Security 101: June 2012

As previously announced, we continue to answer questions received from the readers of the PC.COM magazine.

 

Does HTTPS really improve Internet security compared to HTTP?

 

A simple answer to this question is Yes, HTTPS indeed improves the security compared to HTTP.

The more complex answer is: it depends. Even if HTTPS means that the connection between client (browser) and server (website) is encrypted to protect against intrusions. However, someone can still intercept intercept the data transmission to obtain the unencrypted content. Man-in-the-middle attacks, where someone stays between client and server and plays both roles, are becoming quite common these days. Also, more and more phishing attacks are making use of fake security certificates and can impersonate known websites, meaning that a fake website that looks like the real one can still have an HTTPS encryption.

So, even if most of the time, HTTPS is enough, it is not the solution to all security problems related to secure communication over the Internet. If an attacker is skilled enough and has enough resources, he or she is able to penetrate the HTTPS encryptoin and it will be quite hard for the normal users to detect it.

 

How do we know that we have complete Internet Security on our devices?

Unfortunately, there is no such thing as “absolute complete security”. Complete security, in internet or not, is only achieved when you keep your device shut down, locked in a safe and you throw away the key.

Due to the evolving nature of viruses, malware and the like, and how hacker/programmers are continually making new virus strains, no single security system in the world is 100-percent secure. That said, you should still never install multiple security programs on your devices. For one, they are bound to conflict with one another due to the nature of programming.

Secondly, you’ll be handicapping your device by running too many background programs at the same time. The best you can do is to install a credible security program on your device and practice safe surfing. This means, stay away from dubious websites, not clicking on suspicious links, and using a personal data connection instead a free WiFi hotspot.

One more thing – stay away from pirated software and cracks! You never know whether or not the cracker included some “extra features” in the crack which could compromise your device’s security.

 

 

Sorin Mustaca

Data Security Expert