“Keep your software updated!” is the closest thing we have to security advice that will work for everyone. But the reasoning behind it can be counterintuitive, and even quick updates can intolerably interrupt people’s workflows. Below are several common questions about why it is so important to update one’s software, as well as tips for how to talk about it with people new to digital security.
Updating your software makes you more expensive to hack.
No software is perfect. Programmers make mistakes, best practices get updated, and security problems are discovered over time.
Sometimes, security researchers will discover security bugs and not report them to the developer. This kind of bug is called a “zero day” or “0-day,” because the company that could fix it does not know about it and has had “zero days” to address it. These kinds of bugs can be hard to find and expensive to purchase, and are sometimes used in targeted malware or phishing attacks on very high-value targets. Most people do not have to worry about these kinds of bugs.
More often, it will be amateur or professional security researchers, academics, or employees at the company itself who discover such problems, and report them back to the developers to get fixed. When that’s the case, the company can release updates (also known as “patches”) to correct the problem. If you update your software as soon as that pesky “Update!” notification pops up, you are staying current with the best available protections.