Software Installation/Updates Flashcards
What are some key components to software installation/updates?
-Verify software sources
-Understand & meet permissions
-Evaluating req
-Avoiding untrusted
What is an update?
An update is an optional change that software users can apply to their existing software installation. These could add new features, or they could be added
protection measures for your system. An update is an optional change that software users can apply to their existing software installation. These could add new features, or they could be added protection measures for your system.
What are the (2) types of updates?
One is maintenance updates, which encompasses bugfixes and security updates.
These updates are essential for maintaining the software stability, functionality, and security. They address issues, errors, and vulnerabilities within the software,
preventing crashes, unexpected behavior, and potential security breaches.
The other is enhancement updates, which include both feature updates and performance enhancements. These updates focus on improving the software’s user experience and overall capabilities. They introduce new functionalities, features, and performance optimizations, making the software more powerful, efficient, and user friendly.
What is a patch?
It is a targeted software update that addresses specific bugs, security vulnerabilities, or minor functionality issues within a program. Patches are designed to be small and focused to quickly resolve problems without significantly altering the software’s core features or user experience. In contrast, more extensive updates often introduce major new features, significant performance enhancements, or even wholesale overhauls and redesigns of the software. These are typically released as new versions or major updates clearly distinguished from smaller patches. Patches can further be distinguished by whether they are a hot or cold patch.
What’s a hot patch?
A hot patch takes effect without interrupting or restarting the running system. It acts like a quick fix addressing issues like minor bugs or security vulnerabilities without impacting ongoing operations. Hot patches are advantageous, as they minimize downtime and ensure service continuity, especially in critical environments. However, their application may be limited in scope and complexity due to the need to avoid disrupting the running system. In contrast, a cold patch requires the system to be restarted for the update to take effect.
What is a cold patch?
It requires the system to be restarted for the update to take effect. Any running services or applications will be interrupted during reboot leading to potential downtime. While cold patches can address a broader range of issues and implement more complex changes than hot patches, their application requires careful planning and scheduling to minimize disruption to users and ongoing processes.
What is a bounty?
Companies will often offer bounties to encourage people to report flaws. A bounty is paid when a public member finds documents and reports a flaw. A company will pay the finder and create a fix. This proactive approach helps to ensure that software remains secure and reliable.
What is shadow IT?
Shadow IT, which is the employee use of hardware, software, and other technology systems that have not been approved by the IT department.
What are key considerations for software installation/updates?
- Always download software from official websites or trusted sources.
- Conduct system compatibility checks before installing new software.
- Read and understand the user agreement details before installing.
- Choose custom installation options to control the components being installed.
- Research the reviews for software to see if any issues have been flagged by other users.
- Regularly update software to patch security vulnerabilities and improve performance.
What is a HotRat?
Malicious software found w/in cracked versions of legitimate software; designed to log your keystrokes, copy your files, and even give access to your system.
What is dependency tracking?
This entails maintaining an inventory of all dependencies used in the software development process. This includes libraries, frameworks, and modules. Keep track of their versions and any non-vulnerabilities associated with them.
What would an established policy include?
Only allow the use of dependencies from trusted sources that have undergone thorough security assessments.
What is a supply chain attack?
A cyber threat where attackers compromise legitimate software or its delivery process to distribute malicious software. A supply chain attack is when a hacker infiltrates the vendors network and install their compromised software unknowingly.
What are sandboxes?
It provides a controlled environment for running programs, limiting access to resources like the operating system files and network to prevent malicious software from affecting other computer parts. Widely used in modern web browsers and browser plugins, they ensure internet content cannot damage computer files.
What is code signing?
Employs cryptography, involves software companies issuing digitally signed copies of programs for authenticity verification. Used by major operating systems like Microsoft Windows, MacOS, and Linux, code signing ensures the legitimacy of operating system updates. Apple even restricts users to running certified programs from the App Store for enhanced security, albeit potentially limiting user choice.
What does antivirus/antimalware software do?
It is designed to detect, isolate, remove, and prevent malware from taking root in your computer. It is designed to detect malware identified and documented in locations such as signature databases. It will not be capable of determining new, unknown exploits (zero-day exploits), since they are difficult to detect as they do not exhibit known patterns and exploit otherwise unknown software vulnerabilities.
