Most In US Have False Sense of Online Security 161
BaCa sends along a link from Net-Security on a study of attitudes among Americans about the security of their PCs, versus their actual vulnerability. "More than half of computer users who think they are protected against online threats like spyware, viruses, and hackers actually have inadequate or no online protection, according to an independent research study conducted for Verizon... While 92 percent of participants thought they were safe, the scans revealed that 59 percent were actually vulnerable to a variety of online dangers. Ninety-four percent of those surveyed said they would find it helpful to be able to diagnose or check their online security status on a regular basis to make sure their PCs were safe."
Frosty Piss (Score:1, Insightful)
At least once a year... (Score:5, Funny)
Re: (Score:3, Interesting)
It would be on the anniversary of the signing of the patriot act.
So many political jokes to make about this...so little time to post them all
Re:At least once a year... (Score:5, Informative)
Increasingly, the attacks are made at the application level, not the OS level. The OS can protect itself from a non-administrative user, but cannot be expected to protect itself from an administrative user who has been fooled into doing something inappropriate. The AV and anti-malware SW try to protect against known issues, but it is a best effort sort of thing.
If you are browsing, do you have javascript, java, flash, etc. enabled? If so, you have the neat functionality, but you are very vulnerable to compromise by hostile / compromised web servers.
If you are running as a normal (non-administrative) user such compromise can compromise anything you do. If you are running as an administrative user such a compromise can compromise your system (in Vista, you would have to OK the UAC prompt).
If you open .pdf attachements or pdf's on web sites, is your pdf reader fully updated? Exploitable security issues have been found routinely in certain pdf readers.
If you open Microsoft Office documents, is your Office software fully updated? Numerous attacks have been launched via such documents. Office 2007 has far fewer vulnerabilities than Office 2003. Note that using OpenOffice does not inherently protect you. The same type of vulnerabilities exist in OpenOffice.
If you have Apple's QuickTime, do you keep it updated? It has had large numbers of vulnerabilities.
Then we can go into the world of media and games, where many vulnerabilities exist and all too often the application in question is internet facing.
If you want ease of use, feature richness, and dynamic extensibility, you are not going to have a high level of "security / assurance". A web world of static HTML without any scripting and limited media is quite safe - but it is not what the customers want. A similarily restricted application functionality set can be made truly safe as well, but is not what customers want. Users feel comfortable and safe with what they routinely work with, even if this is inherently dangerous. This is as true for computer users as it is for industrial / research workers, who tend to get a bit casual about even truly dangerous issues (I used to be an industrial safety officer in research laboratories).
Re:At least once a year... (Score:4, Insightful)
All the data that I actually care about compromising is in my user account so it's at risk no matter what. I suppose that I really should move my financial and other sensitive stuff to a different user account that never uses the internet. I don't know anyone who does that and I've never seen it in a list of security suggestions.
And I don't see anything that prevents my user account from being used in Denial Of Service attacks against external servers. Or that prevents my user account from attacking servers of any sort on my local PC or on the intranet. And what -- other than the fact that it's probably not necessary -- is to stop the virus maker from including a selection of privilege escalation exploits in his bundle of aggravation?
Overall, I think that the Don't_Run_As_Admin_And_You'll_Be_OK lot are another bunch of folks with a false sense of security. I'd fault them because unlike naive users, they should know better. (However, running as admin in a multiuser environment really does put other users at additional risk).
While we're talking about false sense of security, let's don't forget the smug Mac and Linux users. We don't need virus checkers. More accurate would be We don't need virus checkers yet. Both systems are built with the same flawed by design technologies used to build Windows. If we insist in coding in a language that permits buffer overflows, we are probably going to have buffer overflows. Same for many other attacks on sloppy/incomplete/nonexistent legality checking, etc. Carbon/Cocoa/Linux are by no means immune from these problems even if there are few current attacks.
I also strongly suspect that the biggest current positive factor preventing a total PC security meltdown is the use of NAT routing which strongly discourages unsolicited attacks on non-server PCs. What's going to happen when/if ipv6 comes along and NAT routing goes away?
Re: (Score:3, Interesting)
I have kids who use my systems. They run under normal accounts (The biggest security advantage of Vista is that normal accounts run well, unlike XP) and hence can mess up their own accounts, but are not so likely to mess up my account.
User a
Re: (Score:2)
Linux doesn't need virus checkers for a simple reason: The distribution of executable code is much different than on Windows.
Viruses on Windows distribute mainly through mail attachments these days. On Linux where you need to save and chmod +x a file the barrier to entry is much higher. Linux users also for the most part don
Re: (Score:2)
Note that I'm not claiming Linux can't be rooted. Duh, of course i
Re: (Score:2)
Furthermore, it quite possible that 'respected' sites are serving malware without even knowing it [cnet.com.au].
