Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Just how dangerous is it out there?

Question:

My grandparents are paranoid about viruses. I have successfully convinced
them not to install a couple dozen anti-viruses on their computer by showing
them one of your articles, but I cannot convince them that, on a clean,
updated, and anti-virus protected computer: (a) the risk of getting a virus is
absolutely minimal (if not downright impossible) if you leave your laptop on
(at home and with your front door locked) while you go to the restroom; (b)
that computer viruses do not fly through the air, latching themselves onto the
first computer that they see; (c) that typing in your SSN on a valid, SSL-encrypted
official government site that requires your SSN for an official, valid reason
over a wired Ethernet connection is pretty safe; (d) that the number of
computer hackers trying to break into their (non-state secret containing)
computers at any given moment is at least much, much less than ten and possibly
even nil. The worse part is that I can’t find any articles online about computer
malware myths that are non-technical enough for my grandparents to understand,
and they don’t trust me when I say that one antivirus, a clean updated
computer, and a dose of caution (don’t open attachments from strangers, don’t
believe everything that’s said on the internet, don’t download files from
unofficial sources) is more than sufficient to avoid the leagues of hackers
that are out to get them. Sincerely yours, Tired of Memorizing 19-Digit,
[A-Z,a-z,0-9] Random Passwords.

Your grandparents are not alone. Perhaps an extreme case, but certainly not
alone.

With all of the admonitions that you might hear from various sources –
including Ask Leo! – to keep your computer safe, you might think that even just
taking your eyes off of your computer for a second would spell certain
doom.

It’s nowhere near that bad.

If you heed all of those admonitions and have basic security and common-sense
in place, your internet experience will be a safe one.

Let’s look at their concerns one by one.

]]>

Leave the computer on while you … get coffee.

(a) the risk of getting a virus is absolutely minimal (if not downright impossible) if you leave your laptop on (at home and with your front door locked) while you go to the restroom;

As long as you have a firewall in place – and if have a router, then you probably already do – there’s nothing that’s going to happen when you step away from your computer for a few minutes that will endanger it.

“… used properly the internet is a safer way to exchange information than many if not most of the less-technical alternatives that we’ve trusted for years.”

In fact, it’s probably safer than when you’re actually using it.

The vast majority of malware these days happens because of what you do – websites you visit, email attachments you open, and so on.

If you’re not there to do anything – well, then the chances of malicious software entering your system is effectively zero.

For the record, I leave all of my computers on 24 hours a day and they have been malware free for years.

Computer viruses aren’t like human viruses

(b) that computer viruses do not fly through the air, latching themselves onto the first computer they see;

Some people take the term “virus” quite literally when they hear about computer viruses and that’s simply wrong. The term is actually a metaphor based on how a certain class of computer software behaves: whether on a computer or computer network, computer viruses share some behavioral characteristics with biological viruses. But that’s it. The only way for a computer to get infected is digitally – via your network or internet connection, or via disks or other media exchanged between computers.

More than that, as the previous point alluded to, the vast majority of computer viruses rely on human behavior.

In other words, someone has to invite them in.

Now, they definitely try to fool you into doing exactly that – by making deceptive claims about attachments or enticing you to visit websites that you shouldn’t or asking you to hand over sensitive information to the wrong people. By doing any of those things, you end up taking actions that actually invite the virus onto your computer.

So don’t do that. Smile

That’s why we keep talking about “common sense” and learning about what to watch for.

SSL ain’t perfect, but…

(c) that typing in your SSN on a valid, SSL-encrypted official government site that requires your SSN for an official, valid reason over a wired Ethernet connection is pretty safe;

Pretty darned safe, if you ask me.

On a wired connection, or on a wireless connection appropriately protected with WPA encryption … heck, even an unprotected open wireless connection … as long as you are connected to the site via an https connection, the information that you send is completely hidden from anyone but you (the person sending it) and the site to which you are sending it.

No one in the middle can see it.

