People need to wake up to the harsh realities of online security, says a visiting professor at the University of Surrey. A lack of understanding is leaving many susceptible.

Professor Alan Woodward, who advises the government and several FTSE 100 companies on security related matters, highlighted a collection of urban myths which need to be dispelled.

“I cannot be infected simply by visiting a website”

Woodward confirms one of the most common misconceptions – that a user cannot be infected simply by visiting a website. “As with many myths it contains a grain of truth. However, you may not recognise that you are giving your permission by default to certain types of download,” says Professor Woodward.

The professor points to the use of techniques called ‘drive-by’ attacks. These methods vary using everything from Java updates to IFrames to download and execute malicious script without the user consciously giving permission.

“Reputable sites present no threat”

Next he addressed the myth that reputable sites will not contain malicious code. Woodward explained that many sites which allow visitors to comment on news posts or review products leave themselves open to exploitation.

“With webpages often being an amalgamation of content drawn from various sources, it is very difficult for webmasters to close all the loopholes,” he explained on

“My computer contains nothing of value”

Many users claim their computer contains nothing of of any real value but Woodward says this could not be further from the truth. Something as simple as an address book is manna from heaven to a cyber criminal looking for an effective way to spread infected code.

According to, figures from Infosec 2013 found that the cost of cyber breaches had increased three-fold in the past year. Figures coming out of Symantec also reveal that there was a three-fold increase in the number of attacks on small businesses too.

Professor Woodward believes that society still has some way to go to fully understand computer security but he says the threat is very simple to understand.

“All computers, if connected to the internet, are vulnerable,” he concludes.