Nobody’s interested in my computer so I don’t need to protect it.

Hackers use automated tools that can scan tens of thousands of computers an hour over the Internet. According to July 2006 statistics from the SANS Institute, the minimum survival time of an unprotected Windows XP computer (i.e., a computer running without the latest patches, a firewall, and anti-virus software) was 15 minutes. In previous months, the minimum survival time has been less than 3 minutes.

There is nothing important on my computer so I don’t need to protect it.

Your opinion about what is important may differ from an attacker's opinion. If you have personal, student, or financial data on your computer, attackers may be able to collect it and use it for their own financial gain. Even if you do not store that kind of information on your computer, an attacker who can gain control of your computer may be able to use it in attacks against other people’s computers.

I have anti-virus software so I’m completely protected.

Anti-virus protection is important and you need it. But just having the software isn't enough. New viruses emerge all the time, so you need to update your virus definitions regularly to make sure they're current, and you need to conduct a full-system scan of your computer every week.

Furthermore, viruses aren’t the only security threat. For example, anti-virus software won’t keep out hackers or stop spyware, and it won’t prevent you falling for an online con trick.

I have a Macintosh or Linux-based computer, so I don’t have to worry about security.

Although it is true that Mac and Linux-based systems suffer fewer attacks than PCs running Windows, that doesn’t mean that they are invulnerable. For example, Apple rolls out security updates on a regular basis just like Microsoft. In addition, many Internet frauds work whatever kind of machine you use. And, don’t forget, the new Macs can run Windows.

I’m too smart to be fooled by online scams such as phishing and pharming.

Are you sure? In a study of 22 users’ activity, researchers at Harvard University and UC Berkeley found that good phishing sites fooled 90 percent of participants. Anti-phishing browser cues and popup warnings were largely ineffective and frequently ignored, the study said.

To learn more, read Why Phishing Works by Dhamija, Tygar, and Hearts (2006).

I’m busy. I don’t have time to do anything about security.

An ounce of prevention is worth a pound of cure. It can take a day or more to clean up a computer that has been infected with viruses and spyware. Resolving a case of identity theft can take weeks.  Or, how long would it take you to re-create that 500-page manuscript you’ve been working on for the past three years?

References

Get Safe Online. Top Online Safety Myths. (2007)

McDowell, M.  Debunking Some Common Myths. US-CERT (February 2006)