So if you trust the site that’s asking for your social security number, you know that they need it for a valid reason that you agree with, and you’re connected to their site via SSL, you’re pretty darned safe to give it to them.

While I’ll never say perfectly safe, I will say this…

Giving identifying information to valid sites that you trust and that use security properly is probably safer than telling it to someone over the phone or handing it to the various people who might ask for it in person.

In fact, I’d consider it safer than stuffing it in an envelope and mailing it.

You’re not as interesting as you think…

(d) that the number of computer hackers trying to break into their (non-state secret containing) computers at any given moment is at least much, much less than ten and possibly even nil.

With a firewall: zero. As I described above, only those that you “invite in” will reach your computers.

Even without a firewall, there is not a specific person or individual out there saying, “I’m going to hack into Leo’s computer today.” Instead, there are automated systems just slowly probing every computer that they find (typically, by just trying random IP addresses). What are they looking for? Computers that are vulnerable and not behind a firewall.

It’s as if someone were just walking through your neighborhood trying to open the front door of every house. If a door is locked, he moves on. If the door is open, he might poke around inside.

All that you need to do is keep your door locked and you’re safe.

How to stay safe

Everything that I’ve outlined above depends, exactly as you’ve outlined, on simple, basic internet security practices.

  • Get thee behind a firewall. Your router will do.

  • Use a good antivirus tool. One is plenty.

  • Use a good anti-spyware tool. One is plenty.

  • Keep Windows and your applications – particularly those anti-malware tools – up-to-date.

  • Get educated and use common sense. I’d almost quote you:

    • Don’t open attachments from strangers you aren’t expecting or can’t verify are safe (the old advice was “from strangers”, but malware authors can send attachments that look like they come from people you trust)

    • Don’t believe everything that’s said on the internet or forwarded half a dozen times via email or reposted on Facebook

    • Don’t download files from unofficial sources

My most important article, Internet Safety: How do I keep my computer safe on the internet?, covers these in more detail.

So who is it that gets compromised?

So who are all these people who you hear of that get hacked or compromised?

In my experience, doing Ask Leo! for the last 8+ years, these are people who didn’t follow some basic guideline for staying safe. They elected to forgo updates, they visited a site that they shouldn’t have, or they fell for a phishing email or something else along those lines.

In other words, they invited the malware in.

Don’t do that.

There are no absolutes, it’s true. Bad things can happen. But then, that’s true of the alternatives, as well.

I’ll even go so far as to say that when used properly, the internet is a safer way to exchange information than many (if not most) of the less-technical alternatives that we’ve trusted for years.

With the safeguards listed above in place, the internet is a fascinating, educational, powerful, and fun place to be.

Be safe. Be skeptical. But don’t let an over-developed sense of paranoia keep you from enjoying what’s available right at your fingertips.

PS: You might consider using a tool like LastPass so you don’t have to remember all those 19-digit, random passwords.

† This is on the internet. Should you believe it? I sure hope you do, but I’d understand a healthy dose of skepticism as well. Smile

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

21 comments on “Just how dangerous is it out there?”

  1. I wonder to what extent a program such as ShieldsUp would reassure his Grandparents?

    https://www.grc.com/x/ne.dll?bh0bkyd2

    Alex Dow
    A Great-Grandparent

    It would probably make things worse. My one gripe with SheildsUp is that even benign issues are displayed as if they were serious safety-threatening issues, even though they are not.

    Leo
    13-Jan-2012
    Reply
  2. The part about viruses flying through the air reminds me of an apocryphal tale of some woman calling tech support. Turns out she had dismantled her computer and was about to wipe it down with Lysol.

    When I was younger — around 7 or 8, I think — I used to think computer viruses were literally bugs crawling around eating the circuits. Then again, considering my age….

