5 Security Myths
Think you're doing everything you need to do to be safe? Think again. Here are five common myths about digital security.
I don't have anything an attacker would want.
Average users commonly believe that the data on their computers is valuable only to them or has no intrinsic value at all, and that therefore they have nothing to protect and no need to worry. There are three problems with this way of thinking. First, instead of pilfering data, attackers often want to take control of the computer itself, as they can employ a compromised PC to host malware or to distribute spam. Second, you may not think that your PC has any important or sensitive information, but an attacker may be able to use seemingly trivial information such as your name, address, and birth date to steal your identity. And third, most attacks are automated and simply seek out and compromise all vulnerable systems; they do not discriminate based on a target's value.
I have antivirus software installed, so I am safe.
Antivirus software is an absolute necessity, and it's a great start, but installing it won't protect against everything. Some antivirus products are just that--they don't detect or block spam, phishing attempts, spyware, and other malware attacks. Even if you have a comprehensive security software product that protects against more than just viruses, you still must update it regularly: New malware threats are discovered daily, and antimalware protection is only as good as its last update. Keep in mind, as well, that security vendors need time to add protection against emerging threats, so your antimalware software will not guard you from zero-day or newly launched attacks.
Security is a concern only if I use Windows.
Microsoft certainly has had its share of security issues over the years, but that doesn't mean that other operating systems or applications are immune from assault. Though Microsoft products are the biggest target, Linux and Mac OS X have vulnerabilities and flaws, too. As alternative OSs and Web browsers gain users, they become more attractive targets, as well. Increasingly, attackers are targeting widely used third-party products that span operating systems, such as Adobe Reader.
My router has a firewall, so my PC is protected.
A firewall is great for blocking random, unauthorized access to your network, and it will protect your computer from a variety of threats; but attackers long ago figured out that the quickest way through the firewall is to attack you via ports that commonly allow data to pass unfettered. By default your firewall won't block normal traffic such as Web data and e-mail, and few users are comfortable reviewing firewall settings and determining which traffic to permit or block. In addition, many attacks today are Web-based or originate from a phishing attack that lures you into visiting a malicious Website; your firewall cannot protect against such threats.
Since I visit only major, reputable sites, I have nothing to worry about.
You certainly increase your system's odds of being infected or compromised when you visit the shady side of the Web, but even well-known Websites are occasionally infiltrated. Sites such as those for Apple, CNN, eBay, Microsoft, Yahoo, and even the FBI have been compromised by attackers running cross-site scripting attacks to gather information about users or to install malicious software on visitors' computers.
Additional Security Resources
Many sites and services on the Web can help you learn more about computer security threats or can analyze your machine to make sure it is clean and safe.
Hoax Encyclopedia: The About.com Antivirus site has a comprehensive database of e-mail and virus hoax messages. Before you forward the next "urgent" alert to your family and friends, check for it on this list.
McAfee Virus Information Library: McAfee maintains a complete listing of malware threats, including details on how they spread and how you can protect your computer against them.
Microsoft Consumer Security Support Center: On this page you can find solutions to common security problems, as well as links to other information and resources for Microsoft's security products.
Microsoft Malicious Software Removal Tool: This tool is designed to scan for and remove current, pervasive threats. Its scan is smaller and faster than a complete antimalware scan, but it identifies only a handful of threats. Microsoft releases a new version of the tool--along with regular security fixes--on the second Tuesday of each month ("Patch Tuesday").
Microsoft Security Essentials: This free antivirus application provides real-time protection for Windows PCs against viruses, worms, spyware, and other malicious software.
PhishTank: A community project, PhishTank is a database of known phishing sites. You can search the database to identify phishing sites, and you can add to the list any new sites you've encountered.
Trend Micro Housecall: Trend Micro's free HouseCall service scans your computer online to discover and remove any viruses, worms, or other malware that may be residing on it.