A brief look at why we need to patch our computers.
Many people treat a computer in the same way as a car or washing machine; if it’s not broke don’t fix it. Unfortunately there are varying degrees of broken and only when it gets to ‘really broken’ do we tend to notice. Here I take a look at why we should make the effort to patch a computer even when there appears to be nothing wrong.
When errors happen in source code the results are unpredictable. Sometimes a piece of code can be made to do something that was never intended and this is what is known as a bug. Some bugs are harmless while others can be devastating. If a bad guy discovers a bug and they can provoke the bug with repeatable and predictable results then that becomes an exploit and this is where the trouble begins.Part of the threat comes from so called zero-day exploits. Once the exploit is discovered it becomes a race for the developers to investigate, understand and fix the bug, and then to get that fix to all of their customers, against the bad guys distributing their malicious code to as many unpatched victims as possible. It’s very difficult to protect yourself against unknown threats but so far zero-day exploits have made up only a small part of the overall threat due to the high level of expertise needed to uncover new bugs.
Most malicious code targets bugs for which patches have already been released so in an ideal world most malicious code would be harmless because all of the bugs have already been squashed. Unfortunately the situation is far from ideal and a computer typically has software from more than a dozen vendors., meaning you will have to manage a dozen different patching services.