Security

10 dumb things users do that can mess up their computers

Users find plenty of ways to run into trouble, from gunking up their system with shareware to leaving it exposed to attackers to forgetting about using surge protectors. Share this list with your own users so they can sidestep preventable problems like these.

We all do dumb things now and then, and computer users are no exception. Inadvertently pressing the wrong key combination or innocently clicking OK in the wrong dialog box can change important settings that alter a computer's behavior or even crash the system.

Nervous newbies are often fearful that one wrong move might break the computer forever. Luckily, short of taking a sledge hammer to the box, the consequences aren't usually quite that dire. Even so, users often do create problems for their computers and for your network. Here's a description of common missteps you can share with your users to help them steer clear of preventable problems.

Note: This article is also available as an article and as a PDF download.

#1: Plug into the wall without surge protection

Here's one that actually can physically destroy your computer equipment, as well as the data it holds. You may think your systems are in danger only during an electrical storm, but anything that interrupts the electrical circuit and then starts the current back again can fry your components. Something as simple as someone turning on an appliance that's plugged into the same circuit (especially a high voltage one such as a hair dryer, electric heater, or air conditioner) can cause a surge, or a surge may be caused by a tree limb touching a power line. If you have a power outage, you may experience a surge when the electricity comes back on.

You can protect your systems against damage from power surges by always using a surge protector, but it's important to be aware that most cheap surge protectors will survive only a single surge and need to be replaced afterward. An Uninterruptible Power Supply (UPS) is better than a surge protector; it has a battery that keeps power flowing smoothly even when there's an outage, to give you time to gracefully shut down.

#2: Surf the Internet without a firewall

Many home users plug their computers right into their spiffy new cable or DSL modems and hop onto the Internet without realizing that they're putting themselves at risk from viruses and attackers. Every Internet-connected computer should be protected by a firewall; this can be a firewall built into the broadband modem or router, a separate firewall appliance that sits between the modem/router and the computer, a server at the network's edge running firewall software, or personal firewall software installed on the computer (such as ICF/Windows Firewall built into Windows XP or a third-party firewall program like Kerio or ZoneAlarm).

One advantage of personal firewalls on laptop computers is that they're still with you when you take the computer on the road and plug into a hotel's DSL or cable port or connect to a wireless hotspot. Just having a firewall isn't enough, though. You must also be sure it's turned on and configured properly to protect you.

#3: Neglect to run or update antivirus and anti-spyware programs

Let's face it: Antivirus programs can be a royal pain. They're always blocking some application you want to use, you often have to disable them to install new software, and they have to be updated on a regular basis to do any good. Seems like the subscription is always expiring and prompting you to renew it -- for a fee, in many cases. But in today's environment, you can't afford to go without virus protection. The malicious programs that AV software detects -- viruses, Trojans, worms, etc. -- can not only wreak havoc on your system but can spread via your computer to the rest of the network. In extreme cases, they can bring down the whole network.

Spyware is another growing threat; these are programs that install themselves on your computer (usually without your knowledge) and collect information from your system that is then sent back to the spyware program's author or vendor. Antivirus programs often don't address spyware so it's important to run a dedicated spyware detection and removal program.

#4: Install and uninstall lots of programs, especially betas

You like to be on the cutting edge, so you often install and try out new software. Beta programs are usually free and give you a chance to sample neat new features before most people. There are also many freeware and shareware programs made available as Internet downloads by their authors. We know you'd never do it, but some users even install pirated software or "warez."

The more programs you install, the more likely you are to run across ones that either include malicious code or that are poorly written and cause your system to behave improperly or crash. The risk is greater with pirated programs.

Even if you install only licensed, final-release commercial software, too many installations and uninstallations can gunk up the registry. Not all uninstall routines completely remove program remnants and at the least, this practice can cause your system to slow down over time.

You should install only the programs that you really need, stick with legitimate software, and try to minimize the number you install and uninstall.

