An ounce of prevention: Ensuring that updates to software, devices are legitimate
Is this update legitimate?
Maintaining operating system and software updates on your Ohio University and personal devices remains a staple component of cybersecurity.
Knowing this, attackers may try to encourage you to install malware. They may do this through phishing emails or phone calls posing as IT Support, or through messages that alert you to a “virus” on your device, but really download malware onto your devices.
In alignment with the CISA 2024 Cybersecurity Awareness Tip to Update Software, this article aims to address best practices for updating your devices along with distinguishing between a real and fake update prompt.
Why update
Here is a quick summary of the importance of why you should have an updated operating system and software.
- Security enhancements: As new exploits are discovered for our devices, it is important to patch those flaws by applying security updates. This protects University and personal data.
- An exploit is something that bad actors can take advantage of in order to gain access to systems.
- Performance/bug fixes: Often security updates are released with feature or problem fixes. Therefore, updates can provide a better user experience.
- New features: Developers often produce new features that only get rolled out in updates. If you want the latest and greatest features of a product, an update might have to be applied.
- Compliance: The Ohio University Patch Management Standard requires timely updates to your devices. This aligns with industry best practice.
How Ohio University distributes updates
Thankfully, the burden of determining if a software update is real or fake is largely handled by Ohio University for university owned and managed Mac and Windows workstations.
Using tools like Microsoft Intune, Configuration Manager, and JAMF, Ohio University administrators can deploy the updates for you. The only thing you may need to do to apply the updates is restart your device.
Oh no, I am still seeing an update notice! Is it real?
You may see notices from your device that an update is required. Likely the largest risk is while surfing the internet on web browser like Google Chrome, you may stumble on a malicious website that prompts you to update your device such as seen in this example:
If you click to update, a malicious file will download and attempt an install of the malware to compromise your device and data.
What should I do to combat fake updates?
Generally, do not trust an email or pop-up within a web browser window informing you to install an update. If you are uncertain if the prompt for an update is legitimate or not, cancel or ignore the prompt. You then can manually check for updates using the knowledge base articles below.
Need additional help?
Do not hesitate to contact Ohio University’s Information Security Office:
- Email: security@ohio.edu
- Website: ohio.edu/oit/security
- Phone: 740-566-7233