NCSAM: Security myths that you should know

A look at some of the larger myths related to security.(IMG:J.Anderson)

Security, as mentioned, is a mental game, as well as one that uses tools and software. Yet, misconceptions regarding security can do more harm than good. Here is a brief list of security related myths, as a part of The Tech Herald’s series supporting the NCSAM initiative.

Myth: I use Brand X Internet Security 2008/2009, so I am protected from online threats.

Fact: No, you are not covered. New threats emerge every hour of every day. This may seem like hype, but ask the experts, and they agree. While security vendors fight for the number one spot in both the consumer and corporate markets, they all agree that new threats come out of nowhere, and strike fast.

Just because you use an all-in-one security product does not mean you are 100 percent covered. No single product will protect you from everything. Sure vendors are attempting to do just that, but none of them can claim 100 percent coverage 100 percent of the time.

This is why you layer security. While using Brand X Internet Security, add in other protections such as SpyBot S&D to help catch more Spyware and Adware.

Myth: My security software automatically updates. I don’t need to worry about updating things on my computer.

Fact: Oh yes you do! If there is software on your computer, you need to check the vendor once a month to see if there are updates. Some will offer automatic updates, but only if you enable the process and allow the software to manage updates on its own.

Do you use Winamp? Have you updated it recently? What about iTunes? Is that updated? When was the last time you installed something from Microsoft or Windows Update? Microsoft releases monthly security patches, and Brand X Internet Security will not monitor them. (One security vendor will monitor Microsoft patches if the option is enabled in their 2009 offering. However, this is not a common feature and should not be assumed.)

Myth: Brand X Internet Security 2008/2009 scans in real time, so there is no need to run manual or automatic scans.

Fact: The real time scanning does not protect the entire system. This is because Malware appears so suddenly that AV signatures, including cloud computing based protection, will still take time to update themselves. Real time monitoring is a great asset to any AV program, but it is not intended to be the only means of detection and removal used.

No AV vendor will tell you to stop scheduled scans or manual ones. If they do, they lie. You need to schedule scans to detect Malware that may have appeared after the last signature or cloud update. The scheduled scans for some of the latest AV products currently in the lab here at The Tech Herald scan constantly in the background, on top of the coverage offered by real time monitoring.

Cloud computing based protection is near instant in some cases, but before the cloud releases an update, there has to have been a detection or a compromise on some level to trigger the protection. Also, cloud based offerings still on some levels use signature based methods of discovery, this is to ensure that scheduled scans are comprehensive and cover all the bases.

Myth: Hackers would not want anything on my computer. There is no sensitive information on my computer. This is just a monitoring station; it’s not critical equipment, so it needs only minor patching.

Fact: This myth deals with issues in business. Moreover, the same mentality will apply to normal computer operators as well. Your computer is a tool. In business it is a tool to get work assignments completed, manage operations, and control a network.

Criminals see your computer as a tool as well. For example, that monitoring station with little to no security measures is connected to the network. Once compromised, the entire network is at risk. How long do you think it would take before someone uses it to launch DNS poisoning attacks, redirecting Internet traffic for the whole company?

How long before that unsecured computer, with no sensitive information or anything of value, is used by a criminal to launch a Denial of Service attack, because they infected it and attached it to a botnet?

Here is something to consider, the external FTP is just for development people to dump files and run. It’s cleaned up weekly. No big deal, if there are missing patches on it, its wiped anyway. (This is a real life example.)

How long before the FTP application is compromised because of known vulnerabilities and the FTP server used to host Phishing sites, Malware or pirated files? Have you noticed the shrinking amount of disk space on that FTP server? Was the FTP server linked to the corporate network? If so, could the network be compromised?

Assuming that criminals have no interest in your computers, information or other assets is like assuming that if you close your eyes, you become invisible.

You have to patch each system on the network or in your house, no matter its use. If it is connected to the Internet or a corporate network, it needs updated often.

See also : NCSAM: The mental blocks of security

Myth: Regulatory compliance covers 100 percent of the security needs for most organizations

Fact: This comes from the recent Gartner IT Summit. Compliance will help a company with security, but it is not to be confused with security. While true, following most compliance laws to the letter will prevent some types of crime and risk, it does not stop them all.

Just because your company passed a PCI audit, does not ensure that it is protected from software vulnerabilities, or other security issues such as insider threats. There is no PCI enforcement, for example, that requires IT training within a company. None of the regulations you frequently read about require a company to train the IT staff for anything, let alone security.

Myth: The URL has HTTPS in the name, so it must be completely safe

Fact: The short answer to this myth is a single word, wrong. Just because a URL has HTTPS (where S means secure) does not mean that site is free from malicious code that was injected.

Any website can have an HTTPS URL. The owner, either criminal or legitimate, simply needs to install a self signed certificate or purchase one for penny’s on the dollar.

Assuming that because you see https:// in a Web site address that means instant security is risky.

Is there a myth you want to correct? Is there a security “fact” you want to check? Leave us a comment and let us know, or email the security address here on the site.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Awesome Stuff Made Out Of Car Parts

An awesome picture has started doing the rounds showing a bathroom with sinks made out of car tires and faucets created from gas pumps. It’s the ideal bathroom for any discerning car nut. That got us thinking — what other stuff is there made out of car parts and car paraphernalia. Here are some of the coolest […]

Range Rover Evoque Convertible Confirmed

Land Rover has officially confirmed that the Range Rover Evoque Convertible will go on sale in 2016. The company released some publicity photos showing a prototype of the Evoque Convertible driving through train tunnels under construction in London. The company says use of the Crossrail tunnels let them test the convertible in privacy. A Land […]

Mercedes-AMG GT3 Racing Car to Debut at Geneva Motor Show

The company says the standard Mercedes-AMG GT already provides the ideal base for the race model, with low centre of gravity, good weight distribution and wide track width.The driver sits on a carbon-fibre seat pan and is protected by a roll-over cage made from high-tensile steel.The engine cover, doors, front wing, sidewalls, side skirts, diffuser, […]

Lamborghini Aventador Wallpaper

Lamborghini Aventador wallpaper for your desktop or mobile device. The Aventador LP 700–4  has a 6.5 liter V12 that will go 0–60 mph in  2.9 seconds and take you all the way to 220mph and maybe beyond.Each image links to a page with multiple sizes of wallpaper you can download.

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in the photo is probably causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a university in the UK told the BBC that it was impossible to see what other people see but that it […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]