Skip to content

Computer Security Myths

Myth: The internet is so huge; no one will attack my computer.
Fact: Hackers use automated tools that continually probe computers to find attack vectors. A new, unprotected computer installed on the internet will be generally be compromised within seven minutes.
Myth: My computer contains no valuable information.
Fact: Anyone who uses their computer very much probably has relatively valuable data stored in many places:
  • Online services (banking? emails?) often have their passwords cached on your computer, in addition to credit card numbers, usernames, and passwords for various sites.
  • Your files might have more valuable information than you think. For example, if you discuss your relatives in an email or letter, that information can be used for identity theft.
Myth: I can't have both security and convenience.
Fact: Usability teams have improved this issue over time so that you can get plenty of work done without having to suffer through excessive security requirements.
Myth: I'll worry about security once someone finally tries to attack me.
Fact: Attacks are ongoing, day and night. Your system must have anti-virus software (to keep out bad/dangerous files) and have up-to-date system software in order to close newly-discovered security holes. Use the bigfix system to keep your system in tip-top shape automatically.
Myth: Firewalls and anti-virus software will fully protect my computer.
Fact: You must also update your system software for newly discovered security issues. Most of all, though, you must keep your passwords and personal identity information confidential except where they are supposed to be used. Otherwise, your most critical information is at risk. Finally, even frequently upated anti-virus software only protects against known viruses: new malware can sneak by if it hits your computer before the next update.
Myth: I deleted my sensitive information; it's gone now.
Fact: While the file name on the disk drive no longer points to your information, the information is likely still stored in 'data blocks' on your local hard drive awaiting reuse. Programs with names like 'Wipe Disk' must be used if you wish to delete data and have it be actually erased.
Depending on requirements, securely and provably deleting information turns out to be a challenge! Please see this paper at SANS for a comprehensive analysis of the situation along with appropriate methodologies for various levels of secure file deletion.
If you wish to dispose of equipment like hard drives that have stored sensitive data, see the Computer Equipment Disposal Guidelines on securecomputing.stanford.edu.
Myth: Sketchy websites are obvious; you can tell just by looking at them.
Fact: Hackers use every technique in the book to attract their victims. The best hackers make websites whose style is impeccable – and might even be copied from a legitimate webiste. Just one counterfeit link, though, is enough to ruin your web-surfing experience.
Myth: I can always tell when my computer is infected or has been invaded.
Fact: Not any more. Hackers continually evolve techniques to evade escape, so that you can't tell your computer is sending out thousands of spam emails per day or trying to break into even more computers.
Myth: Email from your friends is probably safe.
Fact: It's easy to spoof your email reader to display anyone's name as the sender of a note. If just one little bit of personal information is included in the note, you're likely to believe its authenticity. Be wary of unusual emails (like "I'm stranded in Europe" or need money/bail for any other reason). Even if your bank's logo is prominently displayed, verify that all is well before trusting unsolicited email. Financial institutions, particularly, will rarely ask you for any private or financial information on the internet.
Last modified: 05/29/2014 06:11:51 PM