US-CERT Cyber Security Tip ST06-002 -- Debunking Some Common Myths

US-CERT Security Tips <security-tips@xxxxxxxxxxx> · Wed, 22 Feb 2006 15:22:58 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                      Cyber Security Tip ST06-002
                      Debunking Some Common Myths

   There are some common myths that may influence your online security
   practices. Knowing the truth will allow you to make better decisions
   about how to protect yourself.

How are these myths established?

   There  is  no  one  cause  for  these myths. They may have been formed
   because  of  a  lack  of  information,  an  assumption, knowledge of a
   specific case that was then generalized, or some other source. As with
   any  myth,  they  are  passed  from one individual to another, usually
   because they seem legitimate enough to be true.

Why is it important to know the truth?

   While  believing these myths may not present a direct threat, they may
   cause  you  to  be more lax about your security habits. If you are not
   diligent about protecting yourself, you may be more likely to become a
   victim of an attack.

What are some common myths, and what is the truth behind them?

     * Myth: Anti-virus software and firewalls are 100% effective.
       Truth: Anti-virus software and firewalls are important elements to
       protecting your information (see Understanding Anti-Virus Software
       and   Understanding  Firewalls  for  more  information).  However,
       neither  of  these  elements are guaranteed to protect you from an
       attack.  Combining these technologies with good security habits is
       the best way to reduce your risk.
     * Myth: Once software is installed on your computer, you do not have
       to worry about it anymore.
       Truth: Vendors may release patches or updated versions of software
       to  address  problems  or  fix  vulnerabilities (see Understanding
       Patches  for  more information). You should install the patches as
       soon  as  possible; some software even offers the option to obtain
       updates  automatically. Making sure that you have the latest virus
       definitions for your anti-virus software is especially important.
     * Myth:  There  is  nothing important on your machine, so you do not
       need to protect it.
       Truth:  Your  opinion  about  what is important may differ from an
       attacker's opinion. If you have personal or financial data on your
       computer, attackers may be able to collect it and use it for their
       own  financial  gain.  Even  if  you  do  not  store  that kind of
       information  on your computer, an attacker who can gain control of
       your  computer  may  be  able  to  use it in attacks against other
       people    (see   Understanding   Denial-of-Service   Attacks   and
       Understanding  Hidden  Threats:  Rootkits  and  Botnets  for  more
       information).
     * Myth: Attackers only target people with money.
       Truth:  Anyone  can  become  a victim of identity theft. Attackers
       look  for  the  biggest  reward for the least amount of effort, so
       they  typically target databases that store information about many
       people.  If  your  information  happens  to be in the database, it
       could  be  collected  and  used  for  malicious  purposes.  It  is
       important  to pay attention to your credit information so that you
       can  minimize  any potential damage (see Preventing and Responding
       to Identity Theft for more information).
     * Myth:  When  computers  slow  down, it means that they are old and
       should be replaced.
       Truth:  It  is  possible  that  running  newer  or larger software
       programs  on an older computer could lead to slow performance, but
       you  may  just  need  to replace or upgrade a particular component
       (memory,  operating  system,  cd  or  dvd  drive,  etc.).  Another
       possibility  is that there are other processes or programs running
       in  the  background.  If your computer has suddenly become slower,
       you may be experiencing a denial-of-service attack or have spyware
       on  your  machine (see Understanding Denial-of-Service Attacks and
       Recognizing and Avoiding Spyware for more information).
     _________________________________________________________________

    Author: Mindi McDowell
     _________________________________________________________________

    Produced 2006 by US-CERT, a government organization.

    Terms of use

    <http://www.us-cert.gov/legal.html>

    This document can also be found at

    <http://www.us-cert.gov/cas/tips/ST06-002.html>

    For instructions on subscribing to or unsubscribing from this
    mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQ/zHan0pj593lg50AQJX3Qf/WW/YtOrMAZ2i+DjJ/qtBynbmbANrPr6F
cTSKrYkQCn6SECil2nuMt1MQ2UN00rsPwotIakDau5NKLotnd/4FYe1M8/kpdF8J
6/xYuzQ2DBsh0N5oNp+RqtgL6+r0JmjDshowboJleahusFnaTFH7hTFNvjQ3Plo7
HfAzCGTR7z9BcqPGtgoKE3q2LwYpFr8ap+JkQzfVc/Hi4/ODpHJK/zbtY7+02qHf
OvxdCJMASQiU1WQ1yckNR+QLea0ESUSwLgcSFHaU6HE3xU5+99NqQk1SBSdJLqvg
NSe5HNQIOc5ynCUEs3qBigYVxE75fOVQ8nfV8fqDF0Za1ALVXn5Cpg==
=P3b8
-----END PGP SIGNATURE-----