Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security United States

Most In US Have False Sense of Online Security 161

BaCa sends along a link from Net-Security on a study of attitudes among Americans about the security of their PCs, versus their actual vulnerability. "More than half of computer users who think they are protected against online threats like spyware, viruses, and hackers actually have inadequate or no online protection, according to an independent research study conducted for Verizon... While 92 percent of participants thought they were safe, the scans revealed that 59 percent were actually vulnerable to a variety of online dangers. Ninety-four percent of those surveyed said they would find it helpful to be able to diagnose or check their online security status on a regular basis to make sure their PCs were safe."
This discussion has been archived. No new comments can be posted.

Most In US Have False Sense of Online Security

Comments Filter:
  • Frosty Piss (Score:1, Insightful)

    Actually, if you're really conscious about what you click, why would you need so many security layers?
  • by betterunixthanunix ( 980855 ) on Thursday December 06, 2007 @11:19AM (#21598167)
    At least once a year, these results come out in yet another study. Perhaps we should declare a new holiday: False Sense of Security Day (and of course, False Sense of Security Eve, when a hacker in a Santa suit constructs an enormous botnet and takes down a few small mailservers with spam).
    • Re: (Score:3, Interesting)

      by iminplaya ( 723125 )
      False Sense of Security Day

      It would be on the anniversary of the signing of the patriot act.

      So many political jokes to make about this...so little time to post them all
    • by secPM_MS ( 1081961 ) on Thursday December 06, 2007 @11:56AM (#21598789)
      This should be called the neverending story. Unfortunately, I think that name is already taken by a children's book. The query is a bit inappropriate. I am not safe simply if I have my AV and anti-malware SW installed and updated. I MAY be safer, but the AV and anti-malware SW can itself be a vulnerability.

      Increasingly, the attacks are made at the application level, not the OS level. The OS can protect itself from a non-administrative user, but cannot be expected to protect itself from an administrative user who has been fooled into doing something inappropriate. The AV and anti-malware SW try to protect against known issues, but it is a best effort sort of thing.

      If you are browsing, do you have javascript, java, flash, etc. enabled? If so, you have the neat functionality, but you are very vulnerable to compromise by hostile / compromised web servers.

      If you are running as a normal (non-administrative) user such compromise can compromise anything you do. If you are running as an administrative user such a compromise can compromise your system (in Vista, you would have to OK the UAC prompt).

      If you open .pdf attachements or pdf's on web sites, is your pdf reader fully updated? Exploitable security issues have been found routinely in certain pdf readers.

      If you open Microsoft Office documents, is your Office software fully updated? Numerous attacks have been launched via such documents. Office 2007 has far fewer vulnerabilities than Office 2003. Note that using OpenOffice does not inherently protect you. The same type of vulnerabilities exist in OpenOffice.

      If you have Apple's QuickTime, do you keep it updated? It has had large numbers of vulnerabilities.

      Then we can go into the world of media and games, where many vulnerabilities exist and all too often the application in question is internet facing.

      If you want ease of use, feature richness, and dynamic extensibility, you are not going to have a high level of "security / assurance". A web world of static HTML without any scripting and limited media is quite safe - but it is not what the customers want. A similarily restricted application functionality set can be made truly safe as well, but is not what customers want. Users feel comfortable and safe with what they routinely work with, even if this is inherently dangerous. This is as true for computer users as it is for industrial / research workers, who tend to get a bit casual about even truly dangerous issues (I used to be an industrial safety officer in research laboratories).

      • by vtcodger ( 957785 ) on Thursday December 06, 2007 @01:08PM (#21599923)
        ***If you are running as a normal (non-administrative) user such compromise can compromise anything you do. If you are running as an administrative user ...***

        All the data that I actually care about compromising is in my user account so it's at risk no matter what. I suppose that I really should move my financial and other sensitive stuff to a different user account that never uses the internet. I don't know anyone who does that and I've never seen it in a list of security suggestions.

        And I don't see anything that prevents my user account from being used in Denial Of Service attacks against external servers. Or that prevents my user account from attacking servers of any sort on my local PC or on the intranet. And what -- other than the fact that it's probably not necessary -- is to stop the virus maker from including a selection of privilege escalation exploits in his bundle of aggravation?

        Overall, I think that the Don't_Run_As_Admin_And_You'll_Be_OK lot are another bunch of folks with a false sense of security. I'd fault them because unlike naive users, they should know better. (However, running as admin in a multiuser environment really does put other users at additional risk).

        While we're talking about false sense of security, let's don't forget the smug Mac and Linux users. We don't need virus checkers. More accurate would be We don't need virus checkers yet. Both systems are built with the same flawed by design technologies used to build Windows. If we insist in coding in a language that permits buffer overflows, we are probably going to have buffer overflows. Same for many other attacks on sloppy/incomplete/nonexistent legality checking, etc. Carbon/Cocoa/Linux are by no means immune from these problems even if there are few current attacks.

