How much do people worry about security?

[tampere]

It's one of those things you read about but don't really consider until you get hacked... how does everyone try to prevent their data from being stolen? It feels like super strong passwords are sometimes not enough.

[xeromist]

From your personal machine or a website? Keep personal machines patched, use ad blockers, don't visit shady websites, don't open unsolicited links & files.

On websites use a password manager with randomly generated passwords. Constructed passwords are vulnerable to GPU cracking regardless of length. That way if a website with proper hashing is breached your password cannot (practically) be cracked. Sign up for haveibeenpwned and change your password in the event of a breach.

Anything is possible with a zero-day but most victims fail these basic opsec checks.

[davemon50]

Good advice by xeromist, I follow it. But to answer the OP's original question, I'm more worried about someone breaking into my house and stealing the equipment. For the latter problem I resort to firearms. Security measures can only protect you so much in today's world. Norton produces a pretty good product though.

[Korth]

The mantra of the infosec guys is that no data is ever truly secure when attached to a network. No data. Ever. Simple as that.

But most of us need some networking and internet, lol. Reasonable security is firewall, anti-virus, anti-malware - properly configuring OS/browser/communication software - keeping on top of all patches/updates - and having physical control of your own hardware. Sounds like a lot of things to worry about, that's why Norton and Microsoft and Avast (and all the others) offer all-in-one-complete-security packages which take care of everything for your "convenience and peace of mind".
And, realistically, most of us don't have much on our computers which really needs securing. Personal photos, documents, and what-have-you, all very precious to us (perhaps even to those who know us closely) but generally worthless and mundane to the world at large. Probably all polluting the cloud anyhow.

Our network at work is isolated, no data goes in or out without passing through exhaustive scanning and logging on one controlled terminal, any attempt to bypass the security system is a gravely serious concern. Corporate espionage isn't a serious concern (although it's not lightly dismissed, either), but realistically we're in a business where integrity of data is critical so, unless strictly necessary, integrity of data isn't "compromised" by risky exposure to external networks. The office girls have internet, the guys in the basement do not.

[tampere]

Solid answers there, I do agree with physical theft being scary too :/ I was more talking about stuff like email/Facebook/Twitter etc. As I feel like those are the accounts which are targeted the most. A few Google searches led me to a page about email hacking. But the interesting thing was the websites they linked to - ones that could check your email for breaches. Turns out my old yahoo ones have been breached (no surprise) but Gmail has been good. Check them out for yourself, but definitely keep changing your passwords every 4-5 months, and be careful about which sites you sign up for. I've started using a sort of 'throwaway' address that I don't mind giving to websites. And private one for important stuff.

[Korth]

Well, most of the "personal" information about you that would be of any interest (to criminals, to corporations, etc) isn't even stored on your computers and devices. It's collected and stored on other machines in the cloud. Any "adversary" wanting to hack your email/facebook/twitter/etc is going to hack through email.com, facebook.com, twitter.com, etc.com ... most likely from their own machinery, set up with whatever software tools they need ... they're going to face whatever security barriers those social media sites have in place and any security you may have running on your machines at home is entirely irrelevant.

The important security theme here is that *you* are not in charge of securing your data. Some social media site is in charge instead - if (when) they get hacked then you get hacked, there's nothing you can do about it. Or some online forum, or some shopping/auction site, or some grocery store that's issued you a plastic "savings" card ... anyone anywhere you've registered with and submitted personal information to is security of your personal information that's beyond your control.

Assuming, of course, that they don't have physical access to your machines. If an attacker can sit down in front of your computer then it's already game over, lol.

[xeromist]

Well, the responsibility is not entirely out of the hands of the user. Reusing simple passwords is an excellent way to ensure that your data gets stolen eventually because someone will just log into your account normally and scrape whatever is available.

[haihane]

couple of years back, i had the luxury of reading a Guru3d article about the extents of what the NSA can do to steal your data (if they really wanted it),...

don't get me wrong, the rabbit hole is deeper than what most think possible. it's not just PRISM, X-KEYSCORE (these should be familiar on those who know about snowden), but to have the capability to hijack any cell towers (inc. faking a tower signal), hijacking router shipments and reflashing their own firmware on it for mass surveillances on their own citizens, and the most impressive of all that i read was, they were able to analyze background sound(?) bouncing off from walls and reconstruct what your computer is doing (this is borderline sci-fi for me).
and i doubt i've seen it the entirety of the tip of the iceberg, just what's already leaked out.



and i concluded (for myself): if NSA really wants your data, they will get it one way or another.



that don't mean one shouldn't be not cautious. any average joes cannot reasonably defend themself against NSA. but making other hackers' lives difficult in trying to steal your data is still a prudent thing to do.

[grassy]

I just use MBAM premium and stay away from malicious websites.I have never had any problems really.I like a clean built rig and also a clean install and running rig.I certainly don't stock it with pointless software which is not needed.Never ever spent big money on security antiviruses.If you are very aware what emails you open and sites you visit and also your updates then you should be fine i would say.Oh i do use an add blocker.

[Korth]

An experiment ... clean install of Win10x64 Home Premium without any firewall, WinDefender, ad-blockers, anti-popups, anti-virus, anti-malware. Without any Windows Updates (except for two device drivers, lol, but they had nothing to do with security). Running stock IExplorer and Chrome, default settings on everything.

After one week of somewhat "normal" use (moderate browsing, downloading, YouTube/Netflix, some gaming, etc) ... installed all the security software and ran full system scans. Hundreds of minor objects (dataminers and the like) which are basically trivial and nonthreatening. But no major objects - viruses, malware, spyware. I observed many annoying ad-banners and pop-ups during the week which would normally be invisible (blocked from displaying or even downloading). I had my browsers hijacked a few times, annoying but easily fixed by closing all instances and reopening/reloading the tabs again. Surprisingly few popups actually, but I very often found "popunder" browser windows ambushing me after closing down my browsers. Quite surprising, really, I honestly expected far more of an unsavoury mess, especially after my daily visits to a fair variety of dirty-banner-laden torrent sites.

Alas, no worthy infected files/trojans/etc collected from this week-long run that I could quarantine and copy into my archives for future use.