Why Software Needs to Be Updated

Over time, the holes in software are found, via additional testing by the companies that created the software or by hackers or others who use the holes for malicious purposes. As soon as holes are discovered, the software company updates their software to close them. It is a little bit like having a pet mouse that keeps figuring a way out of his cage. You can close one escape route, and the little crafty devil finds another, so you close that one, and so on.

For example, recently a vulnerability was found in Windows Media Player 10 that allows hackers to supply Media Player a bitmap file (.BMP) that specifies a size of zero but contains data. When Media Player tries to read the file, it causes a failure in the program and allows hackers to potentially execute some malicious code. A computer virus could be written exploiting such a hole and then those lured to a website with the picture (bitmap file) could trigger the virus on their computer.

The United States Computer Emergency Readiness Team (US-CERT) collects and publishes a database of such vulnerabilities so that computer operating system vendors such as Microsoft and security software vendors such as Symantec can incorporate corrections and detection mechanisms into their software. You can find the complete threat list here:

http://www.kb.cert.org/vuls/

Instead of reading such a list daily and worrying about it, the best course of action is to keep your software current. Regularly updating your software plugs such holes so that viruses and other malicious programs can no longer exploit them to do bad things inside your computer.