Feeds

Consumers improving security, but gaps remain

Not quite as crap as before, in other words

Secure remote control for conventional and virtual desktops

Spyware and viruses have infected fewer home PCs than a year ago, but the large majority of computer users still lack a critical software defense, such as spyware protection, up-to-date antivirus or a properly configured firewall, according to a study of Internet users released on Wednesday.

The Online Safety Study, conducted by America Online and the National Cyber Security Alliance, analyzed the security of 354 broadband and dial-up users' computers. The study found that the number compromised by spyware dropped to 61 per cent, from 80 per cent a year ago, and the fraction infected with an active virus dropped to 12 per cent from 19 per cent a year ago. AOL and the NCSA sent technicians to the homes of each survey participant to check their computer security.

While improvements are evident, consumers still have a long way to go, said Tatiana Platt, chief trust officer for America Online.

"Although we have made some strides in helping consumers protect themselves, the threats are growing broader and more dangerous, so the risk of failure can be that much more catastrophic," Platt said in a statement announcing the study. "When a single virus, a simple scam or hidden spyware program can shut down your computer or cause a person to lose their bank account, their family pictures, or all of their personal records, it is vital that consumers take every possible step to protect themselves."

Attacks targeting consumers have become more worrisome as the attacker's tools have become more sophisticated. Current attacks mainly attempt to gain personal information for identity theft or compromise PCs connected to broadband internet accounts. Attacker-controlled PCs, known as zombies or bots, can then be used for further attacks.

Phishing, in particular, has become a worry, according to the study. Each month, about a quarter of online Americans saw an fraudulent e-mail aimed at convincing them to give up personal information. Almost 70 per cent of the surveyed customers thought such phishing attacks were email messages from a legitimate company, and 18 percent said a friend or family member had fallen victim to such an attack.

Almost three-quarters of the people surveyed use their computers for sensitive transactions online, suggesting that successful phishing attacks could easily gain access to financial information, the study said.

Identity theft using information gleaned from consumers' systems is growing quickly, but still pales in comparison to offline identity theft.

In 2004, online identity fraud totaled 11.6 per cent of all cases of identity theft, according to a survey of 552 people conducted by Javelin Strategy and Research. Data from the survey suggests that online identity theft only accounted for some $600m of the total estimated loss of $52.6 billion for the United States for that year.

"Our numbers show that fears about online identity fraud may be out of proportion to the relative risk, causing consumers to ignore the most glaring issues," James Van Dyke, founder and principal analyst for Javelin Strategy and Research, said in a statement announcing the identity-theft study earlier this year. "Indeed, most instances of identity fraud occur through traditional channels and are paper-based, not Internet-based."

Yet, the growth in phishing, spyware and other consumer-focused attacks has Internet service providers, like America Online, concentrating on defense and education. The company frequently scans its network, intercepts potential spyware and viruses, blacklists malicious Web sites and offers free Internet security tools, AOL's Platt said. </p? >

"We do everything we can to make sure that malicious scans and spyware don't ever reach our users," she said. "To the extent that we can push protections directly to users, we are actually extending our reach, because our consumers have told us that is what they want."

While more than 80 per cent of the online consumers surveyed believe they are secure, about the same number have not installed necessary security software or have a misconfiguration that affects security, the study said.

"More than anything, this reinforces the need for some people to be more vigilant online," Platt said. "The bottom line is, if you get an e-mail that asks for personal information or sends you to a web site that asks for sensitive information, don't click on it."

Symantec, the parent company of SecurityFocus, is a member of the National Cyber Security Alliance, which commissioned the study.

Copyright © 2005, SecurityFocus

This article was first published here

Intelligent flash storage arrays

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.