When I was a kid, there was a short period of time that I thought I wanted to be a mailman when I grew up. I followed the mailman throughout the neighborhood as he delivered mail. At one point, I thought I was going to help the homeowners and let them know the mail had arrived. So I rang the doorbell when the postman left the mail in the box. I was quickly instructed not to do that anymore!
I don’t remember exactly how long that phase lasted. Probably not very long.
In later years, I had a “job” delivering the weekly advertising supplement to a neighborhood in the community. That was hard work. They would deliver a large bundle of the advertising pamphlet, called Penny Power, to my doorstep. They also had stacks of supplemental ads and plastic bags. First, I had to put one of each of the many advertising fliers together with each Penny Power. Then, I had to fold each Penny Power and the associated flyers and place them in a plastic bag. That would take more than a couple hours. Then, I had to go to my territory and walk up to each porch and delivery a bag of advertising goodies onto each porch. Then proceed to the next house. And the next. And the next. Until I had delivered several hundred Penny Powers with the additional advertising flyers stuffed into their respective plastic bags.
That was a heavy bundle to carry, a lot of walking, a lot of time, for a little income. Let me emphasize the word “little.” There was a lot of turnover in that job. I found out why!
I don’t see too many mail carriers delivering mail to the front doors of houses on their routes these days. Perhaps it is just the communities I have lived in recently. What I typically see instead is a mailbox on the street. The mail carrier deliveries the mail from their vehicle. In some cases, all the mailboxes for a community (or apartment complex) are located in one central location and the residents have to go to that location to get their mail.
But I do remember the days of walking with the postman to each door.
Some of the houses had a very handy arrangement for the homeowner. A mailslot in their door! They didn’t have to go outside to get their mail. The mail carrier just slipped it through the slot and it fell inside the house, just inside the door! What a marvelous invention!
But then, there are the neighborhood mischief makers. Typically, they would run up to the house, ring the doorbell, and run away. On Halloween, they might “egg” a house. What if one of them had gotten the idea of putting rotten eggs through the mailslots? Not a pleasant thought. Eww!
How would you stop that? You could lock the screen door so they can’t put the eggs through the slot anymore. But then the postal carrier couldn’t deliver your mail. If you want your mail, you need to allow the possibility that the kids can push rotten eggs into your house.
Or, you could put up a mailbox outside your door and lock your door. Now the kids can’t use your mailslot anymore. Neither can the postal carrier. Hopefully, it won’t be so much fun for the kids to put rotten eggs in your mailbox and they will stop.
But now, the marvelous invention of the mailslot is no longer of any use to you. It has become a liability. You also had the extra expense and effort of putting up a mailbox outside your house. And you now have to open the door to get your mail. Not a lot of extra effort. But, on a freezing cold day, it’s not as nice as having it dropped inside your door. And you may need to fix your hair or put on an extra layer of clothing before getting the mail. You don’t want to get caught looking too “unkempt” by a neighbor walking by as you step briefly out the front door.
Wait a minute! I thought this was supposed to be about keeping safe online!
OK, here goes…..
Our computer has a lot of “mailslots” in it.
What I am referring to as “mailslots” are useful bits of computer programming that do cool things that we like. They make it easy for us to do what we want to do. Some may automatically show us a preview of files when we hold the mouse over them, such as showing us a picture preview. Some automatically check our e-mail every 10 minutes. Others ring a bell, play a few notes, or say “You’ve got mail!” when a new e-mail arrives. Some automatically save our progress when we are typing a letter, just in case we forget to save it.
When it comes to the Internet, some of those “mailslots” display pictures. If they didn’t, every time there was a picture, we would have to:
* Tell the computer to go out and “download” the picture.
* Then we would have to open a special program that views pictures. We would need to make sure we got the correct program for the type of picture we wanted to view. (There are several different “types” of pictures that get displayed on web pages, each with a different file extension, or “format.”)
* Then, once you opened the picture-viewing program, you would need to find the picture you downloaded and open it.
* Next, if you didn’t want to keep it, you would need to open another program that lets you work with files.
* Fnally, you would need to find that picture you downloaded and delete it.
A lot of work! And you’d have to repeat that process for EACH and EVERY picture you wanted to see. Many of those pictures wouldn’t be of any interest to you, certainly not worth all that work.
But, we don’t have to do all that work. Instead, our web browser (Internet Explorer, Safari, Chrome, Firefox, etc.) automatically displays these pictures for us. This is really useful. It enhances our experience. We can enjoy surfing the web instead of getting hung up on the mechanics of how the computer is really doing all that extra work for us. Technology is great! Until it isn’t. Until someone sticks rotten eggs through our mailslots.
