I'm not pulling your leg, honest
Published: February 24, 2006
By Sandi Hardmeier
One of the more wonderful features of the Internet is how information can be shared more quickly, and to more locations, than has ever been possible before. Anybody can be an author, a teacher, or a student. In the blink of an eye, we can take what we have read and pass it on to those we know.
However, this freedom of information and ease of transmission comes at a price. Popular theory on the Internet takes on a life of its own; it's easy to believe that just because lots of people are saying the same thing, it must be true. Not so.
I've been tasked with writing about the top Internet myths, but it has been quite a challenge deciding what the 'top' myths are. Do we look at scaremongering e-mails that have been forwarded, and forwarded, and forwarded again? Do we look at Internet Explorer fallacies? Do we look at PC myths that propagate through the Internet? Do we look at malware removal misinformation? We could go just about anywhere with this, so I'm going to focus on what irks me the most, and what I hear most often in a professional capacity.
"My computer came with an antivirus program installed—I'm safe"
First, the antivirus program installed on your new computer is, in all likelihood, a trial version. A trial version means that you will only be protected for as long as the trial is current. After the trial period expires, it will not be long before your system is at risk. New viruses, trojans and other hostile software are constantly being released, and to have any hope of being effective, antivirus software must be set to check for updates on a regular basis (at least once a day). During a large outbreak, antivirus vendors may push out several updates in a single day.
Check your antivirus program. Is it a trial version? If so, when did the trial expire? If your trial has expired, please consider purchasing a full copy of the trial software, purchase an alternative product, or switch to one of the free antivirus products available.
Tip: Be careful what you choose when investigating free antivirus products. Conduct a Web search to check out a product's reputation. Web forums such as those listed in Related Links are an excellent resource when investigating the bona fides of a particular product.
By the way, the correct plural of virus is "viruses", not "viri" and "virii".
"I update my antivirus every day so I must be safe"
Not necessarily. There is always a period of time between a virus being discovered in the wild and definitions being released by an antivirus vendor that can detect the latest risk. Not only that, the time between information about a security exploit being released to the public, and bad guys taking advantage of an exploit, is shrinking. Therefore, we must not only check for updates regularly (my system is set to check for updates every two hours), we must also minimize the risk to our systems by practicing safe hex. Do not assume that protective software protects you from the possible results of risky behavior.
For more information about how to stay safe when using the Internet, I recommend you visit Microsoft's Security Web site.
"I turned my firewall off so that {insert program name} will work but it doesn't matter—there is nothing on my PC that anybody would want anyway"
This is what the bad guys want. Spammers want to steal bandwidth (an ISP connection) to send their wares so that somebody other than the spammers will get the blame for spam. Hackers may want the hard drives in computers attached to the Internet for free storage space. Other hackers may want to use online computers as a launching pad for, or participant in, Internet-based attacks on other computers, or even Web sites.
The Federal Trade Commission issued an alert back in January 2004 warning that spammers were trying to use home users' computers to send spam.
The CERT Coordination Centre web site at Carnegie Mellon University has an excellent online document that discusses home network security.
Cookies are spyware
Microsoft defines spyware as "software that performs certain tasks on your computer, typically without your consent. This may include giving you advertising or collecting personal information about you."
The most important point to remember is that Cookies are not software; they are simple text files. They are used to record data, but do not do the recording.
"First-party" cookies are most often used to record your personal preferences and settings for the Web site—for example, a cookie may be used to store your username (and sometimes password) for a particular site. Cookies may also record personal preferences such as colors schemes or page layouts.
"Third-party" cookies are a different story. Most often set by online advertisement companies, and with the data recorded not being specific to one Web site, I always block them through Internet Explorer's privacy options, which can be accessed by clicking on Tools, then Internet Options, and then by navigating to the Privacy tab.
Internet Explorer allows for detailed control of cookies.
For more information about cookies, I recommend that you review the following Microsoft URL: http://support.microsoft.com/default.aspx?scid=kb;EN-US;260971.
Internet Accelerators speed up Internet connections
Internet Accelerators do not speed up your internet connection. They simply use it in a different way.
There are several ways that Internet Accelerators may create the illusion of faster Web browsing. First, they may edit your Hosts file to pre-record the IP address of sites that you visit—saving you, perhaps, a second or two of time, but at the risk of breaking your ability to access a Web site if its IP address happens to change—something that can happen at any time. When a user complains about the classic "page cannot be displayed error," one of the first things I ask them to do is rename their HOSTS file to HOSTS.OLD to rule out this very common problem.
Second, Internet Accelerators sometimes use something called 'read-ahead caching'. Basically, this is where the Accelerator scans the page you are currently reading, and then downloads all linked pages in the background just in case you want to read them. Depending on the Accelerator's settings, a heavy demand can be placed on your hard drive free space, and on your Internet connection—not a good thing if you pay per byte, or have a broadband account that is slowed down once you hit a certain download/upload limit. Also, this downloading places an unnecessary load on the server hosting the site. Granted, this is not a problem if only a few people are using Accelerators—but imagine what would happen if the majority of visitors to a site were all using Accelerators. A server could, theoretically, be brought to its knees by the unnecessary demand.
Internet Accelerators may also use something called 'smart caching,' in which the Accelerator takes over Internet Explorer's cache and only downloads content from the Web if it doesn't already exist on your hard drive. Again, your Internet connection is not faster—all that is happening is the content on your hard drive is being used more efficiently. This type of Accelerator only works if you visit a page on a regular basis and you do not delete downloaded content to free up hard drive space.
Change to Browser X and you'll be safe
How I wish it were that simple. Many times I have seen people say that Browser X, Y, or Z is safe because it doesn't load Microsoft ActiveX, or because it's not 'embedded' in the operating system (whatever that means), or because it doesn't use the Microsoft Java Virtual Machine, or simply because it's not Internet Explorer.
Don't get me wrong; I've never been an Internet Explorer apologist—for years I have suggested Opera if a person wants a good download manager and Deepnet Explorer if they want integrated RSS and P2P support. I even have the Deepnet logo and a link to its home page on my Internet Explorer support site. What bothers me is when people are encouraged to swap to another browser because it is 'safer' with no attempt being made to teach the user about safe Internet behavior.
We will not be 'safe' when surfing the Internet unless and until we adopt safe browsing habits. In my personal experience, the average Web surfer does not want to turn off java applets, or ActiveX, or scripting, permanently. Too many sites are broken when such things are turned off.
So, what do we do? First, we do not assume that just because we are using Browser X we are guaranteed safety and can go to risky sites, nor can we assume that just because we are using Browser X, we can download freeware willy-nilly.
The owners of malware-pushing sites want to earn cash from your visit—the more cash the better—and unfortunately it is possible to earn a lot of money by pushing spyware and malware. If sellers can find a way to get their wares on to your PC, they will use it (no matter what browser you happen to be using).
For detailed information about how to stay safe when using Internet Explorer to surf the Internet, and how to avoid risky behavior that is not dependent on the Web browser you are using, please review the advice at this link: "Malware: Help Prevent the Infection."
Breaking the misinformation cycle
Education is an extremely powerful tool, teaching us how to recognize less reputable advice and how to avoid risky behavior.
There are several Web sites that are devoted to exploding the more common Internet myths; for example, Snopes.com is a very popular site (just make sure you enable your Pop-up blocker before visiting the site). Another popular, albeit strident, site is Vmyths.com (again, don't forget the Pop-up blocker). For anything not specifically addressed on 'urban myth' Web sites, we can visit reputable support forums such as aumha.net and Computerhaven.
