4 Cyber Security Myths That Must Die

Joel Lee 08-10-2014

Everyone thinks they understand cyber security but most are misinformed 5 Security Software Myths That Can Prove Dangerous Malware is still a thing! Tens of millions of PCs remain infected worldwide. The damage ranges from unstable computers to identity theft. What makes people not take malware seriously? Let's uncover the myths. Read More in one way or another. Entire books could be written on all of the security myths that continue circulating even after they’ve been debunked. You might be spreading misinformation and not even know it.


Cyber security is always shifting and never constant, so some of these myths may have roots in past truths. It’s also possible that these myths may one day become truths in the future. But for now, they are myths that must be dispelled. Let’s get our facts straight.

Myth: Windows Is Inherently Insecure

“Don’t use Windows unless you like viruses.” It’s a sentiment that we’ve all heard time and time again – sometimes coming even from the mouths of Windows regulars – and it’s one of the oldest jokes in the book. Sure, there was a time long ago when Windows was an inherently flawed system, but that hasn’t been true for years now.

The Truth

Ever since Windows 7 hit the scene, the virus problem has been significantly curtailed. Can Windows users still be infected? Yes. Are there Windows users who have gone years without being infected? Yes! Windows isn’t impenetrable by a longshot, but it’s certainly much more secure today than it ever was before.


The problem is that most Windows users don’t care enough to update their systems with pertinent security patches. Microsoft is good about plugging security holes as they’re found, but if users don’t apply those updates, they leave themselves vulnerable. At that point, Windows itself is no longer at fault.


Moreover, Windows is the world’s most popular operating system. Combine that with the fact that Windows does not require its users to be tech-savvy and you’ve got a recipe for high number of security incidences. That’s just simple math.

Myth: Mac and Linux Are Invulnerable

“I’m safe because I have a Mac / because I use Linux.” It’s one of the main arguments used by those who want to convince others to switch over from Windows. To be fair, Mac and Linux computers may be less likely to be infected, but it’s an enormous stretch to say that they’re invulnerable. They aren’t.

The Truth

You may have heard of the Shellshock bug Worse Than Heartbleed? Meet ShellShock: A New Security Threat For OS X and Linux Read More , a vulnerability that exists in UNIX-like systems that operate using the Bash shell. It has tremendous implications for computer security all around the world and the irony is that it doesn’t even affect Windows.



According to analysis, the Shellshock bug has existed undiscovered since 1992. That’s twenty-two years, which is a long time considering the open-source availability of Bash’s source code.

While this may or may not be a freak occurrence, it does present us with an unsettling question: how many other vulnerabilities exist that have yet to be discovered? Again, Mac and Linux may be less prone to infection than Windows, but only a fool would think that these operating systems are inherently safe Heartbleed – What Can You Do To Stay Safe? Read More .

Myth: You Don’t Need Security Software

“I’m careful so I don’t need antivirus software,” said every arrogant computer user who thought themselves too smart to fall for silly malware tricks. If your idea of catching malware only includes email attachments, shady websites, and popup advertisements, you are in for a rude awakening.

The Truth

The ones who create malware and viruses are not stupid. Unethical? Yes. Pathetic? Sure. But stupid? No. They’re always looking for new ways to facilitate the spread of malicious software, which means that their methods are always evolving.



But more importantly, we are human. Humans make mistakes. We can’t keep our guards up 24/7 and sometimes we’re lazy, forgetful, or reckless. All it takes is one lapse in judgment for your computer to be infected and that’s the real value of antivirus software: it protects you through your mistakes.

Think of it like a seatbelt. Maybe you’ve been driving for 10 years without a single accident. Does that mean you don’t need to buckle up? No! Even the best driver in the world has the potential to crash. Any driver with a brain will wear their seatbelt at all times because the seatbelt exists for those rare but crucial moments.

If you aren’t using antivirus software, install one now Free Anti-Virus Comparison: 5 Popular Choices Go Toe-To-Toe What is the best free antivirus? This is among the most common questions we receive at MakeUseOf. People want to be protected, but they don’t want to have to pay a yearly fee or use... Read More along with a virus scanner How Accurate Are These 4 Big Name Virus Scanners? Read More . Afterwards, if you find that you have an infection, clean it up 10 Steps To Take When You Discover Malware On Your Computer We would like to think that the Internet is a safe place to spend our time (cough), but we all know there are risks around every corner. Email, social media, malicious websites that have worked... Read More as soon as possible.


Myth: All You Need Is Security Software

“I’m safe because I use antivirus software,” said every naïve user who placed too much hope and faith in technology. Cyberspace would be a wonderful place if good software is all it took to keep safe. Unfortunately, software can only protect us so much.

