Updating Non-Operating System Software
Your computer has many applications that need updating in addition to your Operating System (OS) updates. This can include Microsoft Office, email clients (Thunderbird), PDF viewers (Adobe Acrobat), browsers (Firefox, Safari), and others. Any of these applications could have security issues and require updates.
Unfortunately, there is no one place to go to update all of your applications. The good news is that many applications are now automatically notifying users of updates. For other programs, you can check the vendor’s website periodically.
Useful tools and sites:
(Windows) FileHippo – FileHippo Update Checker will scan your computer for installed software, check the versions and send the information to filehippo.com to see if there are newer releases.
(Mac) AppFresh – AppFresh is an automated update checker for Mac OS X, that helps you keep all applications, widgets, preference panes and application plugins up to date.
(Linux) Synaptic – Synaptic is a graphical package management program for apt. It provides the same features as the apt-get command line utility with a GUI front-end based on Gtk+.
Your web browser relies on numerous software plugins (also called extensions or add-ons) to display content such as video, audio, or office documents. Those plugins are frequently vulnerable to attack and are easily exploited by so-called "drive-by browsing attacks," in which merely browsing to a website can lead directly to a system compromise.
Keeping those plug-ins updated is critical, but not always easy to maintain. Tools exist to alert you when it's time to update your software. Google Chrome automatically alerts the user, so no special action is necessary. Users of any other browser must use a third-party tool. Free (but unsupported) tools include:
There are two versions of Qualys BrowserCheck. The Business Edition provides vulnerability statistics (which may include computer name and username) to University of Chicago IT Security for assessing campus vulnerabilities to various attacks. If you do not wish to report vulnerability statistics to the IT Security team, you can use the regular version of the BrowserCheck.
Mozilla Plugin Check (works for any browser - not just Firefox)