General discussion

When is it safe to click on "install updates" pop-ups?

Question:

When is it safe to click on "install updates" pop-ups?


One question I have not seen addressed here regarding computer security
that I hope you will consider is: How safe is it to click on "install
updates" when pop-ups appear from Microsoft, Adobe, Java, and the many
other software providers who know you have their product? What
prevents hackers from using look-alike pop-ups to infect with malware?
What if I'm not sure; how can I check? Thanks.

--Submitted by: John M.

Here are some featured member answers to get you started, but
please read all the advice and suggestions that our
members have contributed to this question.

When is it Safe??? Excellent Question --Submitted by: charleswsheets
http://forums.cnet.com/7726-6132_102-5009281.html

Good Question. --Submitted by: webserf
http://forums.cnet.com/7726-6132_102-5009287.html

WHEN IS SAFE TO ACCEPT UPDATE POP-UPS NOTIFICATIONS --Submitted by: GEO2003
http://forums.cnet.com/7726-6132_102-5009401.html

Be careful --Submitted by: davefrombc
http://forums.cnet.com/7726-6132_102-5009320.html

NEVER --Submitted by: ruggb
http://forums.cnet.com/7726-6132_102-5009622.html

Thank you to all who contributed!

If you have any additional advice, tips, or recommendations for John, please click on the reply link below and submit away. Please be as detailed as possible when submitting your answer. Thanks!

Discussion is locked

Follow
Reply to: When is it safe to click on "install updates" pop-ups?
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: When is it safe to click on "install updates" pop-ups?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Right answer...

The right answer is simple. When you see "click to update", see what software they say they're trying to update. Then go to the website for that software, and do the update there. Never take an update offered to you as a window/popup on your desktop!

My opinion.

-Roger

- Collapse -
When is it safe to click on "install updates"?

Here's what I recommend.

Look carefully at the pop-up, is it an application that you already installed on your system and does it appear to be from the company that developed that software?

Decline the pop-up, open the already installed application and look on the Help menu for "Check updates" select this and use it to install the update. Almost every desktop application has this option.

If the update is from Microsoft, for a Windows update, You can go to the windows update section of Microsoft's website and look for updates for any Microsoft product.

If the update is a browser plugin or or other software that does not have a user interface where you can check for updates, go to the vendor's website and check for updates for your product and download direct from there.

- Collapse -
WHEN IS SAFE TO ACCEPT UPDATE POP-UPS NOTIFICATIONS

The Windows Version is important to know, but many have already posted steps that would work with Vista, 7 and XP.
XP being the most dangerous in terms of pop-ups as Vista and Win 7 have a lot included, for example codecs to play music recorded in different formats.

If you have kept your computer safe with an Antivirus Solution from the beginning and you received update notifications, they are most likely legit as your Antivirus has already added your programs to the safe list.

I would just like to point out, that Microsoft Updates, come encrypted from the Microsoft servers, that and the check process that Windows performs on their own Windows update application on your computer prior to notification, makes it 99 percent safe.

But the process is different on XP, because XP is not as secure as Vista and Win 7.

On XP, you have to use the browser to check for Updates Manually, and even the downloaded update application from their own website could be compromise.
Yes - XP comes with it's built in Update Application, but in order to received certain updates that application has to be updated when you visit manually the Microsoft Update Site, or they download to your computer where that application has to be updated in order to received updates that the old updated can't handle.

Something that Vista and Win 7 handles inside your computer with User Account Control, Windows Defender, Ramdom Acess Utilization and DEP.

All these defenses on Vista and Win 7 makes it harder for a laptop or destop notification to be malware if you intall the program from the beginning.
As this same protecting processes, were making sure that the intallation of those products you did, actually have a legit certificate or signature which is verified by the Vista or Win 7 Operating System.

Now, like I mentioned above, Win 7 has many codes for music and Video, making it less likely that you need one as you are browsing the internet.

For this reason, is that the worst pop-ups happen on while you have the browser open and browsing the internet and those are the most likely to infect your computer.

