Malicious Updates - CompTIA Security+ SY0-701 - 2.3

Malicious Updates - CompTIA Security+ SY0-701 - 2.3

Keeping Your Systems Secure: The Importance of Updates

Best Practices for System Updates

  • Security professionals emphasize the necessity of keeping operating systems and applications up to date to avoid vulnerabilities associated with older code.
  • There is a risk that updates may contain malicious software, as each update can be seen as a new application installation.
  • Always back up your system before making any changes; this allows you to revert if something goes wrong during the update process.
  • Ensure that updates come from trusted sources; verify the legitimacy of update messages, especially those appearing after visiting third-party sites.

Trusting Update Sources

  • If an update message appears unexpectedly while browsing, it may not be legitimate; extra checks are advisable before proceeding.
  • Download updates directly from the application developer's site for higher trustworthiness; many operating systems require digital signatures for installations.
  • Digital signatures validate that an update is from a legitimate source (e.g., Microsoft, Adobe), enhancing trust in the update process.

Risks Associated with Automatic Updates

  • Some applications have built-in update processes that perform security checks automatically, but this does not guarantee legitimacy.
  • The SolarWinds incident in December 2020 exemplifies risks where attackers embedded malicious code into legitimate updates, affecting numerous organizations.
Playlists: Page 2
Video description

Security+ Training Course Index: https://professormesser.link/701videos Professor Messer’s Course Notes: https://professormesser.link/701notes - - - - - Many operating systems and applications perform automated updates. In this video, you'll learn how attackers can use this feature to gain access to our systems. - - - - Subscribe to get the latest videos: https://professormesser.link/yt Calendar of live events: https://www.professormesser.com/calendar/ FOLLOW PROFESSOR MESSER: Professor Messer official website: https://www.professormesser.com/ Twitter: https://www.professormesser.com/twitter Facebook: https://www.professormesser.com/facebook Instagram: https://www.professormesser.com/instagram LinkedIn: https://www.professormesser.com/linkedin