All software has bugs. Some are never found. Some aren’t important. A few are dangerous. It is estimated that Windows XP had 40 million lines of code and Mac OS X 10.4 had about 80 million. It is sadly inevitable that some of these bugs will be exploitable by people who want to hijack your machine for their own reasons.
You might ask yourself “why?”. It’s a perfectly reasonable question. Most of us have far better things to do with their time than to try to get into other people’s computers. You might also suggest that you haven’t got anything worth stealing on your PC anyway, so even if someone did take the time to create an exploit, why bother?
There are a number of reasons for all of this, but it all boils down to one thing: money. The criminal economy on the Internet is huge. And increasing. These criminals don’t care who they target as they operate, mainly, on scale. They ensnare vast numbers of machines, unknown to their owners, to do their bidding through the use of bot nets. Essentially, they use these huge networks of computers to attack company websites and to extort protection money from them. They are also used to send spam, break encryption codes and hide child pornography. As a sideline, they also harvest personal information from the machines they infect and often steal passwords to bank accounts.
So, what can you do about it?
Patch! In Windows, make sure automatic updates are enabled. In Mac OS X, check the Software Update link from the Apple menu (more information).But not just the operating system… If you’re using a PC, download the Secunia Personal Software Inspector. It’s free and shows you all of the programs installed on your PC and whether it’s insecure.
Macs are vulnerable. Even Apple themselves recommend using anti-virus products on OS X. I personally have seen a number of Macs infected with bot nets and Apple have been slow, in the past, to update software that has known bugs in it.
Patching is no substitute for running an anti-virus scanner, but is equally as important. AV scanners will often stop an exploit from working, so it’s best to remove the vulnerable code. It’s worth bearing in mind that AV scanners will also stop things from being installed intentionally by a user of a machine if it’s infected with something.
LSE provides free anti-virus for home use to students and staff here. Other free and paid-for anti-virus products exist.
I’d be interested to know your experiences. Do you patch? Have you had problems in the past with malicious software? Send in your comments…