We look at the reasons behind frequent software updates
Have you ever wondered why software needs patching so much? Almost every time you turn on your PC, it seems like Windows or one of the applications installed on it will need to be updated. At the same time, your mobile devices, like phones and tablets, may get regular operating system patches, and most of your apps will need updating frequently too.
It’s not just software that get patched, of course. Firmware, the fixed data that runs hardware (everything from hard drives and motherboards to monitors and printers), also has to be updated sometimes – but nowhere near as regularly as software.
Why, you might ask, is this even necessary? Why can’t the people who create these solutions get them right first time?
To answer that, we need to look at what is actually contained in software patches.
Occasionally, software companies will release updates to their applications that introduce totally new features. This could be in response to requests from users, market trends or new ideas the developers want to try out.
More often, software patches make incremental improvements, taking what’s already there and tweaking it to make it more effective or efficient. Developers of a web browser might, for example, release a patch that enables their application to display higher-quality images in less time.
The wait might be frustrating, but software patches are for your benefit
However, you’ll also find that a large proportion of software patches are fixes for problems that exist in the code. This might be errors that produce unwanted results in the application that affect usability or operability: for instance, the Windows 10 update bug that deleted people’s files without permission, or the Y2K bug, which required a huge coordinated effort from businesses and governments to avoid disaster. Usually, bug fixes are much less dramatic than this, often fixing problems that you won’t have even noticed.
Perhaps the most important of software patches, though, is the security update. Just this month, on what has become known as Patch Tuesday, Microsoft released 74 security fixes for its various products. This is by no means unusual; other companies also release huge lists of patches on a regular basis, including many security fixes. Google is always updating its Chrome browser, for example, as well as all its cloud-based software; Adobe constantly releases security fixes for its applications as well; and just about every software firm you can think of will do the same.
What’s going on? Are software patches a sign of bad workmanship?
Sometimes, but not always. When TSB’s new computer system fell over quite spectacularly last year, putting customer data at risk, it was clear the bank had not done enough testing before sending the software live. Such cases demonstrate how software companies can simply get things wrong sometimes, releasing products that don’t work properly or which have other significant problems – including security holes.
Most software firms, however, spend a great deal of time testing their solutions, and they take this responsiblity seriously. Yet issues still crop up.
The truth is expecting perfection is not realistic. No matter how many tests developers perform, they can never account for every single possible scenario, which is why problems tend to be identified only when a product is used in real-world settings. For this very reason, beta testing phases are employed by many development companies: this enables them to see how their software behaves in a much wider range of situations – with different hardware, different user behaviours and so on.
Even with beta testing, flaws may still go undetected. Modern software can be extremely complex, so this isn’t surprising. Often it’s only when a product is fully released to the public that a problem is noticed, and in many cases it’s because someone is specifically looking for them.
Hackers are constantly searching for new ways to bend software to their will. The sheer number of ways they can potentially do this is practically impossible for software companies to predict, so the best thing they can do in many cases is to patch security flaws after they’ve been discovered. It’s not ideal, of course, but that is the unavoidable reality.
Thanks to the internet, distributing patches is much easier than it used to be. Before the internet, updating software could require software firms to distribute physical media, like floppy disks or CDs. Now that it can be done via the internet, it’s quick and easy, and it can be automated too.
But being online is also one of the main reasons so many patches are needed in the first place. Hackers use the internet to send fraudulent emails, to launch DDoS attacks, to spread malware through websites and to directly access systems they’re not authorised to access.
Were it practical to do business without the internet, the solution would be simple: just stay offline. But rarely is that going to be the case, and that means there are always going to be security risks. That, in turn, means patches are here to stay.
So next time you get a notification telling you there are loads more patches to download, just remember: that’s the price of doing business in the digital age. And be thankful too, because it's much better if software makers are actively working on their solutions than if they're not.