        I also strongly suspect that the biggest current positive factor preventing a total PC security meltdown is the use of NAT routing which strongly discourages unsolicited attacks on non-server PCs. What's going to happen when/if ipv6 comes along and NAT routing goes away?

        • Re: (Score:3, Interesting)

          by secPM_MS ( 1081961 )
          If you are using your machine as a single user system you are clearly right. The data you care about is in your user account. It is easier to clean up a user-space compromise than an administrator compromise, where you probably have to flatten the system and rebuild.

          I have kids who use my systems. They run under normal accounts (The biggest security advantage of Vista is that normal accounts run well, unlike XP) and hence can mess up their own accounts, but are not so likely to mess up my account.

          User a

        • While we're talking about false sense of security, let's don't forget the smug Mac and Linux users. We don't need virus checkers. More accurate would be We don't need virus checkers yet.

          Linux doesn't need virus checkers for a simple reason: The distribution of executable code is much different than on Windows.

          Viruses on Windows distribute mainly through mail attachments these days. On Linux where you need to save and chmod +x a file the barrier to entry is much higher. Linux users also for the most part don

    • by sm62704 ( 957197 )
      Any sense of security is a false sense of security. But you know what? I'm as secure as I need to be.

      All my DVDs and videotapes were stolen recently. As none of the windows or door locks seem to have been compromised, it was surely an inside job - someone I'd trusted. You remployer likewise is more likely to have the system compromised from the inside than from an outsider breaking into your servers.

      Does this mean I shouldn't have locks on my doors? Of course not. But like a corporate IT breakin, the worst
    • I dunno, my reaction was "Wether they're vulnerable or not, if they haven't actually been infected or hacked, then it's not a false but a legitimate sense of security". Thinking nothing is probably going to happen is not the same thing as thinking nothing can happen.
  • by UbuntuDupe ( 970646 ) * on Thursday December 06, 2007 @11:20AM (#21598175) Journal
    I don't know how good Verizon is at online bank security. I mean ... how safe can you be when you look at your bank account and can't distinguish .02 dollars and .02 cents?

    *ducks*
  • Old news (Score:5, Insightful)

    by Billosaur ( 927319 ) * <wgrotherNO@SPAMoptonline.net> on Thursday December 06, 2007 @11:22AM (#21598203) Journal

    It's not like this hasn't been noted before: PEBKAC Still Plagues PC Security [slashdot.org]. Your average user firmly believes what they are told by "experts" or the guy who sells them the computer. They are not web-savvy and don't dig into the background on computer security. They think that all they have to do is run their spyware remover and update their anti-virus and their fine. Heck, too many don't even know they have such utilities, and if the do know, aren't actually aware if they are running or not!

    Computer security must be taken out of the hands of the user where the user is likely to not have a clue how it works.

    • They think that all they have to do is run their spyware remover and update their anti-virus and their fine.

      Exactly. As if removing the spyware also went back in time and actually prevented the spyware from HAVING SPIED on you already!
      • Re: (Score:3, Interesting)

        by Bert64 ( 520050 )
        Spyware removal is flawed, the focus should be on preventing it getting there in the first place.
        Same with viruses.

        The big problem is that people believe the hype..
        "Windows $version is the most secure windows ever!"
        "$program makes your machine secure"
        Rather than being vigilant, they believe the hype around some product claiming to take away all the security risks.

        End users really need managed workstations, managed by people who know what they're doing.
        Or perhaps kiosk style systems for browsing, booted from
        • Rather than being vigilant, they believe the hype around some product claiming to take away all the security risks.

          A friend told me that his computer at work is filled with viruses because his coworkers always ask him to read chain mails and stuff. When a message pops up about a dangerous program, they tell him: "Hit OK, the computer's protected by an antivirus, so no problem".

          As if the antivirus actually prevented the programs from doing harm once they begin executing.

          The sad part, is that he can't enforce
          • by Bert64 ( 520050 )
            That's microsoft's legacy...
            They've convinced people that viruses, unreliability, security holes, having to run a stack of anti this anti that programs that cripple performance etc, are just "how it is"...
            The world now thinks that computers are horrendously unreliable insecure buggy and over complicated devices, all thanks to microsoft.

            It does help Apple tho, i know quite a lot of people who thought like I described above, and once they were finally convinced to buy a mac, were absolutely overjoyed and neve
      • Re: (Score:3, Insightful)

        by ByOhTek ( 1181381 )
        except most good antiviruses/antispyware checks for incoming stuff, not just what is already there. So it can still be useful.

