To further the analogy with the evolution of tools: you don’t need a manual for a stick or a stone. But as our tools get more complex, so does the understanding required to operate them, and so do their maintenance requirements.
Even so, with a car or a washing machine, much of the plumbing is still obvious to the user: replace the filters, rotate the tyres, check the oil. But software generally operates as a black box: we perform input and expect output without seeing how it works. Even in the case of open-source software, most people don’t have the time or the skills to examine the code. In fact, most open-source software is a collaborative project, relying on many thousands of voluntary person-hours to write, review and test.
To err is human – but to really screw things up you need a computer
Software’s black box may conceal hidden vulnerabilities, and the more widely distributed the software, the more incentive there is for bad operators to find and exploit those vulnerabilities. it’s a constant game of cat-and-mouse, with hackers versus security researchers and software companies, to find and patch these vulnerabilities and make sure that your software is as secure as can be. But all that effort is for nothing if users do not perform regular software updates.
- Make sure your operating system and application software is up to date. Check regularly for updates and install them as soon as conveniently possible.
- Nowadays, most software vendors operate a subscription model of Software as a Service (SaaS), so updates are available frequently at no extra charge. Office 365 is an example.
- Do not install software from dubious sources. If it sounds too good to be true, it probably is. Some ‘free’ programs are malware in disguise. Check the provenance of software you want to install. If in doubt ask around online.
- Install a reputable anti-virus program and keep it up to date.
- If you have a website, make sure you keep its software up to date. Websites with vulnerabilities can be compromised by hackers and hijacked for the purposes of spam or malware. Some website management software systems, such as Blacknight’s siteBuilder, are automatically maintained. Others, such as WordPress, can be set to install new versions automatically.