This is the first in a series of posts on things that everyone should be doing to improve their security. These are the things that are so important that there’s no real room for debate about whether they’re worth doing or not in your situation — just do them.
The single most important thing you can do to improve your security is to keep your operating system (OS) updated. New vulnerabilities are being found all the time that can compromise your data, or let an attacker take complete control of your machine, and software suppliers are usually pretty quick at issuing fixes for these vulnerabilities (except for Android devices). But the fixes will do you no good unless you install them, or even better allow them to be installed automatically. We’ll talk about upgrading standalone web browsers, email clients and other critical software in a future post.
Many people are nervous about applying software updates because it feels like a security risk to do so. It’s true that you should be careful what software you allow to run on your machine, and you should be cautious if a window suddenly pops up saying “Run this to upgrade your software”, but it’s far far safer to keep your software upgraded than it is to not do so. Just make sure that you download the update from the software company’s website or using the operating system’s built-in update facility, and don’t do it while you’re on a public wifi network.
Check your OS version
The first step with your operating system is to make sure that it’s new enough that the supplier is still supporting it with security patches. If not, then you need to upgrade right now to a supported version. If your hardware is too old to run a newer version, then I’m afraid it’s junk, at least if it’s a computer. You need new hardware. If it’s a computer, it will be at least five years old, and probably older, so you’ll have had your money’s worth out of it. If it’s a smart phone or tablet, those are newer devices with shorter lifespans, and you may have to live with a faster upgrade cycle. But their operating systems tend to be more secure, and you may be able to get by for a while on an older version. I’ll attempt to tell you below when that’s not the case.
So, you need to determine what version of the operating system you’re currently running on any device you have that creates or accesses your personal information — that will generally be any computer, smartphone or tablet that you own. If you don’t know what version of your operating system you have, search online for “check Windows version” (or OS X, or iOS, or Android, or whatever your operating system is, and follow the link.
Windows XP (and earlier versions such as Windows 2000, Windows 98 and Windows 95) is no longer supported. “Extended support” for Windows Vista (which includes security fixes) expires on April 11 2017, so if you’re a Vista user, you will need to have upgraded by that date. Windows 7 and higher are all good until at least 2020. Windows 10 has just been released, and is a free upgrade for users of Windows 7, 8 or 8.1, but not Vista or XP. However, note that the free upgrade will only be available for a year from the launch date.
Apple do not publish support expiry dates like Microsoft do, but they are currently supporting OS X 10.8 (Mountain Lion), 10.9 (Mavericks), 10.10 (Yosemite) and the forthcoming 10.11 (El Capitan). If you’re still using 10.8, it’s likely that support will end soon, and you should be thinking about upgrading. Almost any Mac that runs 10.8 will also run all newer versions up to and including 10.11. Apple’s OS upgrades are generally free.
iOS 8 is the only iOS version still supported, and it won’t run on the iPhone 4 or older, the first generation iPad, or the 4th generation or older of the iPod Touch. The forthcoming iOS 9 should run on anything that will run iOS 8. iOS is secure enough that you may be able to get away with running an unsupported version for a while, but keep an eye on announcements of critical vulnerabilities if you do so.
Android is much less standardised than iOS, and phone manufacturers are not always good about providing upgrades for phones that are no longer sold. Only Android versions 4.4 (“KitKat”) and 5.0 (“Lollipop”) or newer are still supported. With the announcement of the Stagefright vulnerability, you have a difficult choice to make if you’re on an Android version between 2.2 and 5.1 (especially if it’s before 4.1) and you can’t get a fix from your handset manufacturer.
Check for OS updates
Having worked out what version of your operating system you have, it’s time to check for updates. It’s worth doing so even if it’s no longer supported, or if you plan to upgrade to a newer version, since it will improve your security more quickly and may make the upgrade process go more smoothly.
If you don’t know how to check for updates, search online for “update Windows Vista” or “update Android 4.1” or whatever the name and version of your operating system are. Then follow the instructions that you find. You may find that you’re updating some other software as well, besides the OS, and that’s fine — there are very few situations in which updating your software will reduce your security. I would advise enabling automatic updates to make sure that you stay updated in future — pretty well all modern operating systems have that feature.
Keep An Eye On It
Security is a process, not a check-list that you can complete once and be finished with it. You should periodically check that your OS is remaining up-to-date, and is still supported by the supplier. At the current product lifecycles, you should be looking to update your version of Windows at least every five years, OS X every two years, and iOS or Android every year. That’s it for operating systems. Next time, we’ll look at the other software running on your computer, tablet or phone.