Mythbusters: Dangerous Security Advice You Shouldn’t Follow

James Bruce 05-12-2012

When it comes to internet security, everyone and their cousin has advice to offer you about the best software packages to install, dodgy sites to stay clear of, or best practices when it comes to passwords.  Or perhaps you’ve never listened to others and have your own beliefs about internet security? In that case – this post is for you. Let’s take a look at some of the most common beliefs – some might say myths – about internet security.


Note: Some of these quote results from a 2011 survey on 16,000 internet users by G Data Software. I’ll be using their data for illustrative purposes only though, and we’ll be addressing and somewhat debunking each myth.

My password is secure

Is it true? Not. One. Bit.

So you have a ridiculously long password full of numbers and punctuation? In fact, it’s so long and uncrackable that you just use it on every site? Uh oh. All it takes it for one single site to have less than perfect security, and suddenly that password is known to all. Most sites store user passwords using a system of “hashes and salting”, a process that ensures that whilst user passwords can be verified, the password cannot be retrieved at a later date by anyone – not even with direct access to database. But then some sites don’t have quite the same level of security, and all it takes is one.

Sometimes, the hackers don’t even need to “crack” anything – users who opt for a short or well known password – even when hashed and salted – can easily be deducted from lists of common passwords. To put it simply – comparing the result of hashing “12345” with the database will reveal all the users who had the same password. Do this many times with a list of common passwords, and you have a long list of hacked accounts, ready for resale or publishing.

So whats the best way to secure your accounts? A long, unique but memorable password for each account is best – but even better is two factor authentication What Is Two-Factor Authentication, And Why You Should Use It Two-factor authentication (2FA) is a security method that requires two different ways of proving your identity. It is commonly used in everyday life. For example paying with a credit card not only requires the card,... Read More .


computer security myths

I have AV software installed, so I’m safe

Is it true? No.

Many users are lulled into a false sense of security that various software packages bring; the truth is that the biggest problem is the user. An anti-malware package or internet security suite can only do so much to protect the user – it isn’t foolproof, and nothing will offer complete protection. If someone phones you up pretending to be from Microsoft What's Fake Tech Support & Why You Shouldn't Trust Everything You See on Google You’re sitting at home, minding your own business. Suddenly, the phone rings. You pick up, and it’s Microsoft (or Norton, or Dell, or …). Specifically, it’s a support engineer, and he’s concerned – concerned for... Read More , and you give them full remote access to your PC in order to fix an unknown problem, no amount of software is going to protect you.

You generally don’t need security software if you follow some basic advice 10 Easy Ways to Never Get a Virus With a little basic training, you can completely avoid the problem of viruses and malware on your computers and mobile devices. Now you can calm down and enjoy the internet! Read More , learn what the threats are, and act cautiously.


online security myths

You’ll know when you’re infected

Is it true? No – you’ll be clueless.

93% of respondents assumed they would know about malware if they were infected, but this couldn’t be further from the truth. Modern malware is stealthy, and hard to detect – it won’t launch a million popups telling you to subcribe to something, because that would be a clear signal to the user that something is wrong. Instead, it’ll quietly sit in the background, secretly giving control to a remote attacker, saving your keystrokes to listen to bank account access, or sneakily sending spam emails by the millions. Not all malware is stupidly obvious.

I’m a Mac user – nothing to worry about

Is it true? Not completely, but your chances are certainly reduced.


Though malware specifically targetting Macs is minimal, it certainly does exist; once you factor in Java and Flash as distribution vectors, the amount of possible attacks increases. Luckily, Apple has also been making headway on the issue, and now refuses to run software that isn’t from a signed developer by default – though this is easy to override by the user.

online security myths

Windows – specifically older versions of Windows and Internet Explorer in particular – remain the most popular target due to their sheer proliferation for potential targets and the fact that the users are likely to be somewhat less tech savvy.

It’s from a friend, so it must be safe

Is it true? Most certainly not.


