Most Users Think They Have AntiVirus Protection, While Only Half Do

SkiifGeek writes "A survey carried out by McAfee and the NCSA found that while more than 90% of users believed that they were protected by antivirus or antimalware products that were updated at least once a week, only 51% actually were. 'Even with significantly growing awareness by everyday users of the need for efficient and effective antivirus / antimalware software, and the increasing market penetration achieved by the security industry, the nature of rapidly evolving Information Security threats means that the baseline of protection is outstripping the ability of users to keep up (without some form of extra help).' The study is available online in PDF format. What sort of an effect does this sort of thinking, and practice, have on the overall security of your systems, networks, and efforts to educate?"

How is this new?

[quanticle]

New computer users forget to update antivirus. In other news water is wet, and fire is hot. Film at 11...

It's the AntiVirus companies fault

[Mattwolf7]

It's the antivirus/computer companies fault, since they switched to giving people with new computers only 30-60 days of protection when they would give you a full year or even software that never expired... People think they still get full service when they buy a computer that they did 2-3 years ago.

PEBKAC

[Kjella]

I run Windows. If I don't have anti-virus or the definitions are out of date (last time this summer when I was away for a few weeks) it'll nag. Same if I disable my firewall just to see if the reason an application isn't working is because I've blocked something I shouldn't have. It really doesn't get any easier than that, if they're not running updates they must have disabled everything themselves, and there's really nothing you can do with users that insist on shooting themselves in the foot because the safety is annoying.

Re:How can that be?

[Simply Curious]

Most commercial programs only come with a subscription for one or two years. After the time is up, people might forget to resubscribe or figure that it's not worth the cost.

Re:How can that be?

[Jugalator]

I, like another commenter, think it's because of OEM's so often shipping AV trials that expire and they misunderstanding and think "having antivirus included" meant having it all along. Users would probably be less confused if OEM's didn't include any antivirus at all, or offered a lifetime subscription for some extra cost.

I used to run a small computer repair business.

[Silverlancer]

In the very early 2000s, when I started my business, most of my "problems" involved dealing with Windows 98 crapping out or computers just grinding to a halt from overbloatedness and installation of a few too many Bonzi Buddies. Often I was asked to help install antivirus software. But they almost never had viruses.

A few years later, almost all the computers I worked on had antivirus and/or antispyware software... yet almost every single one had some sort of virus, usually a botnet-style worm, or at least loads of spyware. In my opinion this is proof that viruses are something one can only avoid through overall system security and, most importantly, knowledge about computers--no antivirus will protect you if you cannot protect yourself.

ISP incomplete advertising partially to blame

[Anonymous Coward]

While doing tech support for some family and friends I have come across this. I would ask them what AV program they were using, and they would state, "Whatever my ISP is giving me" I ask for more info and they tell me that their ISP told them they get free antivirus with their service. I asked what program they installed, and they would respond with a blank stare.

From what I have gathered, half believe the ISP installed and updates their AV in the same way Microsoft works. They believed that the ISP installed AV when they set up service and that the AV program gets updated the same way MS updates their system. The other half believe the ISP runs antivirus for them on the line so they do not need anything installed.

When I inform them that they need their own, they ask how much. I inform them of AVG and ClamAv* and that those two are at no cost. They then state they cannot be any good if they are free and they go buy either Norton or McAfee.

*I am now Linux only, so I am not familiar with current Windows AV programs. I have Clam on a few systems and AVG on a few others.

Re:Virus Protection

[tsjaikdus]

Same for me. Until I was given a free copy of Kaspersky from my provider. It's like looking at your own intestines after having spent a 6 year period in the rainforests of Borneo.

Re:How can that be?

[jawtheshark]

Think again! Most budget computers come with a 30 day trail. Don't pay that one, and you're screwed... If you pay, you are screwed too because those Antivirus programs (Symantec, I'm looking at you) are crappy overpriced products.

Your only hope is knowing a Geek/Nerd that is willing too help. Contrary to popular belief on slashdot, not everybody has that luxury.

Re:How is this new?

[Anonymous Coward]

No, the problem is that you get a free year trial when you buy a new computer. People get annoyed when it starts asking you to update all the time, and turn off the "remember to register" reminders. Then the year passes, and they have a very out of date antivirus running that does no good, but they think they are protected because it still churns away acting like it's doing something.

Re:How can that be? Easy

[jawtheshark]

On the other hand, the virus update doesn't seem to work unless the administrator is logged on.

The you have a crappy antivirus program. Even AVG Free does this in Limited User. I used Limited User everywhere on my computers, I rarely log in as Admin. Of course, I do have the knowledge to set up a machine that way. Something most -normal- people cannot...

Re:How can that be? Easy

[Urd.Yggdrasil]

I have attempted to run as a limited user on my home PC, but almost every program I use (mainly PC games) requires admin rights for some stupid reason; if people would make there programs use user spaces instead of system spaces then this would be much more feasible for more people.

