10 Biggest Computer Security Myths Busted

Keeping your computer secure can be confusing, so it's not surprising that mistaken beliefs often end up taking root. Here are the ten biggest myths about computer security, busted once and for all.

Picture by Niels Heidenreich

We've run posts in the past covering common virus myths, but viruses are just one small part of the overall security equation. Here are some widespread beliefs that are (for the most part) flat-out wrong.

Myth #10. Computers represent the biggest security risk

While many criminals and scammers use email, web sites and other electronic tools, they haven't abandoned more traditional methods. According to the Australian Competition and Consumer Commission, phone scams remain more common than any other type. That doesn't mean you shouldn't take appropriate precautions when you're online. Rather, it serves as a reminder that a questioning attitude is wise whenever you interact with people in any forum.

Myth #9. Security software companies write most viruses

A persistent myth ever since computer viruses first emerged holds that most of the viruses are secretly written by security software companies, who distribute them in order to keep themselves in business. It isn't hard to see why this is a nonsensical claim. Firstly, it presupposes the existence of some massive conspiracy in which a bunch of rival companies all agree not to dob each other in, and manage to do so in a way which eliminates all traces of evidence and has never been detected by any independent security researchers. Secondly, it relies on the outdated view that viruses are the only thing security software deals with. Given that a large part of security now focuses on analysing the contents of web sites and email, it's obvious that writing viruses would be a lousy business model.

Myth #8. Personal data is sold for large sums

It's true that the malware world is a professional one these days: the people writing code aren't doing it for kicks, they're doing it to access information with which they can make money. But that doesn't mean that your own individual log-in details are worth a fortune. As we've noted before, information of this type is generally traded in bulk between criminals, and often barter rather than outright cash payments are involved.

Myth #7. I should pay for this security software that has just spotted a flaw

In a weird twist on Myth #9, fake security software — often referred to as scareware — has become a growing problem. This software once installed claims to have detected (non-existent) security problems, but suggests that paying for an upgrade will eliminate the problem. In reality, all it will eliminate is the contents of your wallet. Some ransomware can be very persistent and difficult to uninstall. Legitimate security software will usually detect it. The bottom line? If a message appears from a security software package you don't remember installing, you've got a problem — but the problem is the fake security software itself.

Myth #6. I can trust messages from my friends

One of the most common cash/identity theft scams kicks off when you receive an email (or a Facebook message) from a close friend claiming that they're overseas and have been injured or robbed, and need some money transferred urgently. Your natural instinct is to help, but the odds are overwhelming that it's actually a fake.

If your friend's system has been hacked (perhaps because they didn't follow good password practices), then it's very easy for a fake message of this type to get out. It's also very easy to check: my mother got one of these messages recently claiming a good friend was in Spain. Fortunately, she had the sense to ring her friend at home in Tasmania, and quickly realised the message was a fake. Practice that same good sense yourself.

Myth #5. Windows is full of security holes

If you keep it regularly patched and use the built-in security features, Windows is a secure operating system. While some decisions Microsoft made in the past (such as letting all users install software unheeded) undoubtedly contributed to problems, that isn't the case with Windows 7. With User Account Control enabled, the chances of something installing itself unbidden are slight.

Unfortunately for Microsoft, many users don't patch their systems or use security software, so they leave vulnerabilities in place long after they have been resolved. Top 10 lists of malware infections are invariably populated with code that has been identified and patched against long before (often years before). The popularity of Windows means this problem isn't going to disappear, but it's a mistake to presume that means Windows itself is permanently or intractably insecure. Like any computer OS, it is ultimately at the mercy of its users.

Myth #4. Online criminals only target big business

The prevalance of phishing messages from big banks and other organisations can give the appearance that security threats are aimed mostly at large businesses. While a big company can make a juicy target, cyber-criminals spread their net far and wide. As we noted recently, any size of business can be a target.

Myth #3. Microsoft (or whoever) wants to ring and help fix your security issues

This scam is so common and recurs so frequently we need to single it out specifically. You get a phone call claiming to be from Microsoft (or Telstra, or Australia Post, or Apple), saying that a security problem has been detected but that the support worker can talk you through how to fix Don't waste time discussing the issue arguing: just hang up. It's a scam, designed to con you into willingly install software on your computer that will make it remotely accessible to others. From there, it's an easy step to steal your personal data, use your computer as part of a botnet to distribute spam or launch attacks on others, and (potentially) to ask you to pay for the service.

