-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST04-006
Understanding Patches
When vendors become aware of vulnerabilities in their products, they
often issue patches to fix the problem. Make sure to apply relevant
patches to your computer as soon as possible so that your system is
protected.
What are patches?
Similar to the way fabric patches are used to repair holes in
clothing, software patches repair holes in software programs. Patches
are updates that fix a particular problem or vulnerability within a
program. Sometimes, instead of just releasing a patch, vendors will
release an upgraded version of their software, although they may refer
to the upgrade as a patch.
How do you find out what patches you need to install?
When patches are available, vendors usually put them on their web
sites for users to download. It is important to install a patch as
soon as possible to protect your computer from attackers who would
take advantage of the vulnerability. Some software will automatically
check for updates, and many vendors offer users the option to receive
automatic notification of updates through a mailing list. If these
automatic options are available, we recommend that you take advantage
of them. If they are not available, check your vendors' web sites
periodically for updates.
Make sure that you only download software or patches from web sites
that you trust. Do not trust a link in an email message--attackers
have used email messages to direct users to malicious web sites where
users install viruses disguised as patches. Also, beware of email
messages that claim that they have attached the patch to the
message--these attachments are often viruses.
_________________________________________________________________
Both the National Cyber Security Alliance and US-CERT have identified
this topic as one of the top tips for home users.
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2004 by US-CERT, a government organization.
Note: This tip was previously published and is being re-distributed
to increase awareness.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST04-004.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRgq5kuxOF3G+ig+rAQLl/QgAg0WlApazvFDSCJX8C+m7X0cEf9p+AFWL
A6IQuN0cg3OQZ45VKO3QOW8PHqUXaRWdx/rJjwpRYA6I0a2gfwnFkmQR7TkK+Ao4
qkIrSE5ZyrvCmUcfqUozswWdsHaZd9KwiKI26YHOKlBhZ/Nd33i2Baj2APqCuMed
EHaImNvp1HU4gPYugS0cLBaPEsqksfpX9ScQePoOtL/ZumC2BdumBb/4X/Uyk8CP
9etTarJno+d8LaRZelW3ISqZzedF8F1ziXMvEjt5yiNoupekLzRBWkL9GYwaCSFF
oBZ55rpJ8sA62n43Jpp600YjFS232C5q4U9ukXX2+NOXldp1aNXxRA==
=UyQn
-----END PGP SIGNATURE-----
