Updating and fixing Windows computers

It is strongly recommended that you keep your Windows Operating System (OS) and software applications up-to-date by installing all OS updates, and running anti-virus software.

  • An update is used to protect your system from attacks. By keeping your system up to date you ensure that all the security exploits found in your OS are protected against virus/malware from the Internet.
  • Anti-virus software checks for viruses in files on your system, and new ones as they move onto your system.

There are numerous risks to not keeping your workstation securely updated and your anti-virus software up-to-date.

  • You run the risk of having your computer attacked and compromised.
  • Your machine could be rendered inoperable or be used for other things like a "rogue File Transfer Protocol (FTP) site" (where others would store files on your system).
  • Your machine could be programmed to attack other computers or cause network interruptions such as a denial of service attack (where so much network traffic is generated that computers can no longer communicate with each other).

Because compromised machines are a threat to other computers and the university computing infrastructure, these compromised machines will be cut off from campus network resources.

Microsoft updates are tested for the specific problem they address. They are not tested with the rest of the operating system or other applications until they are incorporated into a service pack. There is always a slight risk that a patch may cause other programs or operating system components to fail but applying critical updates is better than not updating at all.

Microsoft also provides non-critical updates. Unless there is a compelling reason, we recommend you do not apply non-critical updates (these updates appear as "optional updates" in the Windows 7 environment).

Getting updates to your computer

You must have a local administrator account on your machine in order to install service packs and to run Windows Update. Note: You should sign onto your local administrator account only when you require this level of authority for adding software, installing service packs, or running Windows Update. You should not run as administrator for most day-to-day tasks.

Keeping your system up-to-date

Once you have the latest updates, you should configure your system to continue to check for new ones. There are two methods available to you.

  1. Windows Update: for people moving on and off the Waterloo campus

    1. The most efficient way to keep your Windows up to date is by configuring your system to get the latest updates automatically using Windows Update.

    2. You can do so by going to Start Menu > Control Panel > Windows Update.

    3. If your computer is managed by the Information Systems & Technology (IST) administrators, you automatically receive updates as described below.

  2. Software Update Service (SUS) Server: for uWaterloo confined computers
    1. The university SUS server is another way for you to automatically download and install Microsoft critical security updates.
    2. If you have a desktop computer that resides permanently at the university and is plugged into the campus network, you can configure it to download patches and service packs from the university SUS server.
    3. The value of obtaining your updates with this method is the patches are tested on a number of uWaterloo workstations prior to general release.
      1. Windows Server Update Services (WSUS)
      2. How to configure your University of Waterloo workstation to use Information Systems & Technology's (IST's) WSUS server

Other software programs

  • You are strongly advised to keep your other software programs up-to-date as well, not only to get the latest features but also for improved security.
  • Generally, when you register your software you will be enrolled or be informed about any upgrade strategies from that particular vendor.
  • Anti-virus software should be another part of your overall computer security and includes running and maintaining anti-virus software. See the Viruses & Spyware web page for more information.

Updating and fixing Linux computers

It is recommended that you keep your Linux OS and software applications up-to-date by regularly running the updating tools provided with your distribution.

At present, native Linux viruses are rare, but that situation could change. It is wise to run anti-virus software anyway. Here's a brief description of each task.

  • Software updates are done many different ways in Linux.
  • System updates and software updates may be at the same time, or separately, depending on your distribution. But generally the same basic method is used for both.
  • You should look at the user documentation provided with your distribution for instructions.
  • Anti-virus software checks for viruses in files on your system, and new ones as they move onto your system. It is likely that your distribution does not install anti-virus software by default. There are several freeware, open-source, and commercial anti-virus applications for Linux.
  • If you do not keep your workstation securely patched and anti-virus software up-to-date you run the risk of having your computer attacked and compromised.
  • Your machine could be rendered inoperable, be used for other things like a "rogue FTP site" (where others would store files on your system), or your machine could be programmed to attack other computers or cause network interruptions such as a denial of service attack (where so much network traffic is generated that computers can no longer communicate with each other).

Because compromised machines are a threat to other computers and the university computing infrastructure they will be cut off from campus network resources.

