Over the years I have, like many other Security people out there, heard many many things regarding system and computer security. These are the top 10, starting from 10 to the top spot, myths that a lot of normal users and even managers believe.

10 . When I save a file to My Documents, no-one can see and access it

This might be true if your disk is encrypted but as long as there are incompetent administrators and office users, ANY data you have on your laptop is not too much of a challenge.

9. My data is backed up automatically!

I hear this one over and over among users that swear to me that their entire PC is backed up all the time to “that big computer” (server). If you try to explain to them that only their home drive is backed up, they get even more confused since they don’t bring their home PC to work.

8. Hey, I will get rich!

Wow so some 491 emails got passed the companies spam filter and the user just has dollar signs in their eyes. Trying to convince them that they are in fact NOT gonna get rich is a hard job. My parents got that fever too after they got the first scam mail. Granted, it’s my fault for not telling them about the bad side of the ‘net. But people are suspicious about deals that float in via snail mail, why not via email?

7. Some one has hijacked my account, find him!

It seems that those normal users that do understand something about the internet, seem to think that we security professionals have some sort of backdoor into that internet and we can find anyone, at any given time and kill their machines. Especially if their email or Xbox Live account joe@something.com with password joe got “hacked”.

6. No-one can see my password online

“When I type in my password at site XXXX its all in stars (””’) that means that no-one can see my password” <- I love this one. Generally when people believe that about their online “experience” it is VERY difficult to explain to them the contrary.

<<– The next five are my top 5, i get a smile every time i think about them –>>

5. Arghh I have been hacked, this firewall thing said so

Actually it didn’t, it said that someone has MAYBE tried to connect to your PC and that the firewall has blocked it. I have to agree though, for consumer products some personal firewall products have REALLY bad wording of the alerts.

4. Our backups are safe, we have tapes

Great, and where are they? Neatly stacked on the shelf next to the server. Great in case of a fire or even water damage. Some people think its just too much work to put the tapes into a strong box (vault) or even take them OFF-SITE! Personally, for small companies, I always ask one of the managers to have one tape set at home and bring another one in the next week, that way you have a almost 2 week roll back.

3. My laptop is secure, I use a good password

Classic, and even some officials in press statements keep saying: The data is safe, it is password protected. Someone help me out, how long does it take to boot off of a knoppix cd? Or lets make it hard and the bios has boot from cd disabled, how long does it take to take the drive out and put it into another machine?

2. I have a fire… thing, I am safe!

Another classic. I went to client and the CEO straight up told me that they are now completely immune to hacking attempts and data theft. they had purchased a Fortigate firewall. While I think Fortigate firewalls are great, I pointed out that he still had an open WLAN access point and he just smiled at me saying, without blinking,: “Yea but for that they would have to be in the office here, and then we have them nailed!”. You can’t believe the amount of will power it took to keep a straight face.

1. My company / home WLAN is not worth hacking or cracking.

Amazing how many people cannot “deal with securing the Wireless internet” so they just accept the defaults out of the box (This also goes for a lot of small companies that don’t have a dedicated IT guy). Then their neighbor or someone else uses it and ti becomes slow. The next logical step? Call the ISP and ask for more bandwidth. I have seen this quite a few times.

Honorary mention: No-one can see my password online

“When I type in my password at site XXXX its all in stars (””’) that means that no-one can see my password” <- I love this one. Generally when people believe that about their online “experience” it is VERY difficult to explain to them the contrary.

These are pretty much the top ten myths that I have, over the years, been told by users. Amazing really. With things like this we security professionals wonder why there is so much spam and scams?

Popularity: 8% [?]