Iâve received a bit of feedback in recent weeks, that boils down to âhow can
you say itâs ok to do X when you just described that X remains fundamentally
unsafe? Doesnât that mean that thereâs no hope? How can you remain online or
hope to ever use a computer safely?â.
The comments arose mostly in reaction to two articles: one that stated that
avoiding
the keyboard does not necessarily avoid keystroke loggers, and the other
that says simply that thereâs
simply no way to know beyond a shadow of a doubt that your computer is
not infected.
Iâll readily admit that out of context those are two fairly disturbing
statements â accurate, but disturbing.
Theyâre not meant to make you stop using your computer â far from it.
Theyâre meant to make you more mindful of exactly how you use your
computer.
Theyâre meant to make you think.
]]>
The days have passed where just anyone can mindlessly start using a computer â any computer â online and not be concerned about security.
And yet many, if not most average users out there, donât think about security one whit. They donât act on it and donât operate in what you or I would consider to be even a moderately safe way.
Thatâs what has to change.
Iâm not arguing that it should or shouldnât be that way â I guess in an ideal world weâd be back in that utopia before we needed to worry about others on the network trying to fool, steal from or harm us. What I am saying is that, for better or worse, weâre not in that ideal world. Today you ignore computer security at your own risk â and often at the risk of your friends and family.
And yes, of course not using computers at all avoids the risks completely.
It avoids them in the same way that never driving or riding in a car avoids the risks of traffic accidents. It avoids them in the same way that never flying avoids being in a plane crash.
It avoids them in the same way that living in a cave avoids being hit by a meteor.
It all boils down to a risks versus reward trade-off.
Weâre willing to take on the risks of driving because the rewards afforded by being able to do so are âworth itâ.
And we take reasonable precautions.
We make sure the car is in reasonably good shape, and that we have the skills to drive safely. We wear our seatbelts. Our local municipalities (typically) make sure that the roads we travel on are basically safe for motor vehicles.
And so on.
And yet, at any time, without warning, someone could accidentally or purposely drift over the center line and crash into our car. It not only could happen, it does happen.
And yet we get on the road and drive anyway.
Ideally we âdrive defensivelyâ. We drive safely while keeping an eye on âthe other guyâ, in case he or she does something stupid that might endanger us.
Computing is no different, except that a crash is typically much less life threatening.
To use the phrase coined by tech blogger and frequent Ask Leo! commenter Michael Horowitz, we need to practice Defensive Computing.
Quoting Michael:
Defensive computing, as I see it, is about taking steps when things are running well, to avoid or minimize problems down the road. Rather than focusing on solving computing problems, itâs about being smart and planning ahead to minimize problems and their impact.
More concretely, to me, that means all the things you very likely already know:
-
Learn safe computing behaviour.
-
Donât open or click on spam.
-
Donât open attachments you arenât positive are safe.
-
Keep your system as up to date as possible.
-
Run anti-malware software, and keep it up to date.
-
Use a firewall.
-
Backup religiously, regularly and often. Redundantly, even.
Of the list, the first and the last are by far the most important: nothing can protect you from yourself, and a good backup can help you recover from almost anything.
I know it seems daunting â but then so did all the rules and safety warnings and hoops you had to jump through to start driving â and yet Iâm sure thatâs all second nature to you by now.
While itâs not a perfect metaphor, it doesnât really have to be much different for using your computer.
Stay safe. Follow some fairly simple rules. Keep your eyes open and on the road. Keep your equipment in good shape. Donât be reckless.
Computers and the internet open up a world of possibilities that I donât want to see you become too scared to enjoy. Yes, there are risks â as there are risks simply getting out of bed every morning.
Be safe, and you can enjoy the ride.
You neednât live in a cave.
The author of Defensive Computing has likely said it, but you should have also included the warning to never log into anything on a public internet terminal is important. Such as the ones at a hotel lobby or bar. You want to read news or check sports scores, fine. Donât log in.
Remember all those scare stories how you needed to de-static yourself with a grounding bar each time before touching your keyboard? Otherwise youâd fry your entire computer? Or how itâs absolutely necessary to unplug your computer when thereâs any hint of a thunderstorm?