So what happens if a respected site, is serving drive-by-download [didierstevens.com] ads from google adsense?
Re: (Score:2)
Thus something akin to this exists with Vista for the enterprise sp
Re: (Score:2)
Re: (Score:2)
All my DVDs and videotapes were stolen recently. As none of the windows or door locks seem to have been compromised, it was surely an inside job - someone I'd trusted. You remployer likewise is more likely to have the system compromised from the inside than from an outsider breaking into your servers.
Does this mean I shouldn't have locks on my doors? Of course not. But like a corporate IT breakin, the worst
Re: (Score:2)
Verizon + online bank security (Score:4, Funny)
*ducks*
Re: (Score:2)
Old news (Score:5, Insightful)
It's not like this hasn't been noted before: PEBKAC Still Plagues PC Security [slashdot.org]. Your average user firmly believes what they are told by "experts" or the guy who sells them the computer. They are not web-savvy and don't dig into the background on computer security. They think that all they have to do is run their spyware remover and update their anti-virus and their fine. Heck, too many don't even know they have such utilities, and if the do know, aren't actually aware if they are running or not!
Computer security must be taken out of the hands of the user where the user is likely to not have a clue how it works.
Re: (Score:2)
Exactly. As if removing the spyware also went back in time and actually prevented the spyware from HAVING SPIED on you already!
Re: (Score:3, Interesting)
Same with viruses.
The big problem is that people believe the hype..
"Windows $version is the most secure windows ever!"
"$program makes your machine secure"
Rather than being vigilant, they believe the hype around some product claiming to take away all the security risks.
End users really need managed workstations, managed by people who know what they're doing.
Or perhaps kiosk style systems for browsing, booted from
Re: (Score:2)
A friend told me that his computer at work is filled with viruses because his coworkers always ask him to read chain mails and stuff. When a message pops up about a dangerous program, they tell him: "Hit OK, the computer's protected by an antivirus, so no problem".
As if the antivirus actually prevented the programs from doing harm once they begin executing.
The sad part, is that he can't enforce
Re: (Score:2)
They've convinced people that viruses, unreliability, security holes, having to run a stack of anti this anti that programs that cripple performance etc, are just "how it is"...
The world now thinks that computers are horrendously unreliable insecure buggy and over complicated devices, all thanks to microsoft.
It does help Apple tho, i know quite a lot of people who thought like I described above, and once they were finally convinced to buy a mac, were absolutely overjoyed and neve
Re: (Score:3, Insightful)
Not as useful as a good sense of paranoia, but quite useful.
Re:Old news (Score:5, Funny)
That's why you need a Mac. It has a Time Machine.
Re: (Score:3, Interesting)
But then you have the problems of
(a) who do they trust to do it. Part of the reason for this problem is that the user is too trusting, and will download/run anything properly "padded" with the right context. What's to keep them from trusting Joes Bot Shop for their security?
(b) when they do need something setup/installed quickly, it could be problematic for them to wait for the person/people
Re: (Score:2)
My idea is that the security has to be built-in. An application, web or standalone, has to be built to be secure enough that it would not require the user's intervention (or outside third-party software) to secure it. As to the user's too dumb not to click on links in Viagra emails, well I'm of two minds. On the one hand, the Darwin idea -- if you're not smart enough to avoid the pitfall, then natural selection takes over and your computer is hash when it gets overrun by viruses/trojans. On the other hand,
Re: (Score:2, Interesting)
You have the trade off of "flexibility" and "security".
As a rough example - if a user downloads and runs this in their system:
fixed for lameness filter
START
bashbang/bin/sh
STARTUPS EQUALS ".bashrc
bash create our h4x0red bin dir
mkdir tilde/.bi
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
If I'm working on my system and I find I don't have an advanced photo editor that I want/need, I could not install it on my system with what you described, UNLESS there was a way around the unwriteable execution directories - and in that case the hackers could get around that too.
Re:Old news (Score:5, Insightful)
Re: (Score:3, Interesting)
That's my point. Security should be something that is taken out of the hands of the average user. They shouldn't be expected to become security experts. They should be taught how to be a little more web-savvy. I hear a commercial all the time on the radio in NYC for CyberStreetSmart.org [cyberstreetsmart.org], which is run by the New York Public Interest Research Group (NYPIRG), trying to do just that. The commercial is compelling because they say (paraphrasing) "If someone came up to you on the street and said they had a million
Re: (Score:2)
The fact is, the average user shouldn't have to be "computer savvy" and running spyware cleaners should do just that. Blaming "average users" for the fact that roadway dangers exist is missing the point.
