You’re a clever person. You’ve learned a lot about computer security and think you understand how things have gone so wrong. So you’ve modified your behavior in corresponding ways to try to make yourself safe. But attackers are clever too, and there are many of them working cooperatively to thwart defenses. Thus, some of your behavior modifications may not be as effective as you think. Here are six ways you think you’re protecting yourself:
1. Use Less Popular Software (aka Security Through Obscurity)
2. Use Really Old Software
Retro-computing is not feasible or particularly effective as a defense against malware. That ancient installation of MS Word is more full of holes than your favorite artisanal Gruyere. There’s a reason there are still ancient macro viruses floating around – just because it’s old doesn’t mean it’s forgotten. People who don’t update are putting themselves at risk for both direct attacks and malware.
3. Assume an OS’s Built-In Security Features Protect Against Everything
Several major software vendors got bit by this assumption, and Pintsized was the gift that awaited them. Security settings are an awesome thing and we believe everyone should use them to full advantage, but your protection should not stop there. The other thing about built-in software security settings is that they’re often not on by default. You need to enable things like passcodes, OS firewalls, and various other types of security and privacy protections. You’ll need to get friendly with the settings menu of any software you install to see if there are things you can do to make your data more secure.
4. Update Software Only When Popups Remind You
Is that popup really from the vendor itself, or is it malware that’s trying to scare you into installing? It’s better to check the vendor’s site to verify the latest version against what’s on your computer to make sure everything is on the up and up.
5. Devise the Strongest Password Ever…and Then Use It Everywhere
There are myriad ways to get password security wrong, unfortunately. And the cost is potentially high. Devising strong, unique passwords can be a real pain in the butt, but password managers can help you achieve login peace of mind.
6. Rely on the Well-Lit Corners of the Internet for Safety
Much like in real life, avoiding dark and foreboding corners of the Internets will only go so far to protect you. Many of the threats of the past few years, including Flashback, have used compromised, legitimate sites to silently push their code on unsuspecting visitors.
The motive of many attacks these days is financial, and it’s safe to say that if there’s an idea for ways to protect your machine without using extra security tools that has been espoused by more than a couple people, malware authors have thought of it, too. And they probably gotten around that protection by the time the fourth or fifth person caught on to the idea. Luckily, there are also lots of defenders out there working cooperatively, both within and across companies, to develop tools that can help augment safe security behavior.
- Are You Sabotaging Your Own Security Efforts?
- 8 Ways to Accidentally Infect Your Friends with Malware
- Top 5 Ineffective Ways to Protect Yourself From Government Surveillance