This is the tenth in a series of 12 tips to help you improve your online safety. System Administrators know (from sometimes bitter experience) that updates to systems and programs are meant to improve things (add features, fix problems), but don't always do so. The sheer volume of updates to programs and apps can mean that we click to install updates without checking. Given this tendency to trust program updates, hackers are now targeting the update mechanisms themselves. A couple of notable successful attacks in the last year:
- CCleaner (a system cleaner, and owned by the anti-virus company Avast) had their download servers compromised, and a program intended to help guard against malware actually distributed it.
- An extension for the Chrome browser - the well-regarded Web Developer for Chrome extension was hacked by a phishing attack on the developer's Gmail account
What should I do?
- Minimise the number of programs and apps on your devices - uninstall those you don't use.
- Don't use the administrator account for everyday activities - this means that programs will have to ask for your permission to apply updates.
This article was originally published on the Online Safety Alliance