The IT security industry is no stranger to urban myths: stories that spread and, over time, become accepted as general truths. With the collaboration of our communities on Facebook, Twitter and this blog, we have compiled the most popular urban myths about the security industry, and in particular about antivirus companies. Below we give you our take on each of these:

1. Antivirus security companies make the viruses. This is a claim we have often heard at Panda Security throughout our 20 years in the business, and no doubt the same goes for other companies in the sector. The claim is absurd, particularly if you think that we receive around 63,000 new viruses every day. What’s more if it were true, such a scandal would surely have been uncovered in the 20 or more years that the sector has been protecting users. One of the main problems that the industry has had to resolve has been how to cope with the workload of processing such an enormous number of threats to keep our users protected.

2. Security companies hire hackers. Of course we can’t speak on behalf of the entire industry, but at Panda Security this issue has been a concern for us and we have never knowingly contracted ‘black hat’ hackers. We have however hired (and we are always looking to) ‘white hat’ hackers. Another variation of this myth is that you have to be an IT engineer to work in security, which is also false. The profile of those who work at Panda is highly varied: engineers, mathematicians, physicists, self-taught, etc. What all of them have in common is a genuine interest -sometimes a real passion- in IT security.

3. There are no viruses for Mac, Linux or cell phone platforms. We would all like this to be true! It is commonly held that none of these present any risks to users, as viruses are only designed for Windows platforms. The truth is that there are viruses for all these platforms. The difference lies in the amount of threats circulating in comparison with those designed for Windows. The explanation is simple: Hackers are looking for profit. If the aim is to reach as many people as possible and consequently more potential victims to steal from, what is the best target? A platform with 10 million users or one with 500 million? The answer is obvious.

4. It requires a lot of knowledge to be a hacker, create viruses, infiltrate systems… in some cases yes, in others no. Some years ago it was difficult to develop viruses, worms, Trojans, etc., and it required technical know-how. In fact many of the hackers started out “playing around” while they learnt, and acquired significant knowledge of programming languages, communication protocols, etc. Today this is no longer necessary. In the case we witnessed recently with Operation Mariposa, those responsible had quite limited knowledge.

This is because kits are sold across the Internet which allow the uninitiated to generate and configure malware. We wouldn’t quite say that anyone can do it, but with a little bit of knowledge and dedication, it’s possible to construct, for example, a botnet capable of infecting millions of computers around the world.

5. Women don’t work in security companies. This assumption is as frequent as it is untrue. At Panda at least this is clearly untrue: more than 30% of the workforce are women, many in technical or management areas. This figure is growing, as an increasing amount of women are training for sectors such as IT security.

6. 100% security and privacy. There is no such thing as 100% security. Simply installing an antivirus does not guarantee 100% protection. In fact, nothing does. Every day, thousands of new threats are created, and these have to reach security laboratories before they can be analyzed and the corresponding vaccine created. Some of these new threats are located thanks to proactive technologies designed to detect unknown malware, but not all of them are.

From the moment a threat appears until the corresponding vaccine is provided, users are exposed to the risk of infection. On the other hand, not all security companies have absolutely all the new samples. Therefore, even if you have security software, there is still no such thing as 100% security. It continues to be a race in which the security companies are still, unfortunately, trailing the bad guys. For this reason it is advisable, in addition to having a good security suite, to pay heed to basic security recommendations.

The issue of privacy, however, is different. When we talk about privacy, we often refer to the information that we voluntarily share on social networks, either on Web communities or similar sites. In this case, no antivirus solution can prevent you from sharing such information. Good training and awareness about what you’re doing on these types of communities will help you to be prudent.

7. Viruses, viruses, viruses… there are many urban myths about viruses themselves. Let’s take a look at a few of them:

  • All viruses are the same. In practice, the term ‘virus’ is used generically to refer to all computer threats, yet technically speaking it defines a specific type of malware. Along with viruses there are worms, Trojans, phishing, adware, spyware, hacking tools, etc… So, not all viruses are the same.
  • A virus can damage hardware. The truth is simply no. A virus cannot explode the screen, or render motherboards unusable… They can alter the programming of the BIOS, but by restoring the original configuration the problem is solved. And no, CD or DVD drives cannot be damaged by viruses.
  • A virus can be transmitted to a CD-ROM. If we’re talking about the compact disc (CD) itself then this is true (but it is not the case if we’re talking about the CD drive or burner). In the process of copying information, viruses and other threats can be distributed unknowingly. The same applies to USB devices (phones, memory sticks, mp3 or mp4 players, etc…).
  • A 32-bit system is just as secure as a 64-bit system. This is not correct. A 64-bit system is slightly (but only slightly) more secure than a 32-bit system. You have to consider that most malware has been created for 32-bit systems, although much of it also functions on 64-bit…
  • “It won’t happen to me, that’s why I don’t have protection”, “I have all Windows patches installed, so nothing can happen to me”, “I don’t open email attachments, so viruses won’t be able to enter my computer”… We’ve all frequently heard phrases like these before… And they are all false. Nowadays there are many ways of becoming infected (browsing the Web, using Facebook or Twitter, using instant messaging applications, etc.); hackers search for victims indiscriminately (regardless of what they have on their computers… as long as they shop online or use their bank, that’s enough), and it is better to prevent than only buy an umbrella when it’s raining”

8. Conspiracy theories… In the 20 years our company has been in business, we have heard many conspiracy theories of all types. Obviously there are many which we can neither confirm or deny, because they are not in our hands… let’s take a look:

  • The antivirus industry gathers sensitive information for governments. Obviously this would require committing several crimes, not to mention the ethical or moral implications, and it would seem highly unlikely that any security company would operate in such a way (needless to say, Panda Security does not do this).
  • Viruses are created by governments to monitor citizens. We don’t know if any type of specific virus may have been created by a government to spy on its citizens… Yet this type of argument would seem to have been inspired more by Hollywood than by the real world. Although in this case we cannot confirm or deny this. What is certain is that if such a virus did exist it would be detected and neutralized like any other.
  • Windows has been programmed to include backdoors. Windows is a system with its own security problems that are continuously being identified and fixed. Nevertheless, almost every month new security vulnerabilities are discovered. The truth is we can’t confirm or deny whether there are intentional backdoors in the system. Of course, if they did exist, they would have been made public some time ago, as there are many researchers working intensively on the various Microsoft operating systems to improve them.
  • Governments spy on citizens’ communications. Evidently throughout the years, various examples of these types of stories have been made public. Yet once again we cannot confirm or deny this.

If you’re interested in these or other similar issues, we would be delighted to keep talking on Facebook, Twitter or through this blog.

We would also like to thank all of you for your help 😉