I’ve received a bit of feedback in recent weeks, that boils down to “how can
you say it’s ok to do X when you just described that X remains fundamentally
unsafe? Doesn’t that mean that there’s no hope? How can you remain online or
hope to ever use a computer safely?”.
The comments arose mostly in reaction to two articles: one that stated that
avoiding
the keyboard does not necessarily avoid keystroke loggers, and the other
that says simply that there’s
simply no way to know beyond a shadow of a doubt that your computer is
not infected.
I’ll readily admit that out of context those are two fairly disturbing
statements – accurate, but disturbing.
They’re not meant to make you stop using your computer – far from it.
They’re meant to make you more mindful of exactly how you use your
computer.
They’re meant to make you think.
]]>
The days have passed where just anyone can mindlessly start using a computer – any computer – online and not be concerned about security.
And yet many, if not most average users out there, don’t think about security one whit. They don’t act on it and don’t operate in what you or I would consider to be even a moderately safe way.
That’s what has to change.
I’m not arguing that it should or shouldn’t be that way – I guess in an ideal world we’d be back in that utopia before we needed to worry about others on the network trying to fool, steal from or harm us. What I am saying is that, for better or worse, we’re not in that ideal world. Today you ignore computer security at your own risk – and often at the risk of your friends and family.
And yes, of course not using computers at all avoids the risks completely.
It avoids them in the same way that never driving or riding in a car avoids the risks of traffic accidents. It avoids them in the same way that never flying avoids being in a plane crash.
It avoids them in the same way that living in a cave avoids being hit by a meteor.
It all boils down to a risks versus reward trade-off.
We’re willing to take on the risks of driving because the rewards afforded by being able to do so are “worth it”.
And we take reasonable precautions.
We make sure the car is in reasonably good shape, and that we have the skills to drive safely. We wear our seatbelts. Our local municipalities (typically) make sure that the roads we travel on are basically safe for motor vehicles.
And so on.
And yet, at any time, without warning, someone could accidentally or purposely drift over the center line and crash into our car. It not only could happen, it does happen.
And yet we get on the road and drive anyway.
Ideally we “drive defensively”. We drive safely while keeping an eye on “the other guy”, in case he or she does something stupid that might endanger us.
Computing is no different, except that a crash is typically much less life threatening.
To use the phrase coined by tech blogger and frequent Ask Leo! commenter Michael Horowitz, we need to practice Defensive Computing.
Quoting Michael:
Defensive computing, as I see it, is about taking steps when things are running well, to avoid or minimize problems down the road. Rather than focusing on solving computing problems, it’s about being smart and planning ahead to minimize problems and their impact.
More concretely, to me, that means all the things you very likely already know:
-
Learn safe computing behaviour.
-
Don’t open or click on spam.
-
Don’t open attachments you aren’t positive are safe.
-
Keep your system as up to date as possible.
-
Run anti-malware software, and keep it up to date.
-
Use a firewall.
-
Backup religiously, regularly and often. Redundantly, even.
Of the list, the first and the last are by far the most important: nothing can protect you from yourself, and a good backup can help you recover from almost anything.
I know it seems daunting – but then so did all the rules and safety warnings and hoops you had to jump through to start driving – and yet I’m sure that’s all second nature to you by now.
While it’s not a perfect metaphor, it doesn’t really have to be much different for using your computer.
Stay safe. Follow some fairly simple rules. Keep your eyes open and on the road. Keep your equipment in good shape. Don’t be reckless.
Computers and the internet open up a world of possibilities that I don’t want to see you become too scared to enjoy. Yes, there are risks – as there are risks simply getting out of bed every morning.
Be safe, and you can enjoy the ride.
You needn’t live in a cave.
The author of Defensive Computing has likely said it, but you should have also included the warning to never log into anything on a public internet terminal is important. Such as the ones at a hotel lobby or bar. You want to read news or check sports scores, fine. Don’t log in.
