Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


10 BIGGEST COMPUTER SECURITY MYTHS BUSTED

Source: Gizmodo Australia

Posted on May 16, 2012

Myth #10. Computers represent the biggest security risk

While many criminals and scammers use email, web sites and other electronic tools, they haven't abandoned more traditional methods. According to the Australian Competition and Consumer Commission, phone scams remain more common than any other type. That doesn't mean you shouldn't take appropriate precautions when you're online. Rather, it serves as a reminder that a questioning attitude is wise whenever you interact with people in any forum.

Myth #9. Security software companies write most viruses

A persistent myth ever since computer viruses first emerged holds that most of the viruses are secretly written by security software companies, who distribute them in order to keep themselves in business. It isn't hard to see why this is a nonsensical claim. Firstly, it presupposes the existence of some massive conspiracy in which a bunch of rival companies all agree not to dob each other in, and manage to do so in a way which eliminates all traces of evidence and has never been detected by any independent security researchers.

Secondly, it relies on the outdated view that viruses are the only thing security software deals with. Given that a large part of security now focuses on analysing the contents of web sites and email, it's obvious that writing viruses would be a lousy business model.

Myth #8. Personal data is sold for large sums

It's true that the malware world is a professional one these days: the people writing code aren't doing it for kicks, they're doing it to access information with which they can make money. But that doesn't mean that your own individual log-in details are worth a fortune. As we've noted before, information of this type is generally traded in bulk between criminals, and often barter rather than outright cash payments are involved.

Myth #7. I should pay for this security software that has just spotted a flaw

It's true that the malware world is a professional one these days: the people writing code aren't doing it for kicks, they're doing it to access information with which they can make money. But that doesn't mean that your own individual log-in details are worth a fortune. As we've noted before, information of this type is generally traded in bulk between criminals, and often barter rather than outright cash payments are involved.

In a weird twist on Myth #9, fake security software - often referred to as scareware- has become a growing problem. This software once installed claims to have detected (non-existent) security problems, but suggests that paying for an upgrade will eliminate the problem. In reality, all it will eliminate is the contents of your wallet. Some ransomware can be very persistent and difficult to uninstall. Legitimate security software will usually detect it.

The bottom line? If a message appears from a security software package you don't remember installing, you've got a problem - but the problem is the fake security software itself.

Myth #6. I can trust messages from my friends

One of the most common cash/identity theft scams kicks off when you receive an email (or a Facebook message) from a close friend claiming that they're overseas and have been injured or robbed, and need some money transferred urgently. Your natural instinct is to help, but the odds are overwhelming that it's actually a fake.

If your friend's system has been hacked (perhaps because they didn't follow good password practices), then it's very easy for a fake message of this type to get out. It's also very easy to check: my mother got one of these messages recently claiming a good friend was in Spain.

Fortunately, she had the sense to ring her friend at home in Tasmania, and quickly realised the message was a fake. Practice that same good sense yourself.

Myth #5. Windows is full of security holes

If you keep it regularly patched and use the built-in security features, Windows is a secure operating system. While some decisions Microsoft made in the past (such as letting all users install software unheeded) undoubtedly contributed to problems, that isn't the case with Windows 7. With User Account Control enabled, the chances of something installing itself unbidden are slight.

Unfortunately for Microsoft, many users don't patch their systems or use security software, so they leave vulnerabilities in place long after they have been resolved. Top 10 lists of malware infections are invariably populated with code that has been identified and patched against long before (often years before).

The popularity of Windows means this problem isn't going to disappear, but it's a mistake to presume that means Windows itself is permanently or intractably insecure. Like any computer OS, it is ultimately at the mercy of its users.

Myth #4. Online criminals only target big business

The prevalance of phishing messages from big banks and other organisations can give the appearance that security threats are aimed mostly at large businesses. While a big company can make a juicy target, cyber-criminals spread their net far and wide. As we noted recently, any size of business can be a target.

Myth #3. Microsoft (or whoever) wants to ring and help fix your security issues

This scam is so common and recurs so frequently we need to single it out specifically. You get a phone call claiming to be from Microsoft (or Telstra, or Australia Post, or Apple), saying that a security problem has been detected but that the support worker can talk you through how to fix Don't waste time discussing the issue arguing: just hang up. It's a scam, designed to con you into willingly install software on your computer that will make it remotely accessible to others.

From there, it's an easy step to steal your personal data, use your computer as part of a botnet to distribute spam or launch attacks on others, and (potentially) to ask you to pay for the service.

The simple truth? No-one legitimate will ever ring to tell you a security problem has been detected on your computer. The world does not work like that, and never has.

Myth #2. Macs don't suffer from security issues

We've covered this in detail recently, and the swift emergence of two Mac security problems in quick succession underscores the point: no operating system is impervious. Modern code is so complex that flaws emerge everywhere, and you need to be alert whatever platform you use.

Myth #1. You don't need security software

Keeping your computer secure does require you to be alert. Not everything can be solved by software. If you give permission to a dodgy application to install itself, security software is not going to help much. If you click through web links in search of pirate software, problems are going to arise. Many Lifehacker readers are savvy computer users, and pride themselves on avoiding the obvious pitfalls.

However, that doesn't mean that you, as an individual, are so alert that you'll be able to detect every possible attack. Modern operating systems are hugely complex. Drive-by downloads delivered via browsers can be virtually invisible when they install. People often let friends or colleagues use their computers, and they may not be as cautious as you are.

Being alert is definitely preferable to blithely assuming everything will be OK. But your computer is a powerful tool. Let it share the load of keeping your system secure.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.