Re:Do you even need antivirus?

[Dunbal]

But I've never gotten a virus, not once.

      Sorry but how do you know, if you haven't used anti-virus software in years? Do you expect a little flag to come up saying "help help I'm infected, get an anti-virus program!"? You could be infected and not even know it.

Re:It's the AntiVirus companies fault

[ScrewMaster]

If you want to assign blame, I'd say it's a certain operating system vendor's fault. Granted, no operating system is immune to malware, but at least if the bar were raised a bit higher we might not see so much of it.

most people "think" or most people "say"?

[snsh]

The survey results are probably bogus. A lot of people who don't have antivirus software will lie and say "of course i do", either out of embarrassment or avoid a sales pitch.

Its not the 30 day trials...

[webmaster404]

People think that a Firewall is going to protect them and because Windows ships with a (low security) firewall they think they are protected. Also, it seems that the people who are unprotected aren't those that have low risk systems,I have had people on Dial-up pay for an anti-virus for checking their e-mails. And people who go online a ton seem to be unprotected. Ill admit, when I was on Windows all I had was ad-aware (free) to check for spyware every now and then. It only got really infected once. Then I switched to a Linux system and am very happy that the security risks are minimal all I really have to do is put chkrootkit on cron, install the updates, and set up iptables and Im mostly fine save I don't run unknown binaries or shellscripts. And because the code is open, I don't have to worry about installing software from the package manager because I know that someone has looked at the code and If I really want to I can look at the code and compile it from source. Unix security owns Windows insecurity

Re:How is this new?

[Billy the Impaler]

The real issue is that people buy computers with software pre-loaded. Among this is an antivirus or a trial for the same. After a while this quits working but the system tray icon still sits there whining about things occasionally. Users click through whatever the annoyance is and continue on their merry ways, thinking that that "picture by the clock" is doing something to protect them. Education is the solution; users can learn about free alternatives to paid antivirus software, why Windows needs an antivirus program, and about what they need to be wary.

Re:How can that be?

[djl4570]

Lots of dial up users will disable auto update because the updates take "too long to download." Then they neglect to manually update the software. Antivirus software is becoming antisocial nagware as well which will cause many users to disable the features either incrementally with rules or just turn it off and forget to turn it back on. I've been frustrated with product quality over the years and have changed products several times since 2000. I dumped McAfee because I despised the business practices of NAI, then dumped Norton because of the "elephant in the livingroom" footprint and the frequent forced reboots when it updated. Trend got the boot this year for excessive and unnecessary overhead (Moving a bunch of zip files from one folder to another on the same volume should not require scanning every file.) Now Kaspersky is nagging every time I launch an existing application because of registry access. It even nagged me about svchost. Many users would just give up and not replace the product. They just disable it and forget it's disabled.

Re:PEBKAC

[LordSnooty]

Just watch a novice use a computer. They don't need to be a 'novice' as such, just someone who doesn't understand how they work. They become desensitised to the popups. They'll gladly click through them without paying any attention to what they say. They accept it as part of the everyday running of the computer, what you have to do to get into your email. This is why when helpdesk operators ask what the problem is, many reply "there was an error". When you ask what the error said, they say "I don't know I just clicked past it". Message boxes have become ineffective as they are roundly ignored by up to 50% of computer users (based on 75% running XP)

Re:ISP incomplete advertising partially to blame

[Telvin_3d]

Here is what I tell people about AVG to get them over the 'free' thing. Just say that AVG's real business is anti-virus for big business. They give their stuff away free to normal people because it helps lower the total number of viruses on the internet. That makes their real job easier.

People are happy with anything they can attribute SOME sort of selfish motive to.

Re:How can that be?

[Anonymous Coward]

Why should he have to improve the AV product? Or determine a fair price?

All he was doing was pointing out that most of the antivirus software that comes bundled with computers these days is crappy bloatware.

Frankly I'd rather have a virus or trojan installed on my computer (provided it wasn't a keylogger) instead of McAfee or Symantic AV products. It'd surely consume less system resources.

Re:Windows AV Programs

[roguetrick]

My college recognizes the danger of letting infected PCs on the network, forces us to pay for Symantec with our tuition.

Fixed that for you.

The Horrible Graph

[malvidin]

I know I shouldn't have, but I read it. Did anyone else notice the huge difference between 87% and 88% in the graph?

Also, who here would allow a "survey group" have access to conduct a remote scan on their computer? Methinks this survey is skewed, even if (especially because) they used quotas.

Re:How can that be?

[arminw]

.....The Uninstalls shipped with the software should work,.....

On Mac OSX, most programs don't come with an uninstaller, since that is unnecessary. Just drag the program to the trash ... empty trash ... there, it's uninstalled. Why can't Windows have it that easy? Also, other than a few experimental proofs of concept there STILL isn't a virus in the wild, that infects Macs. Now let the market share replies begin.