Even if that email or Facebook message is from a trusted friend, the message itself cannot be trusted. This counts for instant messages and Skype too, and sometimes even SMS. The victim will install the malware, which then proceeds to systematically contact everyone in the address book or friends list.

online security myths

So how to stay safe?

  • Friends, don’t let friends use shortened links, ever!
  • Don’t install random Facebook apps, despite how enticing they may be.
  • Don’t use third party IM tools that aren’t extremely well known already.
  • If you suspect something was spam and not a genuine message, just ask them.

If I tell a spammer to not email me, they’ll remove me from their mailing list

Is it true? No.

Quite the opposite in fact – if you either respond to the spam email or click the unsubscribe link, you’re actually just verifying to the spammer that you’re a real person – a legitimate address – and you’ll simply be added to more target lists. Most of these emails are sent out in bulk – generated by a software package which has no idea if the email address is even real. By clicking usubscribe, you’re simply signalling that the spam software was correct.

Best thing to do? Hit the spam button so that your email software or provider improves it’s spam database.

security myths

Malware Comes From Email Attachments

Is it true? Not really.

54% of users thought that email is the primary distribution method for malware; but I think we all know enough to not download random email attachments nowadays. These certainly do still exist, but more common is to include an innocent looking link which sends you to a website containing the malware that will auto-download.

Of course, neither is a problem for any savvy user – Gmail and other providers filter most of them out automatically, and most will virus scan attachments for you. Any of the link-based attacks that do get through will invariably be in the form of shortened URLs or something obviously fake. Here’s a tip: has nothing to do with Microsoft, and has nothing to do with Paypal – always check the root level of the domain before clicking. If something is asking you to login for some reason, then just type the address you always use directly into the browser address bar and don’t click anything in the email. No service will ever ask you to “confirm your password” or account details via email, especially not banks! And finally – shortened URLs like are never trustworthy because you have no idea where they go.

Don’t click on links in emails unless you’re 100% sure of where they go. Simple.

Just Going To A Website Can’t Infect You

Is it true? Mostly.

48% of internet users polled believed that simply visiting a site cannot infect you. This both is, and isn’t true. If you use a secure browser – like Chrome – which uses a technique called “sandboxing” to place each tab into it’s own virtual playground with no access to system resources, then yes, this statement generally holds true. Java is the exception to this however, and so is Flash; if you have these kind of third party plugins enabled, then they can be used to infect your PC regardless of the browser. The latest version of Firefox sandboxes Flash too, I should note.

Best advice? Uninstall Java, and disable Flash by default. You can enable it for certain sites then, or approve the plugin only when needed. If you’re using an older version of Internet Explorer – stop it – and go download something more secure immediately.

Malware comes from illegal file sharing sites

Is it true: Partially

Yes, illegal file sharing sites are an easy way to distribute a virus – you can’t verify the legitimacy of a game that’s been pre-hacked, just as you can’t know for certain that the movie you’re downloading won’t actually be an .exe file or have something malicious embedded. Or can you? Most filesharers on sites like PirateBay know enough to avoid anonymous uploaders or non-respected members, opting to only download those from trusted members (with a green or pink skull and crossbones next to their user). Additionally, there a little thing called comments – if the first five users are verifying that this torrent does indeed scan positive for malware, then here’s a quick tip – don’t download it. A 2009 study showed around 20% of torrents contained malware over a small sample of 70 downloads, though these were all from “public” torrent sites like BushTorrent and BTJunkie. The malware ratio on a private torrent tracker The Best 3 Private Torrent Trackers That You Should Be Invited To Just like the good old Napster days though, public torrent sites and trackers are riddled with trojans and other garbage. The best way to enjoy your filesharing experience is getting an invite to one of... Read More would be significantly smaller.

security myths

“Regular” websites are still the preferred delivery method: a more recent survey by Sophos claimed that 30,000 websites are infected daily, and that 80% of those are legitimate websites that have been hacked or injected with malicious code rather than specifically set up to host malware. Luckily for you, Google maintains a pretty comprehensive database of these sites, to which the automatic Google bot scanners add 9,500 infected sites daily.

