Many users avoid patching for various reasons, such as having to reboot their computer -or- reluctance that patches may cause issues, but I would caution against this vehemently. Patching is very important from a security perspective. Software vendors regularly release security patches that address vulnerabilities that are discovered by them or reported by researchers and users. Not installing these patches can leave you vulnerable to exploitation by hackers and other malicious groups. To help you stay up to date and secure, lets discuss further the importance as well as some best practices around patching.
How often do I have to patch?
The short answer is as soon as a patch becomes available. Microsoft has a regular cadence (the second Tuesday of the month – referred to as ‘Patch Tuesday‘) on which they release patches. Not all patches that are released address security issues though. Some also address bugs and general issues with the Operating System, applications installed, hardware drivers or introduce new features. Generally, installing all of the available patches when they become available is the best approach. Other software vendors may also have a cadence that they follow – too numerous to list – while others release patches as needed.
Can I automate the patching process?
Yes! Windows by default will install patches for you – or you can configure them to function according to your schedule or manually install them as you see fit. The best practice is to allow Windows to automatically install updates when they become available and alert you if a reboot is required. MacOS does not have a ‘Patch Tuesday’ per se, patches are released when vulnerabilities and bugs are discovered or when new features are released. The same can be said for Linux. Both Operating Systems have the ability to schedule automatic updates. In addition to OS patches, most applications (such as Adobe Reader or Acrobat) have automatic patching capabilities that can alert you when an update is available or just install it for you when it becomes available. This feature is typically found in the settings of the application and is also sometimes available under ‘Help > Check for Updates’. If the application that you are using does not have automatic update features, you should periodically use the method above (help > check for updates) or check the vendor web page for any available updates periodically.
What if a patch breaks something?
If you install an update that breaks some functionality, it is important to determine the importance of that functionality and weigh whether or not you can do without it or accept the risk of not being up to date. If an update breaks everything, then you will have to roll back the patch. This is not a technical write up on how to roll back a patch, so I will not go into detail on this process here, although your best bet is to use Windows System Restore functionality (found in control panel/settings). For applications that break, you may need to uninstall the application all together and install the previous version that you were using prior to the update. If the application that you are reinstalling created data or has any configuration data that may be important, it is important to ensure you back this up prior to making any changes. Generally, this can be done by remove in the application from Add/Remove programs or applicable App Store and then re-downloading the application and re-installing it from the Vendor’s site or whatever app store you originally used to install.