Knowledge equals paranoia *UPDATED*

(iPad wiped all my hyperlinks, so if you’re interested in the security programs I mention, you’ll have to search then yourself.)

A friend’s email got hacked. This led to a discussion with a very knowledgeable person about the risks she now faces. Upon realizing she was hacked, she immediately changed her email password and assumed her troubles were over. He told her the contrary was true:  her troubles had just begun.

She told him she had run a full virus check and it came up clean, so she shouldn’t have troubles. He told her that virus checkers, no matter how good, are just a superficial panacea.

The real problem, he said, is keystroke logging malware that lodges deep in the operating system. This means that every time you log into a website, the logger tracks and records your user name and password, and then delivers the data to the hacker. The hacker can then process that information to access your accounts and — voila! — your identity is compromised.  He can also sell it far and wide. Everything is at risk, from bank accounts to your Facebook page.

There are some ways to protect yourself. When it comes to email security, the best thing is two-step verification. If you log onto a computer that you haven’t authorized as a trusted computer, the double verify system sends you a numerical text message. Even if a hacker has both your user name and password, if he doesn’t have your cell phone, he can’t get into your email.

To prevent problems in the first place, you should have a good anti-virus software. Recently, for Microsoft users, several computer gurus have recommended Microsoft Security Essentials to me, which they say is the best and, as an added bonus, is free. You can also keep your computer away from dangerous websites by having your router pass through OpenDNS, which blocks your computer from accessing dangerous sites.

But if you’ve already got a keystroke logger buried in your operating system, you’re out of luck. Most virus checkers can’t find this type of malware, because it’s buried too deeply in your operating system, not to mention that it can actually look innocuous at a code level. Serious computer security people have two computers, one of which is for fun, and one of which is dedicated solely to secure information. They keep their passwords on a flash drive. When they need a password, they plug in the flash drive and then cut-and-paste, so that there are never keystrokes.

With all this in mind, the knowledgeable person told my friend that, because she knows she’s been compromised, she should junk her computer entirely. He thinks that even reinstalling the operating system is insufficient.

Another party to the conversation said this was all overkill. He said that the likelihood of a hacker taking the time to ferret out your information from all the information he selects is minuscule. Further, if he does, most institutions will notice strange behavior and contact you immediately. Ultimately, he felt the risks from hacking were too small to justify the draconian solution of throwing away a computer and starting anew.

As for me, I got totally paranoid from this conversation. I know I don’t have a virus, but I have no way of knowing if I have caught keystroke logger malware. I’m going to change my passwords, but if there’s a keystroke logger, that’s a wasted effort. I’m in a perpetual loop of paranoia and vulnerability.

This paranoia loop — which was triggered by an information dump from someone with more information than I have — irresistibly brought to mind the way we deal with politics in America. Last night, at dinner, Democrat said that Obama, during the his first term, did the best job possible with the hand he’d been dealt. She did not know that Reagan had a rougher economic hand and achieved a better economic outcome. In her limited information universe, Obama was the best.

Fiscal cliff? Going over it may be a plunge from which the economy never recovers, or it may be an illusory line and we discover, once we’ve crossed, that nothing has changed. Since my understand of economics is simple — you cannot spend more than you have or borrow more than you can repay — I foresee catastrophe. Others say a national economy is not a household, and that my analysis isn’t just simple, it’s idiotic and stifles our country’s economic potential.

The same thing happens with the way Americans approach the risk from Islamism. Those of us steeped in information about Islamic doctrine, worldwide terrorist attacks, and Islamic rhetoric see a very high risk. Those who accept that Islam is a religion of peace and think that it’s just a coincidence that all terrorists and would-be terrorists happen to be Muslims, believe are risks are low, and that we are just paranoid, loony conspiracy theorists.

This paranoia runs the other way too. Progressives are convinced that we are cooking ourselves and that the world will melt. We think they’re overreacting to, and taking unreasonable responsibility for, a natural phenomenon that has happened repeatedly since earth’s creation.

Quite obviously, people’s perception of risk is going to affect the steps they take to protect against those perceived risks. The big question, then, is whether the paranoid informed people or the relaxed uninformed people had a better read of the situation. Have we over educated ourselves about risk to the point of dysfunction and overblown reactions? Or have they gone beyond a reasonable assessment of actual risk to a denial so overwhelming that they are incapable of defending against a genuine enemy? Do we change our passwords or junk the whole computer?

As for me, right now, I’m just going to change my passwords and put them onto LastPass, so as to minimize the keystrokes I enter. I’m also going to remind myself that a hacker who collects trillions of keystrokes from millions of computers can’t possibly process that info, and that the odds are I won’t be processed.

UPDATE: A friend who knows more about computers and programming than anyone I have ever met says that an excellent way to protect oneself is to use Google Chrome. He says that Adobe flash is now a primary vehicle for malware. Chrome doesn’t use flash, thereby avoiding that risk. I like Firefox, and don’t like Chrome, but I’m not so stubborn that I won’t recognize a reasonable trade off and learn to live with a different browser.

According to the AP, in July the FBI will stop protecting people from a malevolent computer virus *UPDATED*

I don’t quite know what to make of this story about the FBI’s decision to stop protecting people from a computer virus.  It doesn’t come through as an email rumor; it comes through as an actual AP article.  Although AP is always suspect in my mind when it comes to politically charged issues, I have to assume that, as to this story, it has credibility:

For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.

Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.

The FBI is encouraging users to visit a website run by its security partner, www.dcwg.org, that will inform them whether they’re infected and explain how to fix the problem. After July 9, infected users won’t be able to connect to the Internet.

You can read the rest of the story here.

UPDATE:  Indigo Red’s comment is very informative:

It’s not all that ominous. A group of criminal geeks hacked servers in Estonia causing users queries to end up at sites that paid advertisers and routed the pay-per-clicks to themselves. The geeks got $14 million from the scam. They were busted and the servers were going to be confiscated, but that would have left thousands of valid customers without Internet service. The FBI called in a legit computer geek who subbed clean servers for the dirty and the FBI has been running the replacements for 8 months costing US taxpayers $87,000 – US had highest number of victims at about 85K. The substitute servers are to shutdown in July so anyone who thinks their computer may be infected has a final opportunity to scan their machines and fix the problem. I am doing so as I write this using Microsoft Safety Scanner because a few months back I saw unusual activity from Estonia, Russia, and Ukraine. I cleared the problem then, but I just want to be sure.