When Bugs Strike

Decorative Image - exploding cubes

A blunt look at the damage that can be caused when a computer infection takes hold with examples from recent news.

Computer bugs can take many forms, some are harmless while others are devastating, some need coaxing and provocation while others can crop up during business as usual.  In last week’s post I described how bugs occur as a reason to patch your computer.  Here I highlight the damage that bugs can cause as a persuader to patch your computer in case you’re not convinced.

I’d like to point out that while a patched computer is typically more secure than an unpatched computer, it’s probably not 100% secure; there are likely to be many more bugs waiting to be discovered and exploited.

One of the most disastrous bugs in history caused the explosion of an Ariane 5 space rocket on its virgin test flight in 1996. Fortunately it was unmanned but the loss cost $370million!  This bug happened when one program tried to pass a number with too many decimal digits into another program from an older rocket. Granted, this is worst case scenario and is unlikely in a home computing scenario.

More realistically an exploited bug can lead to a keylogger listening for usernames, passwords or credit card numbers and then silently sending its bounty off to the bad guys. A bug can open a channel that would allow the bad guys to remotely watch or take control of your computer. A bug can be a gateway to allow the bad guys to install rogue programs on your computer that might hold your files to ransom or advertise software to clean up an infection (that the bad guys control of course).

So how is a bug exploited? Unfortunately many of the things that you do every day can be (mis)used as the mechanism that bad guys use to exploit a bug on your computer. The common advice for PC security is a good start but it often doesn’t go far enough…

  • Don’t click on links in a website or an email if you don’t recognise the target, but links can be disguised so they might not take you where you think they will
  • Don’t open emails if you don’t recognise the sender, but email addresses can be spoofed and email accounts can be taken over
  • As long as you don’t download files from a malicious website you’ll be ok, but so called drive-by downloads don’t need you to do anything more than visit the website
  • Some types of files are safer than others, but almost any file type can be altered to include malicious code, even PDFs, images or videos

So what can we do to avoid these exploits? Well following the common advice will help to avoid attacks from idiots and amateurs but the clever bad guys could take complete control of your computer and you’d never even know about it until they want you to. The problem is that you have to avoid every possible attack scenario but the bad guys need only find one to win.

In effect, you would have to avoid using pretty much every part of your computer and the web in order to be sure of avoiding attacks, which is not really feasible. Instead, if you keep your computer up to date with patches then you will at least make it more difficult for the bad guys to get a foot hold, and that’s a good start.

I hope this has helped, without scaring you too much 🙂

Image Attribution: Thanks to Idea go @ FreeDigitalPhotos.net for the images

2 thoughts on “When Bugs Strike

  1. Anonymous

    Couldn’t decide which of the Patch posts to ask this on, but here will do. On a practical level, is it just my browser and the add ons and things I need to worry about patching?

    Is it likely that all my software will automatically patch for me, or at least ask me if I want to? Or do I need to go out of my way to make sure I check?

  2. thegaryhawkins Post author

    Hi Cat, it’s worth spending 30 minutes as a one off task to go through at least the most common programs on your computer and check if they have auto-updates. Many of them will at least check for updates when they are started so it’s semi-auto.

    The Operating System should certainly patch (or at least notify you of patches) automatically so then yes, focusing on your browser and add-ons would be the next step.
    Remember though that programs are used through the browser but aren’t necessarily add-ons like Adobe and Java so you might need to check those too. The Qualys BrowserCheck service will include these things.

    #HTH 🙂

Comments are closed.