There are two answers:
- Almost by definition, the bad guys will always be in the lead.
- It rarely affects the average consumer directly.
The bad guys aren’t necessarily winning, but they’ll always present a challenge for the good guys.
Become a Patron of Ask Leo! and go ad-free!
Bad guys are in the lead, always
I’ve referred to this as “the race” before: the race between the good guys and the bad guys. The bad guys are always in the lead. In fact, they can only be in the lead; the only question is by how large or small a margin.
First, we have to understand that there is no such thing as perfect software. None. Period.
Put another way, all software — even the best, most artfully written, most thoroughly-tested software ever — still has bugs. Most small; some perhaps large; but there are always errors. This acknowledgment is not about resignation or giving up on the issue, it’s a reflection of the complex nature of software.
Software gets released with no known1 errors.
Then the bad guys discover an error — a vulnerability they can exploit for malicious purposes.
The race begins.
In my experience, the media makes these discovered vulnerabilities seem like much more of an imminent threat than they actually are.
This is one of the reasons I’m mentioning skepticism more frequently of late — not just being skeptical of promises made in advertisements or spam emails, but being skeptical of news media reports on current technology.
Things are rarely as bad the headlines make them out to be. Remember, their goal is to get you to click and see an ad. The more frightening the headline and the more you think it might apply directly to you, the more likely you’ll click.
Yes, of course the <latest scary-sounding vulnerability> could absolutely delete all your files, expose all your information, steal your identity, expose nuclear launch codes, and who knows what else. And that’s exactly what you see in the headlines.
In reality, once made public (and often even before), vulnerabilities are quickly fixed, updates are quickly applied, and the malware exploiting the vulnerability rarely has the wide reach that the headlines scare us into thinking.
In reality, the average consumer need do nothing more than continue to follow basic security practices and not panic. Following those practices, rarely do people experience real impact as a result of the latest news-making threat, and even if they do, it’s relatively minor and easy to bounce back from.
Are there outliers? Of course! There almost certainly are those impacted by <latest scary-sounding vulnerability>. Generally, those are folks who don’t follow security best practices, and/or are being specifically and individually targeted by hackers for some reason2.
By definition, the bad guys are always in the lead. But that doesn’t mean you need to panic. All you need do is keep up those basic security practices you should already be following anyway, and remain skeptical as you read the headlines.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Footnotes & References
1: Technically untrue. All software is released with known errors. The goal is that they are minor and of little impact. The tradeoff is, of course, the time it would take to fix them all.
2: I often refer to these folks as “high value targets”. Unless you have some legitimate reason to be considered “high value” for some reason, it’s not you. If you’re not sure … it’s not you. :-)