And now we have scare stories how cookies, java, IM, etc will take over your entire computer, turning it into a raging monster that will reach out and EAT YOU right at your desk! AIYEEE!
People canât just tell others to be careful, or mindful, of certain situations. Emails daily contain horror stories of destroyed lives and fortunes, all due to some computer malfeasance.
People LOVE to be terrified. (Look at the continuing success of horror movies.) Telling them to simply look both ways before crossing the street just doesnât carry the same excitement as telling them killer trucks are WAITING to run them over as soon as they step off the curb.
Sure, even crossing the street is not 100% safe, but if the 1% or even 3% risk is so frightening, stay on the porch. For the rest, ignore the fear-mongering and just look both ways before stepping in front of a moving truck.
And, yes, the ones who exercise no precautions at all on their computers are just like those people at the mall parking lot who walk right into traffic without so much as a look in either direction. And then complain when something bad happens to them.
Sadly, this goes to what I believe you have mentioned in the past (as well as as Leo Laporte), the average American computer user is sadly ignorant of safe Internet procedures and basic computer operating skills. I donât know if they arenât teaching it in schools or what (I came to the party late, at about 28 years old), but when I got into PCâs about 15 years ago I educated myself about both Windows and the Internet via the Internet and awesome sites such as yours, Mr. Laportâs old tech show on what used to be a great computer channel, forums, etc. I also cracked awesome books such as âWindows 98 for Dummiesâ/âFind Gold in Vistaâ by the great Mr. Dan Gookin (who DOES answer an email if you need him!).
With âself educatingâ myself from such pros as yourself and the above mentioned experts, I feel safe to pay bills, purchase, etc. Online as I now know the pitfalls to avoid. I even enjoy playing around in the Windows registry, something most people have never heard of, which is sad, IMHO. I have no qualms about opening the tower and replacing/upgrading what I need too. I even enjoy blowing out the dust to ensure my PC continues to purr like a kitten. I still have much to learn, but thanks to you, Iâm considered a trustworthy computer geek to my friends and family. Thank you very much for the very valuable advice you have given so freely.
Computers are waaaaaaaay too cheap nowadays. (I still remember when the main PC magâs debated if the $1,000 PC was possible !!!) Today you can get an excellent use P4 for under $200. SO . . . use a âdecoyâ PC to access the Internet. Keep all your important stuff in your ârealâ computer. Make an image backup of your âInternetâ computer and that will allow you to recreate it in minutes in case of an attack.
Transfer any âSAFEâ stuff you need in your ârealâ computer (like bank statements) via flash card.
What I got from the article:
If you donât spend more time MAINTAINING your PC than you do actually USING your PC, YOUâRE DOING IT WRONG.
I am tech-savvy and have, through experience, evolved my own methods of PC security. That involves:
1) Avoiding almost ALL web-sites that Iâm not familiar with or are not legitimate tech-related destinations;
2) Emptying the browser-cache (Temp Internet Files, Cookies, History) after EVERY browsing session;
3) Running an active AV-guard and performing weekly scans, (Another author suggests having one active av-guard; and frequently scanning for malware with several different vendor-solutions which is ridiculous and time-consuming if youâre not having problems);
4) NEVER, NEVER, NEVER let ANY web-site or application ârememberâ your log-in info.
5) Deleting unknown emails, unread;
6) Stay âupdatedâ (Windows, AV, etc.)
7) âGhostingâ my system to an external HD in itâs freshly-installed, updated & optimized/customized state.
8) And a whole bunch of other minor stuff.
Conclusion: There MUST be a better way for the non-techie masses.
It is true that computers are most unsafe but is it impossible that computer cant be used and ignore because majority of work done on computers
I thought it was a well thought out informative article that I totally agree with myself. It took me awhile but Iâve even gotten my mother to âbe safeâ on-line , after having to clean up more infections than I care to remember. Itâs not hard to educate people if you give them concrete reasons/examples for the actions they need to do.