The simple truth? No-one legitimate will ever ring to tell you a security problem has been detected on your computer. The world does not work like that, and never has.

Myth #2. Macs don't suffer from security issues

We've covered this in detail recently, and the swift emergence of two Mac security problems in quick succession underscores the point: no operating system is impervious. Modern code is so complex that flaws emerge everywhere, and you need to be alert whatever platform you use.

Myth #1. You don't need security software

Keeping your computer secure does require you to be alert. Not everything can be solved by software. If you give permission to a dodgy application to install itself, security software is not going to help much. If you click through web links in search of pirate software, problems are going to arise. Many Lifehacker readers are savvy computer users, and pride themselves on avoiding the obvious pitfalls.

However, that doesn't mean that you, as an individual, are so alert that you'll be able to detect every possible attack. Modern operating systems are hugely complex. Drive-by downloads delivered via browsers can be virtually invisible when they install. People often let friends or colleagues use their computers, and they may not be as cautious as you are.

Being alert is definitely preferable to blithely assuming everything will be OK. But your computer is a powerful tool. Let it share the load of keeping your system secure.

Lifehacker 101 is a weekly feature covering fundamental techniques that Lifehacker constantly refers to, explaining them step-by-step. Hey, we were all newbies once, right?


Comments

    In regards to #3 it isnt completely true that no one legitimate will call you and tell you about a security problem on your computer. I work for an ISP and we sometimes make calls to inform customers of trojans/viruses that we detect flowing through the network and will help them through getting rid of them.

      You work for iinet

        Read your post wrong, disregard.

      But you don't ask for their credit card details do you? ; D

      was going to write this myself. Yes, some ISPs do do this as they have access to the netflows and are pretty much the only people who can see that you are sending information to dodgy places. Additionally, some of these viruses are complex enough to change your DNS settings on your router! ...so even though the guys who were ringing up were saying complete BS, it actually can happen :(

      I also used to work for an ISP that did the same (perhaps even the same ISP) but regardless, the easy fail-safe for this is, if you (the end user) is suspicious you can always ask for their name & if you can call them back via the normal support queues, if it is legitimate they will be more than happy to comply with the request, if it's suspect they will not want/allow this...

      Same goes with random "blocked" numbers calling you saying they work for your banking institution (one of my biggest pet peeves), and then asking for you to verify who you are (i.e. give out all of your personal identification)... ask them if you can call them back = problem solved.

        Used to work for a bank and was astounded at how many people would give me sensitive info just for saying I was from their bank. I was, but from their perspective I could have been anyone. Whenever I get a call from my bank/telco etc I just say I'm a bit busy and I call their general customer support number later.

    Hi, for me Myth 1. "You don't need security software" is not a widespread belief with the people I know that use computers. Most people I know have plenty of horror stories of one sort or another to do with Malware that spurns them on to get protection. I used to occasionally help members of the public with computer problems. And the most common answer to this question; "Have you backed up your files?" was "I really will get around to that one day." or "I know this guy who has a friend and his friend backs up." cheers SF

      I have a few tech-laymen friends that have stated the supposed needlessness of security software, stating that they've gone without it for ages and have not had any problems (that they noticed). I think there are a few people out there that don't understand that a compromised system does not always behave in the same manner (ie. like that of a system infected with destructive malware). It all depends on the goals of the attacker. For example, an attacker could target your system in an attempt to destroy your data, or they could compromise your system and collect your data quietly without so much as a peep.

    Windows is a secure operating system.

    Wait wut? If it's a secure operating system, why does it need security patches? Are you contending that there are no zero day vulnerabilities within 'windows'? Because that's clearly nonsense.

    Perhaps what you meant to say is that Windows is a pretty good compromise between security and usability, provided that you take sensible security precautions such as regularly applying patches and maintaining an up to date anti malware solution, and strong passwords, in addition to the operating system minimums.

