Myths and Legends

Clearing up some common misconceptions about web and IT security.

Decorative Image - AlienThere are a lot of opinions bouncing around the web that through Chinese whispers or repetition have become sudo-facts. In this post I hope to dispel some of these popular myths.  Unfortunately there are not always simple solutions to life’s problems but being aware of them is often enough to help.

Macs and Linux don’t get viruses

Decorative Image - Mac, Fedora, Ubuntu imagesMarginally true but it would be more accurate to say that at present more malware is created to target Windows than any other operating system. It’s debatable whether any OS is more or less secure than any other, and a virus could just as easily be created to target any platform. For the bad guys to get the biggest return on their investment they will aim for the biggest target audience which is undeniably Windows.  Viruses for Macs hit the news in May (Tech news on and as both Mac and Linux grow in popularity they will inevitably attract more malware writers.

If you’re running antivirus then you’re protected

Decorative Image - ShieldAgain marginally true but it would be more accurate to say that you’re more protected than if you weren’t running antivirus.  However most AV only detects around 95% of infections! (taken from a recent independent review conducted by AV-Comparatives against over 400,000 malware samples) Virus writers will always be ahead of the game because the AV writers can’t block a new threat until they know what the new threat is.  Unfortunately the game is heavily weighted in favour of the virus writers; they only have to exploit one vulnerability on your computer to win but the AV writers have to protect all of them.  Running more than one antivirus tool is not recommended because they often conflict and cause your computer to run very slowly.

If you stay away from dodgy/dirty websites you’ll be safe

Decorative Image - GamblingIn the early days of the web this might have been true but now not so much.  These types of websites would typically be pornographic, gambling or anything distasteful or illegal.  Some time ago however the people running these websites realised that infecting your customers was bad for business so often they now spend more on securing their websites than the average company.

If you stick with big known brand you’ll be safe

Decorative Image - Company LogosSimply not true, for many reasons.  Similar to Windows being the largest target audience, if a bad guy wants to reach the most potential victims in one swoop they are better off targeting websites with the biggest audience.  Sometimes the website itself is compromised and malicious code (malware) is inserted (this could easily have been done with and recently but instead the hackers chose only to deface the website with a fake story).  More often though it will be a background service that is compromised, typically an advertisment service.  In recent months Hotmail, BBC and the London Stock Exchange have all inadvertently distributed malicious code to their audience from compromised ad servers.

I hope this helps :)Please leave a comment if you would like me to clear up any thing else you’re not sure of…

Image Attribution: Thanks to digitalart @ for the images