What exactly is a software vulnerability? / MutualBank

Latest Financial News

Employee is suing his boss because his job was too boring

Tuesday, May 3, 2016 1:10 pm

Bored at work? Try suing your employer.

MutualBank Secure Login

MutualBank Online Banking


Have suggestions or topic requests? Let us know.

What exactly is a software vulnerability?

Posted by: Information Security on Tuesday, May 20, 2014 at 8:00:00 am

You may have heard recently about a major security vulnerability that was found in the Internet Explorer browser, specifically for those using it on the Windows XP operating system. This issue has since been addressed by Microsoft, but we thought we would provide you a more detailed understanding of what a vulnerability is and share some tips to protect your computer against them.

What is a software vulnerability? 

A software vulnerability is a flaw in an application that can be used in a certain manner by hackers to perform an unwanted action.   You may also have heard of vulnerabilities being referred to as security bugs.  These bugs are typically fixed by the software vendor in a short period of time after the vulnerability is made public by updating the affected software.  Almost all software is vulnerable at one time or another. 

How are vulnerabilities exploited by hackers? 

Hackers write software that takes advantage of the vulnerability making the application perform in an unwanted manner.  The hacker can deliver the malicious software to the victim by a number of mechanisms.  This is typically done by sending the victim an email that appears to be legitimate, but actually contains a link to an infected site.  If the victim clicks the malicious link in the email, their machine could become infected due to the vulnerable software on their machine. Hackers are constantly discovering and writing exploits for vulnerable software in an attempt to make money, gain notoriety, and steal confidential information.  

Programs with Frequent Vulnerabilities 

Java and Adobe exploits make up a large percentage of the total exploits available to hackers.  Java runs on approximately 3 billion machines worldwide. That’s a large attack footprint.  Java usually runs in the background and helps many applications function.  Adobe makes various products like Reader, Flash, Photoshop, Adobe AIR, and etc.  Most people have these programs installed on their machines.  Historically, these two companies release urgent security updates every few weeks.  

Tips to Remember

Two of the most important tips to remember when it comes to securing your computer are to:

  • Enable automatic updates for your operating system and applications
    Set your operating system, applications, and antivirus to check for daily updates. Below we’ve linked to some tutorials that show you how to enable automatic updates for your specific Windows operating system. Mac operating systems have automatic updates installed by default.

    From an application perspective, each program has its own settings regarding automatic updates. Most applications have updates installed by default or will alert you when an update is available, but it is best practice to ensure that all of your installed applications do have automatic updates enabled. You can do this most likely through the applications settings or preferences options.

Automatic Update Tutorials:
Windows XP, Windows Vista, Windows 7
Windows 8

  • Use a good antivirus product
    We are unable to officially recommend a specific antivirus product, but Bitdefender and Avast are highly rated.  Remember that antivirus isn’t fool proof.  Typically, antivirus has about a 60-70% detection rate.  Also, Mac users should install an antivirus program as well. A common misconception is that Mac computers aren’t susceptible to viruses but that is a misnomer. They may be less likely to get viruses than PCs, but they are indeed still vulnerable.  

It’s best to think of the security of your information in terms of layers.  Updating all your software is the first security layer.  Using an updated antivirus is the second layer of protection against an exploit. Employing this dual layered strategy will greatly reduce your risk to potential vulnerabilities.

If you have any specific questions or thoughts, please let us know below!

blog comments powered by Disqus

MutualBank on Twitter

MutualBank on Facebook