Computers, laptops, tablets and smartphones all run on software conceived, developed and programmed by humans, and humans make mistakes. These mistakes can create vulnerabilities for cybercriminals to exploit.
Why so many updates?
In order to protect users, software manufacturers work hard to fix every known vulnerability as quickly as possible. Vulnerabilities are discovered through testing by the software manufacturers themselves, through user feedback or even through criminal hackers. As soon as the manufacturer has fixed the flaws, all users receive a software update.
How it works
On your computer, manufacturers such as Microsoft or Apple install updates automatically upon start-up. Therefore, keeping your computer up to date is usually very easy as it requires no action on your part. On other devices or for other programs, installing an update requires confirmation by clicking a button in a pop-up window; mobile phone apps often require a manual update.
«The faster you update your software, the lower the risk.»
Criminal hackers love flaws
When criminal hackers discover software flaws, they will try to make money out of them. Certain flaws can result in security breaches that can lead to malware being installed on your computer. Sometimes all it takes is a click on a carefully crafted web page or an infected email message. The faster you update your software, the lower the risk.
You deserve the best and latest
In addition to the security aspect, updates offer another advantage: manufacturers constantly develop their software, equipping it with new features, for example. Some updates improve the software and its ease of use significantly: why not take advantage?
What is malware?
The term malware or malware refers to a program that performs unwanted or hidden functions (e.g., erase, destroy or alter data) on the affected computer. Malicious programs are fully functional and often self-contained programs that are created and distributed by savvy programmers with criminal intentions. Malicious programs are
A zero day exploit is a cyber attack that occurs on the same day a weakness is discovered in software. At that point, it's exploited before a fix becomes available from its creator.
The curriculum vitae of a vulnerability can basically be divided into 4 time periods:
1 Seemingly safety gap-free section
2 A vulnerability is detected by someone and, if necessary, reported to the manufacturer of the program. At best, he also writes an attack program or sells this information to intelligence agencies or criminals.
3 The manufacturer develops an error correction (patch) depending on the significance of the vulnerability (only 60% – 80% of the published vulnerabilities are patched) and publishes the error correction – possibly together with the (previously unpublished) vulnerability. (Bug fixes can also contain security holes!), until the user finally installs the patch (possibly after a compatibility check).
4 Attack programs are also generated automatically from error corrections within a very short time (minutes). Thus, the update procedures of the manufacturers become serious security risks for the users.
In a drive-by attack, Internet users are infected with the malware when they visit a website where the attackers have placed malware.
It usually exploits vulnerabilities in the browser and plug-ins of the visitor to infect the computer. Such a process happens without the user being aware of it.