        Not as useful as a good sense of paranoia, but quite useful.
      • Re:Old news (Score:5, Funny)

        by Cro Magnon ( 467622 ) on Thursday December 06, 2007 @12:02PM (#21598903) Homepage Journal

        Exactly. As if removing the spyware also went back in time and actually prevented the spyware from HAVING SPIED on you already!


        That's why you need a Mac. It has a Time Machine.

    • Re: (Score:3, Interesting)

      by ByOhTek ( 1181381 )

      Computer security must be taken out of the hands of the user where the user is likely to not have a clue how it works.

      But then you have the problems of

      (a) who do they trust to do it. Part of the reason for this problem is that the user is too trusting, and will download/run anything properly "padded" with the right context. What's to keep them from trusting Joes Bot Shop for their security?

      (b) when they do need something setup/installed quickly, it could be problematic for them to wait for the person/people

      • My idea is that the security has to be built-in. An application, web or standalone, has to be built to be secure enough that it would not require the user's intervention (or outside third-party software) to secure it. As to the user's too dumb not to click on links in Viagra emails, well I'm of two minds. On the one hand, the Darwin idea -- if you're not smart enough to avoid the pitfall, then natural selection takes over and your computer is hash when it gets overrun by viruses/trojans. On the other hand,

        • Re: (Score:2, Interesting)

          by ByOhTek ( 1181381 )
          The problem is, short of a secure list of what can install/run (like application branding, properly implemented), and absolute prohabition of running non-branded applications, nothing can save the users from themselves.

          You have the trade off of "flexibility" and "security".

          As a rough example - if a user downloads and runs this in their system:

          fixed for lameness filter

          START
          bashbang/bin/sh
          STARTUPS EQUALS ".bashrc .cshrc .shrc .login" #add more to be more versatile

          bash create our h4x0red bin dir
          mkdir tilde/.bi
          • Re: (Score:3, Insightful)

            by PitaBred ( 632671 )
            Make home directories non-executable, and set up the profiles to only get their startup config from a location other than the home directory, one that's protected from user writing? It wouldn't be that hard.
            • Re: (Score:3, Insightful)

              by ByOhTek ( 1181381 )
              and you immediately lose a lot of the flexibility a user would want on their home system, for example - to add a program they find they need.

              If I'm working on my system and I find I don't have an advanced photo editor that I want/need, I could not install it on my system with what you described, UNLESS there was a way around the unwriteable execution directories - and in that case the hackers could get around that too.
    • Re:Old news (Score:5, Insightful)

      by Frosty Piss ( 770223 ) on Thursday December 06, 2007 @11:58AM (#21598829)

      Your average user firmly believes what they are told by "experts" or the guy who sells them the computer. They are not web-savvy and don't dig into the background on computer security. They think that all they have to do is run their spyware remover and update their anti-virus and their fine.
      And why shouldn't they? Honestly, "average users" shouldn't have to be computer security experts. Average users use computers to play or do productivity tasks unrelated to software development and computer science. The fact is, the average user shouldn't have to be "computer savvy" and running spyware cleaners should do just that. Blaming "average users" for the fact that such dangers exist is missing the point.
      • Re: (Score:3, Interesting)

        by Billosaur ( 927319 ) *

        That's my point. Security should be something that is taken out of the hands of the average user. They shouldn't be expected to become security experts. They should be taught how to be a little more web-savvy. I hear a commercial all the time on the radio in NYC for CyberStreetSmart.org [cyberstreetsmart.org], which is run by the New York Public Interest Research Group (NYPIRG), trying to do just that. The commercial is compelling because they say (paraphrasing) "If someone came up to you on the street and said they had a million

      • by Speare ( 84249 )

        The fact is, the average user shouldn't have to be "computer savvy" and running spyware cleaners should do just that. Blaming "average users" for the fact that roadway dangers exist is missing the point.

        I'll agree with that sentiment to a point, but only to a point.

        The fact is, the average car driver shouldn't have to be "car savvy" and autopilot functions should do just that. Blaming "average drivers" for the fact that such dangers exist is missing the point.

        To say that end users shouldn't have to concern themselves with the details of computers on an untrusted network is to say that the computer should have a bullet-proof security system, it should be an appliance as trouble-free as a clothes-iron. Security is not a product, it's a process; the security landscape is not static, it is ever-changing. Couple this with the general dynamic that security is inversely proportional to convenience, a

        • Extending the car analogy... no, you don't need to know how to take apart and rebuild an engine in order to drive, It helps if you know enough to be able to tell if the mechanic is feeding you a line. But other than that, you do need to know that maitenance needs to be done. Not paying for antivirus updates is kinda like not ever getting your oil changed.

