Feeds

Consumers improving security, but gaps remain

Not quite as crap as before, in other words

The essential guide to IT transformation

Spyware and viruses have infected fewer home PCs than a year ago, but the large majority of computer users still lack a critical software defense, such as spyware protection, up-to-date antivirus or a properly configured firewall, according to a study of Internet users released on Wednesday.

The Online Safety Study, conducted by America Online and the National Cyber Security Alliance, analyzed the security of 354 broadband and dial-up users' computers. The study found that the number compromised by spyware dropped to 61 per cent, from 80 per cent a year ago, and the fraction infected with an active virus dropped to 12 per cent from 19 per cent a year ago. AOL and the NCSA sent technicians to the homes of each survey participant to check their computer security.

While improvements are evident, consumers still have a long way to go, said Tatiana Platt, chief trust officer for America Online.

"Although we have made some strides in helping consumers protect themselves, the threats are growing broader and more dangerous, so the risk of failure can be that much more catastrophic," Platt said in a statement announcing the study. "When a single virus, a simple scam or hidden spyware program can shut down your computer or cause a person to lose their bank account, their family pictures, or all of their personal records, it is vital that consumers take every possible step to protect themselves."

Attacks targeting consumers have become more worrisome as the attacker's tools have become more sophisticated. Current attacks mainly attempt to gain personal information for identity theft or compromise PCs connected to broadband internet accounts. Attacker-controlled PCs, known as zombies or bots, can then be used for further attacks.

Phishing, in particular, has become a worry, according to the study. Each month, about a quarter of online Americans saw an fraudulent e-mail aimed at convincing them to give up personal information. Almost 70 per cent of the surveyed customers thought such phishing attacks were email messages from a legitimate company, and 18 percent said a friend or family member had fallen victim to such an attack.

Almost three-quarters of the people surveyed use their computers for sensitive transactions online, suggesting that successful phishing attacks could easily gain access to financial information, the study said.

Identity theft using information gleaned from consumers' systems is growing quickly, but still pales in comparison to offline identity theft.

In 2004, online identity fraud totaled 11.6 per cent of all cases of identity theft, according to a survey of 552 people conducted by Javelin Strategy and Research. Data from the survey suggests that online identity theft only accounted for some $600m of the total estimated loss of $52.6 billion for the United States for that year.

"Our numbers show that fears about online identity fraud may be out of proportion to the relative risk, causing consumers to ignore the most glaring issues," James Van Dyke, founder and principal analyst for Javelin Strategy and Research, said in a statement announcing the identity-theft study earlier this year. "Indeed, most instances of identity fraud occur through traditional channels and are paper-based, not Internet-based."

Yet, the growth in phishing, spyware and other consumer-focused attacks has Internet service providers, like America Online, concentrating on defense and education. The company frequently scans its network, intercepts potential spyware and viruses, blacklists malicious Web sites and offers free Internet security tools, AOL's Platt said. </p? >

"We do everything we can to make sure that malicious scans and spyware don't ever reach our users," she said. "To the extent that we can push protections directly to users, we are actually extending our reach, because our consumers have told us that is what they want."

While more than 80 per cent of the online consumers surveyed believe they are secure, about the same number have not installed necessary security software or have a misconfiguration that affects security, the study said.

"More than anything, this reinforces the need for some people to be more vigilant online," Platt said. "The bottom line is, if you get an e-mail that asks for personal information or sends you to a web site that asks for sensitive information, don't click on it."

Symantec, the parent company of SecurityFocus, is a member of the National Cyber Security Alliance, which commissioned the study.

Copyright © 2005, SecurityFocus

This article was first published here

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?