Technology October 2007

Simple Security

Protecting files and programs need not make you crazy—or even cost you a cent

I try not to be depressed by the following thought: Protecting a computer against viruses and similar problems is like protecting a country against bombings and similar terrorist threats. Worry too little about the danger, and you end up exposed to risks you might easily have avoided. Worry too much, and you end up sacrificing the very things—flexibility, freedom, simple peace of mind—you were trying to protect.

Here is the thought that helps me avoid being depressed: In our individual computing lives, we have tools that allow us to set the balance of worry in a way that suits our own risk tolerance and taste. Not all users know about these tools, so here is an overview of some of them, plus guidelines about which threats are serious enough to worry about.

I am talking here about purely personal computers, not those that are part of a big corporate network, where the emphasis will always be on security. And I am talking about PC-style and Macintosh alike. For years, Mac users have felt either sympathetic or (more often) smug about the virus and “malware” concerns that plagued the Windows community, imagining they would remain immune. The reality is that the era of serene isolation is ending, partly because the Mac’s rise in popularity makes it more attractive to virus writers and partly because of technical changes (not worth detailing here) that increase a Mac’s vulnerability to infected documents—and even programs—originally created on a PC.

I take computer security seriously, because twice in nearly 30 years of computing I’ve had big problems caused by infected files. About 10 years ago, someone e-mailed me a Word document containing a virus that the antivirus program I used did not detect. (People use these terms in various ways, but I am using virus to mean malicious code that infects a file and then replicates itself to other files opened or created on the same machine. In theory a virus might be benign, doing no more than propagating itself to other files. But it’s never good when a file is changed without the owner’s knowledge or control. I am using malware to refer to code designed explicitly to cause actual damage, like deleting or corrupting files, or turning your machine into a “zombie” that can be remotely controlled to send out spam or do other bad things.)

I had no warning that anything was wrong, but for days every new file I created in Word—and every old file I opened—acquired the virus too. (That old virus lurked in Word’s “macro” function, a barn door Microsoft has long since closed.) Files I e-mailed to others spread the virus to their machines, unless they had better antivirus software than I did. I never really solved this problem until I started over with a new computer, transferring files only after running them through a high-power debugging program.

The second incident occurred a few years later, when a malware program made its way onto one of my family’s computers and corrupted many program files so they wouldn’t run. Eventually I had to reformat the hard disk, after backing up the data files, and reinstall the programs from their original disks. What a nightmare!

But I have also encountered security systems so intrusive that I simply stopped using them. The latest example is the “User Account Control” feature built into Windows Vista. It is meant to compartmentalize the computer’s functions, so that an intruder who gets control of part of the machine can’t take over the whole thing. But this also means that a normal, legit user has to go through security hoops many times a day, sometimes even for routine operations like copying a file. I finally disabled the function, despite numerous “Mayday-style warnings from Vista, and I see from tech blogs that many other people are doing the same.

Any security policy requires consideration of priority and proportion. Priority: working first on the biggest threats and learning to live with some smaller ones. Proportion: taking some safety measures but knowing when to stop. Think if the Transportation Security Administration grasped these concepts! In the meantime, here is what they mean for computers.

Passwords. By far my biggest worry in my computing life is the loss or theft of financial information. My transactions in China, where I am now living, are nearly all in cash, but virtually every other part of my economic life is online. A decade ago, few people would have predicted that Americans would willingly entrust so much of their wealth, welfare, and credit-card information to online sources. Financial institutions keep coming up with new security tricks, as they should. But the main tool on the individual’s side is the proper use of passwords.

I use the same password for all my financial accounts, because otherwise I would go nuts. But the password is “strong”—at least eight or 10 characters, with upper- and lowercase letters, numbers, and symbols. It follows the rule that it is easy for me to remember but very hard for anyone else to guess. Many people neglect to create strong passwords because they think it’s complicated. But it doesn’t have to be. Take a name and a number that mean something to you and alter them in some systematic, minor way—turn the E’s into 3’s, say, or insert a character like & in the middle or at the end of the word.

Presented by

James Fallows is an Atlantic national correspondent. More

James Fallows is based in Washington as a national correspondent for The Atlantic. He has worked for the magazine for nearly 30 years and in that time has also lived in Seattle, Berkeley, Austin, Tokyo, Kuala Lumpur, Shanghai, and Beijing. He was raised in Redlands, California, received his undergraduate degree in American history and literature from Harvard, and received a graduate degree in economics from Oxford as a Rhodes scholar. In addition to working for The Atlantic, he has spent two years as chief White House speechwriter for Jimmy Carter, two years as the editor of US News & World Report, and six months as a program designer at Microsoft. He is an instrument-rated private pilot. He is also now the chair in U.S. media at the U.S. Studies Centre at the University of Sydney, in Australia.

Fallows has been a finalist for the National Magazine Award five times and has won once; he has also won the American Book Award for nonfiction and a N.Y. Emmy award for the documentary series Doing Business in China. He was the founding chairman of the New America Foundation. His recent books Blind Into Baghdad (2006) and Postcards From Tomorrow Square (2009) are based on his writings for The Atlantic. His latest book is China Airborne. He is married to Deborah Fallows, author of the recent book Dreaming in Chinese. They have two married sons.

Fallows welcomes and frequently quotes from reader mail sent via the "Email" button below. Unless you specify otherwise, we consider any incoming mail available for possible quotation -- but not with the sender's real name unless you explicitly state that it may be used. If you are wondering why Fallows does not use a "Comments" field below his posts, please see previous explanations here and here.

The Horrors of Rat Hole Mining

"The river was our source of water. Now, the people won't touch it. They are repulsed by it."


The Horrors of Rat Hole Mining

"The river was our source of water. Now, the people won't touch it."


What's Your Favorite Slang Word?

From "swag" to "on fleek," tweens choose.


Cryotherapy's Dubious Appeal

James Hamblin tries a questionable medical treatment.


Confessions of Moms Around the World

In Europe, mothers get maternity leave, discounted daycare, and flexible working hours.


How Do Trees Know When It's Spring?

The science behind beautiful seasonal blooming

More in Technology

More back issues, Sept 1995 to present.

Just In