Security Updates: To Update or Not, An Age Old Tale


Software updates are frequently available to users. Typically, these might be security fixes or some functionality that is newly available. Notifications of a process being unable to complete are common to most web users due to out-of-date software; whether or not to actually install suggested or recommended updates is often not a straight forward decision.

When security loopholes are being patched, there is usually a large amount of media and web community coverage highlighting the reason for the concern and recommending the urgency of downloading the available fix. Compared with security patches, updates to Operating Systems have a much slower adoption rate with users. Perhaps, the caution is well founded with OS versions not being fully tested before release, migration concerns from one version to the next (which may be exacerbated if you skip several versions), and also changes in functionality. For developers, these all are valid concerns, with new, updated or deprecated functionality, perhaps, causing the biggest challenges.

For example, a software product that you use offers a new feature that is easy to implement and will enhance the user experience in applications that you develop. Before deciding to start using the new approach, you notice that there are caveats in the client’s OS version in order to be able to use it. There may be an accommodation for the app to degrade gracefully where support for some feature is not present, but this is not always the case. So, implementing the latest available feature could, inadvertently, deliver a diminished user experience, rather than provide some enhanced functionality. The implications of this could be as severe as ultimately alienating your users – whose trust may be difficult to restore.

Being well informed of your target audience is crucial when making decisions about which updates to push forth immediately and which ones to ponder on first. Is it plausible that a number of your users may not be sufficiently up-to-date with a required software version; and that therefore, they will not be able to use your application?

You could take the approach of pushing ahead regardless, forcing users to download a specifically required software update. This approach can be effective; however, the user group to which you are targeting your application may not have sysadmin access to make other required software updates. Is the risk of the new feature not working properly worth taking? Unfortunately, the answer is not always “yes.”