What problem you ask? For the purposes of this article the problem is that of not patching known vulnerabilities, propagating worms that could have easily been stopped and otherwise not taking the basic, simple steps necessary to do your part in protecting the Internet community you are sharing with the rest of the world.
The real question though is whose “culpa” is it? The vendor for not creating more secure software in the first place? The ISP’s for not blocking and locking down useless ports that can be used to propagate malicious code? Or each individual user for not applying the necessary patches? There certainly seem to be more parties at fault than fingers to point at them with.
In a perfect world operating system and software application developers would write bulletproof code without exploitable vulnerabilities. There would be no need for vulnerability mailing lists like Bugtraq or vulnerability scanners like Eeye Retina. Users and administrators would not have to be constantly watching for the next vulnerability announcement and continuously applying patches just to try and stay half a step ahead of the malicious code writers of the world.
In an almost perfect world vulnerabilities might exist, but would be discovered by whitehat security researchers or the original software developers themselves and patches would be made available that users and administrators could apply at their leisure rather than racing the clock to patch their systems before the malicious code writers can release a worm to exploit the vulnerability.
Unfortunately, this is not a perfect world. The operating systems and software applications are not perfect, vulnerabilities are discovered daily and often the blackhats know about it before the general public. By the time the vendor creates a patch and publicly announces the vulnerability it is a race to get your systems patched before the blackhats can exploit the vulnerability.
