Software update

Updates are usually released by the respective software operators or distributors and can be for a fee or free of charge, depending on the purpose and operating system.

Dependencies

Software is often used in conjunction with other software or a software is based on several other software or libraries. This creates dependencies that can lead to problems if, for example, updates are carried out for individual software components, but other software components are still up to date.

For example, an update may have changed interfaces that have not yet been changed in another component. As a result of this incompatibility, the software may no longer be run reliably, or the runtime system may even refuse to run.

safety

It is particularly important to ensure the security of updated software in critical infrastructures , in the Internet of Things or in applications that can endanger privacy.

Programmers often rely on the program libraries of other programmers, which can also contain security gaps. When these libraries are updated, the software provider must also initiate a software update, even if the self-generated program code was designed to be error-free.

Clear origin

In order to ensure the clear origin of updated software, the authenticity of updates must also be guaranteed, which is technically implemented through digital certification . To do this, the manufacturer calculates a checksum from the update data, encrypts it with its private key and sends the result together with the update to the device or the user.

The device has permanently burned in the manufacturer's public key and can thus decrypt the encrypted checksum. It then compares the result value with the update checksum that it calculated itself. If the values ​​match, it is ensured that

• the update actually comes from the manufacturer and
• it was received unchanged.

Operational safety

There are many applications in which the software must be subjected to extensive tests before it can be used operationally. This includes, for example, the operating systems , runtime systems and application programs for interlockings , aircraft or nuclear power plants as well as for medical products . For this, there are usually norms and standards that must be used in software development or testing, such as ISO / IEC 9126 and the series of standards ISO / IEC 25000 (general), DO-178B (aviation), DIN EN 60880 (nuclear power plants) or EN 50128 (railways).

In such cases, updating the software is risky, lengthy and costly, so that software developers, appraisers and clients go to great lengths to avoid having to update in the first place. Incorrectly programmed pacemakers , for example, can affect thousands of patients worldwide. Or if, because the unsafe operating software of an aircraft model is uncovered, it is no longer allowed to carry passengers, the resulting damage for a single airline can amount to several million euros per week.

Data security

The data security of software products can be impaired for a variety of reasons. For example, programmers may have inadvertently neglected to implement and test important safety functions due to lack of time, insufficient qualifications, poor programming tools or inadvertently. Many software developers try to find and fix such errors through verification before the software is delivered .

In some cases, new types of security gaps are only discovered or published after the software has been delivered, so that they can only be corrected by updating the software, if this is technically possible. At the time software is delivered, it is often neither known nor regulated how long a software manufacturer will offer such updates.

When faulty library functions are widespread, a security problem can have serious repercussions, for example in the open source OpenSSL library that led to the Heartbleed bug.

scope

In itself, any desired change in software or data is an update. However, there are different terms that mostly relate to the scope of the respective software update.

• A hotfix is a patch that is made available quickly. Most of the time it is about closing a security hole or repairing execution errors with major effects that otherwise z. B. could lead to data loss. The version number of the software usually remains unchanged.
• A patch is usually a small adjustment to software. The patch itself often presupposes the existence of a certain initial state, for example a program in a certain version to which the patch can be applied.
• An update is usually a large number of individual patches. The minor version number is almost always adjusted to identify a new version of the software that contains minor innovations.
• An upgrade ( english upgrade =, upgrading '), however, expanded software significantly with new functions. It stands for a new version of the software and is usually indicated by a change in the major version number.

There are also similar terms that also describe desired changes to software, but basically do not represent an update (no update).

Sometimes there are established terms for updates that are only used by certain products or companies.

• Service Pack - a u. a. Term used by Microsoft for bundling updates into a larger package. For Windows, the release of a service pack also has an impact on the support period (Microsoft support duration policy).

distribution

With over-the-air updates (OTA), the software is transmitted via a radio interface (typically WLAN or cellular network ).

Demarcation

The term software update explicitly describes the updating of software. This also includes the firmware of computer systems (e.g. the BIOS or its successor UEFI , but also e.g. the firmware of the embedded controller ) or components (e.g. graphics cards , various controllers , hard drives and SSDs , optical drives etc.), whereby the terms firmware update and firmware update ultimately also represent software updates.

Outside of this, in software development the term update also applies to methods of the software itself, e.g. B. to update objects. This can be, for example, screen updates by software, or CRUD operations on databases .

See also

• Package management

supporting documents

1. ↑ FlowFact CRM Software 2009, Volume I, ISBN 978-3-8370-9057-4 , excerpt from page 17: “During a database update, the previous data is read into the extended database structure and converted if necessary. This process is fully automatic. " , See excerpt from the original text ( limited preview in Google Book Search)
2. ↑ rails: 4.0.0 - Track your Gems at VersionEye. In: versioneye.com. August 2, 2013, accessed January 17, 2015 . 
3. ↑ Visual: rails: 4.0.0. In: versioneye.com. Retrieved January 17, 2015 . 
4. ↑ About Incompatible Software on Mac - Some incompatible software is automatically disabled when you upgrade macOS , Apple dated November 7, 2016, accessed March 13, 2019
5. ↑ DIN EN 60880: 2010-03; VDE 0491-3-2: 2010-03 Nuclear power plants - Control technology for systems with safety-related importance - Software aspects for computer-based systems for implementing Category A functions , DIN of March 2010, accessed on March 13 2019
6. ↑ Check off WannaCry - somehow at least / Why patching is not always an option , GData from May 23, 2017, accessed on March 13, 2019
7. ↑ Thousands of patients affected by pacemaker recall, Ärzte Zeitung of February 14, 2019, accessed on March 13, 2019
8. ↑ TUI: Millions in costs due to Boeing 737 Max 8 , NDR.de from March 14, 2019, accessed on April 7, 2019
9. ↑ Updates: Only a few providers update reliably , test.de from March 6, 2019, accessed on April 8, 2019
10. ↑ Jan Schüßler: Convenience Rollup for Windows 7: The Non-SP2. In: Heise online . May 18, 2016 . Retrieved December 3, 2018 .; Quote: “Microsoft explicitly does not call the convenience rollup“ Service Pack 2 ”, although from the point of view of many users it should be exactly that. But there are differences: The release of another service pack would trigger a new support policy because Microsoft only guarantees support for an operating system if the latest service pack is installed. "