Feeds

Consumers improving security, but gaps remain

Not quite as crap as before, in other words

SANS - Survey on application security programs

Spyware and viruses have infected fewer home PCs than a year ago, but the large majority of computer users still lack a critical software defense, such as spyware protection, up-to-date antivirus or a properly configured firewall, according to a study of Internet users released on Wednesday.

The Online Safety Study, conducted by America Online and the National Cyber Security Alliance, analyzed the security of 354 broadband and dial-up users' computers. The study found that the number compromised by spyware dropped to 61 per cent, from 80 per cent a year ago, and the fraction infected with an active virus dropped to 12 per cent from 19 per cent a year ago. AOL and the NCSA sent technicians to the homes of each survey participant to check their computer security.

While improvements are evident, consumers still have a long way to go, said Tatiana Platt, chief trust officer for America Online.

"Although we have made some strides in helping consumers protect themselves, the threats are growing broader and more dangerous, so the risk of failure can be that much more catastrophic," Platt said in a statement announcing the study. "When a single virus, a simple scam or hidden spyware program can shut down your computer or cause a person to lose their bank account, their family pictures, or all of their personal records, it is vital that consumers take every possible step to protect themselves."

Attacks targeting consumers have become more worrisome as the attacker's tools have become more sophisticated. Current attacks mainly attempt to gain personal information for identity theft or compromise PCs connected to broadband internet accounts. Attacker-controlled PCs, known as zombies or bots, can then be used for further attacks.

Phishing, in particular, has become a worry, according to the study. Each month, about a quarter of online Americans saw an fraudulent e-mail aimed at convincing them to give up personal information. Almost 70 per cent of the surveyed customers thought such phishing attacks were email messages from a legitimate company, and 18 percent said a friend or family member had fallen victim to such an attack.

Almost three-quarters of the people surveyed use their computers for sensitive transactions online, suggesting that successful phishing attacks could easily gain access to financial information, the study said.

Identity theft using information gleaned from consumers' systems is growing quickly, but still pales in comparison to offline identity theft.

In 2004, online identity fraud totaled 11.6 per cent of all cases of identity theft, according to a survey of 552 people conducted by Javelin Strategy and Research. Data from the survey suggests that online identity theft only accounted for some $600m of the total estimated loss of $52.6 billion for the United States for that year.

"Our numbers show that fears about online identity fraud may be out of proportion to the relative risk, causing consumers to ignore the most glaring issues," James Van Dyke, founder and principal analyst for Javelin Strategy and Research, said in a statement announcing the identity-theft study earlier this year. "Indeed, most instances of identity fraud occur through traditional channels and are paper-based, not Internet-based."

Yet, the growth in phishing, spyware and other consumer-focused attacks has Internet service providers, like America Online, concentrating on defense and education. The company frequently scans its network, intercepts potential spyware and viruses, blacklists malicious Web sites and offers free Internet security tools, AOL's Platt said. </p? >

"We do everything we can to make sure that malicious scans and spyware don't ever reach our users," she said. "To the extent that we can push protections directly to users, we are actually extending our reach, because our consumers have told us that is what they want."

While more than 80 per cent of the online consumers surveyed believe they are secure, about the same number have not installed necessary security software or have a misconfiguration that affects security, the study said.

"More than anything, this reinforces the need for some people to be more vigilant online," Platt said. "The bottom line is, if you get an e-mail that asks for personal information or sends you to a web site that asks for sensitive information, don't click on it."

Symantec, the parent company of SecurityFocus, is a member of the National Cyber Security Alliance, which commissioned the study.

Copyright © 2005, SecurityFocus

This article was first published here

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.