---------------------------------------------------------------------
This page was printed from the Secure Computing Corporation web site,
located at 
---------------------------------------------------------------------
Editorial Contact:
David Burt, Secure Computing Corporation
206 892-1130, David_Burt@securecomputing.com

Secure Computing Announces "Top Ten Cyber Security Urban Legends"
— Myths highlight problem of security misperceptions during National Cyber Security Awareness Month

SAN JOSE, CA, October 11, 2004 – Have you heard that answering your cell phone can give you a computer virus? Or that you can protect your computer from e-mail "Trojan horses" by creating an entry in your e-mail address book called "AAAAAAA"? These fanciful tales made the "Top Ten Cyber Security Urban Legends" list released today by Secure Computing Corporation (NASDAQ: SCUR), the experts in securing connections between people, applications, and networks™, in conjunction with October being National Cyber Security Awareness Month. While these improbable stories that circulate around the Internet are amusing, they highlight the serious problems related to misperceptions among end users about cyber security.

A group of security experts at Secure Computing compiled the list based on support calls, customer requests, and monitoring Internet discussion groups. While most of these legends are harmless, some can cause real harm if taken seriously, such as a common story that certain legitimate Windows system files are dangerous and should be deleted – but actually deleting the files is what will damage your system.

The Top Ten Cyber Security Urban Legends:

  1. “Hackers can legally break into web sites that lack "warning" notices.” This mistaken belief has circulated for years around Internet discussion groups, but it’s baseless. Breaking into web sites is a crime – whether there is a sign posted or not. .

  2. “Some Windows system files are really malicious and should be deleted.” This rumor about legitimate Windows system files like JDBGMGR.EXE and SULFNBK.EXE can cause actual harm to the Windows system if these real – and useful – files are deleted.

  3. “Hotel card keys secretly record personal information, which could be maliciously taken advantage of without the person knowing.” No known hotel room keycard contains personal information, such as name, address, credit card number, etc. The information encoded on these cards is limited to room number, check out time, and other non-identifying information.

  4. “Including a fake entry in your e-mail address book will prevent e-mail Trojans.” Many “Trojans horse” programs infect PCs when a user opens an e-mail attachment. The Trojan then uses the user’s address book to replicate itself. A common legend is that creating a fake entry called “AAAAA” or “000000” will block these Trojans from replicating. Not only is this untrue, but it can give the user a false sense of security – exposing them to real Trojans.

  5. “A digital cell phone can be infected with a virus merely by answering a phone call.” This story usually warns that the virus identifies itself as “ACE” or “Unavailable,” and that the receiver must not answer the call or disaster will strike. There is no evidence that a virus can be spread in this way.

  6. “Search engine "crawlers" perform security checks and notify you of vulnerabilities.” Some computer users have received e-mails purporting to be from automatic search engine “crawlers” that index web pages. The messages “helpfully” notify the user that their system contains vulnerabilities. No known search engine employs this practice.

  7. “Thieves are using lists of "out of office" auto-replies to target homes for burglary.” While it is theoretically possible that a home burglar could use such a means to identify homes where residents were on vacation, there are no known cases of burglars actually using this technique.

  8. “Free patches e-mailed to you will protect your PC from the latest worm or viruses.” Users sometimes receive “free patches” for common worms like “Klez.” Klez is actually a real worm, but the unsolicited “patch” won’t protect your PC – it is really a Trojan that will infect your PC if you install it. Show great caution when installing an unsolicited “security patch” received via e-mail.

  9. “Signing up with a "Do Not Spam Registry" will stop you from getting spam.” Unlike the popular U.S. government “Do Not Call Registry,” there is no official “Do Not Spam” registry.

  10. “Elf Bowling and Blue Mountain Greeting Cards contain viruses.” Two popular software downloads – “Elf Bowling” and “Blue Mountain Greeting Cards,” are sometimes rumored to contain viruses. While downloaded software can indeed be a source of viruses, no users have ever contracted a virus from one of these legitimate programs.

While most of these urban legends are highly improbable, they are often not impossible. In fact, the most widespread security urban legend is a story that has circulated since the early 90’s, warning users to delete e-mails with a subject like “Good Times” or “Join the Crew,” because merely viewing the e-mail would supposedly infect your computer. Unfortunately, this is no longer a myth – the announcement last month of the “JPEG vulnerability” showed that users can indeed become infected simply by viewing an e-mail with a virus hidden inside an image file.

“Public awareness and education is a key element of the Cyber Security Industry Alliance’s mission to improve cyber security. By being a member of the CSIA and supporting National Cyber Security Awareness Month, Secure Computing is helping to create a safe online environment for all users of the Internet,” said Paul Kurtz, executive director of CSIA.

About Secure Computing
Secure Computing (NASDAQ: SCUR) has been securing the connections between people and information for over 20 years. Specializing in delivering solutions that secure these connections, Secure Computing is uniquely qualified to be the global security solutions provider to organizations of all sizes. Our more than 11,000 global customers, supported by a worldwide network of partners, include the majority of the Dow Jones Global 50 Titans and the most prominent organizations in banking, financial services, healthcare, telecommunications, manufacturing, public utilities, and federal and local governments. The company is headquartered in San Jose, Calif., and has sales offices worldwide. For more information, see http://www.securecomputing.com.

###

This press release contains forward-looking statements relating to Secure Computing’s ability to deliver security solutions to enterprise customers, and the expected benefits of such, and such statements involve a number of risks and uncertainties. Among the important factors that could cause actual results to differ materially from those indicated by such forward-looking statements are delays in product development, undetected software errors or bugs, competitive pressures, technical difficulties, changes in customer requirements, general economic conditions and the risk factors detailed from time to time in Secure Computing’s periodic reports and registration statements filed with the Securities and Exchange Commission. 

---------------------------------------------------------------------
This page was printed from the Secure Computing Corporation web site,
located at 
---------------------------------------------------------------------