Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security

Most Home PC Users Lack Security 349

Posted by Zonk from the think-then-play dept.
Ant writes "CNET News.com and MSNBC report that a survey of home personal computer (P.C.) users found 81 percent lacked at least one of three critical types of security. However, the number of consumers using firewalls and updated antivirus software is improving, according to a report released Wednesday. The vast majority of consumers surveyed were found to lack at least one of three types of critical security--a firewall, updated antivirus software or anti-spyware protection, according to a report by America Online and the National Cyber Security Alliance. Of this group, 56 percent had no antivirus software, or had not updated it within a week, while 44 percent did not have a firewall properly configured, according to the report. Meanwhile, 38 percent of survey respondents lacked spyware protection..."
This discussion has been archived. No new comments can be posted.

Most Home PC Users Lack Security More

Most Home PC Users Lack Security

Comments Filter:

  • lacking security? (Score:5, Funny)

    by BushCheney08 ( 917605 ) on Thursday December 08, 2005 @08:50AM (#14209745)
    Whatya mean? I got my blanket right here...

  • Bad metric (Score:5, Insightful)

    by SilverspurG ( 844751 ) * on Thursday December 08, 2005 @08:51AM (#14209748) Homepage Journal
    After witnessing how easily most consumer firewalls were abused by Sony's DRM I'd say that firewalls are no longer an indicator of computer security. At least on the Windows platform.

    • Re:Bad metric (Score:2, Insightful)

      by LiquidCoooled ( 634315 )
      A Software firewall offers no protection against processing operating under administrator credentials.
      They can be efficient at deflecting standard threats, but without the other half of the software protection coin (anti-viral) they are lacking.

      When recommending a firewall for home users, try to explicitely push for a hardware layer :)
      • Software firewalls useless? How about a software firewall running with admin/root credentials then? And wtf do u think is running on a seperate hardware firewall? Software, probably decent software like a secure OS.

        Also anti-virus has nothing to do with firewalls, they are for different security threats.

        • Re:Bad metric (Score:2, Insightful)

          by LiquidCoooled ( 634315 )
          If you run a software firewall in ANY operating system within the same computer, then any administrator/root users on that computer can modify the settings of that firewall at will. A malicious program could automatically insert rules allowing its own access into various firewall programs (for instance in windows there is an API for allowing software through the default builtin firewall, and config files are available for the other vendors)

          If you run a seperate hardware firewall then to change the settings

          • Re:Bad metric (Score:4, Interesting)

            by TheRaven64 ( 641858 ) on Thursday December 08, 2005 @09:25AM (#14210016) Journal
            If you run a software firewall in ANY operating system within the same computer, then any administrator/root users on that computer can modify the settings of that firewall at will.

            If you run OpenBSD at securelevel 1 or above then even root is not able to modify files who have their system immutable flag set - a category into which pf.conf often falls. If you run at securelevel 2 then no program can modify the NAT or firewall rules. I tend to run at securelevel 2, and it doesn't seem to get in my way other than requiring an extra reboot when I upgrade my kernel (I need to reboot to set the securelevel to -1 before I can modify the kernel).

      • Re:Bad metric (Score:4, Informative)

        by SilverspurG ( 844751 ) * on Thursday December 08, 2005 @09:08AM (#14209888) Homepage Journal
        Absolutely. The most effective firewall that I have is a not wireless four port home router that sits between the cable modem and my NAT box.
        • Does it restrict outgoing connections?

          I like the fact that my hardware firewall/router blocks any unsolicited incoming connection, but I wish I could use it to control which applications get to send data out.

          I'm currently using a software firewall for this, however one thing I don't like about it is that it doesn't tell me which ports an application is using. I only know if an application wants to send data across the network or not. I remember I got hit with the MSBLAST worm. I immediately realized I w

        • You know it. You can get a Linksys Router for about 50 bucks at Wal-Mart. I just picked one up to save a friend of the family fro dealing with Norton's bullshit intrustion detection, which for some off reason started blocking the user from surfing the internet.

          Personally, I think ISPs are to blame for the lack of security out there. They are the ones hooking DSL and Cable modems out there directly to machines. They should offer cheap routers to their customers.

    • Re:Bad metric (Score:5, Insightful)

      by BRSQUIRRL ( 69271 ) on Thursday December 08, 2005 @09:07AM (#14209863)
      I agree, but for a different reason: this study doesn't take into consideration the skill of the user. It simply measures the presence or absence of certain security tools. Education and discipline are security measures as well. I have a NAT router as a firewall, but I run no antivirus or anti-spyware software, mainly for performance reasons. I haven't gotten any spyware in a long time and (to my knowledge) have never been infected by a virus/trojan/worm...and this is on a Windows machine.

      I don't open attachments, I only install software that I have researched and found to be spyware-free, I don't use Internet Explorer, I keep Windows XP updated, and I stay educated on the latest exploits/threats out there.

      I think that for the average user who isn't willing to make a commitment to these things, legalistic use of security tools is necessary, but the study incorrectly assumes that "no antivirus" = "p0wned".