          Scarier than people without antiviruses though, are the people who think that just having an antivirus (any antivirus) protects them. Partly you have p
    • I think the responsibility for spyware/virus resistance has to ultimately lie at the feet of the operating system developer. The very idea that users should be expected to pay for commercial add-on software packages to prevent these problems is a triumph of marketing/advertising -- but is really a big ripoff for the consumers.

      When you think about it, the entire idea of naming these mal-ware programs "virii" is all part of the marketing game. The average user understands how colds/flus and other infections
  • by Anonymous Coward
    DTA: Don't Trust Anybody
  • by $RANDOMLUSER ( 804576 ) on Thursday December 06, 2007 @11:26AM (#21598279)

    * Spyware Protection: When asked how safe they felt their home PC was from spyware, 92 percent of respondents felt "safe" or "somewhat safe." In contrast, the Verizon Security Advisor scan revealed that the majority (58 percent) were "at risk" or "potential risk" from spyware infection. Nineteen percent were critically "at risk" from spyware infection.
    * Virus Protection: When asked how safe they felt their home PC was from viruses, 92 percent of respondents felt "very safe" or "somewhat safe," whereas the Verizon Security Advisor scan revealed that 45 percent were "at risk" or "potential risk" from virus infection.
    * Firewall Protection: Nineteen percent of respondents had their personal firewall turned off.
    Please define "at risk", "potential risk", "critically at risk".
    And by "personal firewall" do you mean that POS built into XP, or the POS from Symantec? Or do you mean the router firewall?
    • In addition, I'm curious as to what "Verizon Security Advisor" is. The only references I can find to it are, uh, people reporting this story...
  • by ackthpt ( 218170 ) * on Thursday December 06, 2007 @11:27AM (#21598297) Homepage Journal

    this missive is stored on a secure server.

    My name is Milo T. Farnsworth, D.O.B 27/07/1974 My Switch number is 3975-4438-0098-2310, expry 04/09

    Please take care of this, I will be on an extended trip for the next 2 months, during which I will require great use of my $10,000 credit limit.

    • Could you check those details, please? My purchase of a 62" HDTV is being declined, and I need it to watch Stargate reruns tomorrow night.
  • by benadamsdotcom ( 1126811 ) on Thursday December 06, 2007 @11:28AM (#21598299)
    Even after meeting online criminals in person, they still tried to rip me off. Fortunately, I tracked them down and got them. Stolen and Recovered 1949 Chevy Saga [blogspot.com]
    • by gazbo ( 517111 )
      My favourite part of that story is the first picture showing the news with the SHOCKING headline "Thief uses Internet".
  • XP (Score:3, Insightful)

    by truthsearch ( 249536 ) on Thursday December 06, 2007 @11:28AM (#21598305) Homepage Journal
    Doesn't XP have a big green light that tells users they're secure with a firewall and anti-virus protection? If an OS tells an average user they're secure, even if they're only marginally more secure, I wouldn't expect the average user to question it.
    • by PhxBlue ( 562201 )

      Doesn't XP have a big green light that tells users they're secure with a firewall and anti-virus protection?

      Only with SP2. But you can bet a lot of folks aren't using SP2, or even Windows XP, for that matter. Windows 2000, 98, 95, ME ... they're all still out there; Microsoft has stopped supporting them, and in many cases, so have software developers.

    • Re:XP (Score:5, Insightful)

      by Billosaur ( 927319 ) * <wgrotherNO@SPAMoptonline.net> on Thursday December 06, 2007 @11:55AM (#21598777) Journal

      Most people have a yellow light on their dashboard that tells them when they are running low on gas, and yet people still run out of gas. I suspect most people wouldn't know what the green light meant if you asked them.

    • by arminw ( 717974 )
      .....If an OS tells an average user they're secure..........

      How about if almost all articles everywhere, tell people that malware exploit xxxxx works only on computers running Windows? Would users not eventually conclude from that to make their next computer one that runs something OTHER than Windows? Maybe that is why Mac and Linux users rightly feel pretty secure. Has anyone here ever read an article in a reputable computer rag reporting the actual infection of millions, thousands or even hundreds of com
  • by CastrTroy ( 595695 ) on Thursday December 06, 2007 @11:28AM (#21598319)
    I don't have any virus scanner or malware blocker, or firewall or any kind of security software whatsoever installed on my computer. Actually, I have clamwin, but I only run it once a week. It never finds any viruses. Yet I would say that I'm adequately protected because I have a brain. I don't run software from sites I don't trust. I use Firefox, which doesn't have a history of letting websites run malicious code, and I try to stay on sites that I trust. I have a router, and no incoming ports are forwarded to my PC, so I'm safe in that way I guess. At work I have Norton installed, because it has to be. To date, it has blocked 0 spyware, 0 viruses, and 0 worms. Because it hasn't encountered any, because I practice safe computing. It hasn't actually done anything except slow my computer down. What a great waste of money that was.
    • Re: (Score:2, Informative)

      by Phaldor ( 1106237 )
      > Firefox not having a history of letting websites run malicious code

