I just want to say you may hover over the update and read what it is about before you install it.
CNET bought a house!
I have a UAC (User Account Control ) feature turned on. Each time a program (outside of Windows domain ) is executed, the UAC will pop a window with the following:
"Do you want to allow the following program to make a change to the computer
Program Name: xxxxx
Verified Publisher: xxxxxx
File Origin: xxxxxx"
This will give enough information to make sure that the program is genuine. There is a
Show Detail feature as well.
This might be a bit annoying at times, but gives you an opportunity to stop any program you do not trust.
Also, a good practice not to allow any unsolicited upgrade. Instead, go to the website ( Microsoft, Adobe, Java, etc ) and download the update yourself.
Your question is one which has to be answered by millions of computer users every single day. I think the answer is sort of simple, but not always easy.
First let's examine the different kinds of updates you may be notified about, and then we can address some of the do-s and don-ts regarding pop-ups.
1. If you use Microsoft Windows and you have automatic updates turned on, the only notification you should ever see is the Yellow Shield in your System Tray (The Lower Right Portion of Your Taskbar). Although the Updates are called "Automatic", they will only install if a) You click on Update Icon and instruct Windows to proceed with the update/s in question; or 2) You properly shut-down your computer after updates are downloaded (but not yet installed) on your computer. When this occurs, you will be notified when you shut down the computer that Windows is installing updates and will shut down when it's finished.
2. Anti-Virus/Anti-Malware Updates. THESE CAN BE VERY DANGEROUS!!! If you receive a notification that the Anti-Virus or Anti-Malware Program installed on your computer has an update to be installed, I generally recommend you take the following steps:
a. Write down the name of the Program that says it needs or has an update.
b. Properly Shut down your computer.
c. Restart your computer and open the program that said it needed to be updated.
d. Update the program from within the program being updated. For example, if the message said you needed to update AVG, open the AVG user console and check for updates there. This will avoid the possibility that the notification you received may have been a fake.
e. The reason you need to shut down your computer is this. In most instances, viruses, spyware, malware, etc. are activated or installed by clicking on them. The simplest way to avoid the problem is by shutting down your computer. DON'T CLICK ON ANY AREA OF THE NOTIFICATION!!!
3. Almost every program installed on your computer has a capability to either Automatically Update (you don't see it happening), or to update the program from within the program itself. Adobe Reader can be updated from the Help Pull Down Menu. With Adobe Flash or Java - if you are notified they need to be updated, just log on to the website (Adobe.com or Java.com) and download the latest version of Flash or Java. It only takes a couple of minutes and is much safer than following a possibly harmful pop-up.
4. Email. Never ever, ever follow a link from an email you've received to update a product. If there is an update available, you should be able to find it by using the programs internal update feature. If you can't find it, try the program's web site. You'd be surprised how many fake update notifications people receive through email. If you're looking at new products and you trust the site (always check the URL address), that's okay. If you're uncertain, Delete the email. If there truly is a problem, you'll find out soon enough. In most cases, they're just trying to sell you something new.
I hope this at least addresses the core of your question. Pop-ups are dangerous and unreliable for the very concerns you raised in your question. Most specifically they can be faked. So the short answer I give my customers is - Leave them Alone!!! Shut down. Start over. Use the Update features provided in your programs. You should also set the specific settings for how and when programs check for updates when that feature is available.
Best of Luck
Charles' answer is accurate and provides most of the information needed.
However, being a lazy so and so, I often found this task time consuming, boring etc. etc. So I was happy to discover the services of "FileHippo.com".
I downloaded a small piece of free software and pronto! every time an application has an update availaible on the provider's website I am asked wheter I wish to download and install it.
Filehippo is run by CCleaner a company far better equipped to deal with fakers than I am and I dont' need to check if I am running an application out of date.
Is it too easy to be safe?
Can you identify exactly what a MSE popup looks like to the finest detail? If not, maybe it is safer to open the console and look there. You should be able to control that there I would think. I don't use MSE, but what little I've dealt with, is pretty basic.
If you can't remember, look on the Microsoft site for a screen shot, and you can verify pretty much for sure. I haven't had a popup yet, that was caused by malware. that was accurate; but they came uncomfortably close!!
Many times, my customers, have called me to remove "virus" protection software that itself, IS a virus or malware of some sort. I call it "extortion-ware". By the time you've clicked, "fix your computer now", you've done the damage..
But the question is , how do you know?
