My grandparents are paranoid about viruses. I have successfully convinced
them not to install a couple dozen anti-viruses on their computer by showing
them one of your articles, but I cannot convince them that, on a clean,
updated, and anti-virus protected computer: (a) the risk of getting a virus is
absolutely minimal (if not downright impossible) if you leave your laptop on
(at home and with your front door locked) while you go to the restroom; (b)
that computer viruses do not fly through the air, latching themselves onto the
first computer that they see; (c) that typing in your SSN on a valid, SSL-encrypted
official government site that requires your SSN for an official, valid reason
over a wired Ethernet connection is pretty safe; (d) that the number of
computer hackers trying to break into their (non-state secret containing)
computers at any given moment is at least much, much less than ten and possibly
even nil. The worse part is that I can’t find any articles online about computer
malware myths that are non-technical enough for my grandparents to understand,
and they don’t trust me when I say that one antivirus, a clean updated
computer, and a dose of caution (don’t open attachments from strangers, don’t
believe everything that’s said on the internet, don’t download files from
unofficial sources) is more than sufficient to avoid the leagues of hackers
that are out to get them. Sincerely yours, Tired of Memorizing 19-Digit,
[A-Z,a-z,0-9] Random Passwords.
Your grandparents are not alone. Perhaps an extreme case, but certainly not
alone.
With all of the admonitions that you might hear from various sources –
including Ask Leo! – to keep your computer safe, you might think that even just
taking your eyes off of your computer for a second would spell certain
doom.
It’s nowhere near that bad.
If you heed all of those admonitions and have basic security and common-sense
in place, your internet experience will be a safe one.
Let’s look at their concerns one by one.
]]>
<
That’s why we keep talking about “common sense” and learning about what to watch for.
SSL ain’t perfect, but…
(c) that typing in your SSN on a valid, SSL-encrypted official government site that requires your SSN for an official, valid reason over a wired Ethernet connection is pretty safe;
Pretty darned safe, if you ask me.
On a wired connection, or on a wireless connection appropriately protected with WPA encryption … heck, even an unprotected open wireless connection … as long as you are connected to the site via an https connection, the information that you send is completely hidden from anyone but you (the person sending it) and the site to which you are sending it.
No one in the middle can see it.
So if you trust the site that’s asking for your social security number, you know that they need it for a valid reason that you agree with, and you’re connected to their site via SSL, you’re pretty darned safe to give it to them.
While I’ll never say perfectly safe, I will say this…
Giving identifying information to valid sites that you trust and that use security properly is probably safer than telling it to someone over the phone or handing it to the various people who might ask for it in person.
In fact, I’d consider it safer than stuffing it in an envelope and mailing it.
You’re not as interesting as you think…
(d) that the number of computer hackers trying to break into their (non-state secret containing) computers at any given moment is at least much, much less than ten and possibly even nil.
With a firewall: zero. As I described above, only those that you “invite in” will reach your computers.
Even without a firewall, there is not a specific person or individual out there saying, “I’m going to hack into Leo’s computer today.” Instead, there are automated systems just slowly probing every computer that they find (typically, by just trying random IP addresses). What are they looking for? Computers that are vulnerable and not behind a firewall.
It’s as if someone were just walking through your neighborhood trying to open the front door of every house. If a door is locked, he moves on. If the door is open, he might poke around inside.
All that you need to do is keep your door locked and you’re safe.
How to stay safe
Everything that I’ve outlined above depends, exactly as you’ve outlined, on simple, basic internet security practices.
-
Get thee behind a firewall. Your router will do.
-
Use a good antivirus tool. One is plenty.
-
Use a good anti-spyware tool. One is plenty.
-
Keep Windows and your applications – particularly those anti-malware tools – up-to-date.
-
Get educated and use common sense. I’d almost quote you:
-
Don’t open attachments
from strangersyou aren’t expecting or can’t verify are safe (the old advice was “from strangers”, but malware authors can send attachments that look like they come from people you trust) -
Don’t believe everything that’s said on the internet† or forwarded half a dozen times via email or reposted on Facebook
-
Don’t download files from unofficial sources
-
My most important article, Internet Safety: How do I keep my computer safe on the internet?, covers these in more detail.
