Helping people with computers... one answer at a time.

Update notifications come at various times and in various ways. I'll look at how to best determine which are legit, and what to do if you suspect not.

I am constantly being asked to download updates from the likes of HP, ADOBE, QUICKTIME, in fact just about any software on my machine. Question, how do i know if these are genuine or not somebody with mal intent.

A very good question. We see people being infected with malware regularly because they get a pop-up notice that they're infected, when they're not. What's to say that the same scenario won't work when it comes to software updates?

In short: well, nothing really.

Nothing, that is, except understanding what to expect, what looks fishy, and what is clearly and obviously bogus.

I wish there were a blanket rule I could quote, or even more consistency across different update mechanisms, but sadly I have neither.

Email: The Immediately Suspicious

Update notices via email are nothing new. I know I regularly get notification from various software vendors promoting the latest version of their software. Those may well be legitimate.

But I still won't click their link.

"Over time you'll learn what to expect from the various vendors for the software on your machine."

Email is simply too easily forged. That link you think came from a vendor you purchased software from may be completely bogus. It may take you to a site that even looks like the vendor's site, but you really have no idea what you're downloading.

Forget the link. Go to the vendor's site yourself.

Here are a few other rules of thumb when it comes to emailed update notifications:

  • If it's for software you don't have, it's bogus.

  • If it's an attachment, it's bogus. Vendors learned long ago that attachments simply don't work because so many viruses used them.

  • If it's for Microsoft, Hotmail, MSN or any other Microsoft-related property, it's almost certainly bogus. Windows Update and Microsoft Update handle what's on your machine, and web sites like Hotmail don't have updates that you would install.

  • If it's for Apple, Adobe and other software for which you normally get updates via software already installed on your machine, the email's probably bogus. Like Windows Update, the updating software on your machine for these tools is the way updates are distributed.

Check On Run

Over time it's important to simply become familiar with the various ways software updates itself on your machine, and which software packages use what techniques.

My favorite is "check on run" - meaning that when you run a particular program it checks and tells you right then if there's an update available. I wish that more applications used this technique.

If you run iTunes, and iTunes immediately tells you that there's a new version of iTunes available, that's almost certainly legitimate. Similarly if iTunes tells you that there's a new version of QuickTime available, that's almost certainly legitimate as well, since iTunes uses QuickTime.

I use iTunes and Apple as a scenario that annoys me as well, since when you run iTunes you're also likely to be told that there's a new version of Safari available. Safari's Apple's web browser and unrelated to iTunes. It turns out to be legitimate, but it's not something you need to take unless you do, indeed, run Safari on your machine.

That definitely makes things more confusing.

But ultimately update checks when you first run a program for it, or for services that are related to it, tend to be legitimate and something that over time you'll come to quickly recognize.

Random Popups

Harder to recognize are random popups.

Some software, often software that's more or less continually running on your system or not really an application that you'd use but a service that other applications might use, check "every so often" for updates. When the check happens and an update is available you're presented with a popup. Fortunately, I'm not seeing these as much as I once was, simply because manufacturers realize that theses could be easily mimicked by purveyors of malware.

The only real advice I have to offer here is that over time you'll become familiar with what these popups look like and how they behave. Anything outside of what you're familiar with should be treated with suspicion; typically that means visiting the software manufacturer's website or support offerings and looking for something that confirms an update is expected.

Less Random Popups

What a number of vendors are doing these days is checking for updates when you login. The latest Flash updates from Adobe seem to be in this category (though it's also possible that Flash may check with you first run your browser).

While it slows down startup somewhat, it makes a certain amount of sense - at least you're not getting interrupted in the middle of your work for some random update.

Once again, though, this is an area where malware could interfere - though it's less likely since in order to have something like this happen at startup you likely would already have to be infected, and hence there'd be no real need to fool you again.

System Popups

Depending on your settings, Windows, of course, will provide you with a taskbar notification when new updates are available. Then if they're not already installed you can initiate Windows Update - either via the application on your system or by visiting the Windows Update web site.

Other applications do similar. Firefox, for example, has a very passive notification window that appears telling you that updates are available and then quietly goes away; the next time you start Firefox you get a more prominent message.

The Answer? Familiarity and Vigilance

Yes, it does sometimes seem that there's almost always an update of some sort we're being told about. I view this as a good thing in general, since vendors are actively fixing potential vulnerabilities and other problems in their software - I want the latest versions.

Over time you'll learn what to expect from the various vendors for the software on your machine. The key is never to accept what you don't expect. At a minimum if you get a popup or notification that you're not sure of, don't accept it. Updates are rarely, if ever, mandatory. You always have the option of declining the update, and doing some research before electing to accept it the next time it comes around.

And of course always make sure that your machine is up to date with the latest system patches and anti-malware tools and databases.

Yes, that is somewhat ironic, since some of the very update notices we've been discussing might relate to those very programs.

That's why it's important to have some familiarity and know what to expect.

I do expect that malware creators will attempt to fool you by exploiting these paths more in the future.

Article C4482 - October 9, 2010 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

5 Comments
Mary
October 9, 2010 10:18 PM

I've found that Secunia PSI is a fairly reliable way to keep track of updates. You can let it run in the background or do on-demand scans to check programs and plug-ins.

http://secunia.com/vulnerability_scanning/personal

Les Meyers
October 12, 2010 10:48 AM

I agree with Mary's comment. In addition, Secunia PSI allows me to eliminate or turn off all the services which programs lunch at startup to look for updates. This decreases the memory load on the computer's memory, freeing that memory for programs.

Saetana
October 12, 2010 6:09 PM

Secunia is an excellent piece of free software for keeping track of major application updates. It runs in real-time (this is not essential if you have an old machine and can remember to run it once a week yourself) and lets you know immediately an update is available for applications such as Adobe. More than that thought it provides a button you can click which links straight to the appropriate download. Its an easy way for people to update their applications, its concern is security as updates often are fixing security issues that have come to light amongst other things. I have been using it for 3 years now without any problems and it is highly recommended by all my computing magazines.

Bob Hill
December 13, 2011 7:38 PM

I consider Secunia PSI my trusted source for all updates. Anything else that prompts me for an update is suspect.

New to Mac
February 9, 2012 9:11 AM

I know that you are a PC person, but I have a question that pertains to security for my Mac.

Recently I bought my first Mac. I've installed Norton Internet Security for the Mac, but was unable to install Malwarebytes on it. Is there an equivalent of Malwarebytes and Secunia for the Mac? If not, can you please recommend security software that I should consider?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.