What is More Dangerous Than Malware?

Category: Security

Most computer and Internet security articles focus on threats found 'out there' in the online sphere, or in the form of bad people with malevolent intentions. The danger is that they will get to you or your computer, and steal or damage. Most security measures focus on preventing such intrusions. But the greatest threat is not 'out there.' It is in you…

The Biggest Online Threat?

It IS you, in fact. You are human (no matter what your ex says), and have a human Mind (or enough of one to get by). Nothing is more capable of causing, or is more likely to cause you trouble. Yet the Mind is seldom the subject of information security articles. This is one of those rare reads.

“It ain't what you don’t know that gets you into trouble,” wrote Mark Twain. “it’s what you know for sure that just ain’t so.” Almost every activity that a human performs, including most of what is supposed to be “knowledge work,” is done unconsciously; motions are gone through with blind faith that they will produce the same results they did last time. No attention is paid to what is right in front of you, in your hands.

The Biggest Threat?

That is why people click on links in emails that generally look like they’re from their bank; follow the instructions on what generally looks like their banks’ Web sites; and have their accounts emptied by bandits in Ukraine. Had you been paying attention, you would have noticed that your bank’s emails address you by name, not as “Dear Customer…” You would have remembered that your bank has told you, at the time you opened your account and many times since, that it will never ask you for your account password via email, and that you should always use a bookmark or type in the bank's web address. But people do not pay attention.

It's why people believe the "Nigerian prince" who promises that if you send him $5000 by wire transfer, he'll give you half of the $15 million lying dormant in a secret bank account. It's why lonely women send money to "international businessmen" they've never met, thinking they are helping to save the life of a dying son who desperately needs an operation. Kind-hearted people, especially the naive, the emotionally vulnerable, or the financially stressed ones, want to believe the best about others, even if it's not rational.

It's why people click into the dark corners of the Internet, or on flashing banners that say "You just won an iPad!" They believe that because they have McAfee or Norton AntiVirus, it will protect them from all possible cyber-threats. Of course, they don't know that viruses can morph and propagate in minutes, but it takes days for antivirus companies to update their malware signature databases. They haven't applied critical Windows security patches, or updated their Java software or Adobe Reader in years. Maybe they're just lazy, or too busy. More likely, they've simply decided to trust the claims of the company that sold them the Internet security suite, and pay $49 a year for "peace of mind."

"You Can Trust Me..."

Trust is the belief that you can predict behavior with an acceptable degree of confidence. It might be the behavior of a person, a computer program, a pet, or a website such as LinkedIn.com. Innumerable people have overestimated their prediction abilities with regard to people, programs, cars, pit bulls, “trusted service providers” and “trusted partners.”

Recently, a group of LinkedIn members filed a petition for a class action lawsuit against the company, attempting to convince a judge that savvy professionals such as themselves (just look at those glowing recommendations!) could not possibly have known that giving any website access to one’s email contacts is the same as handing over one’s family and friends over to multi-level marketers. Good luck with that, folks; like LinkedIn’s legal department says, “We believe the lawsuit is without merit.”

And there's also a new obnoxious thing appearing on Facebook. When I click to accept a friend request, I am asked: “Do you know so-and-so outside of Facebook? YES or NO!” That’s not a friend asking if you know somebody with whom you just exchanged passing fistbumps. It’s a computer asking and then DEMANDING an answer. (Psst, you can click outside that popup, and it will slink away.)

When you answer questions like that; when you willingly tell Facebook about the books and music you like, the movies you've watched, and your favorite TV shows; when you link your profile to all of your family, friends and business acquaintances; it's Facebook using you for free to fill in the blanks of their highly marketable dossiers on over a billion people.

Why believe that? Because that is how Facebook has behaved from the beginning, if you have paid attention. Mark Zuckerberg started Facebook by stealing copyrighted information and publishing people’s personal information without their permission. Of course, he and his official biographer don’t see it that way, but that is what history shows. Do not trust a person or a corporation to do other than what it has done in the past, despite what the legalese in the Privacy Policy says.