So who is it that gets compromised?
So who are all these people who you hear of that get hacked or compromised?
In my experience, doing Ask Leo! for the last 8+ years, these are people who didn’t follow some basic guideline for staying safe. They elected to forgo updates, they visited a site that they shouldn’t have, or they fell for a phishing email or something else along those lines.
In other words, they invited the malware in.
Don’t do that.
There are no absolutes, it’s true. Bad things can happen. But then, that’s true of the alternatives, as well.
I’ll even go so far as to say that when used properly, the internet is a safer way to exchange information than many (if not most) of the less-technical alternatives that we’ve trusted for years.
With the safeguards listed above in place, the internet is a fascinating, educational, powerful, and fun place to be.
Be safe. Be skeptical. But don’t let an over-developed sense of paranoia keep you from enjoying what’s available right at your fingertips.
•
PS: You might consider using a tool like LastPass so you don’t have to remember all those 19-digit, random passwords.
•
† This is on the internet. Should you believe it? I
sure hope you do, but I’d understand a healthy dose of skepticism as well.
I wonder to what extent a program such as ShieldsUp would reassure his Grandparents?
https://www.grc.com/x/ne.dll?bh0bkyd2
Alex Dow
A Great-Grandparent
13-Jan-2012
The part about viruses flying through the air reminds me of an apocryphal tale of some woman calling tech support. Turns out she had dismantled her computer and was about to wipe it down with Lysol.
When I was younger — around 7 or 8, I think — I used to think computer viruses were literally bugs crawling around eating the circuits. Then again, considering my age….
Leo said, “Don’t believe everything that’s said on the internet† or forwarded half a dozen times via email or reposted on Facebook”
I’d like to add emphasis to forums and blogs. I’ve “only” been on the Internet for 11 years and I’ve noticed that blogs and forums are quickly becoming a place for users to post comments just to get a rise out of others. It’s called “trolling” and it seems to be more and more rampant #or maybe I’m more and more paranoid about what my children are inheriting as they get old enough to start using the interwebs#.
I wholeheartedly agree with you Leo. Being overly paranoid is not good and we mustn’t forget that surfing can be enjoyable. One person I know scan 2-3 times a day and I find that quite disconcerting.
Yeah I know what you mean about Facebook. I got this ‘malware warning’ on my wall and I knew it was one of those ‘copy and paste pass onto your friends hoaxes’. It only takes a few seconds to see if it’s genuine but they often don’t though.
One of the problems with telling people not to open something is they will anyway. It is like telling them the paint is wet, or the plate is hot, they just have to touch it. I have a friend who learned the hard way, his wife said don’t open the coke vs pepsi email, he did. Even malwarebytes could not undo the damage.
Thanks for the discussion, Leo. And especially for using plain English as much as possible. Like the letter-writer, many of us need to be able to explain these things to others, but we’re not considered “expert” enough to overcome what those folks have heard or read. Your explanation will come in very handy.
I just create one good password than then write half of it down on one piece of paper and the other half on another and hide them in different parts of the house..Low tech but effective..
I’ve been using the same {number removed}-character password, everywhere I can, for years. The security of those accounts have even YET to be breached. Granted, there is more RISK, but risk is just possibility, not guarantee. My point is that, while risky, it’s not SO risky that I’ve had any problems. Not for mere months, but for 20 years. However, I DO keep a router (firewall) on my computer. And I do keep MSE updated and running. And just yesterday, it alerted me to a danger concerning an email from a known friend. And periodically I’ll run Malwarebytes just as a second opinion.
Even using a credit card online is not scary because federal law protects me to $0 liability for any unauthorized charges. All I have to do is dispute it, and that amount is restored. It’s then up to the merchant to PROVE that he’s entitled to it. Much safer than Paypal.
The only time I suffered an irretrievable crash to my system was with Vista and that stupid UAC that interrupted me every SINGLE time for any operation, and I foolishly shut it off. Win7 UAC is much more user-friendly and valuable. And it, by itself, has validated itself a few times.