      • Re:Bad metric (Score:5, Funny)

        by dwandy ( 907337 ) on Thursday December 08, 2005 @09:22AM (#14209994) Homepage Journal
        boy, won't you be pissed when you log in later and discover that your computer has already posted to /.
      • That's a good point. My desktop windows box, which I use almost exclusively for games these days, has got the free version of AVG installed on it, is indifferently patched, has the windows firewall enabled, and nothing else.

        If it were directly connected to the internet, I would view that machine as hopelessly insecure. Hell, if I checked my email on that machine, I would consider it hopelessly insecure.

        But since I don't check my email on that box, and I don't browse the web on that box, and since it's downs

      • Re:Bad metric (Score:2, Interesting)

        by CptPicard ( 680154 )
        You are absolutely correct. I do "tech support" for most of my friends and family, and I always recommend getting a NAT box between them and their ADSL line, keeping automatic updates on in Windows and not doing anything stupid, such as opening suspicious attachments. That's it. No problems for me or then, ever, and if there are problems, it's almost always their fault because they didn't follow the last rule.

        The last time I saw my cousin's laptop it was so stuck on something that it wouldn't even manage to
      • "keep Windows XP updated" and consequently keep the internal software firewall enabled, which explains why your machine i still working. Note however, that if your machine has only one or two spy applications running, it will not affect performance enough that you will notice.
      • Pretty much the same here.

        Whenever I tried an anti-virus, they caused performance degradation far worse than any spyware I ever caught and never found any virus so I always uninstall anti-virus software as soon as I am done with my occasional scan - new versions will be out by the time I scan again anyway. As for spyware and the rest, I now usually install and test software on a spare PC before putting it on my laptop and primary desktop - worst case I can simply re-image the spare PC's drive if something n

      • I run no antivirus or anti-spyware software, mainly for performance reasons.

        Real-time scanners can, indeet, hurt performance. Most people wouldn't notice a performance hit in most applications & the scanners can be temporarily suspended for applications which are exceptions. A non-realtime scan can be done at any time when performance doesn't matter & would provide you with some measure of safety.

        I haven't gotten any spyware in a long time

        I would be surprised if the aggressive adware/spyware progr

      • Re:Bad metric (Score:4, Funny)

        by hackstraw ( 262471 ) * on Thursday December 08, 2005 @10:50AM (#14210726)
        I think that for the average user who isn't willing to make a commitment to these things

        Tell me about it.

        For security and performance reasons for my car I had to do a number of things. I have replaced the default engine with a more powerful one. I have installed bulletproof glass. I have reinforced the undercarriage and roof and and doors to curtail an assault. I have runflat tires. The air intake extends 6 feet off the ground in case of flooding. I take it weekly back to the 3rd party "fixer upper" guy to make sure everything is still in tact. I always travel in the middle of a six car convoy to buffer myself from the front and behind. And I surely reinforced the firewall between the engine and the interior of the car.

        I don't have to wear a bulletproof vest because of these precautions, and I have never been shot that I know of.

        I think that for the average driver who isn't willing to make a commitment to these things, legalistic use of armor is necessary, but the study incorrectly assumes that "no armor" = "dead".

        Oh, BTW, for security on my computers I just plug my Mac into the wall and either use a wired or wireless network connection. After all I go through traveling from point A to B, why would I screw around with my computer?

    • Agreed (Score:5, Insightful)

      by porkThreeWays ( 895269 ) on Thursday December 08, 2005 @09:18AM (#14209972)
      I agree. Consumer anti-virus,firewalls, and anti-spyware are not a good metric of security. Most people can't stand blocking and unblocking programs for their outgoing firewall all day. And really, the average consumer doesn't know what's safe and unsafe. Incoming protection is pretty pointless too since so many computers are behind a nat router. Anti-virus provides protection for old viruses, but the 0-day mass speading ones generally beat anti-virus anyway. Anti-virus provides retroactive protection of viruses already written. It doesn't generally provide a means of stopping a suspected virus. I've seen some that can, but the general home user anti-virus doesn't or requires training from users not skilled enough to train it. On top of that, there's so much political bullshit that goes on within the ranks that something could be malicious to your computer, but the supplying company complained it was legit and they let it through anyway. Also! They generally provide little/no spyware protection. So you've got a bloated piece of crap anti virus program that slows down your computer almost as much as the virus itself that doesn't really work all that well.

      The only retroactive solution I think is worthwhile these days is spyware scanning your box once a week. And rotate which scanner you use.

      On the other hand, there is A LOT you can do not to get spyware and viruses in the first place. First, DON'T USE IE. All the fanboys will cry foul here, but it's true. I don't care if alternative browsers are just as hackable but they aren't being exploited blah blah blah... We'll cross that river when we get to it. For now, using almost anything besides IE will stop the bulk of your spyware. Also, in whatever browser you use, don't allow in browser media to be played. Flash, movies, music, etc etc. Or at the very least, make sure it prompts you first so you have the choice to only do so from websites you trust. Also, don't go to sketch sites. Plain and simple. Let's see... don't use outlook, EVER. In your MUA make sure it it either doesn't display html or prompts you to do so. Don't open attachments. It's stupid. It's so incredibly easy to spoof who you are via email that you can really never fully trust an email. Don't use AIM. There are AIM viruses left and right nowadays. Use an alternative like gaim or trillion and never accept to transfer files.

