How To

6 Ineffective Ways to Protect Yourself Against Online Attacks

Posted on May 9th, 2013 by

medium_2418973883

You’re a clever person. You’ve learned a lot about computer security and think you understand how things have gone so wrong. So you’ve modified your behavior in corresponding ways to try to make yourself safe. But attackers are clever too, and there are many of them working cooperatively to thwart defenses. Thus, some of your behavior modifications may not be as effective as you think. Here are six ways you think you’re protecting yourself:

1. Use Less Popular Software (aka Security Through Obscurity)

You may think that using an obscure browser that no one else has heard of might decrease the number of active attacks you run into. The reality is that even unpopular software can be vulnerable to attacks. For example, if your browser allows plugins, you’re still vulnerable to the majority of the attacks out there. Unless you consider any sort of active scripting (such as Java, Javascript, and Flash) to be totally outré and live in a land of only text-based web content, then yes, you’re probably okay on the web-based threats. But for most of us, that sort of web browsing isn’t ideal or feasible.

2. Use Really Old Software

Retro-computing is not feasible or particularly effective as a defense against malware. That ancient installation of MS Word is more full of holes than your favorite artisanal Gruyere. There’s a reason there are still ancient macro viruses floating around – just because it’s old doesn’t mean it’s forgotten. People who don’t update are putting themselves at risk for both direct attacks and malware.

3. Assume an OS’s Built-In Security Features Protect Against Everything

Several major software vendors got bit by this assumption, and Pintsized was the gift that awaited them. Security settings are an awesome thing and we believe everyone should use them to full advantage, but your protection should not stop there. The other thing about built-in software security settings is that they’re often not on by default. You need to enable things like passcodes, OS firewalls, and various other types of security and privacy protections. You’ll need to get friendly with the settings menu of any software you install to see if there are things you can do to make your data more secure.

4. Update Software Only When Popups Remind You

Is that popup really from the vendor itself, or is it malware that’s trying to scare you into installing? It’s better to check the vendor’s site to verify the latest version against what’s on your computer to make sure everything is on the up and up.

5. Devise the Strongest Password Ever…and Then Use It Everywhere

There are myriad ways to get password security wrong, unfortunately. And the cost is potentially high. Devising strong, unique passwords can be a real pain in the butt, but password managers can help you achieve login peace of mind.

6. Rely on the Well-Lit Corners of the Internet for Safety

Much like in real life, avoiding dark and foreboding corners of the Internets will only go so far to protect you. Many of the threats of the past few years, including Flashback, have used compromised, legitimate sites to silently push their code on unsuspecting visitors.

The motive of many attacks these days is financial, and it’s safe to say that if there’s an idea for ways to protect your machine without using extra security tools that has been espoused by more than a couple people, malware authors have thought of it, too. And they probably gotten around that protection by the time the fourth or fifth person caught on to the idea. Luckily, there are also lots of defenders out there working cooperatively, both within and across companies, to develop tools that can help augment safe security behavior.

Further Reading:

photo credit: Todo-Juanjo via photopin cc