Qualys Blog

www.qualys.com
wkandek

Top 4 Controls for a Secure PC – Part 2

Updating your computer software for security purposes should be a no-brainer, after all we have been working on this issue for the last 10+ years and it should be a solved problem. Nevertheless, many people use their PCs basically as they received it, ignoring patch warnings, thinking it does not apply to them:

bp2_0

(from a recent dialogue that I had on a news/comment site) or believe they have more important things to do:

bp2_1

The Top 4 Audit gives us the information on Operating System and other Microsoft software in Control 3 – in my case I am missing updates for Internet Explorer, Windows, .NET, Office and others, all pretty much unavoidable since they get updated almost every month, and any new installation will be behind almost automatically.

bp2_2

Anyway, getting the Operating System up-to-date is straightforward, simply run Microsoft Update (the more complete version of Windows Update) a couple of times until all pending updates are applied, and in the process, configure it for automatic installation going forward.

bp2_3

You can do this without leaving your newly set up standard user (for me “wolfgang”, see last week’s post), but you will have to give the credentials for your administrator user every once in a while. From Desktop, access the Control Panel, and then click on System and Security, under Windows Updates, click on Check for Updates. If you have not done so before, also opt-in to automatic updates from here on. My first run of Windows Update gave me 920 MB to download, which took about 45 minutes to install.

bp2_4

After installing these 84 patches and rebooting, a second run gave me another 600 MB, which took roughly 30 minutes to install plus reboot. A third run gave me 5 MB and was just the latest Flash player update embedded in Internet Explorer 10, a really important 2-week old update as it fixes a 0-day vulnerability. But my Top 4 Score now looks quite a bit better: A in Control 4 and A in Control 3 for an overall score of “C”.

bp2_5

and even better from now on updates should be relatively easy and quick. Just need to pay pay attention at Patch Tuesday every month and let the machine update itself.

Next step: Application Patching – Control 2 – getting rid of that “D”.

Leave a Reply