I'll agree with that sentiment to a point, but only to a point.
The fact is, the average car driver shouldn't have to be "car savvy" and autopilot functions should do just that. Blaming "average drivers" for the fact that such dangers exist is missing the point.
To say that end users shouldn't have to concern themselves with the details of computers on an untrusted network is to say that the computer should have a bullet-proof security system, it should be an appliance as trouble-free as a clothes-iron. Security is not a product, it's a process; the security landscape is not static, it is ever-changing. Couple this with the general dynamic that security is inversely proportional to convenience, a
Re: (Score:2)
Scarier than people without antiviruses though, are the people who think that just having an antivirus (any antivirus) protects them. Partly you have p
Like it or not .... (Score:2)
When you think about it, the entire idea of naming these mal-ware programs "virii" is all part of the marketing game. The average user understands how colds/flus and other infections
Stone Cold had it right (Score:1, Insightful)
Re: (Score:2)
Completely content-free (Score:5, Insightful)
And by "personal firewall" do you mean that POS built into XP, or the POS from Symantec? Or do you mean the router firewall?
Re: (Score:1)
I have absolute faith (Score:3, Funny)
this missive is stored on a secure server.
My name is Milo T. Farnsworth, D.O.B 27/07/1974 My Switch number is 3975-4438-0098-2310, expry 04/09
Please take care of this, I will be on an extended trip for the next 2 months, during which I will require great use of my $10,000 credit limit.
Re: (Score:2)
Online security - HA , Stolen 1949 Chevy Saga (Score:3, Interesting)
Re: (Score:1)
XP (Score:3, Insightful)
Re: (Score:2)
Only with SP2. But you can bet a lot of folks aren't using SP2, or even Windows XP, for that matter. Windows 2000, 98, 95, ME ... they're all still out there; Microsoft has stopped supporting them, and in many cases, so have software developers.
Re:XP (Score:5, Insightful)
Most people have a yellow light on their dashboard that tells them when they are running low on gas, and yet people still run out of gas. I suspect most people wouldn't know what the green light meant if you asked them.
Re: (Score:2)
Re: (Score:2)
How about if almost all articles everywhere, tell people that malware exploit xxxxx works only on computers running Windows? Would users not eventually conclude from that to make their next computer one that runs something OTHER than Windows? Maybe that is why Mac and Linux users rightly feel pretty secure. Has anyone here ever read an article in a reputable computer rag reporting the actual infection of millions, thousands or even hundreds of com
The best protection is a smart user. (Score:5, Insightful)
Re: (Score:2, Informative)
You obviously do not pay too much attention to the news. There was one just released that had to do with Quicktime and Firefox. I know of several others where Firefox was either named specifically or generally, and why do you think they update their browser so often? More features? Get real dude, most of those updates are SECURITY VULNERABILITY fixes.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Think of it this way, if you don't use a condom (or similar birth control dev
Re: (Score:2)
The tag on my penis has the following:
In consideration of God, creator of the universe issuing a guarantee to the owner of this penis in accordance with arrangements made under the creation of the universe regarding the biology of mankind done at planet earth on the 1st of January 0000
Re: (Score:2)
Re: (Score:2)
Seriously, If you want to browse the web without AV and feel safe. Shell into your favorite Linux box and browse with "Links" [sourceforge.net]
The stealthy malware... (Score:2)
And probably, you're among the few that indeed don't have virus running on their machine.
Most likely because, as you said, you *DO* have a brain and actively try to limit your exposure to sources of malware (unusual websites that could exploit bugs to install malware without your interaction, opening untrusted attachmetns, and all other example you give).
(Note in addition to ru
What am I supposed to do? (Score:5, Interesting)
What else can I do?
My wife is constantly playing and downloading games from the internet. No doubt she is polluting machines on our network.
Basically my approach to security on my home machines is I wipe them and rebuild them every 6 months or so, in case there is some hidden malware on there that has turned my machine into a zombie.
What I would really like is a "smart firewall" I could buy and put in place of my current firewall. This device would monitor all network traffic going in and out of my house, and it would stop the bad things from going through. It could even be a service whereby the device is managed by some security firm and I pay them to protect my network through this device.
Hear hear... (Score:2)
I've got a cousin that calls me up about twice a year because she ran a game she downloaded off the internet and it trashed her system. She's got the same, firewall, spybot and AVG and I've instructed her on safe computing habits...
I run all that AND firefox and I still got infected
Re: (Score:3, Informative)
If you screw up your own account, wipe that user's files, the rest of the system should be fine and you can re-create the user.