As was mentioned by another poster, don't use the OK, Cancel , or RED X, to close broswer pop-ups, use Windows Task Manager, by right clicking on your TASKBAR - Tab named Applications and kill them all.
This buttons are commonly program to initiate the download of malware, but killing them with Task Manager will stopped them.

Have Fun,
Geo

- Collapse -
TASK MANAGER

Hello lover boy Geo...You can't get rid of me not even here.. LOL

I tried your "right click on the taskbar" and then looked for a tab named applications... didn't find it, so that must be a Windows 7 thing, but I was totally surprised to see that TASK MANAGER was listed! (on my Vista) Why didn't you tell me that I could right click on the task bar instead of doing what I've always done before, which is to press Control + Alt + Delete to bring up the task manager? Your slipping teacher... LOL still love ya though sweetie!

- Collapse -
When is it safe to click on "install updates" pop-ups?

when you create a Restore Point first! If anything goes wrong, you have recourse.

- Collapse -
when safe to install updates

When you're tired and have closed all applications accept for those like exporer.exe; the basic drivers and kernel. ?

- Collapse -
Install Updates
- Collapse -
When is it safe too click install

Just a simpel tip . if you are not sure about the popup (java - microsoft.....) then don?t click install.
If you need to chek if your java or another program is updated just visit their homepage and download it again , another way to be as secure as it can be , just get softwareinformer , it?s free and will tell you when a program / software need an updatet version .
No matter what ther will allways be a risk. Happy

- Collapse -
CNET Tech Tracker and Secunia PSI

When I install any software, I always uncheck the box for automatically checking for updates. I instead use two programs that check for updates and new versions of software by scanning my computer and notifying me that a new update is available. The two programs are CNET Tech Tracker and Secunia PSI. Both programs provide secure links for downloading the updates. Software, which checks for its own updates, slow boot time and unnecessarily use up computer resources. If a pop up box does appear, notifying me of a software update, I investigate before clicking anything.

- Collapse -
Pop Ups

I don't get pop ups at all because i have them blocked and use MS Windows Security suite.
Windows is automatically updated in the back ground so i only see them when i shut down (Installing Update etc notice)
, and all my other programs when i install them i set them to manual update only along with NO NEWS LETTERS or special deals.
I hope this helps
Dan

- Collapse -
Try checking the websites

Any time you get an "install updates" pop-up from any software provider, a good idea would be to just go to the website of the provider to verify that an update is really needed. When an update pop-up appears on the screen, the first thing you should do is look to see what the version number of the update is (if the update is real, it should indicate a version number). If you see the version number, write it down or try to memorize it. The next step is to go to that company's website and check the latest update that the company has provided for its software. If the version number of the latest update corresponds with the version number in the pop-up notice, then there's a good chance that the pop-up notice was a valid one. If the version number in the pop-up notice is different from the one on the website, then you should disregard the pop-up notice. Another idea would be to have the various software companies install new updates automatically at your request, that way there won't be a need for them to send pop-up messages.

- Collapse -
when is is safe to click on "install updates" pop-ups?

I click on the yellow "your updates are ready to install" and then I ALWAYS choose Custom instead of the Express. At least that way you can see and choose what you want installed. I realize you can't be too careful, but how else are you going to get the security updates? If they are offering junk that I don't need, then I just click the box not to notify me anymore of this particular update. Hope this helps somewhat.

- Collapse -
NEVER

I remove a lot of virus/malware from computers and find that some clients report having clicked on just such links prior to the incident. My recommendation is twofold.

1. NEVER execute on a popup in a browser (IE, Firefox, etc.) If the popup is from the system (not while a browser is open) then the chances are that it is safe to execute (EXCEPT if you have already caught a FAKE VIRUS). If you get a popup, The safest thing to do is to navigate directly to the software company site (EG, Adobe.com) and download the update directly. NOTE: SAFEST does not imply foolproof - you can still be redirected to a bad site.

2. Have a GOOD antivirus/antispyware program installed, updated, and functional. As a service provider, I will only install one program on my clients systems (VIPRE). (There are 2 others that are as effective (read "not perfect" but better than 96%), but not as fast.) If they want something else, I provide no warranty. I cannot tell you how often I remove viruses from systems running all the MOST popular versions pushed by Dell, HP, BestBuy, etc.

