Hoaxes & Myths

How much of what you hear or read about information security can you trust? Have you heard that shopping online isn't safe? Some people believe it's true. But just like any other source of information, you have to scrutinize the source.

 

People may sound confident and experienced when they discuss security, yet few have adequate knowledge of this complex and technically obscure subject. Journalists regularly make the mistake of quoting network administrators, PC support people or even retail salespeople as if they were security experts. After all - if they know stuff about computers, they must know about security too, right? Even IT professionals generally still have a lot to learn about security. We all do.

  

We need to be able to separate fact from fiction and ignore the hype. It is easy to fall prey to "False Authority Syndrome" and it contributes significantly to the spread of fear about infections and a true lack of understanding about security. Myths continue to circulate about the safety of downloading files, exchanging email, using credit card numbers for shopping, etc.  

 

One myth is the notion that getting utilities and programs from popular download sites is a sure way to get infected with a virus. But in fact these files are typically checked quite thoroughly by their owners for infections. Software obtained from warez sites, peer to peer networks or public ftp sites is another matter altogether.

 

Another distortion of fact involves the safety of shopping online. Many people refuse to give out their credit card numbers even over encrypted web connections for fear their account numbers will be intercepted. The real danger however, isn't in the transaction being intercepted, but the way the vendor you buy from stores your credit information on their own facilities.

 

A common trap is the virus hoax. Email systems can crash to a halt due to the sheer volume of mail that gets generated from virus hoaxes. If virus hoaxes were just a nuisance, that would be bad enough, but they can be dangerous. Warnings went out years ago that the file SULFNBK.EXE is an infection and must be deleted. Heck, it's got a teddy bear icon and everything! Surely it must be a virus! But it's not - it's part of the Windows Operating System, but only a knowledgable PC user would know that, and even a few veterans were hoodwinked by that one.

 

A few words of wisdom: Microsoft, AOL, law enforcement and the like do not send out warnings about viruses. Never delete files from your computer because someone suggests they are viruses. If a friend sends you one of these hoax messages, do them a favour and tell them that they've been had........ The only protection you need from the most common infections is an up-to-date virus scanning program.

On a lighter note, a joke about viruses circulated a few years ago:
"You have just been infected with the Newfoundland Virus! In Newfoundland we don't know much about computer programming, so this virus works on the honour system. Please forward this email to everyone on your address list. Then promptly delete all the files on your hard drive. Thank you for your cooperation."

What's not funny about this joke is that this is exactly what a virus hoax accomplishes. It gets you to do the work of a virus, then propagates itself to everyone under the sun.