Quote:
|
Originally Posted by Ernesto75
But the more I look at the insides of my machines the more I am wondering.
For example Apple is beginning to do the same. They just released a new version of their OS. This is all very well but why do they insist so much to have me upgrading? Everyday I am prompted on my iPhone for an upgrade. They are really insisting and I become weary.
Similarly I have been nagged by Acrobat.
|
Caution mon ami! All updates are not the same. In our haste to prevent Microsoft from "helping" us to upgrade to Windows 10, please make sure not to turn a blind eye to legitimate, security related updates, whether they be from Apple, Adobe, or yes, even Microsoft.
As I have stated on prior occasions, the good thing about security related updates is that they can usually be linked to publicly released bulletins, typically from reliable government or industry sources. In the United States the
US Computer Emergency Readiness Team (US CERT), which is part of the Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC) serves as a clearinghouse for such information. Under the European Union the
CERT-EU has this function.
I pulled these from the
US CERT website:
Apple Releases Multiple Security Updates
Published October 21, 2015
Apple has released several security updates to address critical vulnerabilities in multiple Apple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Available updates include:
OS X Server 5.0.15 for OS X Yosemite v10.10.5 and OS X El Capitan v10.11.1 or later
Xcode 7.1 for OS X Yosemite v10.10.5 or later
Mac EFI Security Update 2015-002 for OS X Mavericks v10.9.5
iTunes 12.3.1 for Windows 7 and later
OS X El Capitan 10.11.1 and Security Update 2015-007 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11
Safari 9.0.1 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11
watchOS 2.0.1 for Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes
iOS 9.1 for iPhones 4s and later, iPod Touch 5th generation and later, and iPad 2 and later
Adobe Releases Security Updates for Flash Player
Published October 16, 2015
Adobe has released security updates to address multiple vulnerabilities in Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review Adobe Security Bulletin APSB15-27 and apply the necessary updates.
Adobe Releases Security Update for Shockwave Player
Published October 27, 2015
Adobe has released a security update for Adobe Shockwave Player. Exploitation of this vulnerability could potentially allow an attacker to take control of the affected system.
Users and administrators are encouraged to review Adobe Security Bulletin APSB15-26 and apply the necessary updates.
Aside from the US and EU CERT organizations,
ZDnet's Zero Day blog is also a valuable source of information. There are certainly more.
I know at times all of this can be quite overwhelming. But knowledge gives us the power we need to make informed decisions. For example, I recently declined the offer by my credit union to use their mobile banking app. Sure, banks and thrifts are using these apps to cut costs (i.e., STAFF) and in their view provide "better" service. But aside from the very real possibility of losing my smartphone, the inherit vulnerabilities of smartphone platforms as a whole mean that I can't feel comfortable using a banking app in such an insecure environment. And the spying and data collection that cellphone carriers and app providers are engaged in would make Apple or Microsoft blush!
I am a fan of the horror stories of
H.P. Lovecraft. Reading details of security vulnerabilities and hacks actually scares me more!
US CERT: https://www.us-cert.gov/about-us
CERT-EU: https://cert.europa.eu/cert/plainedi...ert_about.html
ZDnet Zero Day blog: http://www.zdnet.com/blog/security/