The Truth

Remember how malware and virus creators are always engineering new ways to spread their evil? This puts the ball in their court. Antivirus companies are always one step behind (they have to study a virus before they can protect against it) which means that the notion of antivirus is fundamentally reactionary.


You need more than that. It’s better to avoid situations that are likely to result in malware infections than it is to rely on your antivirus and hope that it catches everything. (It won’t.)

Going back to the driving analogy, it’s just as important to be a skilled driver as it is to wear your seatbelt. Seatbelts aren’t guaranteed to keep you safe in case of an accident; they only improve your odds of minimizing injury. Sane drivers don’t consider themselves to be invincible just because they have a strap across their chest.

At the end of the day, you ought to practice smart security habits Change Your Bad Habits & Your Data Will Be More Secure Read More and make them second nature. Having antivirus software alone is not enough.

What other cyber security myths are out there? Help us debunk as many as you can! Show us what you know and let’s enlighten the world together.

Image Credit: 3d human Via Shutterstock, Windows Laptops Via Shutterstock, Angry Mac User Via Shutterstock, Antivirus Protection Via Shutterstock, Virus Detected Via Shutterstock

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. the observdr
    February 4, 2017 at 3:45 pm

    Windows Defender/MSE is getting better and better without the money-grabbing things from other AVs but there will be ads on the Windows 10 Experience! I even saw an MS ad saying hat Firefox drained the battery and say Go to Edge. Microsoft wants people to be safe against malware so they will be able to steal information alone from the user and sell it. Good things (excellent AV) come with bad things (ads and spying).
    MS wants to be the only one spying to get more money instead of pirates

  2. Anonymous
    September 23, 2015 at 1:00 pm

    25 years and not a single virus on my pc, thanks to Antivirus Gold... oh no... wait a minute...

  3. Gene Ricky Shaw
    March 3, 2015 at 5:59 am

    The problem is that people equate "vulnerability" with "virus". Viruses like the "I love you" or "Melissa" virus are long dead. The vulnerabilities are in other forms, such as getting users to install malware via websites or exploits like SQL Injection.

    In cases like these, it's not just Windows users that are vulnerable. As the article mentioned, yes, Windows is the most likely target for viruses. But there has been a LOT of progress made on the Windows platform. When I worked a help desk in 2002, virus outbreaks happened about once every four months. Now I can't recall the last time I heard of one.

    South Korea's banks were hacked in 2013 and virtually ALL systems including Unix and Linux systems were also wiped. It wasn't just an attachment virus that did that; there are multiple ways of attacking a system. Ask anyone running SSH v 1 keys how safe they feel...

    • Joel
      March 10, 2015 at 3:47 am

      Thanks Gene. Windows certainly has come a long way since its 3.1 days and shouldn't be seen as the virus-infested junkbox that it once was. That being said, people should practice safe security habits regardless of their operating system!

  4. Govertz
    January 10, 2015 at 2:11 pm

    21 years of Windows use, and only one virus attack, that's not to bad.
    There isn't such a thing as a completely safe OS, I'm sure that if Linux had the majority of computer users, they would also have the majority of attacks.

    This discussions on OS's, has gone on for years, and I have always wondered why people get so agitated. I have being called names and worse, in the past. Just because I used the Commodore Amiga product line, and was happy with it.

    • Joel Lee
      January 18, 2015 at 12:14 am

      People are very passionate when it comes to taking sides. I guess that's just how it is these days, unfortunately. Btw, grats on 21 years with only 1 virus. That's an impressive record. :)

  5. linux_sdfsdf
    December 29, 2014 at 12:16 am

    The funny thing is, shellshock isn't quite as bad as it's made out to be.
    The amount of damage they could do is limited to the permissions of the user they had accessed. & whether you ensured all input is treated as strings.

    If your users have limited permissions, the "tremendous implications" drops down to "hmm, I should fix that"

    You do follow good protcol right? Or do you do the windows way and let root run your internet server?

    • Joel Lee
      December 30, 2014 at 4:00 pm

      From my experience, the "tremendous implication" surrounding shellshock aren't so much about how much damage it actually deals but the fact that the so-called "impenetrable OS" had a gaping hole residing within it for over 22 years. In case it wasn't clear, the implication is: "If shellshock was hidden in an open-source system for that long, how many other holes are there that nobody has seen yet?"

      • skearney
        September 8, 2018 at 4:59 pm

        It's not exactly in Microsoft's interest to advertise when they've found an unexploited vulnerability. We have no idea how many similar cases have existed, or perhaps even do exist today.

        With an overwhelming server market share, 30 years of open source development and 20 years of foundation development from UNIX, it seems highly unlikely that Linux is going to be just riddled with holes yet to be discovered.

