Do you have any idea how many insecure programs you have running on your computer? Insecure, at least in the context of the aforementioned question, does not mean any particularly nasty piece of code whose fundamental purpose in existing is to cause harm. The root cause of any violation of security on any computer, regardless of the operating system it runs, is the existence of a vulnerability. That is why you get patches/fixes/service packs and whatever other name you want to call them released specifically to fix security holes in your system.
If you don’t update your software as frequently as you should, then you leave your computer open to an intruder. But even more importantly, most of the software that we rely on don’t regularly check for updates which means that we would have to remember to check for updates of any of the numerous software we have installed. It does not help that some of these pieces of software that we need to update are components in other much larger pieces of code. How many times do you check for updates of browser plugins?
Yesterday I came across Secunia’s Personal Software Inspector (PSI) which scans your computer and finds out which programs you have for which patches/fixes/service packs or updates have been released. The PSI interface has two modes: Simple and Advanced. In the Simple Interface mode, PSI presents you with a list of the insecure software you have running on your computer with links to download the updates. Clicking on the link, takes you directly to the most up to date version of the software in question. After installation, it is then removed from the list of insecure software. With the advanced interface mode, you get a move detailed view of what is insecure on your computer as far as software security updates and patches are concerned. The advanced list include things like Java, PHP, MySQL and Apache. Those are the developer tools that I have installed on my machine. All them are in need of fixes one way or the other and indeed of them like the Java Runtime Environment (JRE) have been installed by third-party software hence are not influenced by the standard update process for the JRE proper.
As of this writing I am almost free of insecure programs. My Flash Player has not been update in a while which means that I have to do two updates: one for Firefox and another for Internet Explorer. The other insecure software I had running on my computer was WinRAR and that has been updated as well. The strangest thing is that Apple’s Bonjour (Whatever it is does) has been flagged as insecure but I do remember uninstalling Bonjour because I couldn’t figure out what it was doing on my computer.
I have used Ubuntu before did find aptitude more to the task of keeping a computer updated and secure in as far as ensuring that most of the software that run on the operating system are most up to date. Through apt, you can get security updates to any package that you have running on your particular installation of Ubuntu. Compare such a setup with what Windows Update does? Windows Update caters for Microsoft and Microsoft only software which are kept up to date. Note that the PSI scan on my computer did not flag any Microsoft software as being vulnerable. It would seem appropriate to allow third party software providers to tap into Windows Update so as to ensure that the entire Microsoft Platform is secure.