Adult sites are more dangerous than general sites

Is it true? Yes, and no.

Adult sites – that is, paid ones – are more motivated to keep their clientele and hence not get them infected, and are generally more secure in order to protect their content. However, if you go out looking for the free stuff, then those sites are almost certainly going to contain malicious links, and fake download buttons – clicking on those results in revenue for the sites.

computer security myths

Don’t be fooled into thinking it’s only these kind of risqué sites that contain malware though; it isn’t. Any site can be a victim of an attack, as criminals simply wish to infect the most users – a highly trusted site is a prime target for a hacker.

You have to open a file to get infected

Is it true? Nope.

22% of users survey believed that to be infected, the user had to specifically open a file or run it; this is just not true. Exploiting existing loopholes allow an attacker to run a file without user intervention. Most operating systems now include some kind of safeguards that ask the user before running anything, but again, many users will blindly click allow, and this isn’t even neccessary if the attack uses a platform like Java to deliver it’s payload.

Installing More Security Software Makes You Safer

Is it true: Unlikely

Though I’m personally of the opinion that even one bit of security software is too many, there are those users who insist on installing a plethora of system level firewalls, anti-viruses, malware scanners, plus pages worth of browser plugins. The net result? An exceedingly slow browser, severe performance issues with the computer, file lockups, delayed start up, and general frustration. And, of course, no additional protection.

If you’re the kind of person that likes analogies, try this one: installing multiple security suites is like adding more locks to your door. If a thief really wants to get in, they’ll break a window instead; the only real victim is you by having spent an extra 3 minutes unlocking them every time you leave the house.

Do you know of any more security myths that you’re sick of hearing? Tell us in the comments!

Image Credit: Shutterstock – Password

Related topics: Anti-Malware, Firewall, Java.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Pooky Joralyn
    April 29, 2013 at 8:02 am

    What about IE 10? Can it be more secure than metro mode if I use stuff like WOT, Ghostery and NoScript?

  2. Brandon Lockaby
    December 12, 2012 at 6:12 pm

    I learned a hard lesson about file sharing (i.e., Limewire), a long time ago (got 30+ viruses just from one click), and since then, I have not used ANY file-sharing application or site.

    I'm very computer savvy, and am very strict on computer security.

  3. Brenden Barlow
    December 12, 2012 at 7:15 am

    excellent. some of these things i wasnt entirely sure about, but this cleared up anything i didnt know.

  4. Hunbuhbhuygb Ygygbgybygb
    December 12, 2012 at 1:23 am

    Rogue rouge lol i dunno how to spell this

  5. Hunbuhbhuygb Ygygbgybygb
    December 12, 2012 at 1:22 am

    The 3rd picture looks like a rouge antivirus lol

  6. Hunbuhbhuygb Ygygbgybygb
    December 12, 2012 at 1:21 am

    Hey but can we be infected by html5?since we can by flash(i got this idea from youtube).and afaik we cannot disable html5 for ie10 and 9

  7. Rocco Rizzo
    December 11, 2012 at 4:01 pm

    How about the myth that a router's NAT firewall will protect you, when you really need a good software firewall as well?

    • themainliner
      December 12, 2012 at 12:03 pm

      Apparently James disagrees with you:
      "Though I’m personally of the opinion that even one bit of security software is too many, there are those users who insist on installing a plethora of system level firewalls, anti-viruses, malware scanners, plus pages worth of browser plugins. The net result? An exceedingly slow browser, severe performance issues with the computer, file lockups, delayed start up, and general frustration. And, of course, no additional protection."

  8. Scott Macmillan
    December 11, 2012 at 3:44 pm

    I will be sending the link to this article to many of my friends.

  9. syed asghar
    December 11, 2012 at 12:59 pm

    Very informative for the persons who go for online shopping and banking.
    Keep spreading the knowledge.

  10. Sashritha Peiris
    December 10, 2012 at 4:15 am

    Good artical

  11. Doc
    December 9, 2012 at 6:32 pm

    "Just Going To A Website Can’t Infect You" - "Is it true? Mostly."

