Computer Security Advice That Aged Badly
In today's rapidly evolving digital landscape, it's crucial to stay up-to-date with the latest security practices. However, there are some computer security tips that have become outdated over time. In this blog post, we'll take a trip down memory lane and explore some of these practices that no longer hold true. Let's dive in!
There was a time when the prevailing belief was that installing multiple antivirus programs would provide maximum protection against threats. However, this advice has since been debunked. Running multiple antivirus programs can lead to conflicts, system slowdowns, and even false positives. Instead, it's recommended to choose a reputable antivirus solution and keep it up-to-date for optimal protection.
Keeping Expired Security Products
Speaking of antivirus products, many computer manufacturers are known for pre-installing a trial antivirus product on each machine they ship, and it is not uncommon for users to install their own preferred product and ultimately let the pre-installed trial expire. As someone who has spent several years working on a helpdesk, it seems many people had no problems ignoring the "Product Expiration" notifications and therefore saw no need to remove the trials.
There were actually several cases where malicious software used an antivirus definition file as an entry point to infect machines by tricking your antivirus to run its payload when it scans the file. This is advantageous to malware, as antivirus products generally run with elevated privileges on the host machine, which makes it easy for specially crafted payloads to be installed in the background. This behavior is often fixed with a simple antivirus update; however, if you are running an antivirus with an expired subscription, you will not get the critical update needed to correct this flaw, therefore making you less secure than if you did not have an antivirus to begin with.
If you are still sporting that expired copy of McAfee or Norton, it's best to take a few moments right now to uninstall it from your machine.
Delaying Software Updates
Ignoring Software Updates In the past, many users would ignore software and operating system updates, considering them unnecessary or inconvenient. I have even seen countless hardware manufacturers (mostly companies that make printers) tell customers to delay updates for fear they might cause the printer drivers to not work properly. Little did they know that these updates often contain critical security patches and vulnerability fixes. Neglecting updates can leave your system exposed to potential threats. It's essential to regularly update your software and operating systems to ensure you have the latest security enhancements. If you have a piece of hardware or software that breaks with any security update installed on your computer, the problem is likely not your operating system but the hardware/software manufacture and you should look at other products as it's not worth reducing security so you can continue to use your 12 year old printer.
There was a time when disabling firewalls was seen as a way to improve system performance. To further complicate this problem, it was not uncommon for software vendors and Internet Service Providers (ISPs) to advise users to disable their firewalls as part of their troubleshooting, and many told users to leave them off.
To be honest, this problem was grounded in fact as many early consumer firewalls were often heavy-handed and were very likely to cause problems. These early firewalls had an out-of-the-box configuration that was known to break most multi-player games and prevent many third-party tools from working without the user navigating a complicated settings menu to allow specific traffic, add exceptions or track down and add the port ranges for specific applications. It was far easier to just toggle the firewall off or, in the case of Norton System Works, just uninstall it completely.
We now know that firewalls play a crucial role in blocking unauthorized access and protecting your network. Disabling or neglecting firewalls can leave your system vulnerable to attacks. Most operating systems now include a built-in firewall that works well enough for most users, and many third-party firewalls have resolved the issues that made them a pain for most to use. It's important to keep your firewalls enabled and properly configured to maintain a strong line of defense.
Bad Password Creation Advice
If, like me, you went to school in the 1990s and early 2000s, you would have likely seen a poster in your school's computer lab about being secure online. In my school, the poster was essentially transcribed verbatim, and the school actually required our parents to sign it before we were allowed to use the school's computers. The password tips on these posters were pretty bad and included items such as:
- Use things that are easy to remember, such as the street you live on or your pet's name - ignoring the fact that it is possible for your next-door neighbor to create an identical password to yours without realizing it.
- Use your favorite sports team - ignoring the fact that it was not uncommon for most students who were sports fans to wear shirts with the name of the team they rooted for regularly.
- If your password needed a number, use your area code or year of birth - ignoring the fact that most students in your grade level share those exact details as you.
If you are still using these password tips... stop and take the time to go through all your accounts and change them.
In regards to those posters, they have fortunately gotten better but still have some bad advice.