Remember all those scare stories how you needed to de-static yourself with a grounding bar each time before touching your keyboard? Otherwise you’d fry your entire computer? Or how it’s absolutely necessary to unplug your computer when there’s any hint of a thunderstorm?
And now we have scare stories how cookies, java, IM, etc will take over your entire computer, turning it into a raging monster that will reach out and EAT YOU right at your desk! AIYEEE!
People can’t just tell others to be careful, or mindful, of certain situations. Emails daily contain horror stories of destroyed lives and fortunes, all due to some computer malfeasance.
People LOVE to be terrified. (Look at the continuing success of horror movies.) Telling them to simply look both ways before crossing the street just doesn’t carry the same excitement as telling them killer trucks are WAITING to run them over as soon as they step off the curb.
Sure, even crossing the street is not 100% safe, but if the 1% or even 3% risk is so frightening, stay on the porch. For the rest, ignore the fear-mongering and just look both ways before stepping in front of a moving truck.
And, yes, the ones who exercise no precautions at all on their computers are just like those people at the mall parking lot who walk right into traffic without so much as a look in either direction. And then complain when something bad happens to them.
Sadly, this goes to what I believe you have mentioned in the past (as well as as Leo Laporte), the average American computer user is sadly ignorant of safe Internet procedures and basic computer operating skills. I don’t know if they aren’t teaching it in schools or what (I came to the party late, at about 28 years old), but when I got into PC’s about 15 years ago I educated myself about both Windows and the Internet via the Internet and awesome sites such as yours, Mr. Laport’s old tech show on what used to be a great computer channel, forums, etc. I also cracked awesome books such as ‘Windows 98 for Dummies’/’Find Gold in Vista’ by the great Mr. Dan Gookin (who DOES answer an email if you need him!).
With ‘self educating’ myself from such pros as yourself and the above mentioned experts, I feel safe to pay bills, purchase, etc. Online as I now know the pitfalls to avoid. I even enjoy playing around in the Windows registry, something most people have never heard of, which is sad, IMHO. I have no qualms about opening the tower and replacing/upgrading what I need too. I even enjoy blowing out the dust to ensure my PC continues to purr like a kitten. I still have much to learn, but thanks to you, I’m considered a trustworthy computer geek to my friends and family. Thank you very much for the very valuable advice you have given so freely.
Computers are waaaaaaaay too cheap nowadays. (I still remember when the main PC mag’s debated if the $1,000 PC was possible !!!) Today you can get an excellent use P4 for under $200. SO . . . use a “decoy” PC to access the Internet. Keep all your important stuff in your “real” computer. Make an image backup of your “Internet” computer and that will allow you to recreate it in minutes in case of an attack.
Transfer any “SAFE” stuff you need in your “real” computer (like bank statements) via flash card.
What I got from the article:
If you don’t spend more time MAINTAINING your PC than you do actually USING your PC, YOU’RE DOING IT WRONG.
I am tech-savvy and have, through experience, evolved my own methods of PC security. That involves:
1) Avoiding almost ALL web-sites that I’m not familiar with or are not legitimate tech-related destinations;
2) Emptying the browser-cache (Temp Internet Files, Cookies, History) after EVERY browsing session;
3) Running an active AV-guard and performing weekly scans, (Another author suggests having one active av-guard; and frequently scanning for malware with several different vendor-solutions which is ridiculous and time-consuming if you’re not having problems);
4) NEVER, NEVER, NEVER let ANY web-site or application “remember” your log-in info.
5) Deleting unknown emails, unread;
6) Stay “updated” (Windows, AV, etc.)
7) “Ghosting” my system to an external HD in it’s freshly-installed, updated & optimized/customized state.
8) And a whole bunch of other minor stuff.
Conclusion: There MUST be a better way for the non-techie masses.
It is true that computers are most unsafe but is it impossible that computer cant be used and ignore because majority of work done on computers
I thought it was a well thought out informative article that I totally agree with myself. It took me awhile but I’ve even gotten my mother to “be safe” on-line , after having to clean up more infections than I care to remember. It’s not hard to educate people if you give them concrete reasons/examples for the actions they need to do.