    This is most definitely NOT true. In fact, most infections hosted on websites uses JavaScript hacks to automatically download and run the malware, while leaving you totally oblivious; this is how a lot of the recent "fake antivirus" programs install themselves.

  12. Anonymous
    December 9, 2012 at 8:35 am


  13. Jack The Pipe
    December 9, 2012 at 12:27 am

    There are nutcase conspiracy theorists, there are lunatic paranoids, there are crazy people who add three locks to their doors in the hope that'll improve the safety of their possessions and of their own lives.

    Then there are the idiots who not only believe every cheesy show and all "unquestionable truth" they watch on TV, but also don't even lock their doors, because they think "bah, a thief would just enter through the window anyway". Makes sense, I guess. I mean, why bothering to wait for a green light before crossing a road if everyone has to die sooner or later and if God in His wisdom wants you to go, you'll go *anyway*, right ? Stupid green lights!

    And then there is this site, and articles such as the above one and other wonders.

    Now, don't get me wrong, it's not necessarily that the authors of who put things like the above article out to the public are behind a conspiracy to hinder you from using your intelligence and common sense to protect your safety and your privacy in what limited capacity you are afforded, just like the people who put locks on their doors are protecting their valuables and their lives in what imperfect way they can - no, I'm more inclined to believe that it's simply that these article writers genuinely don't know any better, the only possible explanation for such dangerously ignorant, dismissive and idiotic articles.

    By all means please carry on using IE as your browser, Vista as your OS (or is that Win8 these days ?), no firewall or anti-virus of any sort, MS Office & assistant turned ON as default, and of course, no locks on your door and all that.

    Yippiee kaye, computing Darwin award of the decade site...

    • James Bruce
      December 9, 2012 at 9:49 am

      Thanks for you input, Jack, but do you have any specific complaints to address?Because simply calling people idiots doesn't really give the best foundation to your argument. At no point did I recommend running IE, an older version of windows, or having no locks on your door. Quite the opposite - running IE and older versions of windows is the easiest way to get a virus within seconds.

      By the way, my door auto-locks itself, as do most doors. You need a key to get in from the outside. You might consider having a replacement fitted if yours doesn't do that, because that's quite a big security risk.

  14. themainliner
    December 8, 2012 at 1:57 pm

    I can agree with most of this article, but not all. "If you’re the kind of person that likes analogies, try this one: installing multiple security suites is like adding more locks to your door. If a thief really wants to get in, they’ll break a window instead; the only real victim is you by having spent an extra 3 minutes unlocking them every time you leave the house."

    This is just nonsense. I agreed wholeheartedly that no amount of security is going to prevent you from having your machine infected if you "open the door to them" by not following the excellent advice you've given. However, multiple security applications are not analogous to multiple looks on the front door of your house. Not unless you're installing three anti-virus apps which would be just plain stupid. However installing, configuring and using an anti-virus, trojan scanner, root-kit detection app, a firewall and malware scanner is more analogous to using a secure door look, window locks and bars and reinforcing your back door. It's taking elementary steps to prevent entry, via all the weak points, to your property.

    It is possible to secure your PC against infection or exploit, however if you then consider you can blithely click on anything: website links; download buttons on those sites; email attachments; downloaded applications then you are literally undoing all your own defences. All these defences are valuable but are rendered a complete waste of time if you undermine them yourself.

    If you really want to be secure use Linux (there are no reported viruses for this OS out in the wild).

    • Muo TechGuy
      December 8, 2012 at 4:50 pm

      Myth: There are no viruses for linux
      I'll just paste this here ->

      • themainliner
        December 8, 2012 at 6:15 pm

        "There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux. Most of the Windows viruses are not important, but many hundreds have caused widespread damage. Two or three of the Macintosh viruses were widespread enough to be of importance. None of the Unix or Linux viruses became widespread - most were confined to the laboratory."