      More than anything, just be smart about where you go and what you do. Understand that the internet really isn't a safe place. Security isn't a product, it's a process. I can't stress this enough. Doing certain things yourself will keep you safer than any anti-virus ever could.

      • Re:Agreed (Score:2, Interesting)

        by SilverspurG ( 844751 )
        Concerning the state of modern day antivirus software. If you really want to put on a tin foil hat, try this one:

        Who are the people best qualified to research and write viruses? Antivirus writers.

        Or, more appropriately (considering chicken vs. egg):

        Who are the people best qualified to research and write antivirus software? Virus writers.

        Is antivirus software really antivirus software? No. It's really virus tracking software. At some level in these A/V companies these programmers are playing a game of

      • I agree with all of your points and I can suggest one more: don't run in max. privileges mode. In Windows, this means run as a limited user, rather than Administrator. In Linux, this means use a non-root account. The vast majority of Windows problems stem from the fact that all programs have the ability to do anything they please by default, since the default account is at Admin. privileges.

    • Correct, give the man a cookie.

      Firewalls are quickly becoming obsolete. Everything tunnels over HTTP anyways today, or spreads via e-mail, etc.

      What a firewall is is a safety net. It blocks connections to stuff that shouldn't listen anyways, just in case. A few years from now, the firewall will be gone, so deeply integrated into the TCP/IP stack that it's simply a config option there.

      However people will still buy "Firewalls", because the term's evolving. What is sold as a firewall today simply isn't. It's tw
    • I routinely dredge out the Symantec and Mcafee cancers from my customers machines after I finish removing all the spyware and viruses.

      C. "But I need a firewall!"

      U. "No. You have a router."

      C. "But I need the Anti-Adware/Spyware/Hacker/Spam/Terra/Flash-Flood protection!"

      U. "No. I installed a plain antivirus program and Firefox."

      C. "But what if I get worms from my compu-- Hey, how come the start menu opens when I click it now? I usually click it, make a martini, and by the time I come back I my popup blockers

  • Podcasting (Score:5, Interesting)

    by giel ( 554962 ) on Thursday December 08, 2005 @08:52AM (#14209755) Journal
    Yeah, since they care more about podcasting than rootkits, what did you expect...

  • Hmmm.... (Score:2, Funny)

    by theNOTO ( 682519 )
    a survey of home personal computer (P.C.) users found 81 percent lacked at least one of three critical types of security
    Mindblower.

  • Missing security component (Score:3, Insightful)

    by LainTouko ( 926420 ) on Thursday December 08, 2005 @08:52AM (#14209761)
    They're missing the most important type of security; a browser which is not Internet Explorer.
    • No. I would say that it is more important to login as a limited user, not as an admin. I'm not saying it's not important to switch from IE, I think limited exposure to it is also imperative. That includes using alternatives for applications that embed IE and have a large element of uncontrolled outside exposure such as MSN Messenger and Outlook/OE.

      The funny thing is, I think the security companies are partially inventing a market based on fear-mongering. I ran without a virus scanner for 18 months and d

    • Re:Missing security component (Score:5, Insightful)

      by lukewarmfusion ( 726141 ) on Thursday December 08, 2005 @09:16AM (#14209958) Homepage Journal
      You can still open "AnnaKournikova.jpg.vbs" if you're running Firefox. (email trojans/viruses)

      Adware and spyware can still be downloaded in Firefox or Opera.

      When someone tells you they just inheritied money and need your help in order to get the cash, your response is browser-independent.

      You can even be using a Firefox, anti-virus, firewall, and anti-spyware tools at work - but leave your password on a Post-It on the monitor for anyone to see.

      The problem isn't Internet Explorer. It's the people.

  • How can that be? (Score:4, Funny)

    by the_skywise ( 189793 ) on Thursday December 08, 2005 @08:53AM (#14209764)
    I thought most of us slashdotters were taking care of our home PCs... and mom's... and dad's... and grandma's...
    • Actually most /.'ers are taking care of huge botnets of thousands of systems. And as custodians of the Internet all /.'ers should take appropriate actions to protect these networks from other /.'ers trying to build their own networks of compromised, er, supported systems.

  • Best Free A/V? (Score:3, Interesting)

    by boomgopher ( 627124 ) on Thursday December 08, 2005 @08:55AM (#14209778) Journal
    Yes, I know I can google this - no shit. However, interested in the opinions here. I'm tired of paying for Norton A/V, so what's the best freeware A/V scanner for Windows? Shell/app integration is not needed, just a standalone app with good and frequent def updates would be nice.

    xoxo,

    boomgopher

    • Re:Best Free A/V? (Score:5, Informative)

      by meringuoid ( 568297 ) on Thursday December 08, 2005 @08:58AM (#14209806)
      I vote for AVG [grisoft.com].

