Advice: Keep it up to date.
Warnings: There have been times in the past when people have resisted doing security patches because they introduced errors into their systems that prevented them from being able to do their work. I can not guarantee this will not happen to you, But it is much much less common than it used to be. Microsoft, Oracle, Adobe, and the open source community have become much more responsible in the way they patch OS's and applications. In the past few years it is much less common for a security update to take down someones workstation or server. I have run into in special situations. We once patched a pharmacy's Java version and it broke some of their Point of sale software. But I do not blame Oracle or Java for this, I place the blame entirely on the application vendor for this software. So if you are running a small company and are planning to implement these changes ALWAYS call your software vendors support line and tell them you are planning to update your OS and security related Applications before you actually make it happen. Prior to calling them have a list of the current Application versions you are running and the versions you plan to update to. They will happy to answer your questions, because they would much rather prevent your systems from going down ahead of time, than have to hustle to get things back up after they break.
Detailed Advice: What should I keep up to date?
- The Operating System Itself.
- Your Web Browsers
- All Browser Plugins
- Your Antivirus
- Your Knowledge of Existing Threats
How to do this: On windows servers and workstations this is as simple as going to check for microsoft updates. I would recommend always doing all the security updates. I would recommend always doing root certificate updates. Service packs I would wait a month or two after their initial release and then do them. As I stated before check with your major software vendors before doing major updates company wide. When in doubt update one workstation and check in the the user daily to see if they have any issues. Certain update packages do not always run smoothly. The one that seems to cause the greatest number of issues in production environments are database server updates. MSSql service packs will rarely work on production servers. In fact the issues involved with doing them are so complex and numerous that it would take a couple posts to address them all.
Your Web Browsers: Browser updates in windows are important for security. That being said they can break web applications. Always test them on a low priority system before doing them company wide. Home users can usually do them without worrying.
How to do this: For Internet Explorer you can get these updates through MS updates. For Chrome you will want to go to "About google chrome" in the menu the options menu. For Firefox you can go to http://getfirefox.com or click on "help" and then "about firefox" in the options menu. On a Mac go to the Apple icon in the upper left of the screen and click "software updates". The firefox and chrome instructions should be the same on macs. On phones and tablets you will want to go to the market or App store and click on updates or "My apps" and updates.
All Browser Plugins: So the most important plugins to check are Adobe Flash, Adobe Reader, and Oracle Java. There are free tools you can use to check if you are up to date. One is the website https://browsercheck.qualys.com/ . It will check all your installed plugins for every browser you have installed. I fully trust this website and it is very easy to use. Chrome will auto update the Adobe Flash for you. Firefox users can also check https://www.mozilla.org/en-US/plugincheck/ to check the plugin versions they have installed. Once we know what needs to be updated we just need to figure out how to do it.
How to do this: For Java the easiest way is to go to http://java.com/en/ and click on "free java download".
The hard part about java updates on windows is you need to also remove all the old version of java first. Even if you update your java, if you have an old version installed you are still asking for trouble. So what you need to do is go under "Control Panel" and then either "add remove programs" or " programs and features" and uninstall every version of java you see there. Then go the the Java.com site and install the latest one. I have seen systems with 10 old versions installed before. For Adobe Flash the easiest way is to go to Adobe.com. Then click on downloads and then click on "Get Adobe Flash Player" on the right side. Flash player will replace older versions so no need to uninstall them. For windows users you will need to do this once in IE and once in Firefox. For Adobe Reader the best way to update is to go to Adobe.com click on downloads and then on the "Download Adobe Reader" box on the right side. I always opt out of the "free" toolbars and other goodies they offer me. Adobe Reader will also overwrite the old version with the new one. Macs do the java update as part of the software update for the OS. Flash and Adobe reader can be obtained in identical ways on a mac. If you want to always use the latest version of Flash try using google's chrome browser, as it updates itself.
Your Antivirus: This one is not cut and dry. It varies on your AV protection vendor. The typical format most vendors follow is for the updates to be done automatically.
How to do this: It is still necessary once a month to check on things by opening up the AV program and checking the status of your subscription and the date of the definitions. These are usually on the status page of most AV's. If you find you have a product that has 2011 for instance in its title but you are in 2012, even if you have the latest definitions you may not be as protected as you could be. For windows users I always recommend "Security Essentials" http://windows.microsoft.com/en-US/windows/products/security-essentials. It is free software, Its effective, Its easy to use and it has a good track record. Make sure you never have two AV products installed at once. It will kill your system performance and offer no real benefit. As for which AV is the most effective, there is no easy answer. One place to check is http://www.av-comparatives.org/ . They are sort of the Consumer Reports of AV's. Mac users should choose as AV as well these days. The apple app store has some listed but there are other alternatives. http://store.apple.com/us/browse/home/shop_mac/software/utilities#m.productKind=security .
You can always call an apple store for a recommendation from them.
Your Knowledge of Existing Threats: Education is the answer here. Ask questions to IT professionals. Trust me they would much rather give you some free advice than spend hours cleaning out an infected computer. Read trusted news sources. One site I check regularly is http://secunia.com/community/advisories/ . Other Places to check out include http://www.securelist.com/en/statistics#/en/map/oas/month , and http://www.f-secure.com/weblog/. A simple user education campaign can save a large corporation a large sum of money every year. There are even companies that offer online video seminars to show new employees.
There are companies that can help you do this. I myself offer free security consultations to local companies in San Antonio. I have helped Banks, Pharmacies, Doctors and Clinics meet Federal security guidelines. There is also software available that can search all the computers in our office for insecure software and update it. As well as company wide AV reporting that gives your security team a report every morning of who has come in contact with infections. Please contact me at Tech.callforhelp(at)gmail.com with any questions you have. The only stupid question is the one you didn't ask.
ESET NOD32 Antivirus v5 1 user 8086652 (Google Affiliate Ad)Kaspersky Anti Virus 2012 3 users. 8085268 (Google Affiliate Ad) AVG Anti-Virus 2012 3-User 8087409 (Google Affiliate Ad)AVG Anti-Virus 2012 3-User 8087409 (Google Affiliate Ad)