Re: (Score:2)
You're on the wrong site (Score:1)
Re: (Score:2)
There, you got it. Reason to complain about the biased slashdot-crowd consisting of ME.
Re: (Score:2)
Apparently twitter and erris slept in this morning.
Re: (Score:2)
If only we had some way to differentiate "good traffic" from "bad traffic". Something like RFC 3514 [faqs.org]...
I'm always surprised by that answer (Score:2)
Basically my approach to security on my home machines is I wipe them and rebuild them every 6 months or so, in case there is some hidden malware on there that has turned my machine into a zombie.
I find it shocking that Windows users just accept that as part of the cost of doing business. Can you imagine a Linux distro suggesting you reinstall every six months? No cracks from Ubuntu users which releases on a six month cycle. You get my point. MS would have a field day with that.
Every virus infected Wi
No choice. (Score:2)
My home PC is primarily for entertainment (games). If you want to play games on your PC, it means you have to run Windows. I understand some of the emulators are getting pretty good for Linux these days, but I'm skeptical about it 1) working and 2) not taking a performance hit.
If all I did was surf the web and read email I'd be all over Linux.
Easy to do, thanks to RFC 3514 (Score:3, Funny)
Re: (Score:2)
Try downloading untangle.
Wiping (Score:2)
Which strikes me as the counsel of despair, but in a world of stealthy malware where you can get infected by simply viewing a video, I can't bring myself to say it's absurd.
94%? (Score:4, Insightful)
There is no single answer here. Affordable (or free) antivirus software that actually works would be a start, providing it isn't on the McAfee/Norton bandwagon of getting you to pay for a subscription and using up a fair amount of resources when running. There are good community-governed host file lists which can be a real help on many different levels - adware, phishing, malware, viruses, and some of the more onerous types of advertising. User education about basic practices is key - I'd like to see some Public Service Announcements on this, in the style of some of the American Lung Foundation's 1970's PSAs.
I have to tell people over and over: "It doesn't matter if you trust Jackie not to send you a bad file. You also have to trust that Jackie is vigilant about computer security, and that she knows a lot about the subject. You also have to trust that her computer hasn't been compromised, or that her e-mail isn't a spoof, which requires you to understand a lot about message headers at the very least. Is an animated stripper dancing on your start bar really worth the risk?"
I think there's a more telling bit of evidence ... (Score:5, Insightful)
When they answered yes, why bother to go any further? In my mind, they're obviously potentially victims for spear-phishing types of attacks.
I know I'm secure (Score:5, Funny)
Re: (Score:2)
Whatever gets you through the day (Score:2)
In Other News (Score:4, Funny)
Re: (Score:3, Funny)
headline (Score:2, Insightful)
There, fixed that for you.
Sensationalistic much? (Score:2)
The world is a dangerous place. Somehow, I think that humanity will soldier on nevertheless....
lulz (Score:4, Interesting)
Re: (Score:2)
For Windows users. (Score:1)
There are always ways around. (Score:2)
*** DO NOT RUN THIS UNLESS YOU ARE STUPID *****
#!/bin/csh
set uname = `whoami`
if $uname == 'root' then
echo "Installing..."
while (1)
echo "YOU HAVE BEEN FOOLED" >>
else
echo "You need to run this program as root"
end
N
Re: (Score:2)
Must have a false sense... (Score:2)
Most in US have false sense of security: News @ 11 (Score:2)
$.02: don't even have to read the article - just the post saying it's a perennial dupe
I Smell Corporate Marketing, and /. fell for it (Score:3, Informative)
Lemme translate: This software collects data about you when you run it, will continue to collect data about you, and if Verizon's business partners happen to be skeeze, they won't warn you about their spyware. Do. Not. Want. By the way, by using their security advisor, I agree to use their "Internet Security Suite" as well. Which reports on me, and allows Verizon to edit settings on my computer. Sounds a little like remote access, yes?
Here's another thing: On the installation page itself, it says "Administrator rights are required to install this software." So that means that this ActiveX has access to ALL KINDS of fun functions and methods. Who is to say this can't be hijacked and turned into a mal-ware infection source?
~Sticky
/Cannot believe this made the front page of Slashdot.
Sales Pitch (Score:3, Insightful)
Oh jeez (Score:2)
I've been using home computers for as long as there have been ghome computer. The number of viruses/Trojans:
1 Trojan the was on a floppy being circulated for the Apple IIc.
1 virus I compiled while doing security work.
Until two years ago, I never kept a virus checking service on my pc. I just ran virus software once every couple of weeks.
