What is a Security Vulnerability
A computer security Vulnerability is a ‘hole‘ in any software, operating system or service that can be exploited by web criminals for their own benefits. There is a difference between bugs and vulnerabilities, though both are the result of programming flaws. A bug may or may not be dangerous for the product. A Software Vulnerability, however, has to be patched as soon as possible, as web criminals can take advantage of using the vulnerability. A bug fix can wait if it does not help web criminals in compromising the product. But a vulnerability, which is a bug that is open to people, can use it to gain unauthorized access to the product and via the product, to different parts of a computer network, including the database. Thus a vulnerability has to be addressed urgently, to prevent exploitation of the software or this service. Some of the recent examples of Vulnerabilities are Shellshock or BASH vulnerability, Heartbleed, and the POODLE vulnerability. Microsoft defines a Vulnerability as follows: It then breaks down the definitions to make it easier to understand it – and lays down four conditions for anything to be classified as a vulnerability: Thus, according to Microsoft, a bug has to meet the above four criteria before it can be termed as a vulnerability. A normal bug fix can be created with ease and may be released with service packs. But if the bug meets the above definition, it is a vulnerability. In such a case, a security bulletin is issued, and a patch is made available as soon as possible.
What is a zero-day vulnerability
A zero-day vulnerability is a previously unknown vulnerability in software, which gets exploited or attacked. It is called zero-day, since the developer has had no time to fix it, and no patch has been released for it yet. Using the Enhanced Mitigation Experience Toolkit on Windows is a great way to protect your system against zero-day attacks.
Secure & protect yourself against Vulnerabilities
The best way to protect yourself against vulnerabilities is to ensure that you install updates and security patches for your operating system as soon as they are released, as well as ensure that you have the latest version of any software installed on your Windows computer. If you have Adobe Flash and Java installed on your computer, you will have to take particular care to ensure that you install their updates as soon as possible, as they are among the most vulnerable software and are a commonly used vector – and vulnerabilities in them are being discovered every other day. Also, ensure that you install a good Internet security software. Most such software includes a Vulnerability Scan feature that scans your operating system and software and helps you fix them in a click. There are several other software that can scan your computer for vulnerabilities in your operating system and installed software and we suggest you check out SecPod Saner Free. This tool will scan your computer for operating system vulnerabilities & unprotected fragments of program code, and typically detect vulnerable and outdated software and plug-ins which expose your otherwise updated & secure Windows computer to malicious attacks. Tomorrow we will see what are Exploits and Exploit Kits.