  6. Chris
    November 23, 2014 at 5:38 pm

    MS have NEVER released any properly working products. This sad fact, along with the widespread infection of computers with the Windoze Virus, means that a huge number of computer users are destined to suffer from thefts, frustration and lost work.

    The silly "analysis" of the issues with "heartbleed" (a non-problem in 99.999% of cases) devalues the whole of the article.

  7. KT
    October 11, 2014 at 12:25 am

    The main and probably only reason newer doze os's are more secure now is the UEFI safe boot crap they make mobo manufactures install. Now when I do a pc build, I have to check the mobo specs closely to make sure I don't get a doze 8 ready one. It makes os installs and dual boots a pain in the neck.

  8. Christopher Wetmore
    October 9, 2014 at 2:21 pm

    Myth: "I have nothing worth being hacked for. I'm poor."

    Reality: Your computer & it's connection to the Internet are valuable to malware that, once installed, turns your computer into a server for spam emails, website attacks (DDOS attacks) and now, Bitcoin or other alt currency mining.

    To the Black Hat hacker, getting into your system gives them an asset you are nice enough to maintain for them.

    • Joel Lee
      October 11, 2014 at 2:15 am

      Thanks Christopher, that's a good point. It's frightening to think that our computers could secretly be zombies in a botnet. Everyone is a potential victim and we shouldn't forget that.

  9. nemesit amasis
    October 9, 2014 at 10:20 am

    Shellshock doesn't even affect non server people. it might affect a DHCP server and others but that would be a problem for windows users too ;-p

  10. Chinmay S
    October 9, 2014 at 7:32 am

    Shellshock is a bug not a "virus". Windows has innumberable viruses but Mac/Linux have only a few.

    • Doc
      October 10, 2014 at 1:13 am

      Yet years ago people were saying "Mac OS and Linux are completely secure; we don't get viruses, and there are no security flaws because the developer community makes secure software." That's increasingly becoming the biggest lie in the history of Mac OS and Linux, as web servers and Macs are being targeted from every angle.

    • techno
      October 12, 2014 at 12:52 pm

      @Doc care to show me those Linux viruses? There have been 2 major linux vulnerabilities in years. Both were due to coding errors, both were patched quickly once discovered. Shellshock also was ridiculously hard to find because it relied on small bugs in numerous programs that cascaded into a flaw. To conflate that with Windows is just blatant lying on your part. I've used a Windows PC for years and been virus free, but the ability to run in admin mode by default is inherently a flawed way of running an OS. Your failure to see this exposes your bias and invalidates anything you might have to say.

  11. dragonmouth
    October 9, 2014 at 1:03 am

    "Myth: Windows Is Inherently Insecure"
    In spite of your and M$'s insistence, Windows IS inherently insecure. Try using it for any length of time without third party security software and see how long it takes before you pick up all kinds of malware. Windows was created insecure and many of the insecurities have been propagated through all the versions. One insecurity that has existed since 1985 is the ability of a program running in user space to crash the entire system. It has not been fixed now for 29 years. From day one in Linux, user space has been walled of from system space. A user program cannot crash a Linux system.

    Linux may not be "invulnerable" but at least it can be used without third party security software. As far as ShellShock goes, it was vulnerability that was discovered by researchers but never exploited by hackers. As you say, it was present in Bash since 1992. That is 22 years that hackers had a chance to exploit it and they never did. It is interesting that Windows is a proprietary software, supposedly locked tighter than a drum and yet hackers keep finding and exploiting its vulnerabilities while open source software such as Linux has had only few exploits.

    While saying that "Ever since Windows 7 hit the scene, the virus problem has been significantly curtailed." may be strictly true, that's like saying that the Swiss cheese created today has less holes than those created in past years. The bottom line is that both Windows and Swiss cheese still have holes and the MYTH is that "Windows is secure".

    • skearney
      September 8, 2018 at 4:34 pm


      It's pretty ridiculous to point to ONE security threat that wasn't ever exploited for 22 years and yet point out that Windows users are required to install security patches every week.

  12. Hildy J
    October 8, 2014 at 10:18 pm

    Does any article that points out anything positive about Microsoft or Windows have to be attacked by the increasingly insecure (in a personal sense) Linux community.

    Shellshock is relevant in two ways. First, it points out that any user, regardless of their OS, needs to follow the recommendations: keep your software updated, run security software, and don't do stupid things online (I may be paraphrasing that last one).

    Second, it points out the difference between Windows and Linux. Security holes exist in both (Shellshock was not the first, nor the last one we know of in Linux). The "good guys", paid or volunteers, will not catch all of them. With Windows, though, holes and exploits come to light quicker. Linux benefits from the fact that the "bad guys" know the vast majority of targets run Windows.