If I had to choose between giving my credit card number over the internet on an SSL protected site or use it in a shop , I’d trust the internet every time. I’ve actually had my credit card number used stolen twice. One time, I believe the number was copied in a restaurant and another time in a gas station that used the old fashioned carbon paper system. It’s never happened online.
Adding my 2 cents…. NOTHING is 100% safe.
Example: I have friends who, 10 years ago, had a community mailbox broken into. Forevermore, they are paranoid and insist all snail-mail be sent to their P.O. Box.
I say get over it and get real.
BUT, as with politics and religion, you will never change one’s point of view/opinion.
I have Google set to use HTTPS automatically where possible, which is a good “set it and forget it” protection.
However, it doesn’t change it to HTTPS for ask-leo.com, and when I tried it manually I got a “Secure Connection Failed” error. Is there a reason you don’t use it?
14-Jan-2012
Your recommendation “a) leave your computer on, when you go to the restroom” is not logical: You write (as explanation): “If you’re not there to do anything – well, then the chances of malicious software entering your system is effectively zero.” This is true in both cases / the computer running or being shot down – and even safer in the shot down condition, because a friend would then not be able to hit a letter on the keyboard to let some malware in.
14-Jan-2012
Be grateful you are not old. We are continually told not to give out our SSA # to anyone and to us that includes SSL. Ignorance breeds fear and it is unlikely that most of us old people will ever fully understand the new technology that has been foisted upon us at this very vulnerable stage of our lives.
14-Jan-2012
Pet peeve, Leo —
Please capitalize “Internet” — it’s a proper noun! I always cringe to see it uncapitalized, and in this article, you just did it twelve times !!!
Aaaaarrrrrrrggggggghhhhhh!!!!!
14-Jan-2012
That is a good simple list. To it I would add
– do NOT do daily tasks like web surfing in an Administrator class userid, user class only
– be careful what sites you visit (a variation of don’t click on every hyperlink)
– do not fill in every place that requests personal information. If you need to register to access content, but it is not vital they know who you are, fill it in with garbage. The only time I provide true information is if I am buying something and they NEED my shipping address.
As is usually the case after reading Leo’s answer — and especially after reading the comments — my head is buzzing.
As an older, non-techie person, I submit the answer to the question is simple: you can not.
My Mom is in her 80’s. I’ve suggested to her that online banking is much easier. I have friends my age (50ish) who are so paranoid they request all of their snail-mail sent to their post office box instead of their home address.
We are all products of our environments. And we each live in our comfort zones. I submit that you will never convince your grandparents that the internet is safe. You shouldn’t even try!
I partly blamed the media. To get ratings they create a tunnel-vision view of reality. You always hear about the few people who get ripped of, or bad relationships, or all the pedophiles that are being caught. But you never hear of the millions of people who don’t get ripped of, don’t have bad relationships and are not pedophiles. Not surprising that the Internet seems to be the gateway to Hell, itself.
And a note to Glenn P’s comment, my pet peeve is people who go nut’s over grammar mistakes. But I was always wondering why my spell checker insisted on spelling Internet with a capital I.
Paranoia re: US mail: AARP Bulletin Jan/Feb warns to look out for pilfered IDs from our unlocked mailboxes by thieves following mail carriers: esp now with W2’s, 1099s, & other tax info “all ideal for ID theft.” Yikes.
Hey, Leo — “common usage” is no excuse for joining the philistines! 🙁
And Terry Hollett — now you know! 🙂
So malware and vampires have something in common: they usually must be invited in.
It’s very dangerous if you don’t use your god given common since. I have come to believe the “younger generation” over looks this fact! Us old farts have learned to steer clear of those “unknown attachments”! I have been “cleaning viruses”…well, since there were viruses. 62 is not too much of an old fart and I do everything “on line”! On line bill pay and direct deposit is the greatest thing since drive through banking or for that matter anything drive through…I recently helped a friend of my daughter get rid of a really bad “nasty”, for free. I’m retired from “it” I use to do it for a living. A couple days later my daughter says her friends virus is back and that I “didn’t do a good job” excuse me? LSS, she received the email again and opened the attachment “again!” and can I fix it?! I said sure, for a $100 bucks! There are some folks who just can’t resist the temptation to open those “attachments”. “but it looked so important, I thought I might miss out on something”…..