Bad Password Storage
It was not uncommon to be told to write down your passwords, so you don't forget them, but this advice was always a bad idea. People used to use post-it notes, index cards, scrap paper and laughable "Password Books" to write down their passwords. It goes without saying, but items written on paper have no security at all and can easily be copied with a camera phone, a photocopier, or a pen and paper. To make matters worse, people would never store these pieces of paper in any form of secure storage, like a locking drawer or filing cabinet. In fact, there was a time in the late 90s and early 2000s where you could walk down a row of cubicles and see a post-it note next to the monitor with someone's network password written down. The best part about post-it notes is the bright colors make them easy to spot from a mile away. Some would think they were being smart and stick that note under their keyboard.
In the past, it was common practice to use the same password across multiple accounts for convenience. Unfortunately, this approach poses significant security risks. If one account is compromised, all other accounts using the same password become vulnerable. It's crucial to use unique, strong passwords for each account, and consider using a password manager to help you keep track of them securely.
Downloading and Installing Software Without Second Thought
Back in the day, people would click on any link or download without much thought. If you have ever worked in a helpdesk during this time, it would have been impossible to go a day without seeing a machine with five Internet Explorer toolbars that did the same thing or seeing someone with multiple questionable ActiveX add-ons that claim to allow users to do functions that the native browser can do by default. I have honestly seen users with as many as eight toolbars for different search engines and popup blockers, leaving only 30% of the browser window available for web content.
However, the internet landscape has changed, and so have the risks. Malware and phishing attacks have become more sophisticated, making it essential to exercise caution. Fortunately, many web browsers have removed legacy functions that were entry points for common exploits and do a much better job of blocking malicious downloads, but it is still important to always verify the legitimacy of links and downloads before clicking on them to avoid falling victim to cyber threats.
Data Backup Negligence
There was a time when data backups were often overlooked or considered unnecessary. There was a time when backups were considered "expensive" and only practical for business use. However, data loss can occur for various reasons, such as hardware failure, malware, or accidental deletion. Regularly backing up your important files is crucial to protect against data loss. Don't wait until it's too late to realize the importance of having a backup routine in place. A Portable SSD is not expensive and a good investment as a basic backup solution.
Oversharing Personal Information
In the early days of the internet, people were not as cautious about sharing personal information online. It was not uncommon for people to post details about their upcoming vacation on social media, or post photos taken the same day from the vacation on their social media feed. With the rise of identity theft, online scams, and home break-ins, it's important to be mindful of the information you share. Avoid sharing sensitive details like your full name, address, or financial information unless necessary. Protecting your personal information is key to maintaining your online security.
Speaking of social media, if you can find the answer to any security question on your social media feed, you really should consider changing the answers urgently. Many companies allow you to use your pet's name, your mother's maiden name, or the make and model of your first car instead of a password when calling into their customer support. Some companies will even let you use that information to reset or change your actual password when calling in. These answers should be treated with the same level of security as an actual password, if you choose to use them as answers to a security question.
Ignoring License Agreements and Terms of Service
Many of us used to skip reading software license agreements and terms of service, simply clicking "Agree" without a second thought. However, these agreements outline important terms and conditions, including privacy policies and data collection practices. Some companies have also been known to add a clause where you consent to allow them to install third-party software on your machine (one example is Adobe Reader, which insists on installing a free trial of McAfee on your computer unless you uncheck a box during the installation). It's important to review and understand these agreements before using any software or online service. By doing so, you can make informed decisions about your privacy and security. This is especially important as several companies have clauses in their Terms of Service that permit them to sell your information to third-party data brokers.
Public Wi-Fi Vulnerabilities
In the past, people often connected to public Wi-Fi networks without considering the security risks. However, public Wi-Fi networks can be vulnerable to eavesdropping and data interception. If you are on a untrusted WiFi network, it's important to use a virtual private network (VPN) or avoid accessing sensitive information when browsing the internet. By taking these precautions, you can protect your data and maintain your online security.
The other big problem with public WiFi networks is that a malicious user can easily set up a rogue access point with a legitimate name to trick users into connecting to their network instead of the legitimate WiFi network. This can allow the attacker to snoop and capture your traffic. This is again mostly mitigated with a VPN.
In the modern era, I would strongly avoid public WiFi networks altogether and just tether to your mobile phone's hotspot when possible.
As technology continues to advance, so do the best practices for computer security. It's important to stay informed and adapt to the changing landscape. By leaving behind these outdated practices and embracing current security measures, you can better protect yourself and your digital assets. Remember, this rough draft is just a starting point, and you can personalize it to fit your writing style and preferences.