With all of the cybersecurity bells and whistles provided by modern network security tools, it’s easy to overlook one of the most effective ways of keeping enterprise assets safe from bad actors. Software updaters make sure that devices are exactly that – up to date and running the latest software. When everything goes to plan, users get to sit back and let the updating routines work their magic – a multi-step process that operating system giant Microsoft provides some insight into in a recent blog post from its Windows team.
The workflow runs in four stages – scan, download, install and commit, which are overseen by what Microsoft dubs the ‘Update Orchestrator’. Step one is to check to see whether any new releases are available on the update server – a process that occurs at randomized intervals to avoid overloading the system, which could occur if clients all made their requests at once.
If a new update is available then the Update Orchestrator will run the download in the background, which allows the device to run as normal. That’s an important feature for when PC users are in the middle of a foreground task, but an essential one for other hardware such as connected heating or door locks, where any interruption in service could cause pipes to freeze or allow intruders into a facility.
Before installation takes place, an ‘action list’ is created that describes all of the files that are required for the update as well as providing instructions for the installer on what to do with them. And once installed, the Update Orchestrator will initiate a reboot to commit the updates. Ideally, the whole process runs like clockwork, but should an error occur, it’s worth checking for network faults – a common point of failure. These might show up as SOAP errors, depending on the protocol in use for exchanging structured data between web-services.
Any security advice worth its salt will put the implementation of software updates towards the top of the list. Adversaries are well aware of the loopholes that have been found in operating systems and other software and will be on the lookout to see if an old version is still running, to gain a foothold for mounting newer attacks. By failing to apply updates promptly, operators are putting their devices, and the systems they access, at risk.
The FBI gets straight to the point in its recommendations on protecting systems and data with ‘keeping systems and software up to date’ taking top billing on the page. However, criminals thrive on predictable user behavior and will try to fool potential victims into clicking on a rogue ‘software update required’ window – one of many attacks reported on the FBI’s Internet Crime Complaint Center IC3.
Software updaters themselves also need to take security seriously to avoid becoming a weak link in the chain. The Update Foundation, based at NYU Tandon School of Engineering in the US, lists a number of common attacks against software update systems. These include ‘rollback’ methods where attackers force the system to revert to an earlier version of the loaded software, which is known to contain vulnerabilities.
Designing updaters to be secure is not trivial as systems need to be both seamlessly functional to legitimate users, as well as impenetrable to bad actors. Users would have good reason to rollback to an earlier update if the process had failed – for example, due to network issues, as touched on above – which provides a glimpse of the foresight that systems designers need to possess.
Other potential issues include so-called ‘endless data attacks,’ where clients are tricked into downloading an endless stream of packets, which either fill up the hard drive that the file is pointing to, or overload memory – actions that are sufficient to crash the machine. Fortunately, there are key security principles that, when applied, can guard against known attacks.
Systems need to be able to establish trusted lines of communication, to which cryptography is able to lend a helping hand. Integrity too needs to be validated to make sure that files are what they say they are, and not just to ward off attacks, but also to flag when a download has been corrupted. Again, this receives another tick in the cryptography box. Building in so-called ‘freshness’ is another key component – for example, to stop clients from running older update files that they’ve actually seen before, something that an attacker could otherwise jump on to re-introduce vulnerabilities into the system.
There are steps that network administrators can take to protect users by setting minimum security requirements for clients that nudge good security behavior, such as keeping software up to date. And if machines don’t make the grade, they don’t get to connect. This is an absolute no-brainer for major infrastructure and the US Department of Energy (DoE) shares its minimum security requirements for computers connecting to its Berkeley Lab network, which doubles as a useful crib sheet. Compulsory for Windows, Apple and UNIX/Linux machines joining the network are the requirements to “Install critical operating system patches [and] when available, enable automatic update functionality,” write the DoE administrators.
So the next time you are taking a sip of tea, coffee, or the beverage of your choice, as you wait for software updates to be applied, raise your glass to the systems that play a frontline role in keeping computers safe from the bad guys.