        Linux Bliss

        "Although Linux has been known for its high level of security, there have been a few notable outbreaks. One such threat was Bliss, the second virus written for the Linux platform. Like most viruses, Bliss attempted to attach itself to executables, files regular users typically do not have access. It has been speculated that this infection was scripted simply to prove that Linux could be compromised. However, the Bliss virus doesn't have the ability to propagate with efficiency due to the complex structure of the user privilege system. Though it is one of the only Linux viruses to be seen in the wild, Bliss never reached widespread popularity."

        Wikipedia... /facepalm

        • James Bruce
          December 9, 2012 at 9:42 am

          "there are no reported viruses for this OS out in the wild" -> " it is one of the only Linux viruses to be seen in the wild".

        • themainliner
          December 9, 2012 at 1:34 pm

          Now you're playing semantics. In reality there are no Linux viruses outside of the lab. One of the only ones *ever* seen, Bliss, failed to propagate itself and become widespread.

          If you read the data and comprehend, rather than cherry picking one liners, you'll understand that there are (as yet) no Linux virus outside of labs. There is a suggestion that Bliss is actually little more than a proof of concept as it is. This compared to the estimate 60, 000 plus Windows viruses detected.

          James, you wrote a fantastic article that was a pleasure to read and I was happy to recommend it to anyone and everyone. Then I got to the bottom. It's fine to say that adding more security software is unlikely to increase your overall security *significantly*. Equally, it's correct to state that all security software is likely to impact on your PCs performance, all background process do. Some Suites (McAfee/Norton) have developed a reputation in this respect based on how they were historically. Whether this is currently justified I don't know so refrain from commenting on them.

          However it's a myth and dangerous fallacy to suggest that by following all the preceding advice rigorously you can throw away all of you security application as unnecessary.

          You are simply putting your readers' privacy, passwords, and confidential data at risk. I cannot commend you for this. I am incensed by what you've written as your advice is dangerous and almost abusing to the non tech savvy users you berate. For their sake I would prefer that their data and privacy be secured and they fail to log into your site. Having read many of the articles on this site regarding privacy and security I know that all MUO contributors DO NOT agree with you.

  15. Austen Gause
    December 7, 2012 at 3:05 pm

    you are correct sir

  16. VampJoseph
    December 7, 2012 at 10:17 am

    Myth: The manufacturer of my computer/OS or my ISP called me about a problem they detected on my computer. I didn't know they cared.

    Is is true: Nope! They don't care one bit other than making sure they have your money. More than likely, it's a telemarketer or a scammer trying to get access to your personal files. It's someone in a call centre somewhere cold calling from a list on their desk. Rule of thumb is to not give them any information and hang up. Just like you would with a telemarketer. If you never started a support ticket, you will not be contacted by your computer manufacturer or your ISP

    • Muo TechGuy
      December 7, 2012 at 10:28 am

      Good call, yep. We've written about so called "tech support scams" before, but they're a great way of getting backdoors installed on your pc.

    • themainliner
      December 8, 2012 at 2:31 pm

      This is NOT true! If your PC/Server is hosting a scam website Internet Security Companies and your ISP's security department will contact you and demand the site be taken down and any data on your computer forwarded to them so they can take action to liaise with, for example, the bank the scammer was spoofing the website of, and warn the bank's customers that their account security has been compromised.

      You two are know nothing idiots. Please stop commenting!

      • Muo TechGuy
        December 8, 2012 at 2:41 pm

        I will not stop commenting on my own article, but perhaps you could could stop throwing around insults. Calling someone an idiot is no way to prove a point.

        As it is, this type of technical support scam is well known.

        • themainliner
          December 8, 2012 at 2:55 pm

          It's not always a scam! So you are James Bruce then...your avatar for commenting looks nothing like the one at the bottom of the article. Sir, there are so many inaccuracies and plain bad advice at the end of the article and in this comments thread that I weep for the the uninitiated reading it.

          You are simply not qualified to give security advice to users.

        • Muo TechGuy
          December 8, 2012 at 3:18 pm

          Your opinions and input are welcome, but perhaps you could specify your credentials for calling my writing inaccurate and my advice bad?

