PSA: Keep your software up to date (an ode to Apple Security Update 2012-001)
Apple released its first big OS X update of 2012 this week, and it’s pretty big. It’s easier than ever to keep your computer up-to-date these days, but it never hurts to review good habits, especially when it comes to keeping your computer and data secure.
By far, the largest number of compromises of home computer systems is through vulnerabilities that the victims could have avoided if they only kept their systems up to date. If you want to see the numbers, take a look at Microsoft Security Intelligence Report volume 11 (PDF). While that report is specific to Microsoft Windows, the lesson applies across operating systems.
This is why I am reminding all Mac users of Lion (OS X 10.7) and Snow Leopard (OS X 10.6) to update their systems by using Software Update. For Lion, the security updates come as part of the update from 10.7.2 to 10.7.3. On Snow Leopard, it is a separate security update that does not change the version number. If you are still using OS X 10.5 (Leopard), please understand that Apple is no longer providing any updates, including security updates for it.
There are a large number of security fixes in the latest (February 1, 2012) updates, Security Update 2012-001. None of the fixed security issues directly affect 1Password or Knox, but as always, it is better to keep your system secure through regular software updates.
Automatic Operating System updates
Windows Update icon On both the Mac and Windows you can set your system to check for updates automatically. On the Mac, just go to Apple Menu > System Preferences > Software Update and use the “Scheduled Check” tab.
On Windows 7, just go to Start > Control Panel > System and Security > Windows Update and then “Change settings” in the sidebar at the left. Note that the layout is slightly different depending on the version of Windows.
Keeping 1Password up to date
Naturally, you should also be keeping 1Password and its components up to date. If you are using the Mac App Store version of 1Password, then the App Store application will keep track of this for you. Just keep an eye out for a red badge on the App Store icon in your Dock or open the store every now and then and check the Updates tab.
If you got 1Password from our website, just go to 1Password > Preferences > Updates and make sure that you have things set to automatically check for updates.
Keeping the 1Password extension up to date
Back in the old days (before June 2011), the 1Password browser extensions came directly with the 1Password application. If we needed to make a change to, say, the Firefox extension we needed to release a new version of 1Password. Now, for all supported browsers on the Mac and for Safari and Chrome on Windows, we have a new spiffy browser extension. This extension is automatically updated through the each browsers’ extension management system so you don’t have to lift a finger!
This allows us to update the extension much more rapidly than we update the main application. It is also why the Safari upgrade to 5.1.3 that comes with yesterday’s Lion update and the release of Firefox 10 a few days ago do not require new versions of 1Password to be released.
Each browser does things a bit differently, so I won’t review their individual update processes here. Instead, take a look at our dedicated guide with step by step instructions for installing and updating the 1Password browser extension.
Make the computer do the work
Keeping software up to date used to be a chore, but more developers and more systems are working diligently to make it easier. Things like the Mac App Store along with automatic checking for updates within operating systems and individual apps lets you pass most of the work to your computer. After all, computers should be the ones performing the tedious chores. You do still need to supervise the computer in this task to make sure it gets done, though.
It’s hardly anything new or insightful to say that keeping your system up to date is one of the best things you can do for your security, but that doesn’t make it any less true.