In a previous article, I discussed the fundamental nature of our computer’s operating system: its absolute power to see, and potentially expose, anything we do. We frequently assume, often without actually thinking about it, that the OS is trustworthy.
That may or may not be true.
When it comes to the operating system, our options are limited. There’s really no choice: in order to use our device, we must use an operating system of some sort.
When it comes to the applications we install on our computers, we have both more choice and more risk.
Become a Patron of Ask Leo! and go ad-free!
Every application adds direct risk
Every application you download and install on your computer – be it your desktop, laptop, tablet, or phone – is an opportunity for your security and privacy to be compromised.
We regularly give applications much broader permissions to operate on our information than they need. In Windows, most programs can read any file, whether they need to or not. For example, that desktop chess game you just downloaded has complete access to the financial spreadsheets stored elsewhere on your computer.
On the other end of the spectrum, some operating systems allow us to control permissions at a per-application level. For example, when installing an app on an Android-based device, you’ll often be presented with a list of things to which the new application requires access.
If we want the application at all, we must grant it all the permissions it requests. And that’s exactly what most people, including myself, do: zip through the list of permissions requested as if it was a license agreement, and accept it all, without reading or considering.
Any application we install could be malicious. It could be explicitly malicious – meaning malware – or it could be less obviously malicious, sharing more information with third parties than we realize, violating our assumptions of privacy.
As we’ll see in a moment, as long as we take appropriate care, we can be relatively safe – but the possibility exists.
Every application adds indirect risk
Even the best-intentioned application includes risk, even if indirectly.
The program could have bugs. It could have errors or omissions that, in turn, could be leveraged by other, malicious software. It could “leak” our information unintentionally in ways third parties can intercept and collect.
Again, none of these risks are included purposefully, but rather as a side effect of oversight, poor design, poor coding or other unintentional accidents.
A great example might be Adobe Flash. It’s not malicious. It’s not intentionally allowing malware on our computers, or intentionally exposing our information to others. But it has so many bugs, errors, and vulnerabilities that its mere presence on your machine – particularly if not updated regularly – increases the risk of other software leveraging those issues to do harm.
All software has bugs. Thus, all software comes with some risk that those bugs, once discovered, could be used by others for unintended actions.
Once again, it all comes back to trust
Instead, we rely on third parties. Or, more correctly, we rely on our trust of third parties to either do or provide the right thing, or act as a resource to let us know when the right thing isn’t happening.
This is why I so strongly warn against using download sites. The third parties involved – the download sites themselves – have a poor track record of providing software that can be trusted. Instead, I recommend you take the effort to locate the original vendor of whatever software you’re looking for and download directly from the source.
Assuming, of course, you trust them.
I discuss ways of developing and evaluating trust in What Does It Mean for a Source to be “Reputable”? The advice there applies equally here. When it comes to the software you install on your machine – any software – you must weigh the benefits against the risks, and take care to make sure you trust the source.
Rule of thumb: don’t install what you don’t need
The most secure software of all is the software that isn’t on your machine. If it’s not there, it can’t harm you.
I’m sure you know someone who constantly downloads and installs software on their machine. Be it a bevy of anti-malware tools, to the latest games, to who-knows-what, their machine eventually becomes unstable – or worse, their online accounts get hacked as a result of malware that accompanied all those downloads…
…all for things they probably didn’t really need.
Don’t be that person. 
Think carefully before installing any software on your computer or other device. Even the most trustworthy and reputable software comes with side effects of some sort, and in the worst case, as we’ve seen, there’s a risk of more malicious intent as well.
Make sure you need it. Make sure you trust the author. Make sure you get it from a source you trust.
And when in doubt, don’t install it. You’re safer that way.
Is anything safe?
All this sounds pretty daunting and perhaps even a little overwhelming. You might be wondering if anything’s ever safe.
The good news is that, for the most part, the software you need, from reputable sources, is generally not malicious, and generally well behaved. There are bad actors out there, of course, but keeping these basic rules of thumb in mind will generally allow you to be safe.
- Only install what you need.
- Install only reputable software from well-known sources.
- Download only from the vendor’s own download site or instructions.
If you’re at all concerned about security and privacy – and you should be – it’s important to be aware and keep these rules in mind.
You’ll have a much safer and more confident experience.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
I have a question which isen’t directly connected to this topic
How could I send my question?
If you sign up for the free Newsletter you will get a link in the newsletter to ask questions to Ask Leo!
Use the search function first to see if it’s already answered here. There are over four thousand answers already posted.
I rely on people I trust like yourself, Bob Rankin, and a few others to recommend software that might be of use to me. I very rarely just search for software on the internet, precisely because of the potential problems that you identify. And I also accept that very occasionally even you might recommend something problematic – but that hasn’t happened yet, probably because of the care that you take before recommending anything!!
Leo – keep up the good work, and thanks.
When a programmer updates because of a bug, he rewrites a small part of the program, often inducing other problems.
Great article. Hope everyone follows your advise.
Dave
as it is closed have to put here
http://ask-leo.com/what_difference_does_multipleoverwrite_delete_really_make.html
Bleachbit says one pass as good as 50
https://www.bleachbit.org/forum/bbs-simple-overwrite-not-explained-anywhere-why-why-no-standardised-erasing-patterns-ensure-tr
you must think people have nothing to do only go around in circles looking to ask. google is easier
Commenting has been terminated on the older format articles which are on ask-leo.com. That is due to the way comments are being handled through Word Press which doesn’t support comments from the older articles. Gradually, relevant articles are being converted to the new format and comments are being reopened for those articles.
The enjoyment I get from having a PC, is downloading and trying out all sorts of new (to me) programs. I always have up-to-date backups. I think Leo may have mentioned backups a couple times. ;)
Sometimes, at the senior center, someone will ask me questions I can’t answer right away, so I make notes, go home and try the program they had questions about, and come back with answers. I keep two Windows machines, because most of the people in class use Windows.
My point is, being careful is great, but being afraid to install anything detracts from your ability to use your PC and the internet.
I know that’s not what Leo is saying, but I also know that that is how some of the people in class will take it. …And, of course, most people in class read AskLeo regularly. :)