Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

Are the Bad Guys Winning?

//
In computer security, it certainly seems as if the “Black Hats” are usually one or more steps ahead of the “White Hats”. What are your thoughts?

There are two answers:

  1. Almost by definition, the bad guys will always be in the lead.
  2. It rarely affects the average consumer directly.

The bad guys aren’t necessarily winning, but they’ll always present a challenge for the good guys.

Become a Patron of Ask Leo! and go ad-free!

Bad guys are in the lead, always

I’ve referred to this as “the race” before: the race between the good guys and the bad guys. The bad guys are always in the lead. In fact, they can only be in the lead; the only question is by how large or small a margin.

First, we have to understand that there is no such thing as perfect software. None. Period.

Wanted PosterPut another way, all software — even the best, most artfully written, most thoroughly-tested software ever — still has bugs. Most small; some perhaps large; but there are always errors. This acknowledgment is not about resignation or giving up on the issue, it’s a reflection of the complex nature of software.

Software gets released with no known1 errors.

Then the bad guys discover an error — a vulnerability they can exploit for malicious purposes.

The race begins.

Media frenzy

In my experience, the media makes these discovered vulnerabilities seem like much more of an imminent threat than they actually are.

This is one of the reasons I’m mentioning skepticism more frequently of late — not just being skeptical of promises made in advertisements or spam emails, but being skeptical of news media reports on current technology.

Things are rarely as bad the headlines make them out to be. Remember, their goal is to get you to click and see an ad. The more frightening the headline and the more you think it might apply directly to you, the more likely you’ll click.

Yes, of course the <latest scary-sounding vulnerability> could absolutely delete all your files, expose all your information, steal your identity, expose nuclear launch codes, and who knows what else. And that’s exactly what you see in the headlines.

In reality, once made public (and often even before), vulnerabilities are quickly fixed, updates are quickly applied, and the malware exploiting the vulnerability rarely has the wide reach that the headlines scare us into thinking.

Pragmatic reality

In reality, the average consumer need do nothing more than continue to follow basic security practices and not panic. Following those practices, rarely do people experience real impact as a result of the latest news-making threat, and even if they do, it’s relatively minor and easy to bounce back from.

Are there outliers? Of course! There almost certainly are those impacted by <latest scary-sounding vulnerability>. Generally, those are folks who don’t follow security best practices, and/or are being specifically and individually targeted by hackers for some reason2.

By definition, the bad guys are always in the lead. But that doesn’t mean you need to panic. All you need do is keep up those basic security practices you should already be following anyway, and remain skeptical as you read the headlines.

Podcast audio

Play

Video Narration

Footnotes

1: Technically untrue. All software is released with known errors. The goal is that they are minor and of little impact. The tradeoff is, of course, the time it would take to fix them all.

2: I often refer to these folks as “high value targets”. Unless you have some legitimate reason to be considered “high value” for some reason, it’s not you. If you’re not sure … it’s not you. 🙂

14 comments on “Are the Bad Guys Winning?”

  1. “Media frenzy
    In my experience, the media makes these discovered vulnerabilities seem like much more of an imminent threat than they actually are.
    This is one of the reasons I’m mentioning skepticism more frequently of late — not just being skeptical of promises made in advertisements or spam emails, but being skeptical of news media reports on current technology.
    Things are rarely as bad the headlines make them out to be. Remember, their goal is to get you to click and see an ad. The more frightening the headline and the more you think it might apply directly to you, the more likely you’ll click.”

    ^^^ The above explanation is a good example why I refer to the media as Fake News.

    • Unfortunately, many in the media are more concerned about making money than disseminating the news. They rely on misleading headlines and sensationalism to get people to read or hear what they have to say. Even the most mainstream big players are guilty of this.

    • The MSM does contain a lot of lies but that is not just to attract viewers. They also get paid to spread propaganda. The MSM controls what people think and believe.
      Using the MSM they have our beliefs on their strings. E.g. if the US government wants to invade a country for some dubious reason, then the US government can easily get support for that action by repeating on the MSM that ISIS —or whatever the terrorist group of the month is— is found there.

      The MSM is a very powerful and important tool in controlling the population. Many people think that they are too smart to be manipulated like that, but every population that is being manipulated through propaganda thinks that they are too smart to be manipulated like that.

      No politician is going to ignore the power of the MSM to make people believe whatever they want people to believe. Power is what politicians are all about. So we need less blind trust in the MSM. I try to only believe what I can personally verify. For me this makes the news pretty boring but it is a good protection from propaganda.

      • That’s a paranoid conspiracy theory. All news services have their biases, but the non MSM news sources like Alex Jones and talk radio are pure BS.

  2. Sadly I cannot agree with this article relating to the binary depiction of “good people”vs.”bad people”. The issue is much deeper. For starters it’s the”ignorant people” vs. the “intelligent” people”.
    I am a retired educator and hold two Masters Degrees + post grad studies and yet I am in the “ignorant” category. WHY?
    Because unlike any older technologies created, ie.radios,TVs,autos, jets, etc this latest technology can control our lives, invade privacy like never before. The solution is not putting our trust in “those who were lucky enough” to be made aware of this potential and get educated in it; but for the public to demand educational opportunities for all(at no cost) to become members of the “intelligent” society. We no longer need to worry about who will be our next King, because right now our democracy, our freedoms are being controlled by the “elite Tech- Society”

    • I don’t agree with a singe point in this post. As to “…public to demand educational opportunities for all(at no cost)…”, that’s exactly what Ask Leo! does. Nothing comes at no cost. Educate yourself (I did). Everything you need to know is already sitting on the web waiting for you.

      • “Everything you need to know is on the web.” That’s true, but you need an education to soert the useful information from the lies and the irrelevant.

  3. “Are the Bad Guys Winning?” It’s a very good question Leo.

    Yes, they may well be winning here and there, at the moment, but a bad tree cannot produce good fruit. Any “wins” they might get are temporary and, probably, illusory.

    I believe most people on God’s earth are decent and honourable and simply want to get on with their lives with their families, with their hard-won free time, free from crime too.

    The reason for the evil which can be discerned here and there is, IMNSHO, down to three things :
    #1. Greed
    #2. Greed
    #3. Greed

    Hartelijk bedankt voor jou site and your tips, I like the Hero stories too.

  4. Whenever I read about a new vulnerability, I just check to see that my computer software is up to date and just go about my business. Sometimes there’s one that requires action on my part (updating BIOS for example). I tuned out Chicken Little and friends a while back. And of course I back up on a schedule.

  5. I read the article, and I failed to see where you put Mr. Healy in the ”ignorant people” category. I guess I need to read it again.

  6. I would revise your comment about “perfect software” as follows: “any software as complex as an operating system is never perfect.”

    I have written perfect software, but it wasn’t very complex. Every time, it did exactly what it was supposed to do, and nothing more.

    The closest we have seen to big and perfect was DOS 5. In the fullness of time, it was revealed to have three bugs. (I participated in the extensive beta test, along with many thousands of other people.)

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.