#5: Keep disks full and fragmented

One of the results of installing and uninstalling lots of programs (or adding and deleting data of any kind) is that it fragments your disk. Disk fragmentation occurs because of the way information is stored on the disk: On a new, clean disk, when you save a file it's stored in contiguous sections called clusters. If you delete a file that takes up, for example, five clusters, and then save a new file that takes eight clusters, the first five clusters' worth of data will be saved in the empty space left by the deletion and the remaining three will be saved in the next empty spaces. That makes the file fragmented, or divided. To access that file, then, the disk's read heads won't find all the parts of the file together but must go to different locations on the disk to retrieve it all. That makes it slower to access. If the file is part of a program, the program will run more slowly. A badly fragmented disk will slow down to a crawl.

You can use the disk defragmenter built into Windows (Programs | Accessories | System Tools) or a third-party defrag program to rearrange these pieces of files so that they're placed contiguously on the disk.

Another common cause of performance problems and application misbehavior is a disk that's too full. Many programs create temporary files and need extra free space on the disk to operate. You can use Windows XP's Disk Cleanup Tool or a third-party program to find and delete rarely used files or you can manually delete files to clear space on your disk.

#6: Open all attachments

Some folks just can't help themselves: Getting an e-mail message with an attachment is like getting an unexpected gift. You just have to peek inside to see what it is. But just as that package left on your doorstep could contain a bomb, that file attached to your mail message could contain code that will delete your documents or system folder or send viruses to everyone in your address book.

The most blatantly dangerous attachments are executable files -- those that run code -- with extensions like .exe, .cmd, and many others. (See this article for a list of file extensions for different types of executables.) Files that aren't themselves executables, such as Word .doc files and Excel .xls files, can contain embedded macros. Scripts (Visual Basic, JavaScript, Flash, etc.) aren't directly executed by the computer but are run by other programs.

It used to be that you could assume plain text (.txt) or graphics (.gif, .jpg, .bmp) files were safe, but not anymore. File extensions can be spoofed; attackers take advantage of the Windows default setting that doesn't display common file extensions to name executables something like greatfile.jpg.exe. With the real extension hidden, it shows up as greatfile.jpg. So the recipient thinks it's a graphic, but it's actually a malicious program.

You should open attachments only when they're from trusted sources and only when you're expecting them. Even if the mail with the attachment appears to come from someone you trust, it's possible that someone spoofed their address or that their computer is infected with a virus that sent the attachment to you without their knowledge.

#7: Click on everything

Opening attachments isn't the only type of mouse click that can get you in trouble. Clicking on hyperlinks in e-mail messages or on Web pages can take you to Web sites that have embedded ActiveX controls or scripts that can perform all sorts of malicious activities, from wiping your hard disk to installing a backdoor program on your computer that a hacker can use to get in and take control of it.

Clicking the wrong link can also take you to inappropriate Web sites that feature pornography, pirated music or software, or other content that can get you in trouble if you're using a computer on the job -- or even get you in trouble with the law.

Don't give in to "click mania." Think before you click a link. Links can also be disguised in phishing messages or on Web sites to appear to take you to a different site from the ones they really point to. For example, the link might say www.safesite.com, but it actually takes you to www.gotcha.com. You can often find out the real URL by hovering over the link without clicking it.

#8: Share and share alike

Your mother taught you that it's nice to share, but when you're on a network, sharing can expose you to dangers. If you have file and printer sharing enabled, others can remotely connect to your computer and access your data. Even if you haven't created any shared folders, by default Windows systems have hidden "administrative" shares for the root of each drive. A savvy hacker may be able to use these shares to get in. One way to prevent that is to turn off file and printer sharing -- if you don't need to make any of the files on your computer accessible across the network. This is especially a good idea if you're connecting your laptop to a public wireless hotspot. You can find instructions on how to do so here.

If you do need to make shared folders accessible, it's important that they be protected by both share-level permissions and file-level (NTFS) permissions. Also ensure that your account and the local administrative account have strong passwords.

#9: Pick the wrong passwords

That brings us to another common mistake that can expose you to attacks: picking the wrong password. Even if you don't belong to a network where the administrator forces you to select strong passwords and change them regularly, you should do so. Don't pick passwords that are easy to guess, such as your birth date, a loved one's name, or your social security number. Longer passwords are harder to crack, so make your password at least eight characters long; 14 is even better. Popular password-cracking methods use "dictionary" attacks, so don't use words that are in the dictionary. Passwords should contain a combination of alpha, numeric, and symbol characters for best security.