      You obviously do not pay too much attention to the news. There was one just released that had to do with Quicktime and Firefox. I know of several others where Firefox was either named specifically or generally, and why do you think they update their browser so often? More features? Get real dude, most of those updates are SECURITY VULNERABILITY fixes.
      • as opposed to IE where we are either not aware of these little vulnerabilities or they are just not fixed. Firefox is by no measure "perfect" but it has a history of actually fixing bugs and has a number of extensions that make Firefox much more easily secured. Opera is very similar in this regard, it has a number of features which make it a much better browser to use out of the box.
      • Yes, but Firefox updates it's browser (quickly) to account for the vulnerabilities. Also, like I said, I try to stay off sites I don't trust, so the odds of me encountering a site that has malicious code on it, between the time the vulnerability is discovered, and the time it is fixed is actually quite low. I'm probably not completely safe, but no amount of virus protection software will make you completely safe. So the best thing to do is just practice safe computing. I could run a fulltime virus scann
    • Ok, since I picked on you once, I do have to say that you are headed in the right direction. Users need to get a clue, particularly about allowing malicious code on their own systems through their own actions. You can have the best software and hardware protection money can buy or provide, but if the user doesn't understand safe computing practices, he's as good as the hacker himself sitting at the keyboard behind the protection.

      Think of it this way, if you don't use a condom (or similar birth control dev
      • by mh1997 ( 1065630 )

        Think of it this way, if you don't use a condom (or similar birth control device, including sterilization) for protection during herterosexual sex, what makes you think that you can guarantee that you won't get pregnant?

        The tag on my penis has the following:

        In consideration of God, creator of the universe issuing a guarantee to the owner of this penis in accordance with arrangements made under the creation of the universe regarding the biology of mankind done at planet earth on the 1st of January 0000

    • I am an avid user of Firefox but even I will admit that Firefox has more than a few vulnerabilities. If you think surfing the net without an active AV keeps you safe from malicious code on the net, well, lets just say, you have a false sense of online security. Hey, I tied in the article's title to my post!!!

      Seriously, If you want to browse the web without AV and feel safe. Shell into your favorite Linux box and browse with "Links" [sourceforge.net]
    • I don't have any virus scanner or malware blocker, or firewall or any kind of security software whatsoever installed on my computer.

      And probably, you're among the few that indeed don't have virus running on their machine.
      Most likely because, as you said, you *DO* have a brain and actively try to limit your exposure to sources of malware (unusual websites that could exploit bugs to install malware without your interaction, opening untrusted attachmetns, and all other example you give).
      (Note in addition to ru

  • by maillemaker ( 924053 ) on Thursday December 06, 2007 @11:28AM (#21598323)
    Look, my Windows machines auto-update themselves, and I have AVG running, which also updates itself. I have a firewall downstream of my modem and upstream of every other machine on the network.

    What else can I do?

    My wife is constantly playing and downloading games from the internet. No doubt she is polluting machines on our network.

    Basically my approach to security on my home machines is I wipe them and rebuild them every 6 months or so, in case there is some hidden malware on there that has turned my machine into a zombie.

    What I would really like is a "smart firewall" I could buy and put in place of my current firewall. This device would monitor all network traffic going in and out of my house, and it would stop the bad things from going through. It could even be a service whereby the device is managed by some security firm and I pay them to protect my network through this device.
    • I've got several family members machines that I've got the firewall on, spybot installed (and immunized) and AVG and they still get spyware out the wazoo because they click "yes" to "ya wanna install this nifty search toolbar?"

      I've got a cousin that calls me up about twice a year because she ran a game she downloaded off the internet and it trashed her system. She's got the same, firewall, spybot and AVG and I've instructed her on safe computing habits...

      I run all that AND firefox and I still got infected
    • Re: (Score:3, Informative)

      by Bert64 ( 520050 )
      Don't give her privileged access to any machine...
      If you screw up your own account, wipe that user's files, the rest of the system should be fine and you can re-create the user.
    • Asking slashdotters for advice on securing windows is akin to asking people on a windows forum for reasons to switch over to linux. They're not exactly unbiased, know what I'm saying?
      • by Kirth ( 183 )
        You'd be surprised how many slashdotters use windows nowadays. Count the postings. How many of those mention they use windows? How many of them give tips on securing windows other than switching to linux? How many told you you are an idiot and should use linux instead? As I read the comments (some 60), none of them did the latter. So I do: You are an idiot and should switch to linux instead.

