I’ve received a bit of feedback in recent weeks, that boils down to “how can
you say it’s ok to do X when you just described that X remains fundamentally
unsafe? Doesn’t that mean that there’s no hope? How can you remain online or
hope to ever use a computer safely?”.
The comments arose mostly in reaction to two articles: one that stated that
the keyboard does not necessarily avoid keystroke loggers, and the other
that says simply that there’s
simply no way to know beyond a shadow of a doubt that your computer is
I’ll readily admit that out of context those are two fairly disturbing
statements – accurate, but disturbing.
They’re not meant to make you stop using your computer – far from it.
They’re meant to make you more mindful of exactly how you use your
They’re meant to make you think.
The days have passed where just anyone can mindlessly start using a computer – any computer – online and not be concerned about security.
And yet many, if not most average users out there, don’t think about security one whit. They don’t act on it and don’t operate in what you or I would consider to be even a moderately safe way.
That’s what has to change.
I’m not arguing that it should or shouldn’t be that way – I guess in an ideal world we’d be back in that utopia before we needed to worry about others on the network trying to fool, steal from or harm us. What I am saying is that, for better or worse, we’re not in that ideal world. Today you ignore computer security at your own risk – and often at the risk of your friends and family.
And yes, of course not using computers at all avoids the risks completely.
It avoids them in the same way that never driving or riding in a car avoids the risks of traffic accidents. It avoids them in the same way that never flying avoids being in a plane crash.
It avoids them in the same way that living in a cave avoids being hit by a meteor.
It all boils down to a risks versus reward trade-off.
We’re willing to take on the risks of driving because the rewards afforded by being able to do so are “worth it”.
And we take reasonable precautions.
We make sure the car is in reasonably good shape, and that we have the skills to drive safely. We wear our seatbelts. Our local municipalities (typically) make sure that the roads we travel on are basically safe for motor vehicles.
And so on.
And yet, at any time, without warning, someone could accidentally or purposely drift over the center line and crash into our car. It not only could happen, it does happen.
And yet we get on the road and drive anyway.
Ideally we “drive defensively”. We drive safely while keeping an eye on “the other guy”, in case he or she does something stupid that might endanger us.
Computing is no different, except that a crash is typically much less life threatening.
To use the phrase coined by tech blogger and frequent Ask Leo! commenter Michael Horowitz, we need to practice Defensive Computing.
Defensive computing, as I see it, is about taking steps when things are running well, to avoid or minimize problems down the road. Rather than focusing on solving computing problems, it’s about being smart and planning ahead to minimize problems and their impact.
More concretely, to me, that means all the things you very likely already know:
Learn safe computing behaviour.
Don’t open or click on spam.
Don’t open attachments you aren’t positive are safe.
Keep your system as up to date as possible.
Run anti-malware software, and keep it up to date.
Use a firewall.
Backup religiously, regularly and often. Redundantly, even.
Of the list, the first and the last are by far the most important: nothing can protect you from yourself, and a good backup can help you recover from almost anything.
I know it seems daunting – but then so did all the rules and safety warnings and hoops you had to jump through to start driving – and yet I’m sure that’s all second nature to you by now.
While it’s not a perfect metaphor, it doesn’t really have to be much different for using your computer.
Stay safe. Follow some fairly simple rules. Keep your eyes open and on the road. Keep your equipment in good shape. Don’t be reckless.
Computers and the internet open up a world of possibilities that I don’t want to see you become too scared to enjoy. Yes, there are risks – as there are risks simply getting out of bed every morning.
Be safe, and you can enjoy the ride.
You needn’t live in a cave.