A long string of nonsense characters may create a password that's tough to crack, but if you can't remember it, you'll defeat the purpose by writing it down (where an intruder may be able to find it). Instead, create a phrase you can remember easily and use the first letters of each word, along with logical numbers and symbols. For example: "My cat ate a mouse on the 5th day of June" becomes "Mc8amot5doJ."

#10: Ignore the need for a backup and recovery plan

Even if you follow all these suggestions, an attacker may crash your system or your data may be corrupted or get wiped out by a hardware problem. That's why it's essential that you always back up your important information and have a plan for recovering from a system failure.

Most computer users know they should back up, but many never get around to it. Or they make an initial backup but don't update it regularly. Use the built-in Windows backup program (Ntbackup.exe in Windows NT, 2000, and XP) or a third-party backup program and schedule backups to occur automatically. Store backed up data on a network server or removable drive in a location away from the computer itself, in case of a natural disaster like flood, fire, or tornado.

Remember that the data is the most important thing on your computer. The operating system can be reinstalled and so can applications, but it may be difficult or impossible to recreate your original data. (See "10 ways to protect your data" for additional suggestions.)

Nonetheless, you can save time and frustration by backing up your system information too. You can create mirror images of your disks using popular ghost or clone programs. This will allow you to restore the system quickly instead of going through the tedious installation process.

About

Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...

59 comments
James
James

(especially a high voltage one such as a hair dryer, electric heater, or air conditioner) . I think you mean High power (amperage) equipment which when turned on and off may generate high voltage back EMF spikes. All the above appliances work at 110V or 240V depending on where i the world you are.

nbdov68
nbdov68

Back in mid 90's, I had a call with diskette problems from a secretary. She told me she cannot access any files on the diskette. After went over to her office and ask her to show me what she had done in details (step by step). I knew that's nothing I can do for her to recover any file data from her diskette. As a secretary, she had a metal stand next to her PC and when she had any document need to enter into her PC, she put the paper on the stand and holds it with magnet. When it was time for lunch break, she pop the diskette out, put it on the paper stand and hold the diskette with..........you got it...the magnet.

Jay Purple
Jay Purple

Honestly I am only guilty of the last one - but only mildly. I have backed up all my savegames, music, files and program data to a second internal HDD and have it only running while one is using it (Windows turns it off after 1 hour of inactivity to save lifetime, power and lifetime) Ive backed everything up but I am going to the royal x64 club soon so I will back everything else up then ;)

cerewa
cerewa

(((You can often find out the real URL by hovering over the link without clicking it.))) This is not entirely true. Javascript allows web developers to replace the URL (which typically shows up at the bottom of the screen) with descriptive text about the link. Untrustworthy folks have taken to putting a link to a malicious site and then making it appear to go to a safe website using this feature.

glnz
glnz

Your Item #5 (?) was to replace File Sharing with true NTFS permissions. [You wrote "If you do need to make shared folders accessible, it???s important that they be protected by both share-level permissions and file-level (NTFS) permissions. Also ensure that your account and the local administrative account have strong passwords."] I'm only a home network user, not an IT guy, and I've found those complex permissions to be daunting, confusing and unworkable. Is there a guide at the idiot level? Also, as my wife takes her laptop traveling on business a lot, would turning off File Sharing and using such network permissions screw her up when she connects to wi-fi at a hotel? Thanks.

chrismack750
chrismack750

Holding the power button until their computer shuts off.

Fritzo9602
Fritzo9602

These "tips" sound a bit outdated and basic. LOL- "don't open email attachments?" Most mail servers filter viruses before they even hit your mailbox these days. How about "Don't click on Facebook apps posting things saying 'Her father caught her red-handed! Check out the video!'" instead? Fragmented hard drives? Really? With NTFS having small blocks, defragmenting is something you may have to do once a year now, and since most people are browsing rather than installing apps and spreading lots of small files all over the place, I don't thing fragmentation is going to be a problem. Software firewalls are evil. The majority of users don't know what to do when a screen pops up saying "so-and-so is attempting to access the Internet on port 443, do you wish to allow or deny", then they deny it thinking it's a virus, and then ten minutes later are calling their ISP's tech support because Skype doesn't work, they can't send/receive email, and so forth. Keep the firewall on your router. Norton, Zone Alarm, and others can stick it. Could have made a better list. How about not falling for Rogue Antivirus popups? Phishing emails pretending to be your bank/ISP asking for personal information?...I could go on and on.

ator1940
ator1940

The dumbest thing you can do is run windows, as it is the easiest OS to hack. Get smart, run Linux. Run fast, be safe, and secure.