      • Re:Best Free A/V? (Score:2, Informative)

        by Anonymous Coward
        Im quite inclined to agree with the parent. When I did work for a company that rennovated donated computers and gave them out to low income individuals we made sure they had anti virus. AVG had a low enough footprint that it was able to run on machines with 16MB of RAM and Windows 95. That was two years ago, I'm not sure if current versions are as lean but it was a fast scanner and was easy on the resources.

      • Re:Best Free A/V? (Score:3, Informative)

        by jambarama ( 784670 )

        AVG is good, but I vote clamwin. [clamwin.com] It seems every bit as effective as the others and it plays real nice [technologynewsdaily.com]with winpooch [sourceforge.net]. Winpooch is a free antispyware detector that checks for hooking (the registry scanning isn't great, but if you have active spyware, winpooch will get it).

        As a bonus both of them are open source.

    • Re:Best Free A/V? (Score:5, Informative)

      by wyckedone ( 875398 ) on Thursday December 08, 2005 @09:01AM (#14209829) Homepage
      The free ones that work the best are AVG [grisoft.com], AntiVir [free-av.com] (Classic, Premium isn't free) and Avast! [avast.com]. I currently use AVG but the new version of AntiVir is supposed to work better and have a smaller footprint.
    • In my experience, AntiVir has been better at catching nasty stuff, it's runtime checker is less intrusive, and the online updates are more comprehensive. My "Emergency Recovery CD" that I use to rescue friends' PCs includes AntiVir, Firefox, ZoneLabs (would have preferred Sygate, but that's gone), and AdAware, along with instructions (printed) on how to reboot into Safe Mode, run these utilities, and get things back to normal.

      The only time I've returned are when husbands (typically) start hitting porn sites
    • I use the home edition of Avast! and ClamWin together. It successfully caught some internet cooties I caught in Times Square and kept it from infecting my home computer. For more details, check out my Slashdot blog.
    • Went with AntiVir for now. AVG seemed nice as well, but apparently insists on running a background process/service when I manually scan a file. AntiVir would fully exit (though seems just a tad slower).

      kthxbye,
      boomgopher

  • "Well Duhhhh!!!!!" category?

    Patrick

  • NCSA? (Score:5, Informative)

    by BushCheney08 ( 917605 ) on Thursday December 08, 2005 @08:55AM (#14209780)
    National Cyber Security Alliance? Couldn't they at least have picked a different acronym than one [uiuc.edu] that's been used in the computer field for a really long time?

  • There is nothing to see here (Score:5, Insightful)

    by LiquidCoooled ( 634315 ) on Thursday December 08, 2005 @08:57AM (#14209795) Homepage Journal
    We KNOW home users don't have security. Windows has been brought kicking and screaming from a single user insulated space into the big wide internet world.

    Home computing has evolved just like personal motoring has.

    Seat belts and safety features in cars used to be an addon luxury that not many people had or used, now every car comes with them and airbags and strengthening supports as standard.

    Spyware protection is a new tact, and should really be dealt with in the same malicious software category viruses fall into - it basically uses the same engine, and its only the AV companies themselves who made a distinguisher between installed with vague permission and none whatsoever.

  • This is why MS installed it with SP2 (Score:3, Insightful)

    by TechHSV ( 864317 ) on Thursday December 08, 2005 @09:00AM (#14209816)
    Everyone gets mad at Microsoft for bundling more products together, but it's obvious most people are too lazy/uneducated to install this type of s/w.

  • Metric choice ? (Score:4, Insightful)

    by alexhs ( 877055 ) on Thursday December 08, 2005 @09:01AM (#14209830) Homepage Journal
    By those metrics, Linux, BSD, OSX, well anything that isn't Microsoft is an insecure platform...

    Antivirus, antispyware ? What do you mean ? Is that only in the New Oxford American Dictionary ?
    • Yup, it's got me scared. I am off to look for a nice up-to-date piece of antispyware (hmm, is English going the way of german?) and antivirus software for my OS X machine.

      What do you mean there isn't anything? How will I protect myself? I don't even have a software firewall switched on?

      Help, I'm running about like a headless chicken with only bullshit from politicians and stupid "security" companies to read...... I had better rush off and sign the petition to allow the government to run my life for me. It's

  • and this will be true as long as it's "optional" (Score:5, Insightful)

    by ummit ( 248909 ) <scs@eskimo.com> on Thursday December 08, 2005 @09:01AM (#14209831) Homepage
    Most users use things out-of-the-box, as-is. They assume that the default configuration, as designed by the manufacturer, is "good enough". This is true of any product, not just computer operating systems. And it's not actually a bad assumption -- or shouldn't be.

    You shouldn't need an external firewall to protect your machine from hostile incoming connections -- your machine shouldn't be listening on ports it doesn't need to, and when it does listen, it shouldn't be possible for incoming connections to subvert it. You shouldn't need add-on antivirus software -- your machine should have a basic "immune system" of its own and shouldn't be vulnerable to the effects of running untrusted external code.