  17. vineed gangadharan
    December 7, 2012 at 6:38 am

    what collection of security program will keep you safe???i use avast + IObit malware fighter!!!

    • Muo TechGuy
      December 7, 2012 at 9:33 am

      I use.. nothing. And have yet to get anything.

      • themainliner
        December 8, 2012 at 2:13 pm

        How do you know you have nothing? Your smugness is insulting and ridiculous. I suspect your PC is riddled.

        • Muo TechGuy
          December 8, 2012 at 2:21 pm

          My Mac is not riddled by anything, thanks. Nor is my freshly installed Windows 8 PC, since I don't use Internet Explorer, don't click silly links in emails and don't install pirate games. As many people have already said - it's mostly a user issue.

        • themainliner
          December 8, 2012 at 2:32 pm

          You’ll know when you’re infected

          Is it true? No – you’ll be clueless.

      • themainliner
        December 8, 2012 at 2:18 pm

        Do you know of any more security myths that you’re sick of hearing?

        Yes, the that goes "I don't use any security software on my Windows PC and haven't for 15 years. I'm not incredibly lucky I'm just that damn good."

        No security + no infection = unbelievably lucky + (at this point with all the genuine information available) very arrogant and stupid.

        • Muo TechGuy
          December 8, 2012 at 4:47 pm

          You're confusing cause and effect. By your reasoning, everyone in the world who doesn't run virus protection IS, beyond all doubt, infected with malware or a virus. Just because you won't know when you're infected, does not mean that believing you're not infected means you definitely are.

          Please, stop commenting unless you have something constructive to add.

  18. Sueska
    December 6, 2012 at 6:46 pm

    Thanks for a very good article! Real security is complex. (the weakest link is sadly ourselves). Hopefully people will fully read your article to understand the true meaning. For example, hoping they don't come away from this article thinking antivirus software is useless or layered security is bad. Antivirus and security software have been slowing us down since the early days. That is the trade off. Alas you have to put multiple locks your on doors, and how many depends on what you can tolerate and what you are protecting. While you cannot just blindly add another security software, you can investigate what works well with or compliments your core security software. Please keep in mind the following: 1) the bad guys can't test every scenario of layered security 2) anytime we get so smug to think that we can can't be hit (like because we use linux or mac) is when we are most vulnerable.

  19. Vishal Srivastava
    December 6, 2012 at 6:15 pm

    My primary OS is Windows 7 but I go to risque sites using Tails OS, unknown or infected computers with Kubuntu/Backtrack all in Live CD/DVD. How vulnerable am I? If I'm right, there are very few malwares for Linux Distros in the first place...

  20. Aquariuzz
    December 6, 2012 at 2:27 pm

    So, you don't lock your doors when you leave your house? Good to know.

    • Muo TechGuy
      December 6, 2012 at 2:28 pm

      Wow, that was random.

      • themainliner
        December 8, 2012 at 2:33 pm

        Clearly you haven't read the article you're commenting on.

        • Muo TechGuy
          December 8, 2012 at 2:37 pm

          You mean - the one I wrote?

          Specifically, I said installing multiple layers is "like adding more locks to your door", and at no point did I mention not locking your door at all. In fact, that would be quite difficult since most front doors auto-lock themselves.

  21. susendeep dutta
    December 6, 2012 at 12:05 pm

    Very good article and a must read.This will remove many myths.

  22. Anonymous
    December 6, 2012 at 9:40 am

    How about running a linux machine, with a virtual machine set up running linux as well on it, then do your browsing inside that? At least that would keep any sensitive information on your hard drive safe from the internet's harmful plunderers.

    A lot of effort for checking your emails, but at least dodgy attachment won't be a worry :-)

    • Muo TechGuy
      December 7, 2012 at 9:13 pm

      Well that certainly sounds secure yes, and also a lot of effort as you say...

    • themainliner
      December 8, 2012 at 2:11 pm

      How about just running Linux period. I will stick my neck out and recommend Linux Mint 14 'Nadia' for any user new to Linux.

