Vulnerabilities or security holes in the most widely used software are attracting more attention from both users and the media. The reason for this is that vulnerabilities have become a very effective means of propagation for many Internet threats.
Security holes are nothing new; but until computer networks appeared, they were not given much importance. They became the center of attention with the dawning ofthe Internet, as computers were no longer isolated but rather links in a long chain through which huge amounts of information were exchanged.
This is when security holes really started to become important. One of the first consequences was the appearance of viruses that exploited these flaws in order to spread rapidly, infecting thousands of computers. What's more, depending on the vulnerability, viruses can also use them to run automatically on the computer or get in through a communications port, without needing to use typical means of propagation, such as floppy disks or email.
An example of a recent vulnerability exploit is Exploit/MS04-028, which affects the process of viewing JPEG files. This problem has been detected in many of Microsoft's products, including Office XP, Office 2003 and Windows XP. When a user opens a JPEG image that has been specially crafted to exploit the vulnerability, a buffer overflow occurs that could allow malicious action to be taken on the computer, including stealing confidential information, sending out spam, opening backdoors or downloading and running files. For this reason, it is just a matter of time before threats exploiting this flaw appear.
This problem has recently become worse, as the time between a vulnerability being detected and malicious code that exploit it appearing has been reduced to just a few days.
But not only viruses exploit security flaws to achieve their objectives. Hackers also use them to get into computers and steal all kinds of information, as well as other threats like spyware or dialers, which can exploit vulnerabilities to install themselves on computers when users visit a web page.
How to protect against security holes
- The main tip on how to avoid a threat from affecting your computer through a software vulnerability is to keep yourself informed about the new flaws detected and apply the patches needed to fix them. To do this you should subscribe to a security bulletin. Similarly, you should also regularly visit the websites of the manufacturers of the software installed on your computer, where you will find all the patches needed to correct the security problems detected.
- Make sure you have an updated antivirus program installed. This will block many viruses that exploit software vulnerabilities in order to infect computers. An even more effective measure is to combine antivirus protection with a personal firewall to block viruses that use security holes to get into computers through unprotected communications ports.