A colleague recently made a cogent argument for timely – in fact immediate – application of all suggested updates as they pop up on various devices; desktops, laptops, smart phones, etc.  He examines it from a security perspective, being that many of these updates address security issues.  A week doesn’t go by that I don’t get at least one “recommended update” or another on my laptop from various software providers.

The colleague is not a fan of the “Remind Me Later” option/button – he claims that it’s “the most dangerous button you can push” (hmmm… my vote might go to the “Delete Permanently” option…).  He likens “Remind Me Later” to discovery that your home alarm is broken, and then deciding to post a reminder to your calendar to look at it later.  Another (false) analogy he uses is:  Leaving your car unlocked, and asking someone to remind you later to go back and lock it.  More on his analogies in a bit…

However, it’s now well-established that hackers and crafters of malware are providing their own “update” notifications:  Spoofs of legitimate updates, that upon acceptance install viruses, keystroke monitors, collection of authentication info, website tracking, information relays, and other nefarious things you most definitely want no part of.  Further, they employ various tricks in “legitimizing” the look and feel of their activies – one of which is an actual “Remind Me Later” option, figuring you’ll accept it at some point.

A little examination may be in order before reflexively clicking that “OK,” “Install,” or “Update Now” button.  Look the popup over carefully:  Its aesthetics (does it look typical?  If you’re able to remember the last update, that is); the way it’s worded; and further, is it an update that corresponds to your environment (that is, is it for something you’re actually running)?  If you receive an Adobe update, and you don’t have Adobe in your environment – don’t install.

Another consideration:  Oftentimes updates will create a conflict between the updated application, and another one.  There is published documentation of known problems and conflicts between resources, and frequently there is published counsel to forgo a particular update, because another non-conflicting one is due to be released by the software publisher, applications developer, plug-in provider, etc.

A really savvy user will know certain schedules.  For example, if receiving a Microsoft operating system update, it would be useful to know if MS was actually sending one out.  Googling around for this type of info can help.  There are also some great message boards that discuss this topic, and subscription can yield solid info and protections.

But here’s today’s take-away for you:  Just because you don’t update an element immediately doesn’t mean you’re completely unprotected (such as leaving your car doors unlocked, or home unsecured).  Security elements are still in your environment, running, and protecting:  A good provider will LEAD threats, so that you may indeed have a little room for a “Remind Me Later” – particularly if you suspect an update might be a spoof; a threat masquerading as a legit update. 

When all is said and done, any specific user, and any specific organization, has to make its own decisions regarding notifications of updates.  You’re tasked to know your environment better than anyone. 

But keep in mind that “Remind Me Later” can be a legitimate buffer as you research and vet an update notification.  It’s not just a procrastination tool.

NP:  Soul Bird, Cal Tjader, jazz24.org

Oh my:  Even children at play (and adults, too) are not safe – but we knew that.  It’s a cold, cruel world.

Apparently birthdates, e-mail addresses, and purchase histories have been “accessed” (therefore, for purpose of liability assessments, assume:  “Stolen”).  Too, credit card info may have been stolen, but Sony doesn’t know for sure – last time I checked.  (I guess you could say last time they checked!). 

However, PlayStation users are advised to check their accounts.  I’m glad I’m not a “player,” at least in this context.  For those of you who are parents, with kids, with PlayStations, you’re going to want to run this to ground to your own satisfaction.  Check with your card providers – and I’d do it by phone…

Sony says the attack is “malicious” in nature, and has hired an outside security firm to investigate.  Hmmm… methinks they hired the outside firm about a week too late.

Going forward, beware e-mail spoofs and phishing schemes:  That is, official looking e-mails that purport to be from your bank/credit card provider(s), and while we’re at it, from Sony too.  Breaching entities can strip official logos and authentication screens – an entire website’s “oeuvre” – allowing you to think you’re logging in to “XYZ-CreditCardCo.com” – you fill in credentials (ID and password; again filling a hack situation)… when in fact you could leave the fields blank and access the dummy site.  But, you’ve entered the critical info… and then… the site asks for all sorts of “further authentication.”  Oops.

How the heck does Sony get breached, hacked, violated… anyhow?  Aren’t they… big?  Protected with the latest security measures?  Are they not on the RFE (Responsible Forward Edge)?  Don’t they know what they’re doin’?  Um…

When Sony’s system is back up, change your ID(s), password(s), and any other authenticating/security/credentialing information.  Immediately.

Just to be sure.

NP:  Powerage – AC/DC.  Ok, a departure from my usual old-school, straight-ahead, jazz references.  But… someone here at S-bucks mentioned the band, and I just had to weigh in with my 3 concert experiences; two with original singer Bon Scott – and those were… simply… amazing.