An introduction to software updates (and why they matter)

Software updates are everywhere around us, from our phones offering us security and new features to our laptop or smart TV annoying us at the worst moment. Yet, they matter more than you might think!

Explainer

With more and more connected devices around us, the chance that you've been hit by an update notification is high. But what do these software updates do? How do they actually work, and why are they important?

Hardware and Software

Modern electronic devices require two main parts to function: the hardware and the software. The hardware usually refers to physical electronic pieces inside a device (usually a collection of microchips, logic gates and specialised processing chips, such as those to process radio waves for communication, or process audio for sound), while the software is the set of instructions that tells the device what to do. Hardware without software doesn't do anything (a computer without an Operating System such as Windows or MacOS isn't capable of running anything) and software without hardware have nothing to send instructions to (a copy of windows or MacOS is useless without a computer to run it on).

Motherboards, graphic cards, monitors, RAM stick, and hard disk drives are all examples of hardware contained in a computer that are useless without software. On the other hand Microsoft Windows (or any other operating system like macOS or Linux), internet browsers (like Mozilla Firefox or Safari), applications like Adobe Photoshop, Instagram, Spotify, and drivers for a soundcard or a graphic card are all examples of software.

Types of Software

Firmware

Due to the complexities of modern electronic devices, an abstraction layer is often created between the physical chips and the software (usually some form of operating system, such as Android or Windows). This abstraction layer is referred to as firmware. Firmware allows the operating system to make generic calls to the hardware (for example, open microphone, to allow for an audio recording or phone call), which the firmware interprets and then sends the correct instructions to the hardware, the physical chips, to turn on the microphone.

Firmware exists because there is hundreds of different hardware modules (such as bluetooth, wifi, cameras etc.) produced by different manufacturers that all behave slightly differently. It would be very challenging for an operating system to be able to communicate directly with such a disperate array of hardware, so instead they communicate with the firmware which exposes a known method or action that the operating system understands.

In other words, the firmware acts as the translator between hardware and software (most of the times, an operating system). It receives the software instructions and further passes them on to the hardware components.

Operating System

An operating system is a core programme that manages the interactions between other programmes and the hardware. It is usually comprised of a core (also known as kernel) which enumerates the available hardware, either directly for simple devices or via firmware for more complex devices. tprovides a scheduler which tries to balance the contention of multiple tasks (applications) being run simultaneously around the ability of the processor (the brain of the device) usually only being able to run one task at a time. For example, the Operating System will be in charge of making sure that launching an app such as the web browser won't interupt sound being played by another application. Modern operating systems like Windows, Android, iOS, or Linux also usually bundle a number of ancillary services, such as the user interface and basic utilities for the device. This includes, for example, a sound managing interface to set the volume of applications playing on the device or a network interface to easily connect to WiFi networks.

Photo by Clint Patterson on Unsplash

What is software update and what does it do

A software update (also known as patch) is a set of changes to a software to update, fix or improve it. Changes to the software will usually either fix bugs, fix security vulnerabilities, provide new features or improve performances and usability. Infrequently, patches may also be used to limit functionality, remove or disable features.

Depending on the software, updates can either be installed manually or automatically if the device is connected to the internet and has the appropriate capabilities (for instance, an Android phone that updates its software on its own). Software updates are particularly important when applied to the Operating System given the reliance of other software (such as apps or drivers) on it. For example, a major release of an Operating System such as Android or iOS might render a number of apps obsolete, if all version released after the update aren't compatible with the previous version of the OS. This could prevent people from accessing important services as illustrated with some covid-19 track and track apps which were only compatible with specific versions of iOS and Android.

From a security standpoint, software updates have important implications. When an update includes a fix for security vulnerabilities, any device running an out-of-date version of the software is particularly vulnerable. This allows malicious actors to know what vulnerabilities exist on a given system and, consequently, puts devices running this software (version) more at risk. For example, using an outdated version of Android (such as version 4) means that all the security vulnerabilities spotted and fixed in following versions still exist on any device that uses the older version 4.

Lack of software update might also have a negative impact on a device's functionalities for example by making some its function obsolete (e.g.: a browser that do not support the latest security protocols and therefor can't display websites properly). It might also mean that identified bugs and problem might never be fixed (e.g.: poor battery).

Current market practices don't impose minimum software support for a device or software version on release, meaning a device can be produced, released and sold while embeding an outdated Operating System or without offering regular software updates. This fundamentally allow manufacturers to sell devices that might become outdated and vulnerable within a couple of month of their release. This is a practice that's reguylarly observed which puts users' security and privacy at a very high risk.