    Reply
  3. Leo said, “Don’t believe everything that’s said on the internet† or forwarded half a dozen times via email or reposted on Facebook”

    I’d like to add emphasis to forums and blogs. I’ve “only” been on the Internet for 11 years and I’ve noticed that blogs and forums are quickly becoming a place for users to post comments just to get a rise out of others. It’s called “trolling” and it seems to be more and more rampant #or maybe I’m more and more paranoid about what my children are inheriting as they get old enough to start using the interwebs#.

    Reply
  4. I wholeheartedly agree with you Leo. Being overly paranoid is not good and we mustn’t forget that surfing can be enjoyable. One person I know scan 2-3 times a day and I find that quite disconcerting.

    Yeah I know what you mean about Facebook. I got this ‘malware warning’ on my wall and I knew it was one of those ‘copy and paste pass onto your friends hoaxes’. It only takes a few seconds to see if it’s genuine but they often don’t though.

    Reply
  5. One of the problems with telling people not to open something is they will anyway. It is like telling them the paint is wet, or the plate is hot, they just have to touch it. I have a friend who learned the hard way, his wife said don’t open the coke vs pepsi email, he did. Even malwarebytes could not undo the damage.

    Reply
  6. Thanks for the discussion, Leo. And especially for using plain English as much as possible. Like the letter-writer, many of us need to be able to explain these things to others, but we’re not considered “expert” enough to overcome what those folks have heard or read. Your explanation will come in very handy.

    Reply
  7. I just create one good password than then write half of it down on one piece of paper and the other half on another and hide them in different parts of the house..Low tech but effective..

    Reply
  8. I’ve been using the same {number removed}-character password, everywhere I can, for years. The security of those accounts have even YET to be breached. Granted, there is more RISK, but risk is just possibility, not guarantee. My point is that, while risky, it’s not SO risky that I’ve had any problems. Not for mere months, but for 20 years. However, I DO keep a router (firewall) on my computer. And I do keep MSE updated and running. And just yesterday, it alerted me to a danger concerning an email from a known friend. And periodically I’ll run Malwarebytes just as a second opinion.

    Even using a credit card online is not scary because federal law protects me to $0 liability for any unauthorized charges. All I have to do is dispute it, and that amount is restored. It’s then up to the merchant to PROVE that he’s entitled to it. Much safer than Paypal.

    The only time I suffered an irretrievable crash to my system was with Vista and that stupid UAC that interrupted me every SINGLE time for any operation, and I foolishly shut it off. Win7 UAC is much more user-friendly and valuable. And it, by itself, has validated itself a few times.

    Reply
  9. If I had to choose between giving my credit card number over the internet on an SSL protected site or use it in a shop , I’d trust the internet every time. I’ve actually had my credit card number used stolen twice. One time, I believe the number was copied in a restaurant and another time in a gas station that used the old fashioned carbon paper system. It’s never happened online.

    Reply
  10. Adding my 2 cents…. NOTHING is 100% safe.

    Example: I have friends who, 10 years ago, had a community mailbox broken into. Forevermore, they are paranoid and insist all snail-mail be sent to their P.O. Box.

    I say get over it and get real.

    BUT, as with politics and religion, you will never change one’s point of view/opinion.

    Reply
  11. I have Google set to use HTTPS automatically where possible, which is a good “set it and forget it” protection.

    However, it doesn’t change it to HTTPS for ask-leo.com, and when I tried it manually I got a “Secure Connection Failed” error. Is there a reason you don’t use it?

    The setting for Google only applies to Gmail and possibly other Google-related properties. I don’t use it because there’s nothing on my site that requires security, and it would be an extra expense to maintain.

    Leo
    14-Jan-2012
    Reply
  12. Your recommendation “a) leave your computer on, when you go to the restroom” is not logical: You write (as explanation): “If you’re not there to do anything – well, then the chances of malicious software entering your system is effectively zero.” This is true in both cases / the computer running or being shot down – and even safer in the shot down condition, because a friend would then not be able to hit a letter on the keyboard to let some malware in.

    My point is simply that practically speaking turning your computer off because you’re walking away from it provides no additional security. The practical chances of something happening because you left it on are effectively zero.