        There, you got it. Reason to complain about the biased slashdot-crowd consisting of ME.
        • by RLiegh ( 247921 )
          >How many of them give tips on securing windows other than switching to linux?

          Apparently twitter and erris slept in this morning.
    • it would stop the bad things from going through

      If only we had some way to differentiate "good traffic" from "bad traffic". Something like RFC 3514 [faqs.org]...

    • Basically my approach to security on my home machines is I wipe them and rebuild them every 6 months or so, in case there is some hidden malware on there that has turned my machine into a zombie.

      I find it shocking that Windows users just accept that as part of the cost of doing business. Can you imagine a Linux distro suggesting you reinstall every six months? No cracks from Ubuntu users which releases on a six month cycle. You get my point. MS would have a field day with that.

      Every virus infected Wi

      • >I find it shocking that Windows users just accept that as part of the cost of doing business.

        My home PC is primarily for entertainment (games). If you want to play games on your PC, it means you have to run Windows. I understand some of the emulators are getting pretty good for Linux these days, but I'm skeptical about it 1) working and 2) not taking a performance hit.

        If all I did was surf the web and read email I'd be all over Linux.

    • I'm surprised such a router isn't readily available, especially with the new "evil bit" in RFC 3514: http://www.faqs.org/rfcs/rfc3514.html [faqs.org] :P
    • "What I would really like is a "smart firewall""

      Try downloading untangle.

    • I went to a security get-together with Dan Kaminsky, Damon Cortesi, and Jason Larsen, and during the panel discussion asked what they were doing to protect their own systems. I forget which one said it, but one of the replies was that the person reformatted often.

      Which strikes me as the counsel of despair, but in a world of stealthy malware where you can get infected by simply viewing a video, I can't bring myself to say it's absurd.
  • 94%? (Score:4, Insightful)

    by Delusion_ ( 56114 ) on Thursday December 06, 2007 @11:29AM (#21598331) Homepage
    This would be the target demographic of the malware antivirus attack, where a site does a browser hijack, slows your computer to a crawl, then starts bombarding you with ads for its "solution" to the problem its own malware caused.

    There is no single answer here. Affordable (or free) antivirus software that actually works would be a start, providing it isn't on the McAfee/Norton bandwagon of getting you to pay for a subscription and using up a fair amount of resources when running. There are good community-governed host file lists which can be a real help on many different levels - adware, phishing, malware, viruses, and some of the more onerous types of advertising. User education about basic practices is key - I'd like to see some Public Service Announcements on this, in the style of some of the American Lung Foundation's 1970's PSAs.

    I have to tell people over and over: "It doesn't matter if you trust Jackie not to send you a bad file. You also have to trust that Jackie is vigilant about computer security, and that she knows a lot about the subject. You also have to trust that her computer hasn't been compromised, or that her e-mail isn't a spoof, which requires you to understand a lot about message headers at the very least. Is an animated stripper dancing on your start bar really worth the risk?"
  • by ubrgeek ( 679399 ) on Thursday December 06, 2007 @11:29AM (#21598339)
    "Hi. I'm with Verizon. We're trying to see if your computer is secure. Mind if we scan it for vulnerabilities?"

    When they answered yes, why bother to go any further? In my mind, they're obviously potentially victims for spear-phishing types of attacks.
  • by gEvil (beta) ( 945888 ) on Thursday December 06, 2007 @11:31AM (#21598371)
    I know I'm secure. I use only genuine Microsoft products. I remember seeing an ad that said that they're the most secure computer company there is.
  • I'm pretty sure online commerce would come to a screeching halt ( "Oh N003355!! My Pr0n tax $$$s!!!111eleven!", cries the establishment) if the great unwashed masses ever knew that their main, and possibly only, line of defense was safety in numbers.
  • by Fnord666 ( 889225 ) on Thursday December 06, 2007 @11:32AM (#21598391) Journal
    In other news, 92% of all drivers feel that their driving ability is above average.
  • headline (Score:2, Insightful)

    Most In US Have False Sense of Security

    There, fixed that for you.
  • Let's keep this sort of journalism on Dateline please.

    The world is a dangerous place. Somehow, I think that humanity will soldier on nevertheless....
  • lulz (Score:4, Interesting)

    by thatskinnyguy ( 1129515 ) on Thursday December 06, 2007 @11:38AM (#21598469)
    *GASP* I thought AOL was keeping us all safe online!
  • "Ninety-four percent of those surveyed said they would find it helpful to be able to diagnose or check their online security status on a regular basis to make sure their PCs were safe." run windows update and update your anti-malware products. Oh yeah, you also need to build a wall of fire in front of the opening to your tube.
  • You always need to be vigilant. You can't trust a software program to keep it safe. There are work around and security breaches for every platform. Even Linux or Macs...

