The Race is On
Software makers struggle with protecting customers
Friday, July 29, 2005
BY : Brian Ashe
The software on your computer has bugs. It always has and it always will. Programs are written by humans and as the old adage says we are prone to error.
That being said, those bugs have taken on a greater significance to our computer usage than they did a decade ago. At one time it was difficult to get a virus. You had to literally carry it in your hand to your PC. Now it takes little more than leaving your computer running while connected to the Internet.
Security researchers are constantly poking around various software programs looking for holes. When a new vulnerability is found, it is usual practice to inform the vendor of the problem. However, that is not always the case. Regardless, once the discovery has been made, the race begins. The race is for the software producer to fix the hole and get it out to the users of that program.
To help remove these gaping holes in your system's security, most software vendors release patches. These patches are often released with details that can help those with ill intent to create viruses, worms, etc. So the many software vendors began limiting the amount of information disclosed. This does create a slight edge against the malicious programmers, but at the cost of the users needing to trust that everything will now be OK.
However, like most things in this cat and mouse game of computer security, that edge is not as favorable as it was. New tools that perform an old trick known as a "Binary Diff" are becoming so capable now, that the release of the fix for your problem is now telling the bad guys exactly what they need to know to do harm.
So how does this affect you? Well, it means that if your are not keeping up regularly with patching your system, you are putting your computer at risk for an intrusion. These patches can be reverse engineered in 30 minutes and malicious software can be written within 10 hours of the release of the patch. That is a very small window of opportunity for you to keep up with.
While this still may be academic, it does show the importance of doing your updates regularly. There are tools on many programs to help assist you with this and some even offer to schedule the task. So take a look at the various software that you use and determine a plan of action for keeping them all up to date.
|
