It’s easy to understand why current computer and Internet users feel like they are under siege. Hardly a day goes by without another news story about one of the following:
- A new virus/worm/malware that’s spreading like wildfire through computers, tablets and even smartphones.
- A cyberattack on a business network costing millions of dollars in lost sales or productivity.
- A corporate or government database being hacked, resulting in the theft of sensitive information or intellectual property.
Forget muggers hiding in alleyways; the modern virtual world is the new home of personal and corporate crime.
Thankfully, computer security has evolved as cybercrime has grown, helping users to feel relatively safe when checking email, doing Internet banking or shopping online. But is this feeling of safety based on accurate information? In the race between “white hats” and “black hats”, does the average netizen really know the facts about computer security?
Here are three of the most commonly encountered misconceptions concerning computer security. Like most myths, there is a grain of truth in all of them — but they don’t tell the entire story.
1. Security software keeps computers totally safe from infection by viruses, malware, worms, etc.
Every computer should have security software installed, as it gives the system a chance to avoid contamination. But, every new virus (or malware, worm, etc.) fires the starting gun on a dangerous race. Which will the user encounter first: the virus, or the virus definition update from their security solution provider?
If a new virus does not match up to the characteristics of an existing virus in the security software’s definition file, the user might not even receive a warning message when the new virus is encountered. While security software providers are usually pretty good at sending out virus definition updates as soon as a new threat is discovered, there is usually a window of opportunity for a new virus to infect a computer before the machine has a defense for it.
2. Biometric authentication is the most foolproof method for keeping network servers secure.
Whether you’re discussing the actual physical door to the server room or logging on to one of the servers inside, biometric solutions — such as fingerprint scanners or facial recognition systems — can be better than a simple password (or a passcode entered on a door keypad) at keeping network servers secure. However, some biometric authentication options have proven to be less foolproof than advertised.
Facial recognition systems, which have become popular add-ons to devices with built-in cameras (which is every device, these days), have been compromised in actual testing by using digital images of the authenticated user. Fingerprint scanners have reliability issues as well; in an episode of the TV show “MythBusters,” hosts Adam and Jamie were able to open a security door equipped with a fingerprint scanner by using a photocopy of the registered fingerprint.
Biometrics work best when they are used as part of a two-stage authentication process, meaning that two pieces of information, such as a fingerprint and a password, are required to gain access to a system.
3. Information in an encrypted database is safe from hacker attacks.
Using encryption on a database containing valuable or sensitive information is a common practice in corporations and government departments. If an encrypted database stays in storage and is never accessed, the information it contains is fairly secure.
However, this is not the situation with most databases. They are part of working information systems and must be accessed on a regular basis. When the information in an encrypted database is accessed, the data must be decrypted at some point, which creates a window of opportunity for the data to be exploited by a hacker.
Not everyone is expected to be an expert in computer security. However, it’s always a good idea to have an accurate, basic understanding of what computer security is and what you can do to implement it in your home and workplace.