    It is possible to design operating systems that are inherently secure in these ways. One of the larger crimes committed by the designers of the currently-popular consumer-grade operating systems is to have convinced large swaths of the population, via ubiquitous, crashing mediocrity, that it's somehow an "impossible" problem. It was largely a solved problem 20 years ago, if anyone had listened.

    • I use the following devices in "out of the box/default" configuration :
      - 1 computer running Mac OS X
      - 1 computer running Ubuntu Linux
      - 1 ISP-provided router/NAT box
      I have software update on a weekly (Mac) or daily (Ubuntu) basis. I have two levels of firewalling. I always run as simple user and my passwork is asked whenever I need root/admin privileges.

      So yes, I believe that the problem has been solved for the home user !
    • It was largely a solved problem 20 years ago, if anyone had listened.

      If you're talking about Vaxen et al....those computers sucked.

      They didn't have IM, they didn't have IE, they didn't play games over UDP. As far as the modern day consumer is concerned, there was not a single useful application on them.

      It simply isn't fair to expect modern machines to hold up to the standards of security that their simpler predecessors did. My pocket calculator is also immune to viruses and trojans (although I'll bet th

      • Re:and this will be true as long as it's "optional (Score:5, Informative)

        by alanQuatermain ( 840239 ) on Thursday December 08, 2005 @10:54AM (#14210764) Homepage

        The GP wasn't referring to Vax or Unix machines of 20 years ago with regard to their simplicity. It referred to the fact that security was a solved problem on those machines. You yourself go on to say:

        Now that's not to say they couldn't be doing a better job. OS X is a great example of how asking for the admin password every time a modification of the central system is requested makes worms all but impossible and trojans much more difficult.

        The thing really worth noting in your statement is that OS X uses a >20-year-old security system. It's using Unix permissions, straight from the BSD core of the system. The same BSD core used in the NeXTStep operating system a little under 20 years ago (albeit slightly upgraded since then).

        Individual software packages, particularly those designed to listen for commands from the network and execute things locally (ssh, etc.) can have the sort of issues you decribe in your last paragraph; As they get more complex, the task of maintaining security does potentially also become more complex. But on an operating system level, there have been sufficient rules in effect for a long long time now. For instance, just saying "this can only be done with root privileges" and "root privileges can only be gained interactively, and on a one-shot basis" will cover a vast amount of potential issues, and is pretty much what OS X does, as you describe (albeit with slight timeouts to root privileges, rather than pure one-shot operation -- although that timeout is user-configurable).

        At the end of the day, MS-DOS, QDOS, and such, left that out in the interests of expediency, size, and (maybe) end-user perceived complexity/ease-of-use. It then became a standard. I like to quote my boss on this one:

        He tells me that, having worked with Unix/BSD/Vax -level machines in the late seventies, when the IBM PC came out, he and his cohorts were interested to see it. They took one look and put it down as a failure -- a joke, even -- because it lacked so much of what they saw in their current machines. Unfortunately, it became the standard, in the process setting back the state of the art by many years.

        Not least is the point that Unix/Vax systems were inherently multi-user systems, and they needed a robust way of preventing one user from destroying another's data. So this was built in from the very start. MS-DOS and QDOS didn't have this capability, so the standard became that any program had full access to just about anything. The only high security implemented was in the CPU itself, where a system trap was needed to get access to 'Ring 0' (privileged) instructions. On top of this, the somewhat limited nature of the system itself led many programmers -- used to working on a more capable OS -- to make modifications to the core system, to help their stuff work. That required privileged access to the system, in order to install hooks, drivers, and so on.

        Of course, once this became a standard, it was hard to change that behaviour, and it never was changed because 'backwards compatibility' was the highest goal. So when mutli-user functionality was built into Windows 9x/NT, privileged operation became the norm. People logged in as an administrator, because their programs were designed needing full access to the system, and little or no provision was made for interactive temporary privilege escalation within the OS itself. Unlike Unix/BSD, you couldn't just ask the user for an admin user & pass to get the privs needed to put some file somewhere special, and then lay down those privileges when you were done with them.

        As a result, you get the horrible mess we're talking about: An IM program that can corrupt the core operating system and ultimately gain access to privileged-mode CPU cycles? WTF? A game that can modify the system kernel, or the boot sector of the hard disk? They can only do that because the system lets them, or because the system won't let them do some small operation without high privileges, and requires that the entire process runs with those privileges as a result.

        -Q

  • And they shouldn't have to (Score:3, Insightful)

    by Anonymous Coward on Thursday December 08, 2005 @09:02AM (#14209835)
    Normal computer users shouldn't have to cope with all this stuff.

    Why should they need a firewall? The OS simply shouldn't have dozens of unneeded services that listen on the network on by default.

    The sad fact is that the OS most people are using lacks basic security out of the box. Acting as if it was the users falt won't make this simple fact go away.