And don't even think about FREE. Most clients spend $100. to $300. for me to remove viruses - sometimes requiring complete OS reinstall. Is that good economics to avoid paying $40. now??

- Collapse -
Never click on a pop-up...

Amen to that. I'd like to add that if you run Secunia's PSI and FileHippo's Update Checker you'll know which programs you need to update. PSI will alert you which installations you have that are "insecure" (I would prefer if they called it "unsecure" or non-secure but I do get a chuckle out of seeing which programs have developed low self esteem...) and Update Checker will let you know about general updates available.
You can use Google to find them (sorry, I'm not in Windows at the moment.)

- Collapse -
Updates Problem

Nobody (OR AT LEAST ME) knows the answer. However, try installing 'Microsoft Security Extensions'? It is free and having run it for a month it delivers all antivirus etc. It might 'know' more about Microsoft updates than other market offerings.

- Collapse -
For Microsoft, make sure your Auto-update feature

is checked and activated.

For the others, basically the same but, if unsure about the source and the existence of such program onto your machine, do not allow it to happen automatically and, load up the program in question and do its own 'Check for Updates' feature to be absolutely sure of a real+safe connection to the server of the company that made and sold this program to you.

- Collapse -
"install updates" pop-ups?

How safe is it to click on "install
updates" Only as safe as your fire wall and anti spy. When the pop-ups appear for/from Microsoft, Adobe, Java, and the many
other software providers who know you have their product? What can you do to stop hackers from using look-alike pop-ups to infect with malware? Well when I get a update from any of the hard/software, I go to there web site and use there search box for the up dates then you know that you are you will be safer than just updating from the pop ups.. Hope this helps you....

- Collapse -
Some safe, some absolutely unsafe.

My first question is:
Was the programm for whitch the pop-up anounce an update was actualy running?

In that case, the message should be genuine.

Is it an info bubble near the notification area and there is a yellow shield there? And it's telling you about Microsift uptades? And it's the second thuesday of the month or shortly after?

It IS genuine and need to be installed to keep you and your computer safe. Those are meant to protect your computer, improve it's stability, and many are realy critical safety updates.

Is it about a programm that is not running or that you have uninstalled?

Just dismiss it. You can go to the devloper's web site and check for any update from there.
If you are not sure, open the task manager and KILL the process from there. The "X" button CAN be traped as easily as it is to make a false "No" button.

Did you ask a programm to search for an update and the pop-up ask you to install an update for that very programm?

GENUINE! You asked to check and you just got a positive answer.

About a programm that you don't or should not have?

REALY past time to launch your anti-virus programm, have it update itself and do a full scan. Also in need to run or install and run some anti-spyware and have it scan your system.
You probably should restart unto safe mode or at least restart and hold the controll (ctrl) key down. This prevent most programms from starting during the startup process.

- Collapse -
You really need to pay attention...

The answer is - it all depends.

Is the program trying to install an update something you've got installed? If you've got Flash installed, and it's trying to update - that one MAY be ok. Simple way to check - open up www.adobe.com and check to see what the most current version actually is. If it's newer than the one you have now, then it's likely a legitimate update.

If the program trying to install itself is NOT installed, then, you are likely facing something nasty.

If you've got an antivirus app installed and you get popups saying you don't - don't believe it. It's likely a fake.

- Collapse -
Installing Updates Popups

I would go to Windows Update,The Adobe site,Sun Java websites themselves and check if they have updates for your programs. I never click on pop ups or links because they could be a virus in them that you could introduce into your computer unknowingly to you.Always go to the main website of the products(software) that you are using to check for updates. I got a nasty virus in my cell phone just by downloading the virus protection into my cell phone

Barbara Behan,
Blue Anchor, NJ

- Collapse -
I vote for Secunia, too

I couldn't agree more woth those who suggest using Secunia.

You have two choices:
- Go to http://secunia.com and click the "scan now" button (OSI)
- Download Secunia PSI and your computer is scanned at every start-up.

I have been using it for years, I'm using the 3rd version since I started.

- Collapse -
Install up-date popup

John

It all depends on the pop-up. many rouge updates will have spelling errors.

