Let me begin this article by defining the word “responsibility”, a concept which appears to me, to be losing its place in modern culture.
Definition – a duty or obligation to satisfactorily perform or complete a task (assigned by someone, or created by one’s own promise or circumstances) that one must fulfill, and which has a consequent penalty for failure.
Virtually every computer user, at both the home user level and at the corporate level, whom I come into contact with, fails to take personal responsibility for their security on the Internet.
After all, the reasoning seems to be, I’ve got ABC anti-virus and ABC anti-spyware. Or, my employer takes care of that. But, as the above definition makes crystal clear, there is a penalty for failure to personally assume the burden of responsibility.
Look, the indisputable facts are:
As an Internet user you are engaged in a battle, yes a battle, against highly sophisticated and highly organized cyber-criminals who are relentless in their pursuit of your money and make no mistake – it’s all about the money; your money.
In the worst case scenario, your identity and your financial security can be severely compromised by these cyber-criminals.
It’s no accident that cyber crime is now a 100+ BILLION dollar industry. Make no mistake, this IS an industry. An industry which incorporates all of the strategic planning, and best practices, required to maximize profit.
Today’s cyber-crooks are smart; very smart. They are not, as many people believe, teenage hackers sitting at their computers playing at hacking.
Looking at recent estimates provided by a large number of Internet security providers, the consensus seems to be that there are over 20,000,000 malware programs currently circulating on the Internet. This is not the work of teenage hackers.
Many Internet security companies report having to deal with up to 20,000 new versions of malware – every single day! Here’s the math; one new malware program every four seconds!
Being involved in computer security, I am amazed, and frustrated, at the lack of personal responsibly exhibited by most typical computer users, and most importantly, the lack of commitment to acquiring the knowledge necessary to ensure personal safety on the Internet. In a word, becoming “educated”.
Users need to stop depending on their security applications alone to ensure their safety. They need to become proactive, which means becoming educated and personally responsible, rather than continuing to be reactive to threats to their safety.
Depending on security applications to provide the ultimate in protection, is an absolute “non-starter”. Security applications do not, and never have had the ability to this, despite the commonly held belief to the contrary.
If you’re struggling with the reality of this statement, take a look at “Testing of antiviruses for the treatment of active infections” from Anti-malware Test Lab. I guarantee you, you’ll be unpleasantly surprised.
Enhance your security on the Internet by:
Choosing to become educated on the realities of cyber crime.
Taking personal responsibility for your own security.
A major step you can take to in prevent yourself from becoming a victim of cyber-criminals is to overcome the instinctive response to just “click” while surfing the Internet.
That instinctive response poses one of the biggest risks to your online safety and security.
Stop – consider where you’re action might lead.
Think – consider the consequences to your security.
Click – only after making an educated decision to proceed.
Consider this from Robert Brault:
“The ultimate folly is to think that something crucial to your welfare is being taken care of for you”.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Bill Mullins' Weblog - Tech Thoughts 
Pingback: » Depending On Your Antimalware Applications For Internet Security … RWPS
Bill,
Excellent article! I couldn’t agree more with your observation that taking personal responsibility is the major factor in so many folks falling victim to cyber criminals. Keep up the good fight. I’m right there with you.
Best,
Paul
Thanks Paul,
Good to have another IT Pro agree.
I’d like to remind readers, that Paul runs a great Blog over at http://paulshomecomputingblog.wordpress.com/. Take a run over to get another view on home computing.
Best,
Bill
Hi all.
I just took a look at Paul’s blog and I liked it.
But I don’t see a link to post coments, so I’ll post here (with Bill’s permission): “The cyber war” article was a very good one, and very pertinent.
Thanks,
Jose.
Hi Jose,
Very cool.
I’ve re-posted your comment on Paul’s site. You’re right, the comment link is hard to find.
Bill
Bill and Jose,
Thanks to both of you for the kind words. I’m glad you liked the article. I’m not sure why the comments link isn’t showing up at the end of my posts, but will look into it.
Best,
Paul
Hey Bill,
A timely aricle, considering the state of the internet. As I’ve said before, I run several malware scanners. I’ve also educated myself over the years about dodgy behaviours (such as P2P file sharing, porn sites, Facebook etc etc). I also know that even legitimate websites can be infected. As such, I am constantly vigilant, treating all suspicious behaviour by my computer as serious.
I guess I have a head start over the normal user, as I have a big interest in these matters, I like researching it and finding out and keeping on top of things. But most users don’t have an interest, and only care that the PC “works”. If they can’t see anything wrong, then they think nothing is.
Cheers
Hey Mal,
Happily, you are far from being an average user. You’re more a Pro, than anything else. Soon, I’ll have to forward your “gold star” certificate. 🙂
Every point you’ve covered in your comment, needs to be “common knowledge”, familiar to every computer user. Unfortunately, we’ve a long way to go.
Best,
Bill
As a High School teacher, I know how important repetition is – so keep on with these reminders Bill. You’re making a difference.
