Ask Leo! #642 – Every Application Adds Risk

Every Application Adds Risk


In a previous article, I discussed the fundamental nature of our computer's operating system: its absolute power to see, and potentially expose, anything we do. We frequently assume, often without actually thinking about it, that the OS is trustworthy.

That may or may not be true.

When it comes to the operating system, our options are limited. There's really no choice: in order to use our device, we must use an operating system of some sort.

When it comes to the applications we install on our computers, we have both more choice and more risk.

Every application adds direct risk

Every application you download and install on your computer – be it your desktop, laptop, tablet, or phone – is an opportunity for your security and privacy to be compromised.

We regularly give applications much broader permissions to operate on our information than they need. In Windows, most programs can read any file, whether they need to or not. For example, that desktop chess game you just downloaded has complete access to the financial spreadsheets stored elsewhere on your computer.

On the other end of the spectrum, some operating systems allow us to control permissions at a per-application level. For example, when installing an app on an Android-based device, you'll often be presented with a list of things to which the new application requires access.

App needs access to....

If we want the application at all, we must grant it all the permissions it requests. And that's exactly what most people, including myself, do: zip through the list of permissions requested as if it was a license agreement, and accept it all, without reading or considering.

Any application we install could be malicious. It could be explicitly malicious – meaning malware – or it could be less obviously malicious, sharing more information with third parties than we realize, violating our assumptions of privacy.

As we'll see in a moment, as long as we take appropriate care, we can be relatively safe – but the possibility exists.

Every application adds indirect risk

Even the best-intentioned application includes risk, even if indirectly.

The program could have bugs. It could have errors or omissions that, in turn, could be leveraged by other, malicious software. It could "leak" our information unintentionally in ways third parties can intercept and collect.

Again, none of these risks are included purposefully, but rather as a side effect of oversight, poor design, poor coding or other unintentional accidents.

A great example might be Adobe Flash. It's not malicious. It's not intentionally allowing malware on our computers, or intentionally exposing our information to others. But it has so many bugs, errors, and vulnerabilities that its mere presence on your machine – particularly if not updated regularly – increases the risk of other software leveraging those issues to do harm.

All software has bugs. Thus, all software comes with some risk that those bugs, once discovered, could be used by others for unintended actions.

Once again, it all comes back to trust

You and I can't be expected to understand all the details and nuances of software design and marketing. It's too complex and ever-changing.

Instead, we rely on third parties. Or, more correctly, we rely on our trust of third parties to either do or provide the right thing, or act as a resource to let us know when the right thing isn't happening.

This is why I so strongly warn against using download sites. The third parties involved – the download sites themselves – have a poor track record of providing software that can be trusted. Instead, I recommend you take the effort to locate the original vendor of whatever software you're looking for and download directly from the source.

Assuming, of course, you trust them.

I discuss ways of developing and evaluating trust in What Does It Mean for a Source to be "Reputable"? The advice there applies equally here. When it comes to the software you install on your machine – any software – you must weigh the benefits against the risks, and take care to make sure you trust the source.

Rule of thumb: don't install what you don't need

The most secure software of all is the software that isn't on your machine. If it's not there, it can't harm you.

I'm sure you know someone who constantly downloads and installs software on their machine. Be it a bevy of anti-malware tools, to the latest games, to who-knows-what, their machine eventually becomes unstable – or worse, their online accounts get hacked as a result of malware that accompanied all those downloads…

…all for things they probably didn't really need.

Don't be that person. Smile

Think carefully before installing any software on your computer or other device. Even the most trustworthy and reputable software comes with side effects of some sort, and in the worst case, as we've seen, there's a risk of more malicious intent as well.

Make sure you need it. Make sure you trust the author. Make sure you get it from a source you trust.

And when in doubt, don't install it. You're safer that way.

Is anything safe?

All this sounds pretty daunting and perhaps even a little overwhelming. You might be wondering if anything's ever safe.

The good news is that, for the most part, the software you need, from reputable sources, is generally not malicious, and generally well behaved. There are bad actors out there, of course, but keeping these basic rules of thumb in mind will generally allow you to be safe.

  • Only install what you need.
  • Install only reputable software from well-known sources.
  • Download only from the vendor's own download site or instructions.

If you're at all concerned about security and privacy – and you should be – it's important to be aware and keep these rules in mind.

You'll have a much safer and more confident experience.

Related Links & Comments: Every Application Adds Risk

Become a Patron - Get The Ask Leo! Tip of the Day

Windows Defender Offline in Windows 10

Occasionally, malware prevents your anti-malware tools from running, or is designed in such a way that anti-malware tools may not be able to actually eradicate the infection while Windows is running.

One of the most common solutions in the past has been to boot your computer from a DVD or USB drive that contains its own operating system, bypassing both Windows and the malware that might be interfering. Once running, this isolated operating system can run anti-malware tools that are much more likely to resolve the issue.

Windows 10 actually built in this capability. Without needing to download anything, you can boot your computer into "Windows Defender Offline" – a copy of Windows 10's built-in anti-malware tool, running in a separate, isolated, dedicated copy of Windows 10.

Continue Reading: Windows Defender Offline in Windows 10

How Can One Service Take Down So Much?

As I type this, a surprisingly large number of web sites – including some aspects of Ask Leo! – are recovering from a massive outage at one of the internet's major cloud service providers: Amazon.

While the specifics of what caused the downtime has yet to be made public, the outage serves to highlight some important aspects of the modern internet, and raise a few questions along the way.

Continue Reading: How Can One Service Take Down So Much?

Email: Save Everything So You Can Delete More

One of my recommendations for managing email sounds very counter-intuitive. In fact, you may think I'm completely nuts – yet it's fundamental to my approach to an empty inbox.

I was able to do an analysis of my incoming email – which accompanies this article – because I save all my mail.

I save all my mail.

I have every piece of mail my wife and I received last year. Every bit of spam, every virus, every incoming message, no matter how important, annoying, or trivial.

That seems like the exact opposite of what most people want: less mail, not more, right?

I do it because it's incredibly liberating.

Continue Reading: Email: Save Everything So You Can Delete More

The Ask Leo! Tip of the Day

A feature exclusively available to Ask Leo! Patrons.

More Ask Leo!

Become a Patron
Books - Business - Glossary
Facebook - YouTube - More..

Help Ask Leo! Just forward this message, in its entirety (but without your unsubscribe link below) to your friends. Or, just point them at for their own FREE subscription!

Newsletter contents Copyright © 2017,
Leo A. Notenboom & Puget Sound Software, LLC.
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC

Posted: March 7, 2017 in: 2017
« Previous post:
Next post: »

New Here?

Let me suggest my collection of best and most important articles to get you started.

Of course I strongly recommend you search the site -- there's a ton of information just waiting for you.

Finally, if you just can't find what you're looking for, ask me!

Confident Computing

Confident Computing is the weekly newsletter from Ask Leo!. Each week I give you tools, tips, tricks, answers, and solutions to help you navigate today’s complex world of technology and do so in a way that protects your privacy, your time, and your money, and even help you better connect with the people around you.

The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition

Subscribe for FREE today and claim your copy of The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition. Culled from the articles published on Ask Leo! this FREE downloadable PDF will help you identify the most important steps you can take to keep your computer, and yourself, safe as you navigate today’s digital landscape.

My Privacy Pledge

Leo Who?

I'm Leo Notenboom and I've been playing with computers since I took a required programming class in 1976. I spent over 18 years as a software engineer at Microsoft, and after "retiring" in 2001 I started Ask Leo! in 2003 as a place to help you find answers and become more confident using this amazing technology at our fingertips. More about Leo.