  • I run Gentoo GNU/Linux and I do not run a firewall, or have virus or spyware protection. But, I have few open ports that can be jacked with, so the firewall is unnecessary. Viruses can't do much. I run my programs (email, browser, etc.) as a regular user so if a malicious program managed to execute it wouldn't be able to do much to the system. Same goes for the system servers that run as 'nobody'. Spyware is not a problem with free software because malicious source code will not easily get into my distribut

  • Common sense and a bit of understanding are for more important. I've never, in my 15 years of computing, had a virus. They really aren't THAT hard to get. Most mom&pops don't get viruses, they get adware trojan horses, and virus protection doesn't really help there. Most systems don't have that many open ports, and lots of people have a NAT type firewall even if they don't know it.

    I really hope that these tools are band-aids that go away in a few years once systems like IE don't have so many vulnera
  • Unless they included "what operating system are you running" as a question, the metrics are slightly skewed.

    Mac and Linux users obviously should still have a hardware firewall, but anti-virus and anti-malware scanners? Don't need them (yet, anyway).

  • Family Security (Score:5, Informative)

    by Phoenix ( 2762 ) on Thursday December 08, 2005 @09:07AM (#14209872)
    Frankly this subject has been one of the biggest problems I've had to deal wit hback when I was the service manager at a computer store that serviced retail users. The complete and utter lack of security. This fell into three catagories:

    Lack of Anti-Virus
    Most of the time I tried to hammer it into thier heads that spending $40 now would save them a ton of heartache later. If I was EXTREMLY lucky, I could persuade them to go out and buy the software from Staples, bring it back to us, and we'd install it on thier new machine before it ever left our store and it's own defenses. Most of the time however I'd install the trial version of norton or mcafee, inform them that THEY MUST get the full version before the trial period is over, and STILL see the goddamn thing within two months, loaded with enough viruses to call it the PC version of Typhoid Mary.

    The part that sucked was that inspite of a verbal warning, a piece of paper taped to the computer and the monitor warning them that they NEED anti-virus programs, they still came to me with "Well why the @#$% didn't you tell me about this?"

    Firewall
    Actually this is no longer as much of a problem as it used to be now that we're seeing broadband and multiple computers in a house becoming the norm. We used to sell Linksys routers and that became a strong defense. Myself personally I run Norton Internet Security behind my Symantec Firewall/VPN appliance for a two pronged defense and so far I've yet to be broken into (although I've logged a ton of port sniffing attack attempts).

    The third problem is Spyware.
    At least this one is easy to fix. I usually install Spyware Doctor on the system that came into my shop and clean out the system (then uninstalling it unless the customer wanted to buy a license from PC Tools), then I'd install the free programs out there (Ad-Aware and Spybot Search and Destroy) to protect them in the future.

    Spyware has never been too much of an issue for my customers because I could install a free program and if they ever had a problem I could talk them through the programs over the phone. For the most part that was all they needed so it wasn't too bad of a problem.

    It's nice to see that more and more people are getting concerned about security. Just a little effort and a small investment and your computer can be safe with a minimum of fuss.

  • Who was surveyed? (Score:3, Insightful)

    by Chaffar ( 670874 ) on Thursday December 08, 2005 @09:07AM (#14209873)
    "CNET News.com and MSNBC report that a survey of home personal computer (P.C.) users found 81 percent lacked at least one of three critical types of security

    Amazing... now who was surveyed? Are Linux and Mac users concerned by the survey? Or they aren't worthy of the title "home PC users"? That's like 10% of the home PC userbase that would probably answer "no" to all three types of security. But wait, the report is carried by MSNBC ? Ah, all makes sense now.

    Bah, methinks the whole article is shameless self-promotion, marketing bullsh*t if you will:

    The improvements were attributed to the default firewall that is installed with Windows XP Service Pack 2, according to the survey.

    • Amazing... now who was surveyed? Are Linux and Mac users concerned by the survey? Or they aren't worthy of the title "home PC users"?

      Everyone knows that "PC" == "Windows". Duh.

  • PCs should contain Defenses (Score:5, Informative)

    by digitaldc ( 879047 ) * on Thursday December 08, 2005 @09:07AM (#14209877)
    When you purchase a PC, you should have the option of installing freeware that might help you in the incessant barrage of spam, viruses, spyware, adware, bots and phishing emails. It might also help to have a short tutorial on how your PC becomes infected/compromised/used to propogate malicious code. Maybe then Windows would be a better and safer O/S?


    For those who need some free help:
    http://free.grisoft.com/doc/2/lng/us/tpl/v5 [grisoft.com] (AVG anti virus)
    http://www.zonelabs.com/store/content/company/prod ucts/znalm/freeDownload.jsp [zonelabs.com] (Zone Alarm firewall)
    http://www.lavasoftusa.com/software/adaware/ [lavasoftusa.com] (Ad-Aware adware/spyware detection)
    http://www.safer-networking.org/en/download/ [safer-networking.org] (SpyBot S&D adware/spyware detection)
    http://www.microsoft.com/downloads/details.aspx?Fa milyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displa ylang=en [microsoft.com] (MS Anti-Spyware adware/spyware detection)
  • A client of mine recently bought some new, relatively-fast (albeit Celeron) laptops. They have Windows XP SP2 (with firewall) but came also with a Symantec anti-virus product which also has its own firewall. They have subsequently installed the Microsoft anti-spyware software. That's a lot of software which not only has to intercept and check the "useful" software on the machine but also find time and bandwidth to update itself.