    The reality is that no piece of software as complex as an operating system will ever be perfectly secure, and the more widely a piece of software is used, the more malicious parties will target it in the search for insecurities that can be used for commercial agendas.

      "Windows is a pretty good compromise between security and usability, provided that you take sensible security precautions such as regularly applying patches and maintaining an up to date anti malware solution, and strong passwords, in addition to the operating system minimums"

      Which to the general public means that it's secure enough. Most people would have automatic updates and MSE - it's just the password thing that they need to catch on to.

      Why does it need security patches?

      Wait, wut? If a system is capable of running software which may do it harm, then it will always need to be prepared to avoid damage from it. Part of this will always be upgrading security when newer malware comes along. You're aware of this, clearly, from the rest of your post. Don't be obtuse and contrarian and misunderstand his meaning on purpose. Windows is, for all intents and purposes, a "secure" operating system, unless you expect your "secure" system to be infallibe (Which is unlikely if it's useable).

      Zero Day vulnerabilities can exist for any system. Avoiding them is largely a matter of luck, if you use any form of personal system. Windows, Mac, and most Linux builds, you're vulnerable to zero day attacks.

      Clearly, you know exactly what the author, and most of the readers know. You're just a semantic-obsessed troll.

    On Myth #3... dont hang up.... string them along... play dumb (dont do anything they say). Waste there time... oh my computer is slow to boot up etc etc etc... time is money after all.

    and if it is legit.... look up the real number in the yellow pages and call them back.

      I usually just tell them that they've admitted to illegally accessing my computer and I'll need their address so that I can call the police. They hang up straight away then

      I've taken to "What's a computer?" and "So I need to connect to the internet?, I have dial up. I will have to get off the phone to connect"

      But ISPs tend to have about 15 numbers so you can never find the right one.

    Myth #10. Computers represent the biggest security risk

    Incorrect. Computer USERS represent the biggest security risk ("I dunno. I just clicked OK without reading it" accounts for 80% of my workplace security-related issues)

    Myth #5. Windows is full of security holes

    Users again. People ask me "Windows 7 was supposed to be more secure. Then why did I get a virus?" and I tell them "It won't protect you if you install the virus yourself, or if you turn security settings off because it takes 2 seconds out of your time to click OK or Cancel on a box!

      That's why they are myths, common beliefs that aren't true. Hence "10 biggest computer security myths busted", this article is proving every one of these statements wrong.

        It seems he just read the list, and not the title, or the discussions.

        Actually, I was rebranding the myths based on my observations as an IT guy ;D

    Yes I got that - so your point is?

      To Brad I mean - :)

    I'm an IT Security professional and I enjoyed reading this list. I think it's good for home users to understand many of these things. I especially like #8. At this point there's more data than there are money mules to steal it. So prices are much lower than what most people think. And #4 is something that a lot of small and medium businesses should take to heart. The reality is that many attackers don't target any companies - big or small. Those attackers deal in quantity, not quality of the targets.

    I'd add one more that's probably more practical - "security software will protect me from any threat" or, said another way, "I don't have to be careful online if I have antivirus." This would help a lot of people avoid compromise from the most common threats that hit home users. The reality is that most andivirus and other security software won't stop the latest threats.

    Why? Two reasons. First, The bad guys have that same antivirus software and test it before they send it out. So they KNOW it will get past the defenses. Second, each time you visit a website that has a virus on it, the virus is obfuscated - changed slightly so it avoids detection.

    A false sense of security is far worse than no security at all.

    From my experience I can say that most problems are caused by people. Installing security software and then launching links/apps assuming that you are protected is just dumb.

    Lost count of the number of support calls I've resolved with PEBCAK. (Problem Exists Between Chair And Keyboard)

    First of all I admire anyone who actually understandings of how a computer works. I `am one of those that spend hours trawling through clothes and shoes! and I am also saddened about the fact that there people who take advantage of novices like myself, who don`t understand it all but just use a computer as an entertainment centre.
    My security has just run out ( am I bonkers telling you this?). I`m scared shitless now and I`m not sure which security to go for because some of them are so expensive. I was looking for advice on which one was the best for my money, which I don`t have much of.

Join the discussion!

Trending Stories Right Now