A vulnerability in software isn’t a bad thing in and of itself. It’s like a hole in a bathroom wall: as long as no one’s looking through it, there’s no damage done.
Of course, you would want to fix the problem and repair the hole - by updating your software that removes the vulnerability. However, as long as no one has found the hole, it’s not putting you at risk. It shouldn’t be there, but as long as no one knows about it, all is well.
An exploit is like someone finding the hole and looking through at whatever’s happening in your bathroom. If the hole is big enough, they can even reach in and steal personal things or flush your toilet when you’re not looking.
A software exploit can do things like look at the information on your computer, steal personal things like your passwords, or use your computer to send spam when you’re not looking.
What Does Security Software Do?
Anti-malware tools are like security cops with a big book of mug shots of all the people known to look in holes in bathroom walls. As soon as they see someone from that book, they kick them out (or at least let you know they’re lurking about).
The problem, of course, is that these cops are only as good as the information they have. If the anti-virus cop doesn’t have the photo of the Peeping Tom discovered elsewhere this morning, he won’t recognize him.
That’s why there are so many updates for anti-malware software and its databases!
However, not all anti-malware software is equally efficient and effective, just like not all cops are the same. Some are better at seeing certain kinds of things than others, while others get better data from their head office. Some anti-malware tools are better at catching certain things than others. And some are just incompetent.
Software vulnerabilities are often not obvious or easy to discover, unlike a bathroom wall. It’s not uncommon for a vulnerability to exist for years before someone stumbles across it and develops a way to exploit it.
To continue the “computer software is like a bathroom” story even further, the holes in your wall are very difficult to find. Depending on the quality of the original builder, there may be easier-to-find holes, but those are often found and fixed relatively quickly.
And here’s the scary part: hackers are like someone who spends all day and all night looking at your bathroom wall from the outside, hoping to find a hole no one else has found before. It’s not a new hole — it was there all along!
Or sometimes, they’ll find a new way to use a previously known hole that hasn’t been patched yet. Either way, as soon as they’re successful, they create malware that exploits the fact that your bathroom wall (the software on your computer) has an unpatched hole.
The advice for avoiding software exploits is the same as it’s always been.
- Keep your computer software up to date.
- Keep your anti-malware tools up to date, and keep their databases up to date - this usually happens automatically.
- In some cases, uninstall software that is known to have issues - common examples include Java and Flash Player. Gladly, both are mostly redundant these days!
- And, of course, don’t invite a crowd of Peeping Toms onto your computer by opening attachments you’re not certain are safe, running questionable downloads, or visiting questionable sites.
- Make backups of all your important data, including a complete system backup
And, even after doing all that, there’s still the possibility of a hole you don’t know about being found and exploited before all the defences are updated.
This is why good antivirus software includes what's called Behaviour Blocker. It checks for certain malicious behaviour patterns in the actions of the programs and raises an alert as soon as something suspicious occurs. Behaviour Blocker can detect almost any type of malware, even without requiring frequent online updates.
We've been using and selling Emsisoft Anti-Malware for many years and recommend it to all our customers. You can get Enterprise-grade protection for your computer for only $80 a year - that's less than 25c a day!