  23. Justin
    December 6, 2012 at 6:33 am

    Windows users "are likely to be somewhat less tech savvy"

    Really? Apple actively markets to morons (the kind who still believe that Macs can't get viruses), and it's windows you're beating on?

    • Muo TechGuy
      December 6, 2012 at 2:55 pm

      I'm not beating on anything; most "non tech savvy" users have grown up with Windows because it was used everywhere - at work, at school. These users are loath to change what they know, and most are struggling along with IE6 and Windows XP. This IS the target of most virus writers, regardless of how you personally feel about Apple.

  24. Shahbaz Amin
    December 6, 2012 at 5:54 am

    Thanks for making things clearer to understand..great guide...

  25. Lisa Santika Onggrid
    December 6, 2012 at 4:09 am

    The last one is spot-on. No matter how much security you have on your front door, they're all useless once you forget to lock the window. We should never rely on software. Instead, we should address these issues to ourselves. We often are the main cause of infection, with carelessness or misplaced curiosity. Thinking that we're safe enough would lead us to more stupidity.

  26. Igor Rizvi?
    December 5, 2012 at 11:44 pm

    But your know what is the truth? This article is :)) lol,from every security objective perspective it is absolutly true and correct.I am sharing this

  27. Richard Steven Hack
    December 5, 2012 at 10:07 pm

    One caveat added to that last one: You DO need more than one antimalware program.

    You need a top-rated antivirus program - the ones from Avast and AVG that are free for home users are good enough, you don't need to pay for the non-free ones - and at least one antispyware program - Malwarebytes and Superantispyware are also free for home users - that does scans without providing proactive protection - and one antispyware program that provides proactive protection - I recommend ThreatFire.

    In addition, you need to use AdBlock and NoScript on a Firefox browser, or ScriptNo on the Chrome browser. Do not use Internet Explorer except where a critical Web site - such as your bank - requires it.

    You also need to disable the browser Java plugin and the Flash plugin except as needed, as mentioned in the article.

    As for firewalls, if you're behind a hardware router, its firewall is adequate for Windows XP and above. If you're NOT behind a hardware router, for Windows XP you should install a third party firewall - Comodo is highly regarded. For Windows 7 and above, the Windows built in firewall is sufficient, although installing a third party firewall wouldn't hurt (make sure you disable the built in one if you do.)

    And finally, the most important advice - STOP CLICKING ON CRAP! User awareness is really the only critical requirement of security.

    • Lisa Santika Onggrid
      December 6, 2012 at 4:12 am

      Ah, yes. Stop clicking at the blinking bar and winking cats LOL.
      I always keep a portable antivirus for second opinion in addition to the main, which does background scanning and real time protection.

    • Muo TechGuy
      December 6, 2012 at 8:50 am

      Adblock and NoScript will break the internet and ruin your experience. Doing this much is complete overkill and will only result in performance issues, not protection.

      • dragonmouth
        December 6, 2012 at 8:37 pm

        I'm sure that all malware purveyors would just LOVE to have all the users believe that one. And what experience are you talking about MUOTechGuy? The wonderful experience of having viruses, trojans, keyloggers or rootkits on your system? No, thanks. I'll leave that experience for you.

        • Muo TechGuy
          December 7, 2012 at 9:15 am

          15 years on the internet and I have yet to be burned. Perhaps - do you think maybe - its a USER problem, and no amount of security software is going to protect people from themselves?

          Oh sorry. I mean... VIRUSES! TROJANS! ROOTKITS! KEYLOGGERS!!!

        • dragonmouth
          December 7, 2012 at 12:32 pm

          Of course it's a USER problem but I find your recommendation self-serving. I notice you do not advise your readers to turn off their Avast or Malwarebytes or SuperAntispyware, only Adblock, Noscript, Ghostery and doNotTrack, in other words, only the add-ons that prevent you from making money on clicks and views. I've been on the 'Net as long as you and have always used those add-ons. My "experience" has not been degraded or ruined one iota.

