Keeping your computer secure can be confusing, so it's not surprising that mistaken beliefs often end up taking root. Here are the ten biggest myths about computer security, busted once and for all.
Picture by Niels Heidenreich
We've run posts in the past covering common virus myths, but viruses are just one small part of the overall security equation. Here are some widespread beliefs that are (for the most part) flat-out wrong.
Myth #10. Computers represent the biggest security risk
While many criminals and scammers use email, web sites and other electronic tools, they haven't abandoned more traditional methods. According to the Australian Competition and Consumer Commission, phone scams remain more common than any other type. That doesn't mean you shouldn't take appropriate precautions when you're online. Rather, it serves as a reminder that a questioning attitude is wise whenever you interact with people in any forum.
Myth #9. Security software companies write most viruses
A persistent myth ever since computer viruses first emerged holds that most of the viruses are secretly written by security software companies, who distribute them in order to keep themselves in business. It isn't hard to see why this is a nonsensical claim. Firstly, it presupposes the existence of some massive conspiracy in which a bunch of rival companies all agree not to dob each other in, and manage to do so in a way which eliminates all traces of evidence and has never been detected by any independent security researchers. Secondly, it relies on the outdated view that viruses are the only thing security software deals with. Given that a large part of security now focuses on analysing the contents of web sites and email, it's obvious that writing viruses would be a lousy business model.
Myth #8. Personal data is sold for large sums
It's true that the malware world is a professional one these days: the people writing code aren't doing it for kicks, they're doing it to access information with which they can make money. But that doesn't mean that your own individual log-in details are worth a fortune. As we've noted before, information of this type is generally traded in bulk between criminals, and often barter rather than outright cash payments are involved.
Myth #7. I should pay for this security software that has just spotted a flaw
In a weird twist on Myth #9, fake security software -- often referred to as scareware -- has become a growing problem. This software once installed claims to have detected (non-existent) security problems, but suggests that paying for an upgrade will eliminate the problem. In reality, all it will eliminate is the contents of your wallet. Some ransomware can be very persistent and difficult to uninstall. Legitimate security software will usually detect it. The bottom line? If a message appears from a security software package you don't remember installing, you've got a problem -- but the problem is the fake security software itself.
Myth #6. I can trust messages from my friends
One of the most common cash/identity theft scams kicks off when you receive an email (or a Facebook message) from a close friend claiming that they're overseas and have been injured or robbed, and need some money transferred urgently. Your natural instinct is to help, but the odds are overwhelming that it's actually a fake.
If your friend's system has been hacked (perhaps because they didn't follow good password practices), then it's very easy for a fake message of this type to get out. It's also very easy to check: my mother got one of these messages recently claiming a good friend was in Spain. Fortunately, she had the sense to ring her friend at home in Tasmania, and quickly realised the message was a fake. Practice that same good sense yourself.
Myth #5. Windows is full of security holes
If you keep it regularly patched and use the built-in security features, Windows is a secure operating system. While some decisions Microsoft made in the past (such as letting all users install software unheeded) undoubtedly contributed to problems, that isn't the case with Windows 7. With User Account Control enabled, the chances of something installing itself unbidden are slight.
Unfortunately for Microsoft, many users don't patch their systems or use security software, so they leave vulnerabilities in place long after they have been resolved. Top 10 lists of malware infections are invariably populated with code that has been identified and patched against long before (often years before). The popularity of Windows means this problem isn't going to disappear, but it's a mistake to presume that means Windows itself is permanently or intractably insecure. Like any computer OS, it is ultimately at the mercy of its users.
Myth #4. Online criminals only target big business
The prevalance of phishing messages from big banks and other organisations can give the appearance that security threats are aimed mostly at large businesses. While a big company can make a juicy target, cyber-criminals spread their net far and wide. As we noted recently, any size of business can be a target.
Myth #3. Microsoft (or whoever) wants to ring and help fix your security issues
This scam is so common and recurs so frequently we need to single it out specifically. You get a phone call claiming to be from Microsoft (or Telstra, or Australia Post, or Apple), saying that a security problem has been detected but that the support worker can talk you through how to fix Don't waste time discussing the issue arguing: just hang up. It's a scam, designed to con you into willingly install software on your computer that will make it remotely accessible to others. From there, it's an easy step to steal your personal data, use your computer as part of a botnet to distribute spam or launch attacks on others, and (potentially) to ask you to pay for the service.
The simple truth? No-one legitimate will ever ring to tell you a security problem has been detected on your computer. The world does not work like that, and never has.
Myth #2. Macs don't suffer from security issues
We've covered this in detail recently, and the swift emergence of two Mac security problems in quick succession underscores the point: no operating system is impervious. Modern code is so complex that flaws emerge everywhere, and you need to be alert whatever platform you use.
Myth #1. You don't need security software
Keeping your computer secure does require you to be alert. Not everything can be solved by software. If you give permission to a dodgy application to install itself, security software is not going to help much. If you click through web links in search of pirate software, problems are going to arise. Many Lifehacker readers are savvy computer users, and pride themselves on avoiding the obvious pitfalls.
However, that doesn't mean that you, as an individual, are so alert that you'll be able to detect every possible attack. Modern operating systems are hugely complex. Drive-by downloads delivered via browsers can be virtually invisible when they install. People often let friends or colleagues use their computers, and they may not be as cautious as you are.
Being alert is definitely preferable to blithely assuming everything will be OK. But your computer is a powerful tool. Let it share the load of keeping your system secure.
Lifehacker 101 is a weekly feature covering fundamental techniques that Lifehacker constantly refers to, explaining them step-by-step. Hey, we were all newbies once, right?