Some common security Myths
1. I don't have anything an attacker would want.
Many users believe the data on their computer is only valuable to them, and therefore they have nothing to protect and no need to worry.
There are several flaws in this type of thinking. Attackers often want to take control of the computer itself, as they can turn your pc into a host for malware or to distribute spam. An attacker might also be able to use small bits of information, such as your name, address, etc. to steal your identity. The most common attacks are automated, they simply seek any vulnerable system.
2. I have antivirus software installed, so I am safe.
Yes, you absolutely need antivirus software, but it will not protect you from everything. Some antivirus products only detect viruses and trojans. Some do not detect phishing attempts, spyware or other malware attacks. A more comprehensive security suite is better, but new malware threats are discovered daily and security vendors need time to add protection against these emerging threats, so your antimalware software may not protect you from zero-day or newly launched attacks.
3. Since I only visit major reputable sites, I have nothing to worry about.
When you surf in murkier waters you definitely increase your odds of being infected or compromised, but even well-known sites are occasionally infiltrated. Education sites, CNN, eBay, Microsoft, Apple, and Yahoo have at vaious times been compromised by attackers running cross-site scripting attacks attempting to install malicious software on visitor's computers.