          If you have been on the 'Net as long as you claim then you ought to know that a "safe" site today can become infested by tomorrow. If it is one of the sites you whitelisted, guess what? You just became infected. "Paranoid" is the minimumt security setting for safely surfing the Internet.

        • Muo TechGuy
          December 7, 2012 at 9:12 pm

          It's because i'm the one who has to deal with users unable to create an account because they're running those. Malware scanners don't interfere with the login scripts.

          So you're paranoid, and that's fine for you. But I'm certainly not going to recommend a paranoid attitude for my readers.

        • themainliner
          December 8, 2012 at 2:08 pm

          Your attitude is very smug and ill informed. The only think Adblock and NoScript can ruin is advertising revenue. Your website is commercial as your content isn't behind a paywall you generate revenue from advertising. So surprise, surprise you're against browser plugins that block advertisements. Rather slow down my Internet performance Trueblock increases it mine by preventing useless ads I don't want to see from loading.

          What experience do I have? 15 years of technical support resolving problem for users, many of which have been caused by not running appropriate security software while *innocently* browsing the web and reading email. There may be a small performance overhead from running a few basic security applications on a PC, however this hardly compares to the lost cycles having to remove malware and virus and perhaps rebuilding your operating system.

          Your advice is prejudicial and betrays your vested interests.

        • Muo TechGuy
          December 8, 2012 at 4:53 pm

          Adblock and noscript break the login mechanism for this website. So, ads aren't "the only thing they can ruin".

      • Julian Altshul
        December 6, 2012 at 10:41 pm

        I think NoScript is extremely useful - if you follow a link to a site that wants to run a malicious java or flash app, No Script will block it. If the site is kosher, you can allow scripts to run and mark it as safe for next time. If it's not, you can get out quickly, no harm done!

        True, that does slow things down the first time you visit a new site - but for me, it's worth putting up with a bit of extra hassle for that protection.

        • Muo TechGuy
          December 7, 2012 at 9:17 am

          True, and you're one of the few users who knows how to use those tools effectively (as I see since you've logged in using a our script based system).

          Most users though just install them blindly, then email me demanding to know why the internet is broken for them. 99% of the time it's because they installed some random plugin that someone recommended; adblock, noscript, ghostery, doNotTrack ..

        • Julian Altshul
          December 11, 2012 at 11:59 am

          Fair point. It's true that you need to know how to use tools like NoScript, Ghostery, etc. I guess that makes them "geek-friendly" but not a good choice for the "non-geek" user. I've tried (and failed) to persuade family members and friends to use Firefox instead of Internet Explorer - and to install NoScript. But mostly they don't know what a script is, so don't understand why you might want to block one. And presumably, they wouldn't find it easy to permit one if they needed to. As you say, most websites run scripts so you have to use these tools selectively - or not at all.

      • Giggity Goebbels
        December 9, 2012 at 1:17 pm

        Adblock blocks ads it rocks

      • Doc
        December 9, 2012 at 6:37 pm

        I beg to differ - I use Adblock Plus and Noscript on every installation of Firefox I use, and it speeds up load times (not downloading the ad images helps immensely!) and NoScript prevents tracking scripts and malicious scripts from running on a page unless I specifically allow them. The only thing that's "broken" is the advertisers' hearts. Once I set the permissions for a site, I never have to bother with that particular site (or its third-party scripts) again.

  28. GF
    December 5, 2012 at 9:39 pm

    "If you’re using an older version of Internet Explorer – stop it"

    I sometimes use Internet Explorer 8 with Ghostery, InPrivate Filtering, Java disabled, and all the updates from Microsoft.
    Is all that safe enough?

    • Lisa Santika Onggrid
      December 6, 2012 at 4:10 am

      Probably, but it highly depends on what you're doing and how careful you are. Java and Flash of all version are insecure, but while we can disable Java, Flash is still used in many sites. I'd say always be careful.

      • GF
        December 6, 2012 at 1:19 pm

        Thank you for your answer.

  29. Manish Motwani
    December 5, 2012 at 8:57 pm

    Superb collection of tips / myths. I already avoid many of them, thanks.