Most of the software that offers updates is in fact safe, but the key is, software that you've authorized, or is part of the OS, is safe to update. It is a safe bet that a Pop-Up that warns you about your files, being corrupted, and asks you to pay for or install the "full version" of a "cleaning" software, is probably malware. Do NOT click on that button!
Also, a common trick these hucksters use, is to offer a "yes" or "no" button, and pressing either one will do damage.
When you are not sure, do NOT click anything, but "x" out of the pop up, if you can.
As well, if you don't have critical data open, you could shut your computer down immediately. At the time of restart, run spyware, and virus scanning software, at this point hoping that it hasn't already infected your system.
Any time an "update" seems urgent, it probably will be dangerous to click to continue, Unless, you are fully aware of the software in question, hence your own virus software.
It is important to note, that by the time such Pop-Ups have appeared, usually the damage has already been done.
I have found that the safest thing to do is shut down immediately, and then run malware scans at start-up. I wasn't clear in the first post and UNFORTUNATELY, revisions/edits can't be done, else I would have corrected my advice.
I should have been more specific when using the "x" remark.
The Original Question was specific to known software(s), that are already loaded, such as "flash" or "java" OS, etc..
"x"ing out of those is safe 99.99% of the time. They are rarely spoofed (to my knowledge)
I've personally never seen rogue software/malware spoof these software(s), as they (the crooks) are usually trying to extract money from the victim. To do that, they must convince the user that their computer is infected with a virus (such as the recent Rogue, Anti-Virus Pro 2010). New ones every year and they do make money for these crooks. The software "Cleans" the computer and 49 dollars later the unknowing user goes back to a computer that "works" again.
I suppose an argument could sadly be made in favor of paying the "ransom". I know a few who have. To have the likes Geek Squad come out, one could be out 1-2 or more hundred dollars, as opposed to the "ransom".
Fact is, for those computer users that are nervous about what to do, the costs will be there to get the problem solved, One way or another. Sadly, these rogue companies get some of that cash. And months, or a year later, that pop up comes back. I wonder how many folks have paid more than once for this "protection".
First answer is: It is best to close the pop-ups and manually install the updates. It never hurts to check if there are any updates available from time to time anyway, especially when you're being nagged by the pop-ups.
Next answer is: Nothing actually, just the user, and you have to be aware of what you are clicking. If you are not sure, then DO NOT CLICK IT!
I cannot improve on charleswsheets' reply. Excellent! I'll simply reiterate -- and summarize what I, perhaps overcautiously, do.
Whether it be a Windows update notification, an anti-virus one, or ones from Acrobat, Adobe, et al, I never, ever click the update link. I either open the program and check for updates or go to the program's website and download updates from there.
I suspect "my" way is not necessary -- but it gives me a double-layer of security that the update is legitimate.
Don't click the "X" to try to close the popup.. THere are malware tricks that use that to install their garbage as well as clicking anywhere else on the popup.. Either reboot ,as has been suggested before , or use the Control/Al5/Delete to open Task Manager and close the program the popup came from ( usually Internet Explorer ).. Open the program the update was supposedly for and check for updates within it ; or go directly to the program creators website. Most of the malware popups my friends have been caught on are phony anti-virus popup warnings; with any click on it or the red x actually installing the malware.
The safest way to deal with any suspicious "update" announcement is to close the progam it came up during , and go directly to the publishers site to chack for updates.
I agree charleswsheets reply is the one to follow, with ther additional warning not to try closing the popup with the red x as you would a normal porgram .
There is a safe, easier way, at least in most cases. Just right-mouse-click on the taskbar entry at the bottom of your screen. The flyout context menu will have "close" as a choice. Click on "close". Since the context menu is clearly generated by the operating system, you're safe from fake X's.
It seems Ctl>Alt>Del and then open the task manager is the safest way to shut down pop-ups. Never underestimate the ability of the malware to take over the GUI. This applies to XP,Vista,Win7,32bit/64bit and it doesn't matter if you are logged in as administrator or restricted user.
Google Carberp if you want to get scared witless!
Didn't know that clicking on the red X would load a malware. Now that my computer is running slower than molasses & I can't even do a Google or Yahoo search, I must be heavily infested. I use Avast & SpyBot & can't get either to fix or remove anything. One keeps saying "error" in removing/fixing the problem . . the other says I'm not the administrator & it won't scan the files. What do I do now? I don't have anyone to help me through this. I can use the computer, but it takes forever to read or do anything. I may as well have dial-up! HELP! I need detailed step-by-step instructions. My computer is a Medion with Windows XP It's about 9 yrs. old. Not sure of model number.
CNET bought a house!