Nashphil
Nashphil

Users that open "new windows" (on new browsers with Tabs) Every time they want a new page. I've seen 10 open windows and they all had to deal with Gmail.

pete
pete

On the lines of the last point, of you're not backing up your data offsite, then when your hard drive inevitably evertually fails, you're in for a world of trouble. http://www.forward-itc.co.uk for a good solution to keeping the data safe in a separate place!

abx
abx

It is a bit too elementary things to number. I think you could come up with the next ten or hundred thumb things that people do using computers. Could you please carry on up to number 100?

rupaa62
rupaa62

Its amazing this list its mostly aimed at the Home User but some of these are too aimed at users at work. The Pick the wrong password is common where I work people keep entering the wrong password til they are locked out and have to call me. As for not updating Anti-virus and spyware programs that is so common especally with the COrporate exec's they live in a world where they think they don't have to do anything but when that virus or malware ruins their systems they bring in their home system and think IT can magically save it in 5 mins. WHere I work we have a policy of not working on anyones home PC's but the exec's think they can get around that by saying they use it for work and need to save their games on it. As for backup people think floppys are still around, and forget about thumb drives are now in. I've seen users just click on anything for programs without reading what they are installing they always think they are adding a google tool bar ar yahoo tool bar. but inturn its a beta program or virus. Mu opinion allot of users are stupid out there home users all they care about is surfing the web and getting email and have no clue of what they are doing. Corporate users think if they break it the IT dep will come running and fix it. This list is a great list for the bone users everywhere to start with. If I could add one more its users who use ourlook and type in the email address and then think the name is saved in a address book. The user is Wrong again and that sends IT depts scratching their heads saying why are som many users so stupid. I could add many more but this would be book size.

bunkyaz
bunkyaz

I discovered today one of my predecessors, i an attempt to "fix" something quickly, added all the senior staff, to include admin staff, to the network administrators group so they could install software on theor PCs. i am fighting this battle now.

thimk
thimk

You need to add to the title ... things WINDOWS users do .. HALF of these are irrelevant / don't apply to Mac users at all

AbbyD
AbbyD

Learn the proper ways to exchange emails. Never send emails to anyone who fails to remove the lists of names and email addresses before they forward them to you. Because that same person will include your name and email address to all the emails you send them when they forward them to strangers. If you follow this rule and educate others about it you will reduce the amount of Spam and viruses you will receive.

Lizzie_B
Lizzie_B

(Sorry - pet peeve.) They're NOT high voltage appliances - they're high CURRENT appliances. They have the same voltage requirement as everything else you plug into your household wall outlets, they just draw more current. When they start, the startup current surge tends to draw down the line voltage available to other devices on the same circuit, causing a brown-out. Also, some high current devices induce nasty, transient voltage spikes on the line when they start which can fry other electronics on the line. So in that respect, I suppose you could call them "high voltage" - but only marginally. Ok, Lizzie, off the soap-box and back under the desk, where you belong...

No User
No User

They USE them. Think about it, all the dumb things they do begin after they start using a computer. ;) Gee, if you could only find a way for them not to use those things. You know I think the biggest complaint I here from users is that they must do something that they don't want to do or perhaps more to the point they must do something they don't want to learn how to do. So if the computers ran automatically that would please everyone. It would certainly prevent a great deal of stupidity done in conjunction with a computer and make our lives much better. You gotta love it. ;)

SObaldrick
SObaldrick

Also: - paint your nails while operating a laptop keyboard. (one dead laptop when the varnish spilt.) - let Microsoft automatically update your software. - install Lotus Notes on your computer. Les.

