Helping people with computers... one answer at a time.
With daily dire warnings and admonitions, it's easy to believe that the internet is dangerous. With appropriate and simple safeguards, it needn't be.
My grandparents are paranoid about viruses. I have successfully convinced them not to install a couple dozen anti-viruses on their computer by showing them one of your articles, but I cannot convince them that, on a clean, updated, and anti-virus protected computer: (a) the risk of getting a virus is absolutely minimal (if not downright impossible) if you leave your laptop on (at home and with your front door locked) while you go to the restroom; (b) that computer viruses do not fly through the air, latching themselves onto the first computer that they see; (c) that typing in your SSN on a valid, SSL-encrypted official government site that requires your SSN for an official, valid reason over a wired Ethernet connection is pretty safe; (d) that the number of computer hackers trying to break into their (non-state secret containing) computers at any given moment is at least much, much less than ten and possibly even nil. The worse part is that I can't find any articles online about computer malware myths that are non-technical enough for my grandparents to understand, and they don't trust me when I say that one antivirus, a clean updated computer, and a dose of caution (don't open attachments from strangers, don't believe everything that's said on the internet, don't download files from unofficial sources) is more than sufficient to avoid the leagues of hackers that are out to get them. Sincerely yours, Tired of Memorizing 19-Digit, [A-Z,a-z,0-9] Random Passwords.
•
Your grandparents are not alone. Perhaps an extreme case, but certainly not alone.
With all of the admonitions that you might hear from various sources - including Ask Leo! - to keep your computer safe, you might think that even just taking your eyes off of your computer for a second would spell certain doom.
It's nowhere near that bad.
If you heed all of those admonitions and have basic security and common-sense in place, your internet experience will be a safe one.
Let's look at their concerns one by one.
•
Leave the computer on while you ... get coffee.
(a) the risk of getting a virus is absolutely minimal (if not downright impossible) if you leave your laptop on (at home and with your front door locked) while you go to the restroom;
As long as you have a firewall in place - and if have a router, then you probably already do - there's nothing that's going to happen when you step away from your computer for a few minutes that will endanger it.
In fact, it's probably safer than when you're actually using it.
The vast majority of malware these days happens because of what you do - websites you visit, email attachments you open, and so on.
If you're not there to do anything - well, then the chances of malicious software entering your system is effectively zero.
For the record, I leave all of my computers on 24 hours a day and they have been malware free for years.
Computer viruses aren't like human viruses
(b) that computer viruses do not fly through the air, latching themselves onto the first computer they see;
Some people take the term "virus" quite literally when they hear about computer viruses and that's simply wrong. The term is actually a metaphor based on how a certain class of computer software behaves: whether on a computer or computer network, computer viruses share some behavioral characteristics with biological viruses. But that's it. The only way for a computer to get infected is digitally - via your network or internet connection, or via disks or other media exchanged between computers.
More than that, as the previous point alluded to, the vast majority of computer viruses rely on human behavior.
In other words, someone has to invite them in.
Now, they definitely try to fool you into doing exactly that - by making deceptive claims about attachments or enticing you to visit websites that you shouldn't or asking you to hand over sensitive information to the wrong people. By doing any of those things, you end up taking actions that actually invite the virus onto your computer.
So don't do that. 
That's why we keep talking about "common sense" and learning about what to watch for.
SSL ain't perfect, but...
(c) that typing in your SSN on a valid, SSL-encrypted official government site that requires your SSN for an official, valid reason over a wired Ethernet connection is pretty safe;
Pretty darned safe, if you ask me.
On a wired connection, or on a wireless connection appropriately protected with WPA encryption ... heck, even an unprotected open wireless connection ... as long as you are connected to the site via an https connection, the information that you send is completely hidden from anyone but you (the person sending it) and the site to which you are sending it.
No one in the middle can see it.
So if you trust the site that's asking for your social security number, you know that they need it for a valid reason that you agree with, and you're connected to their site via SSL, you're pretty darned safe to give it to them.
While I'll never say perfectly safe, I will say this...
Giving identifying information to valid sites that you trust and that use security properly is probably safer than telling it to someone over the phone or handing it to the various people who might ask for it in person.
In fact, I'd consider it safer than stuffing it in an envelope and mailing it.
You're not as interesting as you think...
(d) that the number of computer hackers trying to break into their (non-state secret containing) computers at any given moment is at least much, much less than ten and possibly even nil.
