up to 10 apps can be updated free of charge. More updates cost a minor one-time fee. The tool is easy to handle: once an update has been found, one click is sufficient, and the MacUpdater goes to work.

Good Windows update tools for individual PCs and small businesses

For Windows, application updates are a whole different story. Some programs now report independently upon launch that a new version is available, like the well-known client, Thunderbird, or various browsers, such as Chrome or Firefox. A large number of other applications do not offer this feature. Some security applications now even have an integrated software updater. This is the case, for example, with the Internet security suites from Avira or Kaspersky.

Naturally, it is possible to manually update individual tools, but over time, this becomes somewhat tedious. The right patch programs are much better at doing this. For this purpose, the market offers a vast selection of products, not all of which can be presented here. Without picking any favorites, we are introducing two products as being representative of this group: for individual user PCs, there is the tool from Patch My PC, and for small businesses, there is the software Patch Manager Plus from ManageEngine. Patch My PC can be used free of charge. After the 30-day trial period without a PC limit, Patch Manager Plus can still be used free of charge for patching up to 25 PCs.

Updaters for small enterprises

The tool Patch Manager Plus is a comprehensive update tool and can be used free of charge for up to 25 PCs

zoom ico
Patch Manager Plus

In terms of risk assessment, the tool flags each non-available update or missing patch as a vulnerability

zoom ico
Apple iOS updates

Apple's iOS for mobile systems and the installed apps can be easily kept up to date – some of them even automatically

zoom ico
Android updates

Whereas system updates for Android are mostly only limited in time, the app updates are available, even automatic, without any time limit

zoom ico

1

Updaters for small enterprises

2

Patch Manager Plus

3

Apple iOS updates

4

Android updates

Quick program updates for individual PCs

The small tool Patch My PC is very easy to handle. Merely prior to initial use, you need to complete a few settings under "Options". There you need to specify the language of the updates under "Application Languages". On the right, under "Visual Options", you also check "Create Desktop Shortcut for PMPC". One click on "Export Settings to PatchMyPC.ini" backs up the settings. Once you are finished, you close the tool and re-launch it.

Updating is easy: in the left window box, the tool identifies and already highlights all the applications for which an update is available. Afterwards, one click is sufficient to "Perform Updates". The updates are then carried out in silent mode. This means that the tool only indicates the progress of the updates as a status line and does not open and close any program windows.

Update service for small enterprises

The tool from Patch My PC is suitable for individual Windows PCs. Small enterprises with 5 to 25 PCs have too much hassle with an individual tool and also have no overview of the patch status on the PCs. Sophisticated patch management software, on the other hand, is normally too large and too expensive. But there are also suitable tools for small enterprises, such as the one presented here as an example, Patch Manager Plus from ManageEngine. In terms of configuration and structure, the Patch Manager is suitable for many PCs and can be used free of charge without a PC limit in a 30-day trial period. After 30 days, the program becomes a free version and can be used to manage up to 25 PCs. The professional solution, requiring IT knowledge, can be installed on a Windows server or on a PC as a substitute server. At the same time, however, there is also a cloud version available. In both cases, it is necessary to have an online account. The account requires merely a name and e-mail address, however; nothing else.

If a server with an Active Directory (AD) is available in the company, this can be used to distribute the necessary patch agents. The agents are available for Windows, Mac, and Linux. If the PCs are being run in a network without a management server, you can also manually distribute and install the necessary software agent. The workstations later provide a notification with their names in the dashboard of the solution, where they can be administered, grouped and much more. For all PCs, patch rules can be specified as to which software is to be updated, along with applications perhaps considered prohibited. With the Patch Manager Plus, users can receive updates not only for Windows but also for many non-Microsoft applications. Here's a very interesting feature: The server can also act as an update distribution station for all existing PCs in the LAN, thus eliminating the need for many individual downloads.

Quick system check with iOS & Android

Maik Morgenstern
Maik Morgenstern
CTO AV-TEST GmbH

In terms of app and system maintenance, mobile operating systems are relatively easy to manage, to the extent that they make updates available.

iOS & Android usually provide regular system updates and inform the user to that effect. With Android, however, the update range depends upon the device manufacturer. Normally device updates are offered for only 2 or 3 years, containing so-called Google security updates.

To perform a quick system status check, with Android, you can look under "Settings" and "System" or "About". There you'll find the entry "Android security patch level". On a system that is very out of date or cannot be updated, for more security you also ought to consider replacing the device.

You can check an iOS system under "Settings > General > Software Update". If there is a new version, it is offered immediately. Apple generally still offers updates for older devices.

When it comes to outdated apps, there is an easier way: the iOS or Android devices always have contact to their App stores. Normally, devices are configured for automatic app updates as soon as they are in a wi-fi network. If this is not the case, it is recommended to manually check whether a new version exists. For this, Apple has the app called "App Store", Android the app entitled "Play Store". In both apps, the users can see the respective apps installed and have the system display which applications are able to be updated.

Social Media

We want to stay in touch with you! Now there is an easy way to receive regular updates on the latest news and test releases.