My grandparents are paranoid about viruses. I have successfully convinced
them not to install a couple dozen anti-viruses on their computer by showing
them one of your articles, but I cannot convince them that, on a clean,
updated, and anti-virus protected computer: (a) the risk of getting a virus is
absolutely minimal (if not downright impossible) if you leave your laptop on
(at home and with your front door locked) while you go to the restroom; (b)
that computer viruses do not fly through the air, latching themselves onto the
first computer that they see; (c) that typing in your SSN on a valid, SSL-encrypted
official government site that requires your SSN for an official, valid reason
over a wired Ethernet connection is pretty safe; (d) that the number of
computer hackers trying to break into their (non-state secret containing)
computers at any given moment is at least much, much less than ten and possibly
even nil. The worse part is that I can’t find any articles online about computer
malware myths that are non-technical enough for my grandparents to understand,
and they don’t trust me when I say that one antivirus, a clean updated
computer, and a dose of caution (don’t open attachments from strangers, don’t
believe everything that’s said on the internet, don’t download files from
unofficial sources) is more than sufficient to avoid the leagues of hackers
that are out to get them. Sincerely yours, Tired of Memorizing 19-Digit,
[A-Z,a-z,0-9] Random Passwords.
Your grandparents are not alone. Perhaps an extreme case, but certainly not
With all of the admonitions that you might hear from various sources –
including Ask Leo! – to keep your computer safe, you might think that even just
taking your eyes off of your computer for a second would spell certain
It’s nowhere near that bad.
If you heed all of those admonitions and have basic security and common-sense
in place, your internet experience will be a safe one.
Let’s look at their concerns one by one.
Leave the computer on while you … get coffee.
(a) the risk of getting a virus is absolutely minimal (if not downright impossible) if you leave your laptop on (at home and with your front door locked) while you go to the restroom;
As long as you have a firewall in place – and if have a router, then you probably already do – there’s nothing that’s going to happen when you step away from your computer for a few minutes that will endanger it.
In fact, it’s probably safer than when you’re actually using it.
The vast majority of malware these days happens because of what you do – websites you visit, email attachments you open, and so on.
If you’re not there to do anything – well, then the chances of malicious software entering your system is effectively zero.
For the record, I leave all of my computers on 24 hours a day and they have been malware free for years.
Computer viruses aren’t like human viruses
(b) that computer viruses do not fly through the air, latching themselves onto the first computer they see;
Some people take the term “virus” quite literally when they hear about computer viruses and that’s simply wrong. The term is actually a metaphor based on how a certain class of computer software behaves: whether on a computer or computer network, computer viruses share some behavioral characteristics with biological viruses. But that’s it. The only way for a computer to get infected is digitally – via your network or internet connection, or via disks or other media exchanged between computers.
More than that, as the previous point alluded to, the vast majority of computer viruses rely on human behavior.
In other words, someone has to invite them in.
Now, they definitely try to fool you into doing exactly that – by making deceptive claims about attachments or enticing you to visit websites that you shouldn’t or asking you to hand over sensitive information to the wrong people. By doing any of those things, you end up taking actions that actually invite the virus onto your computer.
So don’t do that.
That’s why we keep talking about “common sense” and learning about what to watch for.
SSL ain’t perfect, but…
(c) that typing in your SSN on a valid, SSL-encrypted official government site that requires your SSN for an official, valid reason over a wired Ethernet connection is pretty safe;
Pretty darned safe, if you ask me.
On a wired connection, or on a wireless connection appropriately protected with WPA encryption … heck, even an unprotected open wireless connection … as long as you are connected to the site via an https connection, the information that you send is completely hidden from anyone but you (the person sending it) and the site to which you are sending it.
No one in the middle can see it.
So if you trust the site that’s asking for your social security number, you know that they need it for a valid reason that you agree with, and you’re connected to their site via SSL, you’re pretty darned safe to give it to them.
While I’ll never say perfectly safe, I will say this…
Giving identifying information to valid sites that you trust and that use security properly is probably safer than telling it to someone over the phone or handing it to the various people who might ask for it in person.
In fact, I’d consider it safer than stuffing it in an envelope and mailing it.
You’re not as interesting as you think…
(d) that the number of computer hackers trying to break into their (non-state secret containing) computers at any given moment is at least much, much less than ten and possibly even nil.
With a firewall: zero. As I described above, only those that you “invite in” will reach your computers.
Even without a firewall, there is not a specific person or individual out there saying, “I’m going to hack into Leo’s computer today.” Instead, there are automated systems just slowly probing every computer that they find (typically, by just trying random IP addresses). What are they looking for? Computers that are vulnerable and not behind a firewall.
It’s as if someone were just walking through your neighborhood trying to open the front door of every house. If a door is locked, he moves on. If the door is open, he might poke around inside.
All that you need to do is keep your door locked and you’re safe.
How to stay safe
Everything that I’ve outlined above depends, exactly as you’ve outlined, on simple, basic internet security practices.
Get thee behind a firewall. Your router will do.
Use a good antivirus tool. One is plenty.
Use a good anti-spyware tool. One is plenty.
Keep Windows and your applications – particularly those anti-malware tools – up-to-date.
Get educated and use common sense. I’d almost quote you:
Don’t open attachments
from strangersyou aren’t expecting or can’t verify are safe (the old advice was “from strangers”, but malware authors can send attachments that look like they come from people you trust)
Don’t believe everything that’s said on the internet† or forwarded half a dozen times via email or reposted on Facebook
Don’t download files from unofficial sources
My most important article, Internet Safety: How do I keep my computer safe on the internet?, covers these in more detail.
So who is it that gets compromised?
So who are all these people who you hear of that get hacked or compromised?
In my experience, doing Ask Leo! for the last 8+ years, these are people who didn’t follow some basic guideline for staying safe. They elected to forgo updates, they visited a site that they shouldn’t have, or they fell for a phishing email or something else along those lines.
In other words, they invited the malware in.
Don’t do that.
There are no absolutes, it’s true. Bad things can happen. But then, that’s true of the alternatives, as well.
I’ll even go so far as to say that when used properly, the internet is a safer way to exchange information than many (if not most) of the less-technical alternatives that we’ve trusted for years.
With the safeguards listed above in place, the internet is a fascinating, educational, powerful, and fun place to be.
Be safe. Be skeptical. But don’t let an over-developed sense of paranoia keep you from enjoying what’s available right at your fingertips.
PS: You might consider using a tool like LastPass so you don’t have to remember all those 19-digit, random passwords.
† This is on the internet. Should you believe it? I sure hope you do, but I’d understand a healthy dose of skepticism as well.