GrizzledGeezer
GrizzledGeezer

Symantec's Ghost claims to clone a disk, but it doesn't always. If you're trying to create a BOOTABLE backup, don't assume your software has done it -- swap the drives and see if the backup boots properly.

gregjahn
gregjahn

Ok, one thing that bothers me with Anti-Virus program and Spyware Removal program; aren't they both utilized the same detection methods? If so, then why does Anti-Virus program are a resource hog whereas spyware isn't. Anyway that leads to the last question; More and more spyware removal also offers anti-virus included, is it safe to assume you would only need that one program for both? I know you would utilize multiple antispyware programs, but you can only use ONE antivirus on a system!

SimionT
SimionT

And the dumbest of them all is lying the HelpDesk you did not do anything prior to the problem!

reisen55
reisen55

For Home Users who have no system admin at hand, this is a good list. As a consultant, I FEAR working on home computers and avoid them whenever possible. I have no control at all and this list is a perfect example of why places like Circuit City and Best Buy are positioned to rip off stupid home users. In a networked environment, every one of these is on my DO NOT DO EVER list and I protect my users and computers from their users.

f.chapman
f.chapman

Debra, Sorry, let me get this straight... You let machines connect with out a firewall? You let all attachments through your email system? You don't have a password policy with a minimum strength requirement? You let users install software? Ergo you let users run with local admin privileges?! Sounds like you, the administrator, who is the dumb one. Users do what ever you let them do, so stop them doing it! Stupid article for stupid people.

thnidu
thnidu

2 dumb things that algorithms do: Right under this article, I see: People who read this, also read... * 10 dumb things users do that can mess up their computers * 10 dumb things users do that can mess up their computers

vindasel
vindasel

This is a great list and let me a add a couple of comments to the points you have mentioned: (#10)- Apart from regular backups, it is also essential to have an instant file recovery plan in place to deal with files that were accidently deleted (from the recyle bin too). Extremely useful when the file needs to be recovered in a hurry without searching through older backups (which may not have the most recent version of the file). Prevention is better than cure, so have it running rather than installing it after a deletion incident. (#5) It is always recommended that atleast 10% of the disk space be kept free for the best performance. Also, it is important to avoid fragmentation. Over time, fragmentation can cause increased wear and tear of drives due to excessive actuator arm movement leading to premature hardware replacement costs, loss of productivity due to systems slowing down, and overall an increased workload for the IT personnel. The best way to deal with fragmentation in a corporate environment is to utilize automatic defragmenters. This is more efficient than manual/scheduled defrag considering the large number of workstations in question, and drastically cuts down the workload of IT personnel, saving time and money.

Jay Purple
Jay Purple

I told off so many people for doing that, then laughed my ass off when they call - they go to reboot it and windows wont start properly. XD Told ya so! XD

CharlieSpencer
CharlieSpencer

Uh, it's a three year old article. It predates the dominance of social media.

Fritzo9602
Fritzo9602

If you need a list like this, you've never heard of Linux much less know how to use it.

Thmiuatga
Thmiuatga

Deny it all you want but Macintosh computers are PC's. At least Windows users weren't saddled with inflated priced computers as Mac users were when Apple Corp brought some DRAM chip stock back in 91 and then had to recover their monetary losses when the stocks went into free fall. I am a Windows user as the majority of the members of this board are, but I am also a Linux user. In fact, I started with Linux FIRST when I built my initial PC in 2000 with absolutely no knowledge of the OS. I don't hear of anyone building any Mac or Apple PC's and I certainly don't see any hardware or software for those systems at any of the places I shop. I'd say that's rather inclusive as opposed to the appearance of bring the world together. Furthermore, there are obvious difference between the systems but the users deal with them and at a certain point you have to stop being anal about it and concentrate on the expression and exchange of ideas,information and suggestions that will help and inform others. GET OVER IT!

kjrider
kjrider

Unless you are living in a third world country, the power supply is safe and regulated. (I used to work in that industry) I have yet to come across anyone who has had their equipment destroyed by a sudden surge, unless its a lightening strike, and that takes out just about everything. The companies selling their surge protectors are making their fortune. A more likely fault is loss of power when an UPS would be useful. Don't forget a lot of power supplies are for 100 - 240 volts and have safty built into them. KJR