    *** DO NOT RUN THIS UNLESS YOU ARE STUPID *****
    #!/bin/csh
    set uname = `whoami`
    if $uname == 'root' then
    echo "Installing..."
    while (1)
    echo "YOU HAVE BEEN FOOLED" >> /dev/hda
    else
    echo "You need to run this program as root"
    end

    N
    • Yes it probably won't work because I forgot to end the loop I wasn't going to go debugging it on my system...
  • I must have a false sense of security. If I see things realistically, I am going to have to don a tin foil hat and end up like the protagonist in John Varley's excellent story, "Press Enter."
  • I think this is a piece of research that anyone with a brain knows, and won't be accepted by those without one.

    $.02: don't even have to read the article - just the post saying it's a perennial dupe
  • by StickyWidget ( 741415 ) on Thursday December 06, 2007 @11:50AM (#21598663)

    the Radialpoint Software[me:the security advisor maker], in its default configuration, does not block ads from third parties or Verizon or its affiliates and business partners, and may not identify as spyware certain websites and applications from Verizon and its affiliates or business partners, Radialpoint Inc. and/or Verizon and its affiliates have the right and do access and modify the Software as well as the software (including registry settings on your computer) and/or your hardware for various purposes in connection with the Verizon Internet Security Suite (e.g. for the installation and implementation of the Software and updates to it) as well as to download, install and/or gather, obtain, collect and then use, in relation to the delivery and operation of Verizon Internet Security Suite, various information and data, including information necessary to identify you and your computer to ensure that Verizon Internet Security Suite is received as well as information necessary for the reporting of this service, and (iii) use of such information and data by Verizon will be in accordance with Verizon's privacy policy.

    Lemme translate: This software collects data about you when you run it, will continue to collect data about you, and if Verizon's business partners happen to be skeeze, they won't warn you about their spyware. Do. Not. Want. By the way, by using their security advisor, I agree to use their "Internet Security Suite" as well. Which reports on me, and allows Verizon to edit settings on my computer. Sounds a little like remote access, yes?

    Here's another thing: On the installation page itself, it says "Administrator rights are required to install this software." So that means that this ActiveX has access to ALL KINDS of fun functions and methods. Who is to say this can't be hijacked and turned into a mal-ware infection source?

    ~Sticky
    /Cannot believe this made the front page of Slashdot.

  • Sales Pitch (Score:3, Insightful)

    by Frosty Piss ( 770223 ) on Thursday December 06, 2007 @11:50AM (#21598675)

    ...independent research study conducted for Verizon...
    In a related story, Verizon has a $29.95 / month package just for the consumer worried about this sort of thing.
  • Also note, that while 98% of the people walking on the sidewalk felt safe, 100% of them were vulnerable to attack!

    I've been using home computers for as long as there have been ghome computer. The number of viruses/Trojans:
    1 Trojan the was on a floppy being circulated for the Apple IIc.
    1 virus I compiled while doing security work.

    Until two years ago, I never kept a virus checking service on my pc. I just ran virus software once every couple of weeks.
    Two years ago I was contracting and some people freaked out
  • 95% of americans have a false sense of security when it comes to walking down the street and being vunerable to a mugging!!!!!
  • by zappepcs ( 820751 ) on Thursday December 06, 2007 @11:55AM (#21598781) Journal
    We do NOT need to protect our children from the evils on the Internet. We need to protect people in general. While the US might have more people who are gullible, there are gullible people all over the world. Computers are not simple to use and operate like a toaster, or other kitchen appliance. Even if they were, one look at the statistics of fire departments on the day before and the day of Thanksgiving should tell you that people, in general, are not competent to operate anything more complex than the shoestrings of their shoes.

    You can buy a car that costs less than some computers, but still need a license to drive it, and insurance in case you get into a wreck. Why should computing be any different? Oh, don't believe in the nanny-state? Well, stfu about kids needing protection from the evils of the Internet. Yes, give me that argument that motor vehicles are a life and death issue, or could be. I'll argue this, losing your identity or giving your life savings to some Nigerian prince is more or less a life and death issue, especially if you need that money in the near future for heart medicine.

    The point is, and well demonstrated in this report, that NOBODY is safe, and not just kids need some training and guidance. Using the Internet is not a game, and people should be taught better how to use it and avoid the pitfalls of modern life. If it sounds too good to be true, well it probably is. If someone is advertising it in an email, it probably is something you don't need or can live without. That goes also for television and other advertisements.

    I think that it is high time we, the human race, began to look at things a bit more intelligently. False sense of security? If it were not for Dept. of Homeland Security, most people in the US would think that flying was safe. This and other such campaigns are not about raising awareness or traning, it is about selling antivirus and antimalware software.

