Security Fatigue

Anyone who has spent any time online and has friends here has received a virus warning e-mail from a friend or family member who merely forwarded it because the end of the message said in big, bold letters…

FORWARD THIS MESSAGE TO EVERYONE IN YOUR ADDRESS BOOK!!!

Normally, these messages would contain “Norton or McAfee confirms this e-mail” and dire warnings of what will happen if the computer gets infected (explosions, terrorists, Rick Astley wallpaper, etc.). Naturally the message would tell the recipient to send it to everyone. Usually, three or four people in my address book would send me this on the same day. I would simply highlight all of these message and click the delete button. Why? They’re not real.

It didn’t take me long to figure out with these early virus warnings that Norton is the name of a product, not an anti-virus company. That would be Symantec. Also, I like to think that I was smart and I actually went to the Symantec and McAfee sites to see if they did, in fact, confirm the subject of this e-mail. Just about every time, they did not. As a side note, I remember getting one such e-mail that contained the line, "Don't bother going to either of these sites, I already did and it is real." Most viruses that were going around in these days were not destructive and didn’t cause catastrophic computer failure (some did, but not nearly as many as these e-mails would have us believe). Most viruses were e-mail replicants and would simply send spam to everyone on the computer’s address book (I don’t know why, just send a virus warning out to one person and will replicate itself). But, this was all fun and games and there was no harm done, right? Wrong! (I am trying not to sound like a virus warning e-mail here)

What’s so wrong with these old e-mail warnings? Well, they’ve desensitized many people to real threats on the Internet such as DNS Changer, Conficker and even Stuxnet. There are real threats out there like these mentioned, plus myriad malware that can open a computer to hackers and other bad guys. I read about this stuff and listen to programs about it and when I hear about something really bad or have a warning I will post about it on Facebook. Unfortunately, most people seem to think I am carrying on the old e-mail tradition of trying to scare people. This is not what I am trying to do at all.

Anyone who has seen my posts will notice that I do not use scary language, all caps or exclamation points. I don’t tell people to repost or e-mail or anything else. One warning I posted recently is a real tactic that was used in Holland.

If you happen to find a USB drive laying on the ground or on a table in a coffee shop, do not plug it into your computer. Chances are it's safe. However, there is a small chance that it could contain a piece of malware designed to automatically run when the drive is plugged in and log your keystrokes. Again, most likely it's just been forgotten or left by the owner, but don't take any chances.

Basically, what I am saying here is that it is better to be safe than sorry. I know, it doesn't look as convincing as bold letters and red text and exclamation points. Nothing else. Also, on my Facebook post, I included a link to the article where this tactic was described. Again, I don’t use scare tactics when posting information. It is there for people to pay attention to or not. If there was web site hacked that I know many people belong to, I will simply post that there was a data breach and that any members should change their passwords. That’s it. I don’t want people threatening to boycott, sue or quit the site, just take a precaution. 

As a final point, do not repost any warning of any type without first checking it out on Snopes.com or http://urbanlegendsonline.com/. (This will be the only time I use all caps) IF YOU DON’T HAVE TIME TO CHECK SOMETHING OUT, DO NOT REPOST IT. Misinformation is dangerous in that it adds noise that drowns out real information. I will gladly do the legwork for anyone out there just because I enjoy it. I only post information that I get from valid sources and I do check to make sure that it is posted in more than one place and is well cited. If somebody posts something that I find dubious, I will check it too and let that person know if it is false. I hope that my interest in Internet security and passing along valid information is helpful to anyone who reads this blog.