And therein lies the problem. If we want our mail delivered inside our house, we have to face the risk that someone might deliver rotten eggs. If we want the convenience of “easy” and of a “rich, enjoyable experience,” we have to face the possibility someone might find a way to use those “mailslots” (useful programs) to deliver unwanted material or experiences. Those “rotten eggs” could be viruses. They could steal our information. Or they could hold our computers or information hostage, for ransom. (See my recent posts on ransomware.)
If we were to make our computers so the mischief-makers CAN’T do this undesirable stuff, we would end up with a computer that doesn’t do what we want it to. But, with computers, instead of just having to open the door to get our mail, we would have to go through ALL the above steps (and some that I haven’t even mentioned) just to see whether a picture on that web page is even one we might want to see. And, to view that web page in the first place, there could be a whole lot of additional steps involved. Most people would revolt.
So, what are these “rotten eggs”? They could be any way that an attacker can utilize some desirable feature built into our computers and use them to do something we don’t want them to do.
As an example, let’s continue with the picture-viewing discussion above. In 2004, it was discovered that there was a problem with the way Windows processed pictures so that you could view them. If someone sent you a bad picture (that is, one that someone with bad intentions had created) it could crash your program or even, in some circumstances, compromise your computer. That particular issue was fixed, but only if you updated your computer with the proper security updates.
However, that isn’t the only time that Windows has had problems with displaying pictures. As recently as May 2016, Microsoft released a security bulletin revealing that there were FIVE different vulnerabilities related to displaying images that had been recently discovered. In some cases, sensitive information could be released to the attacker. In other cases, the attacker could compromise your computer. And for this to happen, all you would need to do is visit a web page that had a “bad” picture on it. That could even be a seemingly innocuous picture on a web page that is usually considered to be on a “safe” or “trusted” site.
When this happens, Microsoft (and many other vendors) usually try to fix the problems as soon as possible (though some companies don’t). In some cases, it may take awhile to fix the problem. Once they do, the “fix” needs to be applied to your computer. For Microsoft, if you have “automatic updates” turned on, this SHOULD happen automatically (although, from experience, I can tell you that these updates sometimes fail). For other companies, you may have to apply the updates yourself. And, there are problems out there that haven’t been discovered yet. What if the bad guys find them and take advantage of them before the good guys find them and fix them. It happens all the time.
What this means is, if we want to be able to see pictures on our computers, including when we visit a web page, we will be subject to the risk that our computer can be compromised.
It doesn’t stop at picures. In 2016, Microsoft issued 155 security bulletins. Some of these advised of multiple issues. Many of them were critical.
It isn’t just Microsoft. All software is potentially subject to vulnerabilities. Microsoft’s programs are so powerful and so complex, there are a lot of pieces of programming code in which unexpected and unforeseen issues can be found. And Microsoft is a popular program, so the bad guys go looking for problems to take advantage of. (There are also a lot of good guys looking for the problems, so they can be fixed before the bad guys find them. That’s another reason so many security bulletins are issued.)
Other companies may have fewer issues. Some of that is because they are “smaller” and less “complex.” Some of that is because they are not as popular. But some of that is because they are not responding to issues and fixing them, or telling us about them.
ALL software has the potential to have these kinds of issues. (Mac and Linux users included. Yes, these systems have their issues as well, despite some people’s claims to the contrary.)
So, where does that leave us? Do we choose to lock the door so the mischief-makers can’t put rotten eggs in our mailslots? When it comes to computers, that would mean turning our computer off and leaving it off. There isn’t a way to escape these risks if we use our computers.
There are two things we can do.
First, we can keep informed of what the risks are and how to take appropriate measures to REDUCE those risks (we can’t eliminate them completely).
Secondly, we need to recognize there is still the possiblility that we can be affected by the threats. Our best response to that is to take other measures to protect ourselves against the damage that could be caused if a threat does affect us. (This would be like installing a sprinkler system to put out a fire. Damage is still done, both by the fire and by the water from the sprinklers, but not as much damage as if there were no sprinkler system to put out the fire.)
My blog is a start towards taking those two steps. This year, I will be providing additional options to go further with those steps. Stay tuned.
In the meantime, if you recognize that there is always risk, first be thankful that we have as few problems as we do. Then, use your computer with the knowledge that 100% safety is not an option and that it is up to you to do the best you can to escape as many of the potential problems as possible. Again, that comes down to learning what you can do (and then acting on that knowledge).