    • Joel Lee
      October 11, 2014 at 2:12 am

      Thanks Hildy. That's exactly what Shellshock shows. If Linux had more than a 1.6% market share, I wonder how many more Shellshock-type news stories would surface? (For the record, I have nothing against Linux.)

    • Chris
      November 23, 2014 at 5:58 pm

      Sadly, you're both badly misinformed. Linux may have a 1.6% userbase in your street, but in the Real World™, the uptake is very much higher. It accounts for >95% of web servers, almost 100% of Routers and Switches, 100% of Android products (outselling Windoze and Apple products - put together - by a huge amount) and innumerable "web aware" pieces of hardware all over the world. It's also increasingly found on desktops and laptops in the developing world, and even western Governments are turning to it because of its reliability, ease of use and security.
      Windows has many more vulnerabilities (many of them deliberately introduced for the benefit of Governments) and the vast majority of them go unfixed for many years. There are two NT kernel bugs that give administrative priveledge that have existed since the early 1990s......
      The funniest thing of all: shellshock and heartbleed were fixed SAME DAY on all Linux distributions, and patches were pushed to users immediately.
      Any Windoze vulnerability remains unpatched for MONTHS before its (dubious) patch is eventually released to the user base.

    • Hildy J
      November 24, 2014 at 2:10 am

      Shellshock may have been fixed the same day it was announced (as are many Windows vulnerabilities) but it has existed since version 1.03 in 1989. Heartbleed was a vulnerability in the original release.

      You are right that Linux and Unix variants rule the server world but the article is focused on end users. Besides, sys admins don't sit around waiting for patches and enterprise systems tend not to be updated automatically for fear that a patch may cause different problems (Shellshock spawned a number of patches).

      You do bring up a question for end users. Is your router safe? As you point out, routers almost all run Linux and I suspect many older versions of the software are not maintained by the OEM and many more are not maintained by the end user.

      • skearney
        September 8, 2018 at 4:49 pm

        Sure. But Shellshock is a far greater threat, and with greatest economic exploit, to servers over individual users. One would think with such an overwhelming marketshare that shellshock would have been discovered if it were a genuine threat.

        It is the nature of security breaches to be discovered before they are exploited. This is why security patches are released moments after they are discovered and these breaches are seldom exploited in the wild.

        But keep in mind that Linux is open source, so all it's security weaknesses are out in the open for everyone to see. Because of Linux enormous marketshare in the most targeted applications, and because vulnerabilities can be easily seen by anyone, one would expect the author to note multiple significant vulnerabilities, rather than a single, obscure threat that was never previously exploited if Linux were as insecure as Windows.

        Indeed, we have no idea what kind of u-exploited threats exist in have existed or currently exist in Windows, because it's not in Microsoft's interest to advertise the fact that they had found a solution to a problem that existed since Windows 3.1.

  13. Bill Martin
    October 8, 2014 at 2:28 pm

    The trick with propaganda is to not over-do it. The sheer quantity of pro Windows marketing pieces on Makeuseof recently is very obvious and very irritating.

    Linux is massively safer than than Windows, that's a fact and you know it. To use shellshock to hang your entire argument on is ridiculous.

    I know this because I have made a living for two decades out of dealing with Windows and its multiplicity of flaws, inefficiencies and security nightmares. Every version of Windows in the last 20 years has been wide open and the only mitigation is with bulky resource-hungry security software.

    And with every new version there's a wave of puff pieces in the press about how great the new version is and how its fixed all the problems with the current version and how if you give Microsoft your money this time it will all be ok.

    Don't fall for it.

    • skeith
      October 9, 2014 at 2:18 am

      well I live with windows for a decade, true that windows has flaws, but that just made me a better user to handle their tools. it is a matter of user preference.

      i hope reader don't fall for your propaganda as well

    • Leah
      October 9, 2014 at 5:25 pm

      They're so pro-Windows they actually stopped paying any attention to the Windows Phone!

    • Switchblade
      October 9, 2014 at 5:38 pm

      Well "Bill" I think the "Linux" users of the MakeUseOf team are very aware of the fact Linux is almost virus immune. As a follower of MakeUseOf for three years, I find it sad that you commented out of prejudicial bias with a dose of conspicuous paranoia, since MakeUseOf is in no capacity affiliated with Microsoft. I feel sad you had a bad experience with Windows, but you don't need to spill irrational hate towards it. My two cents.

    • saumyakanta
      October 10, 2014 at 2:34 pm

      linux and unix are safer because of the fact that they have a negligible user base as compared to windows , and windows is much more target due to this large user base.

    • Joel Lee
      October 11, 2014 at 2:10 am

      I love all three Windows, Mac, and Linux (I dual boot Windows and Linux and I'd buy a Macbook if the price weren't so prohibitive) so if I have any bias, it would be a small one I imagine.