| |

Sunday, June 21, 2009

Wrong assumptions in safe surfing

These are the most famous myths on security and safe internet surfing. Know them and you are better prepared to protect your yourself and your data.

I don't keep important things on my PC, so I don't have to worry about security.

There was a time when this statement was partially true, but that time has long since passed. Current viruses, worms, and other threats, including the famous Conficker and Gumblar spread blindly across the Internet to thousands or millions of PCs in a matter of hours, without regard for who owns them, what is stored there, or the value of the information they hold. The purpose of such attacks is nothing less than to wreak havoc. If you ignore the reality of these attacks, you are certain to be hit at one time or another. Even if your computer is not attacked directly, it can be used as a zombie to launch a denial-of-service or other attack on a network or to send spam or pornography to other PCs without being traced. Therefore, your civic responsibility is to protect your PC so that others are protected.

I can protect my PC if I disconnect from the Internet or turn it off when I'm not using it.

Wrong. If you connect to the Internet at all, you are a target. You could download a virus when you connect and not activate it until days later when you read your e-mail off-line. Even if you rarely connect to the Internet, you can get a virus from a file off of a network, floppy disk, or USB flash memory drive. Virus propagates in many ways and Internet is just one of them.

I can protect myself from viruses by not opening suspicious e-mail attachments.

Wrong again. The next virus you get may come from your best friend's or boss' computer if his e-mail address book was used to propagate an attack. Many worms propagate this way, infected computers automatically sends malicious codes to all email contacts of the victim. And it is possible to activate some viruses simply by reading or previewing an e-mail. You simply must have a PC-based antivirus package as most comes with an email scanner.

I don't visit unknown or anonymous website so I don't need to worry about web-based attacks.

It is true that not visiting unknown and suspicious websites can protect you but this does not mean your 100% safe. Some legitimate websites are sometimes infected through web attacks like gumblar. And visiting the website can infect your PC immediately.

I have a Macintosh (or a Linux-based system), not a Windows system, so I don't have to worry about being attacked.

It is true that most attacks target Microsoft Windows–based PCs, but there have been attacks against Mac OS and Linux systems as well. Some experts have predicted that the Mac virus problem will get worse, because Mac OS X uses a version of Unix. And although these systems have some useful security features, they can still be attacked. See this post for Mac OS virus attacks.

My system came with an antivirus package, so I'm protected.

Not quite. First, if you haven't activated your antivirus package to scan incoming traffic automatically, you are not protected against e-mail and Web browser attacks. Second, new threats appear daily, so an antivirus package is only as good as its last update. Activate the auto-update features to stay on top of the latest threats. Third, an antivirus package can't protect you from every threat. In most cases you need a combination of solutions, including, at minimum, antivirus, a personal firewall and an anti adware/spyware. See this post on basic virus prevention.