Liam
Hi Liam,
With enough repetition, maybe, just maybe; one day we can turn the corner on this craziness that’s impacting users safety on the Internet.
Bill
Pingback: Web 2.0 expert
Hi!
You wrote:
Stop – consider where you’re action might lead.
Think – consider the consequences to your security.
Click – only after making an educated decision to proceed.
But modal overlays with “onMouseOver” can frustrate our good intentions. Isn’t that correct? The question of clicking doesn’t arise as seen in the recent Twitter case.
Hi AE,
In this *specific* case, your observation is correct. Driveby downloads (a long term, and continuing Internet threat), present the same problem, inasmuch as “clicking” may not required. Even so, the reality is – a significant increase in user Internet safety can be achieved by overcoming “the instinctive response to just click while surfing the Internet.”
It’s worth pointing out, that a properly locked down Browser, would not have been effected by this “onMouseOver”. A user who is both educated on the realities of cyber crime, and who realizes the benefit of being responsible for their own security, is more likely to have a hardened Browser than an unaware user. As you know, the thrust of this article deals with the need for users to become better educated, and to take responsibility for their own Internet security.
By far, the majority of Internet threats rely on user interaction for their success, so my advice stands – the “instinctive response (to click), poses ONE of the biggest risks to your online safety and security”. It couldn’t be otherwise.
Bill
Hi!
I absolutely agree and have been following the “think before click” policy a hundred percent and I always hover first to read the link. That’s why I was upset by this new trick that seems to circumvent that policy.
I’m looking forward to guidance from you on how to minimise this new threat. And, if possible, could you please also repeat or point to a link or do a new piece on this bit: “It’s worth pointing out, that a properly locked down Browser, would not have been effected by this “onMouseOver”.”
Many thanks!
Hi AE,
The impression that many users have regarding this exploit is – it’s something new. But, it’s not – it’s been around for years. Due to Facebook being targeted it’s made the News; despite the fact that at least in this instance, it was essentially harmless. Annoying maybe, but essentially harmless. No systems were compromised, and no malware payloads were downloaded – at least to my knowledge.
Since this is (was), a JavaScript exploit, the NoScript Firefox add-on (properly configured), would have stopped it dead in it’s tracks. As well, Firefox configured to block, and/or warn, on a redirection attempt, would have provided notice.
A recent post here on Tech Thoughts – “An IT Professionals Must Have Firefox and Chrome Add-ons” ( https://billmullins.wordpress.com/2010/08/30/an-it-professionals-must-have-firefox-and-chrome-add-ons/), explains the value of locking down a Browser.
The following is advice we have repeated here, many times – “Since the majority of infected sites are infected with Java based scripts, consider using Firefox with the NoScript add-on. NoScript offers superior protection.” Taken from – “Follow the Link and You Takes Your Chances ( https://billmullins.wordpress.com/2010/06/12/follow-the-link-and-you-takes-your-chances/ ).
If you would like to take all this one step further, then read – “Free GeSWall Isolates You From Cybercriminals” ( https://billmullins.wordpress.com/2009/12/30/free-geswall-isolates-you-from-cybercriminals/), here on this site.
Best,
Bill
Hi!
Yes, the warning of redirection/reload attempts in FF (tools, options, advanced, general, accessibility) is very useful. (I don’t think Chrome has an equivalent.)
Re. NoScript, I don’t know how users would have dealt with the issue since Twitter would most likely have been white-listed.
Instead of GesWall, I use Sandboxie and haven’t had any problems.
Hi AE,
I quite like Sandboxie, and I use it frequently. Like you, I haven’t had any problems. It’s one of the best free applications available, in my view.
There have been reports that a NoScript version (or something like it), will be available for Chrome, soon. But, these reports go back months now, and still no version. I’m sure Chrome users remain hopeful.
Bill
This may be it:
NotScripts
https://chrome.google.com/extensions/detail/odjhifogjcknibkahlpidmdajjpkkcfn?hl=en-gb
I haven’t yet used it but would love your thoughts on it.
Hi AE,
I can’t give you a personal opinion on this, since I’m not a Chrome user. My FF is tweaked to the max and it suits my browsing habits perfectly. But, I did speak with a few of my tech associates who use NotScripts, and the consensus seems to be – it is an acceptable add-on, although it is not yet as fully featured as Firefox’s NoScript add-on.
Bill
Shocking stats. I’m so glad I chose Avast as one of my tools!
Hey Pochp,
Even so, Avast is far from perfect. YOU are your own best line of defense.
Best,
Bill
God help us is all I can say:
Most Sophisticated Malware Ever Targets Iran -The Atlantic
http://www.theatlantic.com/technology/archive/2010/09/most-sophisticated-malware-ever-targets-iran/63420/
Expert: Stuxnet was built to sabotage Iran nuclear plant | CNET News
http://news.cnet.com/8301-27080_3-20017201-245.html#ixzz10LLYuHhN
Hi Braveheart,
Thanks for that.
I’ve been following this fairly closely – pretty scary stuff.
Bill