Feeds

Consumers improving security, but gaps remain

Not quite as crap as before, in other words

Top three mobile application threats

Spyware and viruses have infected fewer home PCs than a year ago, but the large majority of computer users still lack a critical software defense, such as spyware protection, up-to-date antivirus or a properly configured firewall, according to a study of Internet users released on Wednesday.

The Online Safety Study, conducted by America Online and the National Cyber Security Alliance, analyzed the security of 354 broadband and dial-up users' computers. The study found that the number compromised by spyware dropped to 61 per cent, from 80 per cent a year ago, and the fraction infected with an active virus dropped to 12 per cent from 19 per cent a year ago. AOL and the NCSA sent technicians to the homes of each survey participant to check their computer security.

While improvements are evident, consumers still have a long way to go, said Tatiana Platt, chief trust officer for America Online.

"Although we have made some strides in helping consumers protect themselves, the threats are growing broader and more dangerous, so the risk of failure can be that much more catastrophic," Platt said in a statement announcing the study. "When a single virus, a simple scam or hidden spyware program can shut down your computer or cause a person to lose their bank account, their family pictures, or all of their personal records, it is vital that consumers take every possible step to protect themselves."

Attacks targeting consumers have become more worrisome as the attacker's tools have become more sophisticated. Current attacks mainly attempt to gain personal information for identity theft or compromise PCs connected to broadband internet accounts. Attacker-controlled PCs, known as zombies or bots, can then be used for further attacks.

Phishing, in particular, has become a worry, according to the study. Each month, about a quarter of online Americans saw an fraudulent e-mail aimed at convincing them to give up personal information. Almost 70 per cent of the surveyed customers thought such phishing attacks were email messages from a legitimate company, and 18 percent said a friend or family member had fallen victim to such an attack.

Almost three-quarters of the people surveyed use their computers for sensitive transactions online, suggesting that successful phishing attacks could easily gain access to financial information, the study said.

Identity theft using information gleaned from consumers' systems is growing quickly, but still pales in comparison to offline identity theft.

In 2004, online identity fraud totaled 11.6 per cent of all cases of identity theft, according to a survey of 552 people conducted by Javelin Strategy and Research. Data from the survey suggests that online identity theft only accounted for some $600m of the total estimated loss of $52.6 billion for the United States for that year.

"Our numbers show that fears about online identity fraud may be out of proportion to the relative risk, causing consumers to ignore the most glaring issues," James Van Dyke, founder and principal analyst for Javelin Strategy and Research, said in a statement announcing the identity-theft study earlier this year. "Indeed, most instances of identity fraud occur through traditional channels and are paper-based, not Internet-based."

Yet, the growth in phishing, spyware and other consumer-focused attacks has Internet service providers, like America Online, concentrating on defense and education. The company frequently scans its network, intercepts potential spyware and viruses, blacklists malicious Web sites and offers free Internet security tools, AOL's Platt said. </p? >

"We do everything we can to make sure that malicious scans and spyware don't ever reach our users," she said. "To the extent that we can push protections directly to users, we are actually extending our reach, because our consumers have told us that is what they want."

While more than 80 per cent of the online consumers surveyed believe they are secure, about the same number have not installed necessary security software or have a misconfiguration that affects security, the study said.

"More than anything, this reinforces the need for some people to be more vigilant online," Platt said. "The bottom line is, if you get an e-mail that asks for personal information or sends you to a web site that asks for sensitive information, don't click on it."

Symantec, the parent company of SecurityFocus, is a member of the National Cyber Security Alliance, which commissioned the study.

Copyright © 2005, SecurityFocus

This article was first published here

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
Oracle working on at least 13 Heartbleed fixes
Big Red's cloud is safe and Oracle Linux 6 has been patched, but Java has some issues
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.