One way to conform the pop-up is to go to the main site of that program. It is one of the only way to confirm the pop-up.

For example: You are browsing the web. Then on a new site you get "you will need to update your Flash to see this site" You know that you have the most updated version of Flash on your PC. This is were the programs main site comes useful.

Remember that you are your own worst treat to your PC. While security programs help. They cannot catch every thing.

manmur

- Collapse -
When is it safe to click on "install updates" pop-ups?

If you're in doubt and want to play it safe, close the pop-up. You can then open Microsoft, Adobe, etc., and update using the update link within the program itself. If you don't see a link, you can usually find it in the Help menu.

- Collapse -
It will not happen if you keep your windows up to date

If it is malware that uses look alike interface to prompts you to install updates, then there will be a lot of spelling and grammar errors, some malware attempts to imitate the interface of security products, and seemingly no error at all, but there are few other ways you can tell whether it is good or bad.
The best thing to do is, e.g, if there are new windows updates available, go to control panel, and click windows update, and update windows from there.
If adobe reader wants to install an update, the best thing to do is to open adobe reader, adobe reader will sometimes automatically update, or else it may prompt you, that's the time you should install updates.
If there are messages telling me that a new version of adobe reader is available, I will go ahead and install it.
The best thing to check for updates is to use this little program called update checker from Filehippo,, it will tell you whether there are updates available or not.
http://filehippo.com/
If there are prompts that windows updates are available, for security reasons, go to control panel - windows update, and install updates from there, instead of manually downloading patch one by one from Microsoft

- Collapse -
About update pop up icon?

In my opinion you better ignore these pops and go to this site that wants to install the updates and do them manually. If there are updates you will see them there!If they dont have updates then the icon that pops is something else....

- Collapse -
Don't need them.

I have just re-installed W7 on one of my computers,and selected the option, "check for updates,but let me decide to download and install them" The only updates I have installed are the drivers,eg;audio,lan,display etc;this PC works perfect without any more updates and leaves plenty of free disc space that 100s of updates require.It's been running for months and there has been no problems.

- Collapse -
Comodo Firewall can help

Like others said, don't click on links in emails, don't click on ANY part of a pop-up you don't recognize. Kill it with the Task Manager or reboot.

I always set my programs for an auto update or if it is available, the "notify me when an update is available", then if you get a pop-up it's probably OK - has been for me anyway. I take care of a lot of my updating with Secunia PSI. It's free, always there, doesn't use resources except occaisionally on startup and it notifies me when an update is available for many of my programs and then provides a link for the update. Very helpful.

But here's the big one. COMODO FIREWALL can be installed optionally as a stand alone or as part of Comodo Internet Security. I use the firewall and the Defense Plus modules only, with free AV software coming from another vendor. The firewall is a bit of a pain at first but entirely worth it for the tremendous protection it offers. It will learn what software you are using and when it encounters something it doesn't recognize or doesn't like, it will block any action until you say it is OK. I have it set to some of the more stringent settings and it seldom is intrusive and it's pretty easy to understand. It also has a sandbox so you can take a chance in some cases without risking anything. The paid version even includes live tech support/debugging/cleanup etc.

This combination of software has kept my PC squeaky clean for about four years now.

- Collapse -
Comodo

In my post above, in the middle paragraph, I meant the pop-up is probably OK IF it is one of the programs you designated for the "notify me" option.

- Collapse -
I have seen fake popups...

that emulate the legitimate ones pretty well, so the user has to be ultra positive this popup is the real thing. Best thing is simply to use your suggestions or open the application from the programs list and update it from there.

I really like using File Hippo's update checker, it usually jumps the shark on all of them, including Secunia!

I also like kernel space protection utilities, but they can conflict with Defense+ so one has to make a difficult decision on what feature is more important.

- Collapse -
About secunia

I TRY THE SECUNIA PSI As you said is very good for inform you about secure and other things BUT... IS ALSO GOOD TO OPEN shared DANGEROUS PORTS!!!The result of this was to format my pc.I HAD A VIRUS ISSUE FROM THIS AND I HAVE UNINSTALLED AT ONCE

CNET Forums

Forum Info