Manufacturers often release firmware updates for their devices, whether it's computers, routers, printers or switches. But what is firmware, and why do you need to update it?
What is Firmware?
Firmware is software that runs computers and network devices, for example printers, routers, switches, wireless access points and anything else on the network. There’s also firmware on your TV remote control, cooker etc… anything that processes data. The firmware on computers might be referred to as the BIOS (Basic Input Output System) or in newer systems the UEFI (Universally Extensible Firmware Interface). The firmware (aka BIOS or UEFI) is held on a small computer chip called the CMOS (Complementary Metal Oxide Semiconductor) and/or another type of ROM (Read Only Memory). This chip is a physical computer chip and part of the computer.
For computers, the firmware “sits” between the hardware and the software… hence the name firmware.
Firmware is the code that tells the device what is it, how it’s basis systems work and, in the case of computers, where Microsoft Windows is and how to access it. It does a lot of other important things too, but that’s another story!
Like traditional software, firmware is susceptible to attack and from time-to-time vulnerabilities are detected. The manufacture, such as Dell, HP, DrayTek et al, respond and release updates to the firmware.
These updates are (normally) provided free of charge by the manufacturer. The update will be a program that updates the CMOS chip with the new updated firmware code.
The process of doing the update is straight forward and normally takes between 5 and 15 minutes per computer:
- Log into the computer as an administrator
- Go to the computer manufactures website
- Use the manufactures’ tools to scan the computer for updates
- If any are found, download
- Run the update program
- Reboot computer
- Hand back to user
However, this process is not without risk.
If the update process goes wrong, or is interrupted, the CMOS chip can become irrevocably corrupted. This renders the device useless such that it will not turn on.
From personal experience, expect a failure rate of between 1% and 5%. Generally newer computers and devices are better and more robust when it comes to firmware patching.
Vulnerabilities in firmware are real and should be defended against, particularly in servers and network edge devices such as routers and firewalls.
We recommend following the manufacturers recommendations and guidance, for example if the manufacturer recommends applying a patch to address a specific security vulnerability, then this guidance should be followed.
You should budget for failures and disruption should the patching process fail. This could be new parts, additional labour costs and/or downtime for the user.