Codedog84
Codedog84

I agree that the list is good practice and in my opinion....is elementry things anyone in IT should already know...and if you don't...maybe you don't belong in this profession. The one thing I will say that is not so easy to do is take away local admin rights from users. Someone made the comment that this should always be done. If you can say that its that easy to do, then you probably have never really tried to enforce it....cuz it's just not that simple. ALOT easy said then done!

guyinnj10
guyinnj10

Thank you for correcting that. As an EE I take offense when someone who professes technical knowledge confuses voltage with power consumption. They lose credibility immediately. Actually it is my experience that the high transient voltages are caused by most home devices when they are suddenly stopped not started. V=L(inductance)* di/dt ( delta I or the change rate of current)..OK I'll stopped being a engineer..

kjrider
kjrider

It is not dumb users, but dumb writers with high ignorance and not high voltage.

TheComputerator
TheComputerator

I call that Star Trek syndrome. They want to just tell the computer what they want and have it delivered.

ismith
ismith

Some users really can't tell you what they did. Besides, wouldn't you want to protect yourself if the first response was "What did you do to cause this?" And sometimes they really didn't do anything. The one and only time that a computer of mine was infected with a virus was when nimda first hit. I was connected to the corporate network from home and both my work computer and my personal machine were infected in less than ten seconds and I had nothing to do with it. If some IT guy had said, "What did you do that might have caused this?" I would have had an answer for him. (This was back in Windows 2000 days, mind you.) And don't forget that tech. support doesn't know everything either. When I called tech. support for a brand new Gateway computer that arrived at my house with a bad hard drive, the tech. support guy asked me what I was doing when the problem started. I explained that I had just finished installing Microsoft FrontPage and restarted the machine and instead of booting, I had gotten the message that there was no system installed and I should insert a boot disk. He insisted that FrontPage had changed my video settings and that was why the computer wouldn't boot. He didn't want to hear about all the disk errors found by ScanDisk. Bottom line? It's easy to laugh at users but as the introduction to the artice said, nobody's perfect.

reisen55
reisen55

Do not write a post at 7:11 am. protect my users from their .... yeah, right.

bunkyaz
bunkyaz

Had the issue with VP "REQUIRING" admin access on his workstation. What an unholy mess he created and gave me grief about when hid computer didn't work! The alternative of havinng IT visit each computer needing software installed, a small price to pay!!!

PC Medic
PC Medic

Sounds like you need to subscribe to the ID 10T error mentality for a bit until you can see some of the networks that need drastic help to get them to your level of ideal network standards. Many smaller businesses,and SOHO networks don't have the needed administrators. Many are a hodge podge of machines, connected via cables, with no administrative policies or sugested practices. The real world of small network computing eagerly awaits your visit.

gstrickland
gstrickland

Not all of us spend our entire time performing IT Support for "Corporate Clients" where it is possible to prevent these things from happening. Our company services smaller companies and private individuals as well, and although the content of this article is predictable the points are never-the-less valid for these type of environments and users. :-)

de-frag
de-frag

Doesn't defragmentation require 15% of free hard drive space to function adequately, would this not be a more advisable amount of free space to have?

boxfiddler
boxfiddler

haven't a clue about maintenance. I do some Adult Ed classes for a Community College and spend the 2nd half of the day introducing them to defrag, file cleanup, cookies, temporary internet folders. Some of them are there because their year-old computer is driving them crazy. No one in all that time has bothered to clue them to the fact that some simple weekly maintenance will help keep their system running smoothly. Amazing. edit typo

Jay Purple
Jay Purple

Quite right. And not only that, I BELIEVE windows 7 runs Defragging in the background from time to time... I could be wrong tho :\

Jay Purple
Jay Purple

Ive known a few people who dont seem to even know the difference between Linux and Windows - Asking why their MS Word 2007 disc wont install etc. - Even for a girl that requested Linux too! IMO Netbook Remix of Ubuntu is the answer to the severely technologically impaired. Even my 3-year-old-cousin can use it.

SimionT
SimionT

Sure, there are different situations, but the topic is about things users do. And they intentionally don't mention anything about what they did, or worse, they deny.

f.chapman
f.chapman

G-Man, The whole tone of the article and the majority of the comments relate to corprate networks... So, to answer your question. You! Rasssp!