With a firewall: zero. As I described above, only those that you "invite in" will reach your computers.
Even without a firewall, there is not a specific person or individual out there saying, "I'm going to hack into Leo's computer today." Instead, there are automated systems just slowly probing every computer that they find (typically, by just trying random IP addresses). What are they looking for? Computers that are vulnerable and not behind a firewall.
It's as if someone were just walking through your neighborhood trying to open the front door of every house. If a door is locked, he moves on. If the door is open, he might poke around inside.
All that you need to do is keep your door locked and you're safe.
How to stay safe
Everything that I've outlined above depends, exactly as you've outlined, on simple, basic internet security practices.
-
Get thee behind a firewall. Your router will do.
-
Use a good antivirus tool. One is plenty.
-
Use a good anti-spyware tool. One is plenty.
-
Keep Windows and your applications - particularly those anti-malware tools - up-to-date.
-
Get educated and use common sense. I'd almost quote you:
-
Don't open attachments
from strangersyou aren't expecting or can't verify are safe (the old advice was "from strangers", but malware authors can send attachments that look like they come from people you trust) -
Don't believe everything that's said on the internet† or forwarded half a dozen times via email or reposted on Facebook
-
Don't download files from unofficial sources
-
My most important article, Internet Safety: How do I keep my computer safe on the internet?, covers these in more detail.
So who is it that gets compromised?
So who are all these people who you hear of that get hacked or compromised?
In my experience, doing Ask Leo! for the last 8+ years, these are people who didn't follow some basic guideline for staying safe. They elected to forgo updates, they visited a site that they shouldn't have, or they fell for a phishing email or something else along those lines.
In other words, they invited the malware in.
Don't do that.
There are no absolutes, it's true. Bad things can happen. But then, that's true of the alternatives, as well.
I'll even go so far as to say that when used properly, the internet is a safer way to exchange information than many (if not most) of the less-technical alternatives that we've trusted for years.
With the safeguards listed above in place, the internet is a fascinating, educational, powerful, and fun place to be.
Be safe. Be skeptical. But don't let an over-developed sense of paranoia keep you from enjoying what's available right at your fingertips.
•
PS: You might consider using a tool like LastPass so you don't have to remember all those 19-digit, random passwords.
•
† This is on the internet. Should you believe it? I
sure hope you do, but I'd understand a healthy dose of skepticism as well.
Article C5038 - January 11, 2012
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
I partly blamed the media. To get ratings they create a tunnel-vision view of reality. You always hear about the few people who get ripped of, or bad relationships, or all the pedophiles that are being caught. But you never hear of the millions of people who don't get ripped of, don't have bad relationships and are not pedophiles. Not surprising that the Internet seems to be the gateway to Hell, itself.
And a note to Glenn P's comment, my pet peeve is people who go nut's over grammar mistakes. But I was always wondering why my spell checker insisted on spelling Internet with a capital I.
Posted by: Terry Hollett at January 14, 2012 4:26 AMParanoia re: US mail: AARP Bulletin Jan/Feb warns to look out for pilfered IDs from our unlocked mailboxes by thieves following mail carriers: esp now with W2's, 1099s, & other tax info "all ideal for ID theft." Yikes.
Posted by: Virginia Smith at January 14, 2012 9:48 AMHey, Leo -- "common usage" is no excuse for joining the philistines! :(
And Terry Hollett -- now you know! :)
Posted by: Glenn P. at January 16, 2012 12:39 PMSo malware and vampires have something in common: they usually must be invited in.
Posted by: Mike at January 17, 2012 4:26 PMIt's very dangerous if you don't use your god given common since. I have come to believe the "younger generation" over looks this fact! Us old farts have learned to steer clear of those "unknown attachments"! I have been "cleaning viruses"...well, since there were viruses. 62 is not too much of an old fart and I do everything "on line"! On line bill pay and direct deposit is the greatest thing since drive through banking or for that matter anything drive through...I recently helped a friend of my daughter get rid of a really bad "nasty", for free. I'm retired from "it" I use to do it for a living. A couple days later my daughter says her friends virus is back and that I "didn't do a good job" excuse me? LSS, she received the email again and opened the attachment "again!" and can I fix it?! I said sure, for a $100 bucks! There are some folks who just can't resist the temptation to open those "attachments". "but it looked so important, I thought I might miss out on something".....
Posted by: Tom Dees at February 17, 2012 2:45 PM