Battle "Common Sense" "Great Browsing habits" vs reallity (test)

Status
Not open for further replies.

RmG152

Level 12
Thread author
Verified
Jan 22, 2014
577
Hi, I always read about common sense, great browsing habits, etc. are the best security "product", but I think NOT. I will put them a demo and hope to answer honestly.

Imagine that one has a problem and after speaking with forum members, administrator (eg @Umbra Polaris ) leaves a link to antimalware software.

I'll leave to you now 2 links (like I'm helping you) and a survey. One of the links will be a "safe" link (this forum) and another be one "dangerous" (youtube video) ...


1- http://goo.gl/e3smEV
2- http://goo.gl/2eBuJj


Enjoy
 

Dani Santos

From Xvirus
Verified
Top Poster
Developer
Well-known
Jun 3, 2014
1,142
an exception is a buggy update that you'll opt for a nor so current version of a software
That is very rare in software like chrome, firefox ect and when happens it is discovered and becomes top news everywhere in the internet and some days after they release the patch. This applies to cruelsister comment too. That is very rare if you truly trust the website (example youtube)
 
  • Like
Reactions: Dubseven

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
Common sense won't protect when the website into which you are entering things like Credit card info has been hacked, nor will it save one when Server FTP credentials have been compromised so that the normally safe download isn't that safe anymore.

Common sense also doesn't protect when the IT guys at your favorite website turn out to be dummies. Case in point here is the recent Target breach. Even though those Target IT 'professionals" received numerous alerts from Symantec Endpoint as well as FireEye (and I've personally seen the FireEye logs and they go on FOREVER), they informed those monitoring that all were False alerts and should be disregarded.

Whom the Gods would destroy they first make Proud.

Well yes you do have a valid point here but you are also wrong,
First of all the website that accepts credit cards should have taken proper security and their IT staff should have made sure that the web page is hardened and not just a simple SSL and HTTPS layer.
Sure nothing on the planet is 100% hack free, but if i take ABN Amro bank (Netherlands) as a example they got hacked and the web page automatic closed itself and made sure that no private details could have been harvested. So even if you wanted to use the web page to do your online payment it would be impossible during the hack.
So its certainly not impossible to be sharp security wise.
Most so called IT professionals have been stuck in the late 90's and base their knowledge on a rather old mainstream idea.
Now do not get me wrong i am not saying they are not educated and neither am i saying that they are dumb.
What i am saying is some of those IT guys have become a danger to their own security because they know so much about it and assume that it will be alright after all they have not been hacked for years.
However the new generation of IT professionals are more dynamic instead of the static behavior displayed by the older generation.
Also in todays world the IT standards have changed so much that the older generation just cannot match fresh IT guys.
I see this every day across our clients. So common sense really does work and really does have a large impact in your every day computer habits, and if used wise it will outperform your security software pretty easy.

If a person sticks with trusted web pages then the odds that he is going to be hacked or infected a slim to none.
As for the FTP credentials yes people are sloppy with them, however if i am looking within my own company and job i cannot see those credentials being a security leak as i could give them right now to you and you would not be able to login for the plain and simple reason your MAC and IP + USER / PASS and Key-code are locked to our computers.
So a computer outside the authorization list just cannot communicate with the network in the first place.
And with common sense and some computer skills you can actually set your local FTP client to bind the account to your PC, so if your friend steals the code he would not be able to login and you can do that server side as well.

So here comes common sense and basic computer practices into play again because you as a user do have at least a solid base line security on your PC which would significantly reduce the odds that someone is snooping your details in the first place.

Bottom line is:
1 People want no hassle + great user friendliness
2 Everything needs to be automatic
3 Must be able to do it all
4 Do not want to spend time understanding it
5 Do not care about their computer and software because after-all it runs
6 People want performance and cheap & free 1000% hack proof products
And i can continue the list...

There is just no such thing and it all comes at the cost of security and reliability.
So i venture to say that if 10 people here would participate in a test (Yes i will make a test if you guys want) and you follow the test to the letter, then i guarantee that the odds that they will get infected (Even when they try it manually) will be at least 70% lower.
And its nothing fancy its just common sense. So here is the deal i will make a test if 10 people ask me.
Then you all can see what i am talking about...and then those who argue common sense and browser habits can have a go..

How does that sound?
 

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
My point was that the user depends on the competence of IT staff running the website, so web safety is not exclusively under the users control. A trusted site today may be a breached site tomorrow.
 
  • Like
Reactions: Nico@FMA
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top