Why Common Sense Security Has Its Limits

Why Common Sense Security Has Its Limits

“Don’t do anything online you wouldn’t do in the real world” is a common catch-cry in the PC security world. It sounds like a sensible policy, but it actually has some fairly severe limitations.

Picture by isola81

This week marks National Cyber Security Awareness Week, designed to promote good security practices when going online. So far, the week seems to have mainly served to demonstrate that Senator Conroy is a bit clueless about this stuff and that small businesses often fall for phishing scams, but that doesn’t mean the goal of getting everyone else clued up isn’t worthwhile.

Much of the advice offered for the week is familiar territory, and rather than revisiting it I’ll just point directly to the most relevant and useful articles we’ve run on Lifehacker in the past:

However, there’s one bit of advice which got rolled out at the launch event in Melbourne on Sunday which deserves further comment. It’s something that I constantly hear at consumer security events. Here’s how the Protecting Yourself Online booklet released this week puts it:

There are criminals who use the anonymity of the internet to run old and new scams. Many of these are scams that most people would spot a mile away if they were attempted in the ‘real world’.

Now, that all sounds very well at first glance. You wouldn’t do a deal to make an easy $10,000 with some stranger you’d met in a pub, would you?

The answer to that might be “probably not” (though it depends on your bank balance). But let’s imagine instead that there’s a bloke was selling cheap DVDs of the latest movies in your local. You’re more likely to be tempted. And if you were holidaying in Beijing and someone came up to you and said “Rolex! DVD!”, the odds of you buying would be, I’d suggest, even higher. Put it this way: I’ve never known anyone to go on holidays on China and not come back with a few discs.

Now, a pirated DVD might not represent a major security risk (though it could in theory host malicious software designed to install when you play it back on your PC). But it demonstrates how the notion that “in the real world, we’ll always make non-risky and legal choices” is fairly likely to be untrue. We’ll balance the risks involved (will I get caught? how much will I have to spend?) with the potential rewards (mmm, Shrek Forever After on Blu-ray!) and make a decision.

Depending on our level of knowledge, it could well be a stupid decision. Attempting to get free copies of commercial software online, for instance, is often a one-way trip to multiple malware infections — but it falls into the “I’ll get away with it” DVD-from-China box for many people.

People do stupid and risky things, online and off. It’s useful to point out to them how to avoid doing those stupid things, but it’s more useful to give them specific advice than to appeal to a murky notion of common sense that’s demonstrably at odds with reality.

Lifehacker 101 is a weekly feature covering fundamental techniques that Lifehacker constantly refers to, explaining them step-by-step. Hey, we were all newbies once, right?

Log in to comment on this story!