The three “A’s” of security are: Attention, Adaptation, and Action. Pay attention to what is right in front of you. Adapt your Action to new or changed external behavior. Don't blindly trust your antivirus software, click anywhere except where Zuckerberg tells you to, don’t click when you see “Dear Customer…", or when you know in your gut that something smells fishy. Are you paying Attention to me?

Your thoughts on this topic are welcome! Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 1 Oct 2013

For Fun: Buy Bob a Snickers.

Prev Article:
Essential Addons for Windows

The Top Twenty
Next Article:
Geekly Update - 2 October 2013

Most recent comments on "What is More Dangerous Than Malware?"

(See all 32 comments for this article.)

Posted by:

01 Oct 2013

Thanx for the reminder Bob Rankin.
I was not aware that Mark Twain used words like 'aint' >> “It ain’t what we don’t know that gets us in trouble,” “it’s what we think we know that ain’t so.”
Donald Rumsfeld put it more eloquently by stating: "There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are also unknown unknowns. There are things we don't know we don't know."

Posted by:

George Reisman
01 Oct 2013

Amen! Personally I'm boycotting Facebook. I refuse to use Facebook to sign in to any website. Many the contest or raffle I would have won if I had been willing to "like" the sponsor on Facebook. As for LinkedIn - they're in the same league.

Posted by:

01 Oct 2013

Thank you Bob for the reminder. I don;t like to think I can get complacent but....... Best regards. john.

Posted by:

01 Oct 2013

Dear Bob,
You bet I am paying attention to you! I always do. Thanks much for an informative article. I am overly cautious about all that I do on the Internet, and it is nice to know that my suspicions are warranted.

Posted by:

02 Oct 2013

Thanks for an informative article.

Posted by:

Marc de Piolenc
02 Oct 2013

Good stuff - valid well beyond the narrow sphere of computers and networks. Our gullibility is not innate, however - it's carefully cultivated. If you are successful in activating people's critical thinking facilities full-time, you may be considered a threat...

Posted by:

Jim Swan
02 Oct 2013

Thanks for this, Bob. Now for your next topic: Once we've gotten ourselves thoroughly into Facebook, LinkedIN, and any of the others, tell us how to get ourselves back out.

Posted by:

02 Oct 2013

BOB, You're the man! Sounds like some of my legal client's actions after they've been advised not to engage in certain behavior, but do it anyway. Allowing emotion to rule logic.

Hey whats up with 'the Ukraine' I thought that was like 'the hospital' I never could understand the British saying someone was 'in hospital' and were taken to 'hospital' I always thought they were in 'the hospital' or taken to 'the hospital'. Hey I'm an old dog, all tricks are tough.

Posted by:

Lloyd Collins
02 Oct 2013

Good reminder to use common sense.

I never click a link in emails, I check the site directly, especially if the site is one that I do go to, if I suspect it. If the email is bogus, I report it.

As for Facebook, I will never join, and no need to.
I get too many adverts already!

Posted by:

Brian S.
02 Oct 2013

I'm sorry...did you say something?

Posted by:

02 Oct 2013

Bob, unfortunately, you're preaching to the choir...

Posted by:

02 Oct 2013

Bob, I have been saving all those Nigerian emails for over a decade. I had planned to contact the senders when I retire and live in all the luxury of a prince myself. Now you are telling me these contacts have about the same value as my Bear Sterns Stock. I am shattered. Nigerian riches were my last hope for retirement.

Posted by:

Jeff C
02 Oct 2013

I recall several years ago patiently explaining to my mother for the hundreth time that she need not live in fear of getting a virus on her Mac as long as she avoided clicking on links passed in emails or opening attachments from folks she did not know. Within moments, while checking my own email, I got a notice that there was a problem with my credit card and my account was frozen. "Why, that can't be!", I said to myself as I clicked the link to get to the bottom of it. Of course, the website the link took me to was just sitting there waiting for suckers like me to receive their malware code onto my Windows system.

The lesson for me is that everybody has a "hook". Yes it might be free money from a Nigerian prince. But your hook might be something that creates an sense of urgency that you must quickly correct some error.

