ItsGeekToMe.co

Q: I too use Vista and there’s a point that I would appreciate clarification on before I dump this PC. I am 83 years old and that says it all about my computer knowledge. I also use the PC for printing puzzles for my wife and I, e-mail and the occasional mail order. I was under the impression that we pay McAfee, Norton and a host of other companies large sums of money to protect us from viruses, malware etc. You have not explained why they are not protecting us from the hazards you mention. What am I missing?

– Tom G.
Miramar Beach, Florida

A:  I could write an entire book on this subject if only I had the time, Tom.  You are not alone in thinking that just because you run anti-virus software that you’re automatically fully protected.  The unfortunate truth is that is simply not the case. 

Imagine you’re living in a very high crime area, where burglars and other criminals are constantly breaking into houses.  Being a conscientious person who wants to protect your house, you install a lock on the door.  That keeps out quite a few of the bad guys, but some can pick locks!  Others have figured out how to slip in when you open the door.  Still other simply smash the door down and barge on in.  So, since the lock is not fully effective, you decide to build a wall around your property.  This keeps out even more criminals, but the really determined ones pick the lock on the gate, or climb over the wall, or even tunnel under it.  You probably don’t blame the company who built the wall for not keeping these guys out.  After all, it’s a good wall, and is working exactly as intended.  It’s just that some of the bad guys have figured out ways to get past it.  You might next hire an armed guard, and he stops still more problems, but can’t stop them all.  Some come disguised as delivery guys, or cable TV installers, and are let right past all the security to gain access anyway.  And the battle goes on.

I hope the above analogy is clear.  Your PC is a lot like that house.  No protection you can add to a computer is going to be 100% effective, but that doesn’t mean you don’t at least try to protect it.  No software can, or ever will protect from every possible piece of malware.  By the very nature of the battle, the guys who write this stuff are always one step ahead of any possible defense, because by and large a piece of malware must already exist before it can be identified and software written to detect it.  Then someone has to figure out how to remove it without damaging the system it infected.  Despite how this sounds, anti-malware software is still a vital line of defense, and that is why it is so vitally important to keep your anti-malware up to date (and the best ones update daily, sometimes multiple times per day, as new malware is identified).  It just makes it all the worse when someone is running an obsolete operating system, because their system no longer get patches that protect from newly discovered security problems.  But the malware writers go merrily on, writing software that exploits those new vulnerabilities.  To extend our house analogy, it would be as if someone were to begin selling a master key that opens all of the current model of locks.  You could go on using that old lock if you wanted, but you would do so in the knowledge that anyone can go and get a key that will effortlessly open it.  Most people would probably go buy a new lock at that point.

It is easy to blame the company whose software you have charged with protecting your PC from infection, but one of the biggest system vulnerabilities is the human being behind the keyboard and mouse.  The user is the system’s first line of defense, and a user who blindly clicks through warning dialogs during software installations, or is duped by rogue website pops-ups that say stuff like “Your drivers are out of date.  Click here to update them.”, or opens links or files that arrive in unsolicited e-mails is something that no anti-malware software can protect against.  After all, if that dialog said “This website wants to install some malware.  Click here to begin.” you would never dream of clicking it.  Yet because of what it says, people click away without thinking.  I hate to be the one to break it to you, but these bad guys lie, and will say anything to get you to click their dialog.  And for a user-initiated action, how is a malware scanner supposed to know whether what’s being installed is legitimate or not?  You certainly wouldn’t be happy with anti-malware software that prevented you from ever installing anything or updating your system.

Speaking as “The Geek” I don’t really expect everybody to understand the intricacies of cyber-security, the nature of the ongoing battle with the Internet bad guys who propagate malware, or even the extent of the risks of being online.  However, as the person that so many people turn to for help when something goes wrong, I do fervently hope to be taken at face value when I offer advice about not running obsolete operating systems, and keeping your system protected.