Yes, it is true. Airbags in cars save a whole bunch more lives than they end of costing, but sometimes, on rare occasions, they may take a life that otherwise would have been saved. Almost anyone, except the airbag instigators of the story, below understand the trade offs.
The TechnologyBUFOON.com, I mean Technologyreview.com published the following irresponsible headline with an obviously un-researched story.
Researcher: Update and You’re Owned
The premise is that many companies update their products using the http, rather than the https protocol. HTTPS is about encryption AKA privacy, not security.
There are attacks against https as well as http. It doesn’t matter what gets downloaded if it is not executed.
If a program requires a cryptographically strong signature before it executes the file then it is far more secure than a program relying only upon https for a sense of false security.
You are magnitudes more likely to get “owned” for not updating than for using a program that updates via http, rather than https.
Shame on TechnologyReview for such an irresponsible headline.
Director of Technical Education
Author ESET Research, ESET