Helping people with computers... one answer at a time.

After following all of the recommendations to keep your machine safe and secure, it's tempting to think that you're done and you are now safe. You're not.

If my Windows firewall is active, my line through my USB modem is authenticated and encrypted, and I have anti-virus and anti-spyware installed on my device, does that mean that I am safe and my laptop cannot be hacked?

First, let me say good on you for having all of those security measures in place, knowing what they are, and being aware of security in general. That alone puts you well ahead of many.

I get variations of your question frequently, so I'm going to address it and a few of its related issues.

To be blunt, the answer is very clear and simple:

No.

Why it's "no", after having everything in place as you describe, requires a little explanation.

One clarification: I'm going to lump "hacking" (unauthorized access to and use of your computer) with malware infections because it's usually by placing malware on your machine that hacking is most likely to occur. Regardless of how you view it, the same concepts apply.

There are three ways that malicious software can still weasel itself into your machine:

  • You could let it in.

  • Your security software could let it in.

  • Hackers could figure out a way in.

Let's look at each of those.

1. You are the weakest link.

Assuming that you had perfect security technology in place in all of the roles that you list and even a few that you don't, there remains one weak link in the chain of security.

"The single most important thing that you can add to improve the security of any machine that you run is your own education coupled with a healthy dose of skepticism."

You.

Don't take it personally. We're each the weakest link in our own security. That includes everyone, from the clueless newbie to the most seasoned veteran.

The problem is simple: we all make mistakes.

And no software, technology, or security system is going to be able to protect you from yourself.

If you accept and run what turns out to be a malicious download, you've just bypassed your firewall and many of the other anti-malware tools that you've placed on your machine. If you blindly click OK to a warning that your system or software provides you, then you've just bypassed all of the security on your machine.

The single most important thing that you can add to improve the security of any machine that you run is your own education coupled with a healthy dose of skepticism.

2. Even the best anti-malware tools aren't perfect.

Actually, there's no such thing as the "best" anti-malware tool. Some are better than others, but none are perfect.

No anti-malware tool or combination of anti-malware tools is guaranteed to stop all malware.

Even whatever it is that you consider to be "the best".

That's not a negative reflection on anti-malware software vendors - it's simply the result of two different things:

  • Different anti-malware tools use different techniques and technologies to look for malware. Infections that one tool or technique might catch could be missed by another. That's not the intent, but it's simply how these different software solutions work.

  • Malware is always on the move. You've seen me recommend that not only do you run the most up-to-date version of anti-malware tools, but that the databases of known malware used by those tools should be updated daily. If malware suddenly appears that your malware tool has yet to know how to detect, your machine remains vulnerable.

That last point actually leads into the next.

3. Hackers never rest.

I've characterized the malware landscape as a race between anti-malware tools and techniques and the writers of malware.

These days, most malware authors are smart - sometimes scary-smart. They're constantly looking for previously undiscovered vulnerabilities in systems that haven't been patched yet and then quickly writing malware - often very sophisticated malware - to exploit those vulnerabilities. They then just as quickly deploy the newly written malware before the anti-malware tools have a chance to catch up and detect the malicious software.

The more complex and sophisticated that the malware is, the more difficult that it is to detect. As I said, hackers aren't stupid; they put a lot of effort into creating malware that is as difficult as possible to detect.

Sadly, there's a lot of money in malware, botnets, and other related illicit technologies that the incentive remains for hackers to keep creating it.

Throw the complexities of international law into the mix to make finding and prosecuting hackers extremely difficult and you'll quickly see that they're not about to stop any time soon.

It's not as depressing as it sounds ... really

Staying safe on the internet is, in part, an educated game of chance.

I say "educated" because by being aware of the issues yourself, by putting appropriate security measures and software into place, by understanding what is and is not safe, and by maintaining a healthy dose of skepticism (if not paranoia), the internet can be a richly rewarding and safe place. I know it is for me.

I just don't want you to ever think, "OK, I'm totally safe now," for any reason. You're not.

Thinking that you're completely safe is a recipe for letting down your guard. Sadly, that's something that you should never, ever do.

Article C4860 - July 2, 2011 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

6 Comments
Robin
July 5, 2011 10:38 AM

Hi Leo
What if you have all the security in place and also run sandboxed. Are you completely safe then?

No. There is no such thing as complete security. Sandboxing can help for certain types of threats, but it is by no means something that makes anything completely secure.
Leo
06-Jul-2011

Mike
July 5, 2011 11:19 AM

Nothing is completely safe. Period. Ever. Do you still look both ways before crossing the street? All clear? Until you step out and some car comes careening 50mph around the corner. Okay, sure, that's rare, but it does happen. Mostly you're safe, but not "completely". You put locks on your home. But they can break the window. You install a burglar alarm, but they might defeat it. You get a watchdog, but some burglars have a way with dogs. Each step improves your security and reduces the risk. Most people sleep pretty well at night and their security is good. But break-ins still happen. Nobody is "completely safe."

You do what you can, and that's usually pretty good. And that's the key; DOING something. Not just hoping. There are no guarantees, only assurances that your risk is substantially reduced.

Petrus1928
July 5, 2011 4:12 PM

I'm in favour of using a live Linux CD to access the internet. Any malare that might bypass my Linux security will live only in RAM 'cos it can't write itself to a CD. My preferred distro is Puppy 'cos it can save its settings on a dedicated memory stick. Puppy's web browser & other programs work exactly the same as their Windows equivalents, so I don't have to learn anything new. Best of all, I can save anything on to another memory stick which is readable in mt Windows system after scanning it for malware.

Gordon Mac...
July 6, 2011 5:23 AM

Hey Leo! Just wanted ta say thanks for all the good info..... I've learned a lot from ya'll, and I appreciate all the time and effort you put into your postings. Live long and prosper.......

Snert
July 6, 2011 9:24 AM

I agree with you, Leo, education, scepticism and a heaping helping of paranoia works BUT you will still get hit. Most anti-'malware is reactive and the data base has to be updated to work but first new threats need analyzed. That time slot is crucial.
The only way to avoid this is - "Stay Off The Internet." Period.

Gunny
July 7, 2011 3:10 PM

Yes, I agree that if you are educated, the internet is a goldmine of resources. I have top security software myself, but I still take additional protections like WOT and Noscript. Any suspicious sign, and I'll pull out the modem cord. My friends tease me about being paranoid about security, but all those precautions has kept me protected.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.