Other issues in this category (31)
A vulnerability (Vulnerability) is a piece of code that can be exploited to disrupt a system's operation and penetrate it.
There are vulnerabilities in any software program. Information about vulnerabilities and the ways they can be exploited is in high demand on the black market. Criminals use it to bypass existing security systems or to gain access to undocumented features of the software installed on target devices in order to attack PCs and handhelds.
This is one reason why individual researchers and companies actively search for vulnerabilities.
Out of concern for their reputations, which can be tarnished by the presence of vulnerabilities in their software, many companies and organisations (Google, Microsoft, Facebook, Mozilla, etc.) have special programmes that pay researchers for information about any security flaws they discover.
- In 2013 alone, Facebook received 14,673 vulnerability reports of which 687 were considered relevant. As a result, the company paid $1.5 million to 330 researchers from various countries.
- Microsoft's programmes Mitigation Bypass and BlueHat Defense offer security researchers $100,000 for each vulnerability they discover and $50,000 for a suggestion on how to close it.
Working as one of the good guys in cyberspace is lucrative and designing security software even more so!
Unfortunately, not all programmers are working with the good guys. Lacking moral scruples, such individuals often hand information about vulnerabilities to cybercriminals first, so that security researchers learn about them only when attackers start to exploit them.
That's why users need to use software that will protect their systems from programs attempting to penetrate them via unknown loopholes—so-called “zero-day” vulnerabilities.
- Dr.Web anti-viruses for Windows feature Dr.Web Process Heuristics, technologies that can detect abnormal behaviour in popular programs which usually indicates that the applications are being exploited.
- Furthermore, Dr.Web Security Space 11 and later versions use Dr.Web ShellGuard technology which protects PCs from exploits.