«

»

Nov
28

We’re falling behind on system security updates and Google and Apple are to blame

Security updates on personal devices are critical. But many people don’t do them. Now, limiting the blame to just two companies is understating the issue, and if all this sounds a little harsh, stick with me, and I’ll explain, beginning with an analogous scenario.

We have updated your car

We have updated your car, patching security problems, improving performance, and adding exciting new features we think you will like. Sedan Coupe blendYou are driving to work, and it is your day to carpool. You drive your 4 door sedan and pick up 4 people. While on your drive to work you find out that your car needs to be updated to fix a major security problem. Seems someone can remotely turn on your turn signal without you knowing about it, making you the person driving down the road for 30 minutes without changing lanes or turning. Well, you certainly don’t want that so, when you reach work and park your car, you push the update button and walk into work with your car pool buddies. At the end of the day, though, your whole crew comes out of the office, ready to go home and discover that the update has also changed your 4 door sedan into a 2 door sports coupe. Sure, the blinker can’t be turned on remotely, anymore, but, seriously?!

Time goes on, your buddies found their own ways home, they have finally stopped giving you grief for updating your car, and you’ve learned to live within the limitations of the 2 door sports coupe. It does, after all, have some handy features. Now, however, you’re back on the road, heading out on date night with your significant other, and you hear that there is a major security flaw affecting your car. Turns out your cars brakes can be remotely applied. Now, this worries you, and you’d like to apply update that fixes this, but, you don’t actually apply it. Sure, it leaves you vulnerable to unexpectedly stopping, maybe even causing an accident, but, if you do apply the update … what else is going to happen? Will you return to your car and find out that it is now a freight truck?

Combining GUI and security updates is the real culprit

If you followed the analogy, it’s pretty much the same on your phone or tablet. Basically, your device offers you an update, and you refuse to apply it for months, even years, even though you want to fix the security flaws, because you have learned, by now, that updating also affects the way that your device looks and functions – the GUI, or Graphical User Interface. And this is what Google and Apple have yet to learn – combining GUI and security updates is the real culprit. If the general public is going to willingly apply fixes for major security flaws in a timely fashion, then those fixes MUST stand apart from the graphical user interface updates. Otherwise, every time someone settles into their comfy device, they’re going to want to stay there, without the risk of it changing to something unfamiliar.

Time marches on – we must move with it

While it is absolutely true that time marches on, and, yes, we must move with it, there is also a limit to the rate at which people can change. Exceed that speed and people become overwhelmed, and they sprint back to an earlier state of being as rapidly as possible. Consider how long Microsoft Windows XP was the primary operating system on desktop pcs – 2001 until 2015 (later in some cases). Why? In part, it is because people get comfortable with the way things look. Updating from Windows 95 to XP was easy – they looked, and felt, the same. Updates to that operating system did not impact that overall feel. Contrast that with the change in Microsoft Office between 2003 and 2007, and people still haven’t stopped complaining about the change in the interface.

In the world of smart phones and tablets, however, change has been a constant. It’s hard to go more than a month before something on a device is changed, assuming regular updates. Each of those changes affect privacy settings and the overall feel of applications. The constant changes, and time involved in updating, impacts our lives, our flow, our schedules, and the efficiency with which we can operate. Anything that impinges on that flow is something that we, as human beings, put off as long as possible. Major phone vendors typically recognize this, and they change the basic function of the operating system, whenever possible, to limit the number of changes that occur when a security patch is rolled out. Unfortunately, they, too, are becoming part of the problem, as they are so slow to roll out the updates, that devices are left vulnerable for extended periods of time.

Ok. So, what’s the fix?

In the short term, there’s very little we can do to influence the major companies to change their basic operating procedures. That said, Google seeks Feedback, and Apple Feedback is possible, too. Of course, you can also turn to social media to publicly post your feedback, or turn to a larger platform, like Change.org, and create and promote, or participate in, petitions. In the meanwhile, I do encourage you to update your devices. It’s a tough pill to swallow, I know, but it’s one that is necessary, at least until the security patches are finally separated from the comfortable look and feel of the apps we know and love.