Posted by:

d hank
02 Oct 2013

and since you sound so nice, here is my SS#, birth date, & mother's maiden name

Posted by:

02 Oct 2013


I wish that people DO PAY ATTENTION to your sensible warnings. Such warnings should be reiterated often. Unfortunately, the villains can find enough gullible victims to make profits and get away with it.

A related problem is that of legitimate businesses that do not take sufficient measures to protect sensitive data they collect from their customers. E.g., regardless of all warnings, some businesses still keep passwords on their servers. This becomes evident when in response to “I forgot my password”, some businesses send the password by mail.

BTW, you were absolutely right when you wrote “bandits in the Ukraine”.

The name of the country in the vernacular is УКРАЇНА (pronounced as OO-KRA-I-NA”) which means periphery (of Russia). Thus, “the Ukraine”, which has been the common usage in English for centuries and means “the periphery”, is correct! Referring to that country in Russian, one says “на Украине” (on the periphery) rather than “в Украине” (in the periphery), which sounds awkward.

Posted by:

Mike R
03 Oct 2013

Yeah, I've been gotten twice-a few years back I was phished for my Ebay/Paypal info, and here's a tip: don't surf while 'impaired' (it was cold medicine, and yes, I had a nasty one). Fortunately, I got my cash back because my cc provider didn't think those purchases were typical for me, boy were they right!.And you gotta doublecheck even legit emails-I have an account with a shipping company, and somehow someone billed me for shipping something through their website! I got that cash back too...

Posted by:

03 Oct 2013

I have been receiving your letter for quite some time and this is probably the best advice you have given. I update my anti virus and don't click on links but depending on the mood I am in,there are times when you just want to believe. It is too unfortunate that most times (especially on the net) that we can't. Keep up the good work.

Posted by:

06 Oct 2013

"No one ever went broke underestimating the stupidity of the public" someone once said...

When I go clean out the spam file from a business account I monitor, I am often rather surprised to see so many different Nigerian businessmen (or similar). with exactly the same sob story promising me the moon for just a small fee... Not to mention credit card or account alerts from financial institutions we never used...

Never ceases to amaze me.

(Also reminds me of that "foistware" problem you've talked about where if you don't READ the fine print and check the "decline" option you get stuck with who knows what clogging up your computer.)

Posted by:

21 Oct 2013

i try to be safe all of the time when on the internet. the problem is trying to teach my wife and son to do it also. they both have facebook accounts and twit accounts and my wife also has a linkedn account. i check their computers weekly and always find malicious software on them. i tell them to be careful what they download and be careful what sites they visit and to run security scans weekly but to no avail. people just will not listen. i have seen this time and again. my doctor, doctors are supposed to be very smart, was having problems with his email. apparently he was sending out spam to everybody he knew. i suggested he change his password to something stronger because someone had figured his current one out. when i saw him the following month he thanked me because he had been having the problem for over a month and that one thing stopped it in its tracks. so you are right. people think they are safe and become lazy about taking care on the internet. i have been trying to teach my family for years now and have had very little success. this is why i scan their computers every week when they are not here. fortunately, they do not have access to anything like bank information. my son has a bank account and only i have access to it because, invariably, he always has an infection on his computer and it is usually a java exploit. it is a never ending war and i am always worried that i will someday not be able to keep up with it. even as alert as i am, i get nailed with an infection occasionally. fortunately, i do stay on top of it and nip it in the bud before it gets out of hand. but even as security aware as i am, even i get hit. it is a little unnerving.

Posted by:

Alan M
21 Oct 2013

Banks on their own, can make a big difference, on your internet security.
I have a Chase account. They could care less what you use for a password, but require you to use a digit or symbal in your username, nice touch.
They also leave a cookie in your browser for future logins. If that cookie isn't found when you log-in they will call me at a pre-determined phone number I gave them to use. Then they will give me a code to access my account.
All banks should do something like this.
I enjoy reading all your articles and find that you have a sense of humor much like my own. Keep up the good work..........Alan

There's more reader feedback... See all 32 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy

Article information: AskBobRankin -- What is More Dangerous Than Malware? (Posted: 1 Oct 2013)
Source: https://askbobrankin.com/what_is_more_dangerous_than_malware.html
Copyright © 2005 - Bob Rankin - All Rights Reserved