    The machines run like dogs, slower than the 300Mhz machine I have which happily
    • Don't base your perceptions of A/V software resource impact solely on Symantec- the recent iterations of their products produce a LOT more system drag than most. AVG, Grisoft, even other commercial packages like Trend Micro's excellent PC Cillin and CA's AV product are a lot more nimble.

      -R
  • At first I thought "Well duh!"; but then I realised that I qualify, too. I use a great firewall (Tiny Personal) which has both incoming and outgoing blocked, and I keep careful track of what apps are allowed to get in or out, and what ports they're doing it on, and what IP addresses they're talking to. I don't allow "automatic updates" on anything. I've used Netscape or Mozilla for browsing and mail since the browser wars began. I don't run exe's from my mailbox, and I don't use warez.

    But I don't use ant

  • Did they include the people using Norton/Symantec stuff in the protected or unprotected category?
  • lol no its not a virus
  • In other news, the sky is blue and it has been discovered that a long line of Popes have been Catholic
  • Teenagers. The worst people that can just make a pc worse. They just love them stupid smilies that they download, and they don't even know what spyware is. They also, download viruses from IM's, since they are the most used communications at that age range.
  • Home computer security tools are a mess. Settings are not only obtuse they are optional. Unless you do a lot of homework to understand what some settings do users will often ignore warnings and settings just to get their computer to stop pestering them.

    Why are these things optional? Very few use the exploits found all over XP in constructive way so why ask "Do you want to do this?" Why are warnings obscure and scary? A user doesn't like a little yellow flashing shield in their window. They will like i

  • stringent metric biases report (Score:4, Interesting)

    by call -151 ( 230520 ) * on Thursday December 08, 2005 @09:26AM (#14210021) Homepage
    I think that the questions are skewed to make things appear worse than they are, presumably because the survey is done by AOL and the National Cyber Security Alliance, who presumably have an interest in scaring people into their products and services. Aside from the obvious Linux/Mac issues described by other posters, "properly configured" firewall is a pretty strong definition and I expect many quite adequate firewalls could be classified as "improperly configured" even though they were effective against the bulk of the current attacks. Similarly, only counting anti-virus software if it has been updated in the last week is going to skew things- there is a big difference between having no AV at all and having AV that is running but has definitions that are two weeks or a month old, and the metric chosen groups those two cases together.
  • On my PC, I do not have anti-virus software or anti-spyware software running. Neither do I run a firewall to give false security (I am behind a NAT router though).

    I would fail the test, but still never be a victim, like most of the people with the crap installed. I have installed common sense in the user of the machine (myself), and it is the best defence, and it even works against most zer0-day exploits.

  • Most Slashdot Articles Rehashing the Obvious (Score:5, Insightful)

    by Tom ( 822 ) on Thursday December 08, 2005 @09:39AM (#14210125) Homepage Journal
    from the news-at-eleven dept.

    Bug writes "CNN and Al Jazerra reported in a joint statement that a survey of slashdot articles found that 81% of them lacked at least on of the three critical contents of a newsworthy report. However, the number of dupes has been recently improving, according to a report released yesterday."

    Ok, really. Everyone with even the slightest interest in computer security knows that there's not much that's easier than taking over a dozen or so home PCs. Why else, do you think, do prices for botnets range in the cents-per-machine range? Because it takes maybe one cent of effort to break into the average home machine, otherwise those selling the botnets wouldn't be turning a profit. It's probably more expensive keeping other botnet harvesters out than getting in in the first place.


  • Like I'm sure many other people on Slashdot, I get asked by friends and family (and even friends of friends or family) to help fix problems on their computers. I was happy to do this for a while, but it started getting annoying when people would phone me up during the middle of the working day with problems, or wouldn't take my advice but still expected me to help them when things went wrong.

    But now I have a solution - move to Apple Mac, and then tell people you can't support them unless they use Mac becaus
  • However, I wonder how they count a 'naked' Linux/BSD/Apple machine? Since it typically doesn't need any of the mentioned security add-ons.