More details on updating your system

Updating your system software (applying security patches, etc.) is easy. There are typically both graphical and command-line tools for the job.

  • The general idea is that your system configuration is stored in a database.
  • This information is used to determine which updates are to be downloaded from specified update servers on the Internet.
  • The update files may be packaged up in various ways. Some common package formats are: Redhat Package Manager (RPM), deb (Debian Package), tar'ed and zipped source files, etc.
  • You should do regular updates (weekly is a good idea) by running the appropriate application in your distribution; you'll usually find it under "System Configuration" in the menus if there is a Graphical User Interface (GUI) tool.
  • Some methods will notify you automatically that updates are available for your system. There really is no harm in updating everything (unless you have a slow network connection).
  • You will need to do system and software updates as the "root" user.
  • You should always log in to your system as a regular user, then gain root privileges only when necessary.
  • The graphical updating tools will prompt you for the root password.
  • If you are using a command-line updating tool, you will need to run "sudo" or "su -" before running the update command to become the root user.

Other software

Programs

  • You are strongly advised to keep all your software programs up-to-date, not only to get the latest features but also for improved security.
  • Linux applications are constantly being improved, so it's worth your while to update your applications frequently too.
  • The software update procedure may be rolled in with the system updates, or may be separate.

Anti-virus software

  • Part of your overall computer security should include running and maintaining anti-virus software.
  • Your distribution may not include an anti-virus tool. See the usual online software archives for Linux for more information about what applications are available for Linux OS.
  • If your distribution's archive has the software, you should install it from there rather than from a third party site.

Updating and fixing Mac computers

It is recommended that you keep your Macintosh OS and software applications up-to-date by regularly running "Software Update" and running anti-virus software. Here's a brief description of each task.

  • Software Update is Apple's mechanism for automatically downloading and installing updates to Mac OS X.
  • These updates often can include new improved features, but also mend parts of the OS and Apple's own software (such as Safari) that are vulnerable to hackers.
  • Anti-virus software checks for viruses in files on your system, and new ones as they move onto your system.
  • We strongly recommend you regularly run the Mac's Software Update. While there occasionally is a risk of updating your OS, usually the risk of not updating your Mac is a greater risk than that of updating it.
  • If you do not keep your workstation securely patched and anti-virus software up-to-date you run the risk of having your computer attacked and compromised.
  • Your machine could be rendered inoperable, be used for other things like a "rogue FTP site" (where others would store files on your system), or your machine could be programmed to attack other computers or cause network interruptions such as a denial of service attack (where so much network traffic is generated that computers can no longer communicate with each other).

Because compromised machines are a threat to other computers and the university computing infrastructure they will be cut off from campus network resources.

How to run software update

Software Update is very easy to use and can be scheduled to regularly check for updates, which we recommend.

  • On all versions of OS X it is available under the "System Preferences" under the Apple Menu (in the upper left).
  • On OS X 10.3 and later it's even easier to get at as it is a menu item under the Apple Menu (in the upper left).
  • In either case, once you start software update you can set it to do regular updates (weekly is a good idea) by clicking on the "check for updates" button and choosing how frequently to do the check for updates.
  • You can also get it to check for updates immediately. You will be presented with a list of software updates to run. There really is no harm in updating everything (unless you have a slow network connection), but if there is a software update to an application that you know you will never use (such as iTunes) then you may wish to not update it. However, unless length of time to download these files is a concern, it is best to update everything.
  • When Software Update runs you will be asked for an administrator name and password - the name and password on the first account you created on the Mac are ones that you can use.
  • When software update runs you may be asked to restart your computer. If you have not run software update before, or it has been a long time since you have done it, you may want to run it once, restart the computer and run it again to see if there are any 'updates to the updates'.

Other software programs

  • You are strongly advised to keep your other software programs up-to-date, not only to get the latest features but also for improved security. Generally when you register your software you will be enrolled or be informed about any upgrade strategies from that particular vendor.

Anti-virus software

  • Part of your overall computer security should include running and maintaining anti-virus software. See the Viruses & Spyware web page for more information.