Are We Being Paranoid?

[Merisi]

I take my computer security fairly seriously as do a lot of people on this forum but I wonder at times whether I'm being over cautious or just making things more difficult for myself.

I have a relative and she uses Vista with no AV and she does everything online: banking, ebay, she even runs an online business. Despite not taking any precautions she's never been hacked or had any problems.

I also remember talking to someone at work and she was telling me how she downloads films and tv from illegal sites. I asked her if she was worried about trojans and she rather condescendingly explained how she has a Mac and how they don't get viruses.

While of course I appreciate the care I take with my computer ensures I'm less likely to get a virus, I can't help wondering based on these two examples and other people I know that I'd be ok without taking security measures.

So what does everyone else think? Does anyone else find that they know people with poor security habits that have no problems?

[TheFu]

You've discovered 2 sheep. Their computers will be hacked eventually.

I've had a 17 yr old relative crying because her PC was virus infected and the only solution was to wipe the HDD and reload. It had Vista and I refused to touch it, but I sat next to her and talked her through the reload. Before she was 100% finished, 100% patched, 100% AV installed and working, she decided to visit facebook.

At the end, we reran an AV scan and found a new virus that could not be cleaned. I had her restart from the beginning. It taught her a lesson that she would never have learned any other way.

My next visit, her younger brother had a virus that prevented his laptop from booting at all. It was bad. I made the same offer, but he decided it was easier to fail his classes - then his parents would buy a new PC for him.

For 80% of the computing world, if the PC boots, it is like a car that needs a oil change. It still works, so what's the issue? Your friends fall into that group. They don't know how dangerous the internet is, so they don't worry about the risks.

My 80 yr old Mother used WinXP happily for many years. I had her setup with ad blockers, huge /etc/hosts files to block bad parts of the internet, and she was trained to never click on links from unknown people. One day, she got an email from a grandchild with a link. The email subject was relevent to current things happening in her life, so Mom clicked the link. Before she could do anything, 50 other popup windows were displayed and lots of viri were installed, downloading, it was bad. This was 2010.

We are all 1 click from this.

Mom switched to Linux in 2010. No more viri have been seen, but that is part of why we all run Linux, right? Linux is less likely to get normal viruses, but it can be hacked. I've been hacked twice over the years, so the danger **is** real for Linux users.

[LuciferRex]

I know plenty of people with poor security habits who don't have problems. However, for me, I would rather be overly protective and not even risk it.

[Merisi]

You've discovered 2 sheep. Their computers will be hacked eventually.

I've had a 17 yr old relative crying because her PC was virus infected and the only solution was to wipe the HDD and reload. It had Vista and I refused to touch it, but I sat next to her and talked her through the reload. Before she was 100% finished, 100% patched, 100% AV installed and working, she decided to visit facebook.

At the end, we reran an AV scan and found a new virus that could not be cleaned. I had her restart from the beginning. It taught her a lesson that she would never have learned any other way.

My next visit, her younger brother had a virus that prevented his laptop from booting at all. It was bad. I made the same offer, but he decided it was easier to fail his classes - then his parents would buy a new PC for him.

For 80% of the computing world, if the PC boots, it is like a car that needs a oil change. It still works, so what's the issue? Your friends fall into that group. They don't know how dangerous the internet is, so they don't worry about the risks.

My 80 yr old Mother used WinXP happily for many years. I had her setup with ad blockers, huge /etc/hosts files to block bad parts of the internet, and she was trained to never click on links from unknown people. One day, she got an email from a grandchild with a link. The email subject was relevent to current things happening in her life, so Mom clicked the link. Before she could do anything, 50 other popup windows were displayed and lots of viri were installed, downloading, it was bad. This was 2010.

We are all 1 click from this.

Mom switched to Linux in 2010. No more viri have been seen, but that is part of why we all run Linux, right? Linux is less likely to get normal viruses, but it can be hacked. I've been hacked twice over the years, so the danger **is** real for Linux users.

The last computer I had which was ten years ago pretty much got wiped out by viruses and other nasties which is why I take my security so seriously now. People who see my security set up think I'm excessive but it's pretty standard for most people on the forum.

It's pretty shocking that your young relative thought the solution was just to have a new computer bought for him. Thanks for sharing examples with me about how people's carelessness has led to them getting viruses as it indicates that I'm right to take security precautions. Still I find it quite worrying that you've been hacked twice, but I guess you have been running Linux for quite a while.

[Merisi]

I know plenty of people with poor security habits who don't have problems. However, for me, I would rather be overly protective and not even risk it.

I totally I agree. I just experience people mocking me for the FF addons I use such as NoScript and Request Policy where I have to configure my pages.

[superdaveozzborn]

My answer is "No not at all". many many times I have seen a customer that had little to no knowledge of computer security that lost thousands of dollars due to identity theft. and as fare as windows goes, if you don't run anti virus software on it, it is definitely infected, just because it is running OK don’t mean that there are not serious issues and possible consequences involved.

[mr-woof]

I don't think you can be too paranoid the way the internet is, I think multiple layers of security is the way to go. Firewall on, no script, adblockers, fully updated and of course use Linux

I use the same with my Windows machines, anti virus, malwarebytes, spybot, update everything, firewalls, use a non admin account, it's an ongoing battle.

[Hungry Man]

There are millions of people who will likely never have a virus in their lifetime. It's just the chances, they'll miss the exploit pages and never get tricked.

The issue is there's no way to say who will get lucky and who won't. So while some people may not bother to keep their systems secure, and they may be completely fine, others won't be fine. I don't want my security to be based on chance, on the odds, I want it to be based on an attackers skills.

[Merisi]

My answer is "No not at all". many many times I have seen a customer that had little to no knowledge of computer security that lost thousands of dollars due to identity theft. and as fare as windows goes, if you don't run anti virus software on it, it is definitely infected, just because it is running OK don’t mean that there are not serious issues and possible consequences involved.

I think that's the big and something that never occured to me, just because a computer is running ok doesn't mean it's not infected. I guess I assumed that a sure sign of getting a virus would mean that your finances would be infected in someway.

I don't think you can be too paranoid the way the internet is, I think multiple layers of security is the way to go. Firewall on, no script, adblockers, fully updated and of course use Linux

I use the same with my Windows machines, anti virus, malwarebytes, spybot, update everything, firewalls, use a non admin account, it's an ongoing battle.

I'm exactly the same as you using all the relevant security Firefox addons and enforcing the apparmor profiles. I find myself very reassued in Windows from using Sandboxie.

There are millions of people who will likely never have a virus in their lifetime. It's just the chances, they'll miss the exploit pages and never get tricked.

The issue is there's no way to say who will get lucky and who won't. So while some people may not bother to keep their systems secure, and they may be completely fine, others won't be fine. I don't want my security to be based on chance, on the odds, I want it to be based on an attackers skills.

HungryMan I really like how you describe it and your absolutely right. Two people could visit the same web ppage yet only one could end up getting their system infected. Your also right about not leaving things to chance as it's just not worth it.

[tubbygweilo]

Merisi, paranoid or not?

• If you take regular backups of user created data and validate backups by restoring and looking at results.
• If you harden your browser via addons.
• If you keep sensitive data in truecrypt containers or their ilk and only mount when required.
• If you use fde and take physical care of your kit.
• If you trust your backups then re-install OS and backups when required.
  

Some may consider you paranoid but your kit may well continue to function when others does not.