I have a bone to pick with some of you. During the Conficker/Downadup worm media circus these last few weeks, a few of you were moved to state (in blogs, Twitter messages and in online forums) that, “You don’t need antivirus or security software. You just need to avoid dangerous websites.” All I can say to someone who gives such misjudged advice is, I hope your computer has nothing of value on it. And I hope you never use it for anything involving financial or private information. Because if you do, I’d bet that your data is already being shared by cybercriminals somewhere “out there”.
Identity theft in the US reaches 1 in 4 households a year. One of the fastest growing ways for your private information to be stolen is right from your computer. Today’s Internet Security Threat Report XIV (ISTR) from Symantec provides a detailed view of the activities of cybercriminals to leverage vulnerabilities in our computers and web activities to plant malicious code on our systems. The report shows that Web surfing was the top source of new infections in 2008. 90 percent of all threats detected by Symantec attempt to steal confidential information. Threats with a keystroke-logging capability-which can be used to steal information such as online bank account credentials-made up 76 percent of threats to confidential information, up from 72 percent in 2007. That keystroke logging technique allows a criminal to remotely track your every keyboard click and have it sent to him via the Internet. That means every account number and password, every credit card and security code, travels neatly and silently from your home to his.
Just because you are careful about the sites you visit doesn’t necessarily mean that every page and every server on those sites is well maintained or patched with the latest security fixes. Your best line of defense is to always use top notch security software that will warn you if the site you are on is vulnerable or if something unexpected is being downloaded to your computer. Make sure you keep your subscriptions up-to-date and educate your children or any other computer users in your house to tell you about any alerts or security warnings.
I wish the modern world of cybersecurity could be managed with a technique as simple as “avoid dark alleys” in the online world. You shouldn’t be naïve about your security in the real world either. Just as you lock your car doors at both the toniest restaurant’s parking lot and at a fast food outlet, you should always be using your best security skills wherever you travel online.