Two years ago I was contracting and some people freaked out
zomg muggers (Score:1)
It bears repeating here,at this time (Score:4, Insightful)
You can buy a car that costs less than some computers, but still need a license to drive it, and insurance in case you get into a wreck. Why should computing be any different? Oh, don't believe in the nanny-state? Well, stfu about kids needing protection from the evils of the Internet. Yes, give me that argument that motor vehicles are a life and death issue, or could be. I'll argue this, losing your identity or giving your life savings to some Nigerian prince is more or less a life and death issue, especially if you need that money in the near future for heart medicine.
The point is, and well demonstrated in this report, that NOBODY is safe, and not just kids need some training and guidance. Using the Internet is not a game, and people should be taught better how to use it and avoid the pitfalls of modern life. If it sounds too good to be true, well it probably is. If someone is advertising it in an email, it probably is something you don't need or can live without. That goes also for television and other advertisements.
I think that it is high time we, the human race, began to look at things a bit more intelligently. False sense of security? If it were not for Dept. of Homeland Security, most people in the US would think that flying was safe. This and other such campaigns are not about raising awareness or traning, it is about selling antivirus and antimalware software.
Why this should come as a surprise to anyone is beyond me. How long did it take to get people to wear seatbelts? The public, at large, is wont to believe experts, yes, but this is true despite the news that those same experts are paid by large corporations more often than not, and have been shown to be less than 100% honest.
How long before 'made in China' means it is a lethal device? (won't happen) How long before people riot in the streets because the food we eat is not labeled correctly? (won't happen). This is just one more thing that the US populace in particular is blissfully ignoring. If you have to spend 2-6 months salary on something, you tend to figure out how it works and treat it with care, take it in for tune ups and such. How many reading this know of one or more people that just go get another pc when theirs acts up, or becomes slow?
Ranting done. If you can't get people to read directions on the kitchen appliances, or cleaning recommendations on the tag in their clothes, you can't protect them from the evils of the Internet. Who would have thought we'd need instructions (too small to read) on cigarette lighters to stop them from ending up in baby's mouths? or warning notes on coffee cups that the contents are hot? I don't want to imply that people are ignorant... but
Re: (Score:2)
This couldn't more true, thanks for putting a smile on my face today.
Re: (Score:1)
Re: (Score:2)
Safe to say... (Score:2)
Testing the wrong thing (Score:1)
Danger (Score:2)
The problem is, we don't let nature fix the problems anymore, but blame shift everthing away from where it actually belongs. We all know the lawsuits that have created this Caution L
Key point (Score:4, Insightful)
The interesting thing about these studies is that they often conflate "computer users" with "Windows users". The problem is, that as a Linux user, I have no need to run anti-virus software or a firewall. I know which services are running on my machine, and have accepted the security risk thereof. But, consequently, we, (and the Mac users) get counted in the insecure group because of the faulty study methodology.
I really don't think most users expect their machine to be secure. Microsoft Windows has been insecure for so long now that getting hacked is just expected after a certain period of time. In fact, I had a rather interesting conversation with an anasthesiologist:
Him: I'm thinking about buying a new computer. What kind should I buy...
Me: (I rattle off some specs) Why?
Him: Well, it's slowed down again.
Me: Well, why don't you just run Linux.
Him: Well, I do a lot of gaming. I figure you're going to have to replace your PC once a year, anyway.
Me: Why don't you just format and reinstall, and get yourself a good virus scanner and firewall?
Him: What, do all that work? And then I have to reinstall everything? No, I'll just buy a new PC.
Me: But you're just going to have the same problem a later on. You'll get infected by a virus, etc... and you'll have to buy antivirus software.
Him: No I won't - I'll just buy another PC. It's not worth my time to do all of that antivirus and firewall stuff...
Words failed me at that point. But he did have a point. Most users believe that computers "just wear out" and slow down like an old automobile. They think that virus infection is a normal part of owning a computer.
The problem isn't Windows, per se. It's that people don't expect any better.
Re: (Score:2)
The scans revealed, what a load (Score:2)
These scan's are worthless. First they will keep beating on you about MS updates and stuff that not all of us want. Some of us still want to actually do real things with out PC's and don't appreciate the very large performance hit that comes with a full scan of our 50 gig raw video files before we can open them.
Also as long as you don't browse porn with MS IE, something large percent of those vulnerabilities don't apply.
Also if you are behind a NAT such as a linksys routers again a
Vulnerability != Risk (Score:2)
Correction (Score:2)
The fact that media, including jouranlists, seem to think that Windows == Computer (or PC) is a testament to the sorry monopolized state of the technology sector.
Re: (Score:1)