WWW - Misconceptions

WWW - misconception 1: "I have a firewall after all - nothing can happen to me there!

Unfortunately, this is wrong!

On the one hand, the firewall must also be configured correctly. If you release every request of a program for access to the Internet – then soon you will have a lot of holes.

Of course, there are also attacks via legitimate channels – your browser and your mail program must be able to access the Internet, and the firewall won't help you either.

See also: BSI-Sicherheitsirrtümer-Internetsicherheit


WWW-misconception 2:"I have a current antivirus program – then I don't have to update the rest of the software all the time!“

Unfortunately, this is also wrong.

Of course, an up-to-date antivirus program is important for security.

For this, the virus signature database must also be updated at least daily.

But a virus program can only search for known pests, so it chases the attackers.

The updating of the "normal" software packages, on the other hand, eliminates the possible attack surfaces, since the manufacturers close known gaps in their updates and patches, possibly even before pests are "on the market".

It's like driving a car: just because you fasten your seat belt, you don't drive carelessly – or the other way around. Both measures are necessary.

See also: BSI-Sicherheitsirrtümer-Internetsicherheit


WWW-misconception 3:"A single complex, secure password is enough for all services and websites!“

This idea is also a fallacy.

Of course, a password should be "secure", i.e. difficult to "crack" - please refer to the Passwort-Richtlinien an der TU Braunschweig.

But even a "strong" password can be lost, spied on or even "cracked". And if you only have one, then all services and websites are immediately open to the attacker.

A separate, "strong" password should at least be used for each sensitive service.

Password-safe software such as KeePass (or similar) helps to manage and generate such passwords.

See also: BSI-Sicherheitsirrtümer-Internetsicherheit

You can check how secure your password is here Kaspersky-Passwortcheck  or here Howsecureismypassword.net  (never use actually used passwords for this!).

Tips for secure passwords can be found here: Heise-Passwort-Schutz-für-Jeden and also here Passwort-Sicherheit (tu-braunschweig.de)


WWW-misconception 4:"I take care when surfing and avoid dangerous sites - why should I protect myself from attacks?"

Of course, careful surfing behaviour drastically minimizes the cyber risk - but unfortunately, even trustworthy sites can be infected or hacked from time to time - for example via advertising banners, invisible (statistics) counters and the like.

And with techniques such as cross-site scripting and drive-by infection, you no longer need to click on a suspicious link - you won't even notice that your computer has been infected.

In addition, you too can be inattentive and fall for a deceptively genuine replica of a "good" site or accidentally click on a link.

It doesn't help - as soon as you are somehow on the Internet, you have to protect yourself with firewalls, virus protection, good passwords, security updates - and of course with caution.

 

See also: BSI-Sicherheitsirrtümer-Internetsicherheit