    Leo
    14-Jan-2012
    Reply
  13. Be grateful you are not old. We are continually told not to give out our SSA # to anyone and to us that includes SSL. Ignorance breeds fear and it is unlikely that most of us old people will ever fully understand the new technology that has been foisted upon us at this very vulnerable stage of our lives.

    While I can understand not fully understanding new technology (heck, *I* don’t fully understand it), I think you do yourself a disservice by believing that. In my opinion there’s no reason someone who is “old” (for whatever definition of “old” you might like to apply) can’t learn enough to navigate the web safely. Most often than not the difficult is not in the potential ability, but rather that “I’m too old to learn this” mindset – which more often than not is wrong. And sad.

    Leo
    14-Jan-2012
    Reply
  14. Pet peeve, Leo

    Please  capitalize “Internet” — it’s a proper noun! I always cringe  to see it uncapitalized, and in this article, you just did it twelve times !!!

    Aaaaarrrrrrrggggggghhhhhh!!!!!

    Heh. I have defered instead to common usage. While technically, yes, it is a proper noun, common usage has degraded to it not being capitalized. Right now you’ll see a mix all over, but non-cap’d is winning.

    Leo
    14-Jan-2012
    Reply
  15. That is a good simple list. To it I would add

    – do NOT do daily tasks like web surfing in an Administrator class userid, user class only
    – be careful what sites you visit (a variation of don’t click on every hyperlink)
    – do not fill in every place that requests personal information. If you need to register to access content, but it is not vital they know who you are, fill it in with garbage. The only time I provide true information is if I am buying something and they NEED my shipping address.

    Reply
  16. As is usually the case after reading Leo’s answer — and especially after reading the comments — my head is buzzing.

    As an older, non-techie person, I submit the answer to the question is simple: you can not.

    My Mom is in her 80’s. I’ve suggested to her that online banking is much easier. I have friends my age (50ish) who are so paranoid they request all of their snail-mail sent to their post office box instead of their home address.

    We are all products of our environments. And we each live in our comfort zones. I submit that you will never convince your grandparents that the internet is safe. You shouldn’t even try!

    Reply
  17. I partly blamed the media. To get ratings they create a tunnel-vision view of reality. You always hear about the few people who get ripped of, or bad relationships, or all the pedophiles that are being caught. But you never hear of the millions of people who don’t get ripped of, don’t have bad relationships and are not pedophiles. Not surprising that the Internet seems to be the gateway to Hell, itself.

    And a note to Glenn P’s comment, my pet peeve is people who go nut’s over grammar mistakes. But I was always wondering why my spell checker insisted on spelling Internet with a capital I.

    Reply
  18. Paranoia re: US mail: AARP Bulletin Jan/Feb warns to look out for pilfered IDs from our unlocked mailboxes by thieves following mail carriers: esp now with W2’s, 1099s, & other tax info “all ideal for ID theft.” Yikes.

    Reply
  19. Hey, Leo — “common usage” is no  excuse for joining the philistines!     :(

    And Terry Hollett — now you know!     :)

    Reply
  20. It’s very dangerous if you don’t use your god given common since. I have come to believe the “younger generation” over looks this fact! Us old farts have learned to steer clear of those “unknown attachments”! I have been “cleaning viruses”…well, since there were viruses. 62 is not too much of an old fart and I do everything “on line”! On line bill pay and direct deposit is the greatest thing since drive through banking or for that matter anything drive through…I recently helped a friend of my daughter get rid of a really bad “nasty”, for free. I’m retired from “it” I use to do it for a living. A couple days later my daughter says her friends virus is back and that I “didn’t do a good job” excuse me? LSS, she received the email again and opened the attachment “again!” and can I fix it?! I said sure, for a $100 bucks! There are some folks who just can’t resist the temptation to open those “attachments”. “but it looked so important, I thought I might miss out on something”…..

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.