5 Security Myths
Think you're doing everything you need to do to be safe? Think again. Here are five common myths about digital security.
I don't have anything an attacker would want.
Average users commonly believe that the data on their computers is valuable only to them or has no intrinsic value at all, and that therefore they have nothing to protect and no need to worry. There are three problems with this way of thinking. First, instead of pilfering data, attackers often want to take control of the computer itself, as they can employ a compromised PC to host malware or to distribute spam. Second, you may not think that your PC has any important or sensitive information, but an attacker may be able to use seemingly trivial information such as your name, address, and birth date to steal your identity. And third, most attacks are automated and simply seek out and compromise all vulnerable systems; they do not discriminate based on a target's value.
I have antivirus software installed, so I am safe.
Antivirus software is an absolute necessity, and it's a great start, but installing it won't protect against everything. Some antivirus products are just that--they don't detect or block spam, phishing attempts, spyware, and other malware attacks. Even if you have a comprehensive security software product that protects against more than just viruses, you still must update it regularly: New malware threats are discovered daily, and antimalware protection is only as good as its last update. Keep in mind, as well, that security vendors need time to add protection against emerging threats, so your antimalware software will not guard you from zero-day or newly launched attacks.
Security is a concern only if I use Windows.
Microsoft certainly has had its share of security issues over the years, but that doesn't mean that other operating systems or applications are immune from assault. Though Microsoft products are the biggest target, Linux and Mac OS X have vulnerabilities and flaws, too. As alternative OSs and Web browsers gain users, they become more attractive targets, as well. Increasingly, attackers are targeting widely used third-party products that span operating systems, such as Adobe Reader.
My router has a firewall, so my PC is protected.
A firewall is great for blocking random, unauthorized access to your network, and it will protect your computer from a variety of threats; but attackers long ago figured out that the quickest way through the firewall is to attack you via ports that commonly allow data to pass unfettered. By default your firewall won't block normal traffic such as Web data and e-mail, and few users are comfortable reviewing firewall settings and determining which traffic to permit or block. In addition, many attacks today are Web-based or originate from a phishing attack that lures you into visiting a malicious Website; your firewall cannot protect against such threats.
Since I visit only major, reputable sites, I have nothing to worry about.
You certainly increase your system's odds of being infected or compromised when you visit the shady side of the Web, but even well-known Websites are occasionally infiltrated. Sites such as those for Apple, CNN, eBay, Microsoft, Yahoo, and even the FBI have been compromised by attackers running cross-site scripting attacks to gather information about users or to install malicious software on visitors' computers.