This was originally posted on 13 Sep 2009. I accidentally deleted the post the next week. Here it is again “for the record”.

These days, security is a Red Queen’s race where “it takes all the running you can do, to keep in the same place.” Hackers are constantly raising the bar and making old protections worth less than they were the day before.

The company that hosts this blog recently posted a very good article on the problem. They recommend (and I strongly agree) that you need to keep your software fully up-to-date and patched. You might not be perfectly protected from every hacker attack but you’ll be protected from most and often that can be enough.

There’s an old essay by Mike Pilgrim comparing computer security to the Club and to Lojack. If you remember the club, it was a lock that fit on the steering wheel of the car, making it almost impossible for a thief to steer as he’s trying to get away. It wasn’t perfect security – a really determined thief who specifically wanted your car could drill the lock or just cut a section from the steering wheel. But it was pretty good protection from a thief who just wanted a car. As long as easier pickings are available, the thief will follow the path of least resistance.

A more grizzly way to say it is in the old joke about the two hikers who surprise a bear in the woods. They start running and the bear chases. One of them stops to change into sneakers and the other says “You’re crazy – even in sneakers you’ll never outrun a bear.” The other replies “I don’t have to be faster than the bear … I only have to be faster than you!”

That “faster than you” attitude can be enough to deflect the hacker to an easier target. On the other hand, if you don’t keep your software patched, you’re choosing to be the guy still in boots – the easy meat. Patch your software and keep it current. If you can, use a tool such as Secunia to help stay current. It’s a lot of work but it’s better than joining the bear for dinner.

Leave a Reply