Last week, we published a link to Microsoft's tips for making your online shopping experiences safer. We were a little surprised at some responses we got, taking us to task for implying that online financial transactions could ever be "safe" and pointing out ways that a determined hacker could circumvent security measures.

Well, yeah. "Safety" and "security" are not absolute terms. Just as walking outside your house (or staying in it, for that matter) can never be absolutely safe, neither can shopping online (or even just going online). You will always be exposed to some element of danger when you venture out into the big, bad world. Let's say you do all your shopping at "real world" stores. To do that, you have to leave home; you probably have to drive or take public transportation, or at least walk on the public streets. If you drive, your car could be run into by a drunk driver. If you take a bus, it could be hijacked. If you walk, you could be mugged.

You must also decide how you're going to pay for your purchases. If you use a credit card, the clerk could copy down your number, expiration date and verification code while in possession of it, and use the information later to make online or phone purchases. If you use a debit card, a check, or cash, you could drop them somewhere along the way or your wallet could be stolen. If you're personally known to the merchant, who agrees to bill you later, that's great - but it still doesn't completely guarantee the safety of the transaction. Eventually you'll have to mail a check or exchange your credit card info or do an electronic bill payment, exposing yourself to risk.

So we completely accept the statement that online shopping will never be 100% secure. That doesn't mean you can't do things to make it less likely that you will be victimized. Checking the reputations of online merchants is like doing your real world shopping in the low-crime part of town; it reduces your exposure. Using a complex password is like tucking your money or cards into a front pocket instead of carrying them in a purse slung over your shoulder that's easy to grab.

Security is a continuum, and the more accessibility and convenience you have, the less security you're apt to have. One of the most secure places to keep your money is probably in a locked vault or a safe deposit box. However, it's not very convenient - you have to visit the vault to get out the exact amount every time you want to buy something, and you can't make a mail order or phone purchase without buying a money order or depositing the money in a checking account. What we need to learn to do is achieve an acceptable balance between security and accessibility.

A system that's completely secure will be inaccessible to everyone - including you. A system that's completely accessible will be vulnerable to everyone. Throwing our hands up in the air and say "there's no point in using a BIOS password because someone could hack it" is like saying "there's no point in having locks on my door because someone could pick them." A network security professional's goal is not to make it impossible for a hacker to get into his or her systems (that's a laudable goal, but also an impossible one). Instead, the goal is to implement enough security measures to make it so time-consuming or difficult that the hacker will move on to another, easier-to crack system instead.

Does that sound callous and uncaring about the systems to which the hacker moves on? The sad truth is that we can only protect ourselves; we can't protect the world. But if every one of us protected ourselves, then the world would be protected.