Why are software vulnerabilities so dangerous?
In terms of computer security, we often here the term “vulnerability”, such as “the attacker exploited an unknown vulnerability in the software“.
The software you use – whether it is on your phone, tablet or PC – is designed to be secure. This means it will not let anyone access anything they shouldn’t on your device or install anything on your device that shouldn’t be there. This includes software like your Internet browser, operating system (Windows, Android, iOS etc.) and plugins like Flash.
But nothing is 100% secure. Not when the Internet is concerned. Cracks and loopholes are always being discovered in the software we use, and these can pose security risks. We call them vulnerabilities.
Because the software we use is designed to be secure, the majority of people who fall foul to more common Internet scams do so because they practised poor security habits. Maybe they opened an email attachment they shouldn’t have, downloaded and opened a file they shouldn’t have, or maybe they fell for a phishing scam and gave their username and password to a criminal. Basically, they bypassed the security provided to them by the software they use.
However vulnerabilities are different to your average Internet scam, because they can potentially affect anyone who uses the Internet, regardless of whether they practise good or bad security habits. That’s because they rely on the software we use being vulnerable, as opposed to the user making a security mistake.
Sponsored Content. Continued below...
To provide a real life example, a common Internet scam may involve an attempt to trick a visitor of a dangerous website into downloading a malicious file. Our Internet browser is designed to not allow a website into downloading anything to our device without our permission – it’s designed to be secure, after all. However a vulnerability could exploit a crack in our Internet browser that would result in a file being downloaded to our device automatically, without our knowledge.
In this case it is the software at fault, not the user.
Vulnerabilities can be especially dangerous simply because they don’t always rely on the user practising bad security habits, or at least they minimise the need to depend on the user falling into a trap. Exceptionally bad security vulnerabilities can effect almost anyone who uses the software the vulnerability exploits, and thus the consequences can be very bad indeed.
Always remember… Vulnerabilities that are known to the developers of the software they exploit are usually patched up and fixed in security updates, so always keep your software up-to-date and don’t use software that is no longer supported as this means vulnerabilities are not fixed even if they are known to the developer.
Want to know more? Read our article on zero-day vulnerabilities and exploits here.