Lately, these two terms have been buzz words in the news, and usually, people use them interchangeably, but are they actually the same? I’ve always been told that IDS (Intrusion Detection Systems) or AV (Anti-Virus software) can typically detect the exploit, but will not be able to do anything about the vulnerability.
Now I am not a security expert, by any stretch of the imagination, but I will give it a shot here. If any security experts are out there, please comment and correct me if I am wrong in my assumptions.
Okay, here it goes.
Vulnerability – this is when there is a weakness in a software application, that can be “exploited” by a hacker, to cut through the hole, and launch a virus or worm.
Exploit – this is the generator of the hacker, who attempts to break through the weakness or vulnerability, that could eventually cause havoc to anything that the application touches. This “exploit” is the real danger.
So when you think of protecting yourself, you may want to think of how effective your tools are at detecting an “exploit”, and quarantining or blocking it. It also seems that vulnerabilities are simply holes in an application. The only that can be done here, is assuming the software vendor provides a hot patch to fix the holes, and make sure you apply the latest patches available for that application.
Conclusion: AV and IDS can detect and protect against exploits, but will not be able to do anything about vulnerabilities. That’s an application problem.
Or do I have this all wrong?