It’s an interesting question. Even more interesting is that the answer may be changing.
We stress how important it is to keep your system software up to date with the latest updates and patches and the like. Even applications frequently self-check and notify you automatically when updates are available.
But what about your BIOS?
Become a Patron of Ask Leo! and go ad-free!
BIOS & UEFI
The BIOS (or Basic Input/Output System), and in more recent computers, the UEFI (Unified Extensible Firmware Interface), is software that’s “hardwired” into your computer. (I’ll refer to both as “BIOS” throughout this article.) It’s the software that runs when you first turn on your machine — the software that does the power-on self test (aka “POST”). And it’s the software that knows how to find and load other software, like the operating system.
The BIOS may also be used by the operating system as an interface to access the hardware on your machine.
You’ve captured my opinion with respect to BIOS updates: “If it ain’t broke, don’t fix it.”
But recent events have shown us that something may indeed be “broke”, and it’s a BIOS update that would fix it. More on that in a moment.
Updating your BIOS
Unlike your operating system or even your application software, the BIOS rarely represents a vulnerability to your system. In fact, BIOS bugs, while they do happen, are typically infrequent and of low impact.
But they can happen, and if a fix for a problem you’re experiencing is a BIOS update, I would take it.
Note, however, the wording I used: “if a fix for a problem you’re experiencing“. Unlike the rest of the software on your machine, I do not generally recommend updating the BIOS just because there’s a new one available. Only when you’re experiencing a problem fixed by a BIOS update (or perhaps rebuilding a machine from scratch) would I proactively look for and install the latest update.
The risk of updating your BIOS
BIOS updates are kind of funny, since they update the firmware on your motherboard. As such, there’s a slight risk: if the update fails for any reason, you may not be able to reboot your machine. The machine may simply appear dead.
Most modern motherboards now include a reset mechanism to restore a BIOS to some original default. Sometimes it’s a small switch on the motherboard itself; sometimes it’s a jumper that temporarily connects two exposed connections; sometimes it’s something else.
And sometimes it doesn’t exist. There are still motherboards that cannot be reset. Sometimes it’s due to age. Sometimes it’s a specific security choice to avoid someone being able to take over a machine by replacing its BIOS.
Unfortunately, your machine may, indeed, be experiencing a problem in the form of a security vulnerability, and you may not even be aware of it. A class of CPU architecture vulnerabilities, beginning with Spectre and Meltdown, represent a CPU-level issue that for some machines is fixed or mitigated by an update to the BIOS.
The only way you would know this would be to check with your computer’s manufacturer. Your computer will function normally even with this issue in place.
If you have the opportunity, I would sign up for a notification mailing list from your computer’s manufacturer. I don’t think this is the last we’ll hear about this type of vulnerability needing a BIOS update.
Where BIOS updates come from
Updates to the BIOS of your computer should come only directly from that computer’s manufacturer. News and information should be available from the manufacturer’s support website. If you’ve built your own computer, then go to the website of the manufacturer of that computer’s motherboard.
That’s the canonical source for information about your computer, and the proper source for any and all updates to that computer’s BIOS.