Tuesday, July 20, 2010

Do You Trust Unknown Computers? Paranoia, Part 1

You may call it paranoia, but I call it caution. Do you drive recklessly without wearing a seat belt? Do you wander through bad neighborhoods at night? You probably avoid these behaviors because they are dangerous and you know what could happen if you did do them. You have made a decision that they're not worth the risk. Is that paranoid? No, you're being cautious, and that's a good thing.

So when I say that I won't check my email on any computer except my own, I get told I'm being paranoid. I don't see it that way. I see checking my email on other computers as being dangerous and I know what could happen if I'm not careful. This article is the first in a series on being paranoid about privacy and security with your digital life. Except that it's not really being paranoid, it's being cautious, and I'm going to tell you why.

We all know that malware exists. Everyone has heard one of the various terms used to describe it such as virus, trojan, spyware, adware, scareware, and rootkit. The list goes on. The general feeling about malware seems to be that it makes your computer really slow and not work right. Except that if it's doing that then it's not doing its job very well. Most malware you'll never know you're infected with until one day you realize you've become the victim of identity theft and you'll wonder how it happened. The malware you really need to be worried about is quiet, unobtrusive, and farms your computer for information that it ships off to its controller.

Ready for some numbers? According to data collected by Panda Labs, out of 21.5 million computers they scanned from businesses and homes in over 100 countries, 47.87% of them contained malware. Nearly half of the computers were infected. That's the reason I won't use other people's computers for anything requiring me to enter a password. While I'm pretty sure my own computer is safe, I have no clue about anyone else's.

What does this mean for you? That means that you certainly shouldn't use a public computer like those found in libraries or coffee shops, you shouldn't use a computer that belongs to a friend or family member, and you shouldn't even use a computer that was configured by a security expert. You should only use a computer that you configured and have protected from unauthorized use and unauthorized software. Now when I say "use," do I really mean "use at all?" The answer is no. If you want to check the weather, or a sports score, or anything else really that doesn't require a password or make use of personal information, then that's okay. Your passwords and other private information are what you need to protect by only using computers that you trust. In order to trust a computer, you have to know it and that means having exclusive control over it.

If you disagree with my proposed safe computing habits then that's fine, it's your life. You can live it how you choose. If nothing else I hope I've given you something to think about the next time you borrow a friends computer to check your email, log into facebook, or buy something from Amazon. I think of it as being cautious, but you can call it paranoid if you want.


  1. Obviously I agree with everything you said but I would like to make an additional correlation. First, lets start with a problem statement. How does logging into Facebook on someone else's computer affect my personal privacy? Well you silly people, how many passwords to you use? If I was a betting man my first guess at your email, bank account, work, ect. password is the same password you use to log into FB.

    My only point of debate with your post is if you can't trust a so called 'security' expert to configure a computer securely, who can you trust?

  2. I made that comment about not being able to trust a security expert because it's not you. You have no way of knowing what that expert has done to the computer, what he or her intentions are, or whether or not he or she is even an expert at all. You have to configure your own computer because that is the only way you can be sure that you can trust it.


Note: Only a member of this blog may post a comment.