-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST06-002
Debunking Some Common Myths
There are some common myths that may influence your online security
practices. Knowing the truth will allow you to make better decisions
about how to protect yourself.
How are these myths established?
There is no one cause for these myths. They may have been formed
because of a lack of information, an assumption, knowledge of a
specific case that was then generalized, or some other source. As with
any myth, they are passed from one individual to another, usually
because they seem legitimate enough to be true.
Why is it important to know the truth?
While believing these myths may not present a direct threat, they may
cause you to be more lax about your security habits. If you are not
diligent about protecting yourself, you may be more likely to become a
victim of an attack.
What are some common myths, and what is the truth behind them?
* Myth: Anti-virus software and firewalls are 100% effective.
Truth: Anti-virus software and firewalls are important elements to
protecting your information (see Understanding Anti-Virus Software
and Understanding Firewalls for more information). However,
neither of these elements are guaranteed to protect you from an
attack. Combining these technologies with good security habits is
the best way to reduce your risk.
* Myth: Once software is installed on your computer, you do not have
to worry about it anymore.
Truth: Vendors may release patches or updated versions of software
to address problems or fix vulnerabilities (see Understanding
Patches for more information). You should install the patches as
soon as possible; some software even offers the option to obtain
updates automatically. Making sure that you have the latest virus
definitions for your anti-virus software is especially important.
* Myth: There is nothing important on your machine, so you do not
need to protect it.
Truth: Your opinion about what is important may differ from an
attacker's opinion. If you have personal or financial data on your
computer, attackers may be able to collect it and use it for their
own financial gain. Even if you do not store that kind of
information on your computer, an attacker who can gain control of
your computer may be able to use it in attacks against other
people (see Understanding Denial-of-Service Attacks and
Understanding Hidden Threats: Rootkits and Botnets for more
information).
* Myth: Attackers only target people with money.
Truth: Anyone can become a victim of identity theft. Attackers
look for the biggest reward for the least amount of effort, so
they typically target databases that store information about many
people. If your information happens to be in the database, it
could be collected and used for malicious purposes. It is
important to pay attention to your credit information so that you
can minimize any potential damage (see Preventing and Responding
to Identity Theft for more information).
* Myth: When computers slow down, it means that they are old and
should be replaced.
Truth: It is possible that running newer or larger software
programs on an older computer could lead to slow performance, but
you may just need to replace or upgrade a particular component
(memory, operating system, cd or dvd drive, etc.). Another
possibility is that there are other processes or programs running
in the background. If your computer has suddenly become slower,
you may be experiencing a denial-of-service attack or have spyware
on your machine (see Understanding Denial-of-Service Attacks and
Recognizing and Avoiding Spyware for more information).
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST06-002.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQ/zHan0pj593lg50AQJX3Qf/WW/YtOrMAZ2i+DjJ/qtBynbmbANrPr6F
cTSKrYkQCn6SECil2nuMt1MQ2UN00rsPwotIakDau5NKLotnd/4FYe1M8/kpdF8J
6/xYuzQ2DBsh0N5oNp+RqtgL6+r0JmjDshowboJleahusFnaTFH7hTFNvjQ3Plo7
HfAzCGTR7z9BcqPGtgoKE3q2LwYpFr8ap+JkQzfVc/Hi4/ODpHJK/zbtY7+02qHf
OvxdCJMASQiU1WQ1yckNR+QLea0ESUSwLgcSFHaU6HE3xU5+99NqQk1SBSdJLqvg
NSe5HNQIOc5ynCUEs3qBigYVxE75fOVQ8nfV8fqDF0Za1ALVXn5Cpg==
=P3b8
-----END PGP SIGNATURE-----
