Software updates can be a mixed bag. They add new features and fix issues, but they can bring new bugs as well. People put off updates to avoid these headaches, which wasn’t a bad idea in the earlier days of computing. However, with security vulnerabilities becoming more common, it’s time to stop.

ThisCybersecurity Awareness Weekarticle is brought to you in association withIncogni.

Automatic software updates weren’t all that common in the 2000s, which became more of a problem over time as the internet rose in popularity and malware attacks ramped up. For example, a security exploit in Internet Explorer was patched by Microsoft in April 2004, but a virus that used the exploit a few months later wasstill able to attack many PCssimply because many people had not installed the security patch yet. Many security fixes for Windows and Mac OS X (later macOS) were also not automatically installed or were difficult to manage.

Google Chrome helped push automatic updates into the mainstream, partially because they usually didn’t break anything, but also because they were almost unnoticeable. Mozilla addeda similar “Silent Update updater” featureto Firefox in 2012 with the release of Firefox 15, and other web browsers eventually caught on. Many other applications started implementing automatic updates, too, or updates were just handled by whatever app store or game launcher they came from. Fun fact: the Steam game launcher has supported automatic updatessince its inception in 2003.

Automatic updating is now firmly established as the default behavior for most software, rather than something that is limited to just the operating system or a handful of more vulnerable applications. Tech companies are also getting better at catching potential issues with updates before they are widely rolled out, using methods likestaged rollouts, crash reporting,unit testing, and pre-release channels. For example, new Chrome features usually start out inthe Canary and Dev channels, move up to the Beta channel when they are working well enough, and then eventually roll out to everyone running regular (Stable channel) Chrome. Microsoft currently hasfour pre-release channelsfor Windows 11: Canary, Dev, Beta, and Release Preview.

The Alternative is Worse

Even with better testing and development processes, there’s still the chance an update might introduce some bugs. Software is made by humans (or AIs trained on human work), and humans make mistakes sometimes. It might still be tempting to delay app and operating system updates, especially if your device is working fine. However, you should try to install updates when they become available because those updates might just save you from malware and stolen personal data.

We’ve seen a rise in discovered security vulnerabilities over the past few years, many of which are “zero-days”—security vulnerabilities that are made public before a fix is available. Mandiant, a threat intelligence company now owned by Google,tracked 246 vulnerabilities between 2021 and 2022. That’s an increase from previous years, and 62% of those were zero-day exploits.

Thankfully, companies are getting better at fixing security issues in a timely manner after they are discovered. Mandiant said ina blog post, “Of the 153 zero-days identified in 2021 and 2022, only 35 (23 percent) of them received patches after the first month following first known exploitation, indicating that most zero-days are remediated in a timely manner. In fact, 101 zero-days were patched within the first week of exploitation being first known.”

The security vulnerabilities aren’t getting better in 2023. Google fixed one in the Chrome browserback in April, Windows 11had a fewthis year, and one Safari exploit caused Apple toupdate all its devices in August. There was also a security flaw discovered in a WebP image library, which resulted in emergency fixes forGoogle Chrome,Mozilla Firefox and Thunderbird, Microsoft Edge,LibreOffice, and many other applications that use the affected code.

It’s more important than ever to ensure your operating system, applications, and other software is always up to date, and ensure your friends and family are doing the same.

The Important Updates

Thankfully, staying secure doesn’t have to mean installing the major Windows or iOS upgrades as soon as they are available. Most operating systems and some popular applications deliver security fixes as standalone updates, which you can usually install without worrying about feature changes. For example, Microsoft releases monthly security updates for both Windows 10 and Windows 11, thoughsupport for Windows 10 will end in 2025.LibreOffice, the open-source office suite, continues fixing bugs and security flaws in the previous version for a while after a new major version is available.

Apple supports two or three major versions of macOS and iOS/iPadOS at any given time. For example, when Apple patched the security flaw CVE-2023-42824 in iPhones and iPads, the fix was rolled out to bothiOS 16andiOS 17. That means if you haven’t upgraded to the absolute latest major release yet, or your device is too old for iOS 17, you’re still safe from security threats.

Some software doesn’t give you a choice between installing all updates or installing just security fixes, but when you have the option, it can be a great way to stay safe without having to adjust to other changes.