If your PC was hit by a virus in the early 90s, this would have a limited impact on your life. Firstly, your personal computer probably wasn't coordinating your daily activities, or proving integral to your communications with others. Secondly, “ancient” malware was often quirky and light-hearted. Sure, it might cause your CD drive to repeatedly open, or even delete a few files, but it wouldn't drain your bank account. Thirdly, once you left your study, computers were out of your thoughts. However, now as our lives are lived in cyberspace, there is little sanctuary from the dangers that lurk online.
Unfortunately, if an attacker wants to steal your information they will. Whilst we may follow practical advice to install software patches, update our anti-virus programs and delete suspicious emails, well-funded actors will always find their way in. Depressing as this is, please let me explain.
Your PC might be fully updated and running the finest anti-virus software money can buy, but these applications can rarely protect against the unknown. Zero-day vulnerabilities have never been experienced before, and therefore no attack signature exists to trigger protective software. Think about it like inoculation: no matter how many vaccinations you receive, you're unlikely to be immune against a brand-new disease. More worryingly, you might already have been infected without your knowledge, with attackers currently leeching off your system. Rootkits sit deep within the machine, often evading detection for months as they perform their nefarious deeds. In some cases even wiping your operating system might be ineffective. Dangerous new firmware hacks embed code within the hard-drive itself, meaning it can withstand re-installation and continue business as usual. Scary stuff.
Of course you could disconnect your computer from surrounding networks, attempting to isolate it from all this malicious intent. “Air gapped” systems are frequently used both in the military and heavy industry to ensure viruses do not compromise the most critical of operations. However there is always another channel; often a USB stick offering a simple jump from an already-compromised office network to a fresh target. Autorun, built into systems since Windows 95, meant that malicious code could automatically execute as soon as the storage device was inserted. Although this clearly insecure situation was remediated in later versions, researchers have found novel measures to smuggle dangerous software.
Even if you're too cautious to plug a USB stick into your beloved machine, there are dozens of side-channel attacks that could convey your information. A recent paper explained how an air-gapped PC, already infected with malware, could communicate with a neighbouring infected machine. The method of communication was simple: increasing and decreasing temperature to signal patterns of 0s and 1s. Of course this does require prior compromise, and having a connected and disconnected computer side-by-side, but neither of these situations are rare. Machines can remain infected for years without their owner's knowledge, and sensitive environments often result in trusted and untrusted machines sitting adjacent to improve employee efficiency.
After hearing all these risks, you might think it sensible to lock away your computer. A modern smartphone essentially possesses the same functionality, so perhaps these are too large a risk too. But a retro 90s mobile phone would surely offer protection, especially due to their lack of functionality. Think again. The Gemalto SIM card hack showed how at risk we all are to interception, even though later reports clarified that keys were not stolen.
Now I don't wish to provoke paranoia; the spooks are not all watching us constantly, and Chinese hackers probably aren't draining your PC of data as I speak. The moral is that if people want your information badly enough, they will find a way to get it. Modern systems are so complex and interoperate with so many other systems that it is impossible to check all the scenarios. The only reason we are not constantly compromised is that the cost of the attack varies greatly with its sophistication. An intelligence agency might be willing to spend tens of thousands of pounds and several months trying to infiltrate a North Korean military base, but it isn't worth their effort to read your diary.
Therefore for most of us, there is safety in not being a low-hanging fruit. The simple actions of downloading patches and updating our anti-virus systems actually lift us above an enormous number of vulnerable machines. After all, crime still obeys economical maxims: attackers will pick off the easiest targets. And if you are important enough to be under the microscope of a highly-funded adversary, then technology offers little safety. If you write your secrets on paper and lock them in a safe, at least they aren't remotely accessible. This is no call to abandon the riches of our information society, but merely a sober warning. We do not get these riches for free.