Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      MultiChoice hit with multimillion-rand fine for privacy ‘breaches’

      8 July 2025

      Still in play: Ramaphosa banks on talks to ease US tariff blow

      8 July 2025

      Apple’s AI ambitions rattled by defection to Meta

      8 July 2025

      Ramaphosa blasts Trump over threatened Brics tariffs

      8 July 2025

      Court battle brewing over contentious Joburg CCTV by-law

      7 July 2025
    • World

      Cupertino vs Brussels: Apple challenges Big Tech crackdown

      7 July 2025

      Grammarly acquires e-mail start-up Superhuman

      1 July 2025

      Apple considers ditching its own AI in Siri overhaul

      1 July 2025

      Jony Ive’s first AI gadget could be … a pen

      30 June 2025

      Bumper orders for Xiaomi’s YU7 SUV heighten threat to Tesla

      27 June 2025
    • In-depth

      Siemens is battling Big Tech for AI supremacy in factories

      24 June 2025

      The algorithm will sing now: why musicians should be worried about AI

      20 June 2025

      Meta bets $72-billion on AI – and investors love it

      17 June 2025

      MultiChoice may unbundle SuperSport from DStv

      12 June 2025

      Grok promised bias-free chat. Then came the edits

      2 June 2025
    • TCS

      TCS | Connecting Saffas – Renier Lombard on The Lekker Network

      7 July 2025

      TechCentral Nexus S0E4: Takealot’s big Post Office jobs plan

      4 July 2025

      TCS | Tech, townships and tenacity: Spar’s plan to win with Spar2U

      3 July 2025

      TCS+ | First Distribution on the latest and greatest cloud technologies

      27 June 2025

      TCS+ | First Distribution on data governance in hybrid cloud environments

      27 June 2025
    • Opinion

      In defence of equity alternatives for BEE

      30 June 2025

      E-commerce in ICT distribution: enabler or disruptor?

      30 June 2025

      South Africa pioneered drone laws a decade ago – now it must catch up

      17 June 2025

      AI and the future of ICT distribution

      16 June 2025

      Singapore soared – why can’t we? Lessons South Africa refuses to learn

      13 June 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CambriLearn
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Editor's pick » Why software updates make us WannaCry

    Why software updates make us WannaCry

    By The Conversation17 May 2017
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    The global ransomware attack called “WannaCry” could have been avoided, or at least made much less serious, if people (and companies) kept their computer software up to date. The attack’s spread demonstrates how hundreds of thousands of computers in more than 150 countries are running outdated software that leaves them vulnerable.

    The security flaw that allowed the attack to occur was fixed by Microsoft in March. But only people who keep their computers updated were protected. Details of the flaw were revealed to the public in April by the Shadow Brokers, a group of hackers who said they had stolen the information from the US National Security Agency.

    Attackers got into computers through that weakness and encrypted users’ data, demanding a ransom from anyone who wanted the data made usable again. But they didn’t win the race to exploit the flaw as much as people and computer companies collectively lost it. Our human tendencies and corporate policies worked against us.

    Updating is a pain

    All people had to do to stay safe from WannaCry was update their software. But people often don’t, for a number of specific reasons. In 2016, researchers from the University of Edinburgh and Indiana University asked 307 people to discuss their experiences of installing software updates.

    Nearly half of them said they had been frustrated updating software; just 21% had a positive story to tell. Researchers highlighted the response of one participant who noted that Windows updates are available frequently — always the second Tuesday of every month, and occasionally in between those regular changes. The updates can take a long time. But even short updates can interrupt people’s regular workflow, so that study participant — and doubtless many others — avoids installing updates for “as long as possible”.

    Some people may also be concerned that updating software could cause problems with programs they rely on regularly. This is a particular concern for companies with large numbers of computers running specialised software.

    It can also be very hard to tell whether a new update is truly necessary. The software that fixed the WannaCry vulnerability came out in a regular second-Tuesday update, which may have made it seem more routine. Research tells us that people ignore repeated security warning messages. Consequently, these monthly updates may be especially easy to ignore.

    The companies putting out the updates don’t always help much, either. Of the 18 updates Microsoft released on 14 March, including the WannaCry fix, half were rated “critical”, and the rest were labelled “important”. That leaves users with little information they could use to prioritise their own updates. If, for example, it was clear that skipping a particular update would leave users vulnerable to a dangerous ransomware attack, people might agree to interrupt their work to protect themselves.

    Even security experts struggle to prioritise. The day the fix was released, Microsoft watcher Chris Goettel suggested prioritising four of the 18 updates — but not the one fixing WannaCry. Security company Qualys also failed to include that specific update in its list of the most important March updates.

    Security pros, and everyone else

    The most common recommendation is to update everything immediately. People just don’t do that, though. A 2015 survey by Google found that more than one-third of security professionals don’t keep their systems current. Only 64% of security experts update their software automatically or immediately upon being notified a new version is available. Even fewer — just 38 percent — of regular users do the same.

    Another research project analysed software-update records from 8,4m computers and found that people with some expertise in computer science tend to update more quickly than nonexperts. But it’s still slow: from the time an update is released, it takes an average of 24 days before half of the computers belonging to software engineers are updated. Regular users took nearly twice as long, with 45 days passing before half of them had completed the same update.

    Making updates easier

    Experts might be quicker at updating because they understand better the potential vulnerabilities updates might fix. Therefore, they might be more willing to suffer the annoyances of interrupted work and multiple restarts.

    Software companies are working on making updates more seamless and less disruptive. Google’s Chrome Web browser, for example, installs updates silently and automatically — downloading new information in the background and making the changes when a user quits and then reopens the program. The goal is for the user not to know an update even happened.

    That’s not the right choice for all kinds of updates, though. For example, the Windows update needed to protect against the WannaCry attack requires the computer to restart. Users won’t tolerate their computers shutting down and restarting with no warning.

    So, computer companies must try to convince us — and we must convince ourselves — that updates are important.The Conversation

    • Elissa Redmiles is PhD student in computer science, University of Maryland
    • This article was originally published on The Conversation


    Elissa Redmiles Microsoft NSA WannaCry
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleRadio group in offer to buy Moneyweb
    Next Article Naspers’s Tencent smashes profit forecasts

    Related Posts

    Jony Ive’s first AI gadget could be … a pen

    30 June 2025

    Bridging the SQL expertise gap

    30 June 2025

    The great migration to Windows 11 Pro starts here

    27 June 2025
    Company News

    Stay warm this winter with Samsung’s energy-efficient air conditioners

    8 July 2025

    Huawei launches next-gen fibre-to-the-room solution

    7 July 2025

    Remote monitoring tools: IT lifesavers or hacker gateways?

    7 July 2025
    Opinion

    In defence of equity alternatives for BEE

    30 June 2025

    E-commerce in ICT distribution: enabler or disruptor?

    30 June 2025

    South Africa pioneered drone laws a decade ago – now it must catch up

    17 June 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.