Computer Security...Why Should You Care?

Computers are ubiquitous today. In the span of fifty years computers have not only become affordable but have shrunk down to the point of being home accessories like our DVD players and microwave ovens.

What used to be so large as to fill a room and require separate air conditioning and power supply systems to function...think ENIAC...now fits into our cellphones. Indeed our cellphones are more powerful than the computational power used to accurately deliver our astronauts to the moon and get them back to Earth without turning them into crispy critters. Seeing someone toting a laptop computer is hardly a sight that merits a second glance as we walk by

Of course, the most popular operating system in use is Microsoft Windows, with well over 90% of home computers having some version of Windows installed (I think the last numbers I read were close to 97% of the operating system market belongs to Windows). If you pay attention to any technology news you'll see various reports of malware (think of viruses, worms, spyware, etc.) as well as Microsoft's infamous Patch Tuesday bringing system updates every month; the fact that there's always something for you to install on your system that Tuesday should tell you that after so many years and so many versions of Windows Microsoft still hasn't ironed out problems. This of course makes Windows a very popular target among malware authors.

But you never notice any issues, right? You've never had a virus kill your computer. Or if you did, you just took it to come neighborhood geek to reinstall or fix it for you, or maybe paid too much for a Geek Squad agent to run his or her quick-fix diagnostics on your system before doing a reinstall anyway. No biggie.

Here's the issue.

Back in the eighties and nineties, malware was meant to be clever. Angry, malevolent but very clever hackers (and the term hackers is NOT synonymous with malevolence; I linked to a description for you to read up a little on it and the vast majority of them take great offence to malware writings being synonymous with the term hacker) would create a program that would travel from computer to computer and at some particular time or event have a payload triggered that would display to the world how clever they were. It would play a tune, or display goofy graphics onscreen or the text of some poem or message. Some punished users for being ignorant users stupid enough to get infected by the malevolent programmer's creations...the program would destroy the user's data or use some other technique to render the system inoperable.

This is the stereotype the typical user has of the bad things that happen to their computer aside from hardware failure.

What they fail to realize is that the goal of these programmers today has shifted dramatically. It's no longer to show how clever the program authors are to the world, or to punish users for being ignorant and invading their "cyber domains." To the contrary, these people are being employed to take advantage of people who don't pay attention to their system security.

Malware isn't out to destroy your computer.

If you're aware that your system is infected with something, they screwed up.

Your computer can be infected right now and you'd not know it.

This is what people fail to understand. You're a wonderful target for other people to steal from, and taking your computer offline would be counterproductive.

Here are some things to think about...

Most people use the same password or password theme for their online sites. I've read more than one case where people set up a porn site or fake porn site by hacking a legitimate web business, replaced the login page with one of their own making that steals the password and some other identifying information, then managed to log in to other sites as the victim. If bob@ibm.com tried getting into the site with a particular username and password...ends up emailing some information...what are the odds that the password is either the same or very close to the one he's using as an employee or contractor at IBM?

If malware is installed on your computer...again, you're not supposed to know it's even there...and gets your password credentials, what services are you using in our connected society with interaction through that keyboard? We had a service that let us track our daughter's cellphone location from the provider's website. We use multiple banks. Some bills are autopayed and tracked online. Credit card accounts. If one or more of these things are compromised, how much of a pain would sorting the resulting mess create for you?

How many of you keep track of your bills on your computer, with something like Quickbooks, for example? Some malware installs back doors on to your computer. If it's exposed to the webbertubes, this means that groups anywhere in the world, the groups that created and released the malware in the first place, can connect to and control your computer...this includes uploading your information. It's amazing how many people have financial records or personal information on their systems and don't think about what they're exposing if the files were stolen.

How many of you have private information that you'd rather not have advertised to others? Few of us really wouldn't mind being open books. Would you want your clergy knowing your web browsing history? How about your employer? What about liability...after all, if you haven't even heard of the RIAA but your son or daughter found this neat program that can download the latest music for FREE, you may very well find yourself being sued for several thousand dollars you don't have. Congratulations!

What about emails? We treat email as a private medium. Racy notes from your spouse? Notes about you not minding seeing a bus as a fashion accessory for your boss? You don't bother learning silly things like how to erase old messages or keep your email folders trimmed and neat. You don't give a second thought to what your mail provider is doing with your email...backups? Copies? Your data...your emails...could easily be read by law enforcement (or nosy system administrators) without your knowledge. Some note that you thought was a harmless brain fart could cause problems if it got to the wrong eyes. And here's something else to think about...email isn't secure. If you aren't encrypting the data, anyone can read it. It's flying around the Internet as plain text. And the law is not on your side, especially with data sent or received from your place of work.

And how often are you sending or receiving particular information...credit, insurance, phone numbers, even information on where you keep a spare key or will have one set aside for someone in some hidden location near the house or car?

The point is there is probably a lot of information on your computer, or accessed from your computer, that you don't want advertised to the general population. Malware infections today are specifically aimed at getting that information without your knowledge...if they do their job correctly, you never know when your keystrokes are recorded, files are transferred from your computer to another, or other private information is being eavesdropped on.

Most users never give a second thought to these issues and that paints a bullseye on their backs. Despite changes to Windows and a rise in awareness of privacy issues there is still not enough done to keep systems, and your data, secure.

Right now your best tool is education and awareness. Give some thought to issues raised in this post and evaluate whether you have more at stake after reading this blog entry...