Let’s pretend you’re going on a vacation. You pack your bags, board the pets, and ask the neighbor across the street to watch over your house. Your neighbor promises to report any possible crimes to the police, and glances across the street several times per day to check for unusual activity such as open windows or lights in your home.
But unbeknownst to your neighbor, you accidentally left a window open. This window is on the rear of the house, out of her line of sight, and opens into a room that is seldom used anyway. During the night, a burglar enters your home through this open window, and you return home to find that valuable property has been stolen.
How could this happen? You had a reliable, trustworthy friend keeping an eye on your home! Unfortunately, you both made a common mistake: You assumed that any security breach would be detected and promptly reported to the authorities. But your neighbor couldn’t report what she couldn’t see – and she couldn’t go across the street and close that open window when she didn’t even know it was open.
Computer and internet security sometimes work in the same way. Microsoft and other developers do indeed release security patches once they discover a hole in security. But if they don’t know about the hole yet, they can’t release an update. And that means your computer could be vulnerable to attack by hackers who become aware of the problem before developers do.
We call this type of unknown security threat a Zero Day vulnerability and hackers often create Zero Day Trojans and viruses to exploit these holes in your security. Cyber criminals who become aware of a Zero Day vulnerability before the developers are able to fly under the radar, causing problems and potentially stealing data before anyone even knows there is a problem.
This is one of the main reasons you should always be careful with links and attachments. Don’t open anything from an unknown source because you assume your computer’s antivirus program will catch any potential threats. Your security protocols are only as knowledgeable as the developers who create them – and what the developers don’t know cannot be programmed into an update.
