Clearing up some common misconceptions about web and IT security.
There are a lot of opinions bouncing around the web that through Chinese whispers or repetition have become sudo-facts. In this post I hope to dispel some of these popular myths. Unfortunately there are not always simple solutions to life’s problems but being aware of them is often enough to help.
If you’re running antivirus then you’re protected
Again marginally true but it would be more accurate to say that you’re more protected than if you weren’t running antivirus. However most AV only detects around 95% of infections! (taken from a recent independent review conducted by AV-Comparatives against over 400,000 malware samples) Virus writers will always be ahead of the game because the AV writers can’t block a new threat until they know what the new threat is. Unfortunately the game is heavily weighted in favour of the virus writers; they only have to exploit one vulnerability on your computer to win but the AV writers have to protect all of them. Running more than one antivirus tool is not recommended because they often conflict and cause your computer to run very slowly.
If you stick with big known brand you’ll be safe
Simply not true, for many reasons. Similar to Windows being the largest target audience, if a bad guy wants to reach the most potential victims in one swoop they are better off targeting websites with the biggest audience. Sometimes the website itself is compromised and malicious code (malware) is inserted (this could easily have been done with theSun.co.uk and theTimes.co.uk recently but instead the hackers chose only to deface the website with a fake story). More often though it will be a background service that is compromised, typically an advertisment service. In recent months Hotmail, BBC and the London Stock Exchange have all inadvertently distributed malicious code to their audience from compromised ad servers.