    Why this should come as a surprise to anyone is beyond me. How long did it take to get people to wear seatbelts? The public, at large, is wont to believe experts, yes, but this is true despite the news that those same experts are paid by large corporations more often than not, and have been shown to be less than 100% honest.

    How long before 'made in China' means it is a lethal device? (won't happen) How long before people riot in the streets because the food we eat is not labeled correctly? (won't happen). This is just one more thing that the US populace in particular is blissfully ignoring. If you have to spend 2-6 months salary on something, you tend to figure out how it works and treat it with care, take it in for tune ups and such. How many reading this know of one or more people that just go get another pc when theirs acts up, or becomes slow?

    Ranting done. If you can't get people to read directions on the kitchen appliances, or cleaning recommendations on the tag in their clothes, you can't protect them from the evils of the Internet. Who would have thought we'd need instructions (too small to read) on cigarette lighters to stop them from ending up in baby's mouths? or warning notes on coffee cups that the contents are hot? I don't want to imply that people are ignorant... but
    • "look at the statistics of fire departments on the day before and the day of Thanksgiving should tell you that people, in general, are not competent to operate anything more complex than the shoestrings of their shoes."

      This couldn't more true, thanks for putting a smile on my face today. :)
    • Congratulations....you've said what I would have if I had the proper words. I have immortalized you in a small fashion by putting your comments verbatim on the front page of my business site www.phaldor.net if you disagree with this, please let me know.
      • LOL, had I known it would be (gasp) read and repeated, I might have been more careful with my writing style. Go ahead, doesn't bother me a bit :)
  • Most people probably feel the same way in the real world.
  • I do not doubt the numbers this (and other) studies found concerning how secure machines are. HOWEVER, I believe they are testing the wrong thing. Let's compare their claims to a real-world security issue. Do you feel secure in your home? The majority of people would say "yes". But wait! We could conduct a study and discover that the vast majority of homes do not have break-proof glass windows. Many people do not engage the dead-bolt on their door when they leave. Many doors are not credit-card-proo
  • Danger is everywhere. Yet we live in a Nanny State because so many people do things without thinking, and are involved in things that they really don't comprehend the dangers that surround them. We live in a society that tries to protect the dumb from their stupidity, and the rest of us from the idiots we know everyone else are.

    The problem is, we don't let nature fix the problems anymore, but blame shift everthing away from where it actually belongs. We all know the lawsuits that have created this Caution L
  • Key point (Score:4, Insightful)

    by gillbates ( 106458 ) on Thursday December 06, 2007 @12:26PM (#21599275) Homepage Journal

    The interesting thing about these studies is that they often conflate "computer users" with "Windows users". The problem is, that as a Linux user, I have no need to run anti-virus software or a firewall. I know which services are running on my machine, and have accepted the security risk thereof. But, consequently, we, (and the Mac users) get counted in the insecure group because of the faulty study methodology.

    I really don't think most users expect their machine to be secure. Microsoft Windows has been insecure for so long now that getting hacked is just expected after a certain period of time. In fact, I had a rather interesting conversation with an anasthesiologist:

    Him: I'm thinking about buying a new computer. What kind should I buy...
    Me: (I rattle off some specs) Why?
    Him: Well, it's slowed down again.
    Me: Well, why don't you just run Linux.
    Him: Well, I do a lot of gaming. I figure you're going to have to replace your PC once a year, anyway.
    Me: Why don't you just format and reinstall, and get yourself a good virus scanner and firewall?
    Him: What, do all that work? And then I have to reinstall everything? No, I'll just buy a new PC.
    Me: But you're just going to have the same problem a later on. You'll get infected by a virus, etc... and you'll have to buy antivirus software.
    Him: No I won't - I'll just buy another PC. It's not worth my time to do all of that antivirus and firewall stuff...

    Words failed me at that point. But he did have a point. Most users believe that computers "just wear out" and slow down like an old automobile. They think that virus infection is a normal part of owning a computer.

    The problem isn't Windows, per se. It's that people don't expect any better.


  • These scan's are worthless. First they will keep beating on you about MS updates and stuff that not all of us want. Some of us still want to actually do real things with out PC's and don't appreciate the very large performance hit that comes with a full scan of our 50 gig raw video files before we can open them.

    Also as long as you don't browse porn with MS IE, something large percent of those vulnerabilities don't apply.

    Also if you are behind a NAT such as a linksys routers again a
  • We will only be free of nonsense like this study when the mainstream realizes that vulnerability is not the same as risk.

  • "More than half of *Windows* users who think ...."

    The fact that media, including jouranlists, seem to think that Windows == Computer (or PC) is a testament to the sorry monopolized state of the technology sector.

The more they over-think the plumbing the easier it is to stop up the drain.

Working...