  • Keeps me in business (Score:3, Interesting)

    by Electric Eye ( 5518 ) on Thursday December 08, 2005 @09:45AM (#14210172)
    I had another client this week whose PC was infested with spyware and viruses. Took me HOURS just to get it working *somewhat* normal. (Of course, he was using a pirated version of XP, so I couldn't do the easy thing and just re-install.....) The idiot hooked his PC up to a cable modem with NO anti-virus or spyware protection. We all know that PCs are hit within minutes of connecting to a high speed line. I've never seen so many instances of a virus in my life. And the spyware he had was NASTY. I hope some day to meet the guy who developed SurfSideKick so I can kick him in the balls repeatedly. (if you are reading this you bastard, I hope you meet a painful death very soon)

    Anyway, I'd say 95% of my PC clients have problems with spyware. They have no clue what it is or what to do about it. I think these ISPs should do a better job of educating these people when they sign up. They should also install spyware/virus firewalls. Hell, we have no problems at my office with that kind of thing.

    Cheap pr0n! [videobox.com]
  • I think the approach to how windows is architected is to blame for its security woes to a larger extent than 'bad' programmers. The windows way seems to be 'black box' or monolithic in its approach. Within its walls, a program has a pretty good chance at getting around where its shouldn't be able to go, even amongst threads it seems. The Unix way seems to be environment oriented - a collection of independant tools that can work together, but have their own lives apart from each others. Windows seems lik
  • I run mostly windows at home, 2000 for myself & 98 for the kids. I use ipcop as a firewall, and no antivirus or spyware, I even run 2000 as admin because I'm lazy like that. The kids are too young to be surfing, and when they're old enough I'll probably move them to something like edubuntu. My wife & I don't open crap in email, and we don't use IE for browsing. Every six months or so I do an online virus scan just for the heck of it - never had a problem. You really don't need to run all that crap a
  • Small wonder users are insecure when the advice they get is sooo wrong! FWIW: I run Linux and have no firewall, ani-virus or anti-spyware!

    For MS-Win users, the real issue is _NOT_ presence or lack of these additional software products. The first and most important step is privilige isolation: STOP RUNNING WITH ADMIN PRIVS! Second comes understanding your sw and not using it dangerously. For MS-IE or MS-Outlook, that means not using it at all. Third, is keeping your system patched. MS-WIndows Update d

  • No shit. (Score:2, Funny)

    by DongleFondle ( 655040 )
    I guess that's why I could quit my IT job and bring in twice the dough removing spyware from people's computers. Now I'm going to say something extremely controversial that many of you people here will not like. The cause of 97% of these spyware infections is surfing internet pr0n. It's true. We don't like to admit it, but somehow we just lose our regular reasoning senses when we start "surfing w/ one hand" if you know what I mean. You probably wouldn't click on that suspicious looking link, but damnit, you
  • While I run anti-virus software once in a while for peace of mind, I don't keep realtime protection on. I do this because all the free A/V software sucks. AVG keeps saying I have a virus that isn't there (some java/javascript thing in my browser cache), and Avast! is a memory hog with a horrible interface.

    So, with such crappy options, I just don't run any anti-virus. But that doesn't make my PC insecure -- it's probably safer that 95% of all PCs out there that are running Norton/McAffee/whatever.

    If y

  • In this Post 9/11 World. . . (Score:3, Insightful)

    by Fantastic Lad ( 198284 ) on Thursday December 08, 2005 @10:13AM (#14210407)
    where everybody is regularly reminded by every speaker and monitor in ear and eyeshot that we must live in an eternal state of fear. . .

    When the Fear mechanism is activated, particularly when there is no actual critical event occurring, (like running from a tiger), for which the fear drug pumping through our veins is preparing us to deal with. . , when we buy into the fear and there is no release, we end up in a perpetual state where we are much more open to certain suggestions which lack rational grounding.

    "We're going to take your rights away and allow police searches in your living room. Okay? Terrorists! Viruses! Crackheads with guns!"

    As has been pointed out, it's interesting that this story comes from MSNBC.

    As an aside. . . My computer runs clean and sweet with just a simple little fire-wall. (And what an overly dramatic name is 'Firewall' for a program which asks me if I want to allow things access to my modem). I don't need any of that other junk; Virus scanners are for people who run Windows 2K and up and who open email attachments, which I don't. And Anti-Spyware is for people who run Kazaa and Google tool bars and other nonsense programs.

    I mean, come on.

    The Voice of Authority telling us that we home users need to run around like panicking headless chickens looking for 'security' on our writing desks?

    Silly.


    -FL

  • I blame the ISP's (Score:2, Insightful)

    by Ilex ( 261136 )
    I believe that the ISP's could do more to protect their users.

    At least here in the UK there is a trend for ISP's to bundle USB DSL Adapters with their packages. These devices require that the computer they connect to use the public IP address instead of allowing the host computer to run from a private NAT address. Exposing the computers real public IP address puts the responsibility on the user to install and maintain firewall software. Needless to say many don't know how to do this or simply allow their se

  • Most don't know any better (Score:3, Informative)

    by jridley ( 9305 ) on Thursday December 08, 2005 @11:29AM (#14211092)
    Pretty much all of the users I've scrubbed machines for had the default free McAffe antivirus installed. They hadn't been updated, ever. No new virus defs downloaded, ever. Definition files were years old.

    The users had no idea that they were supposed to be doing this. They don't read the instructions, they just see an antivirus program running, and figure they're protected.

Slashdot Top Deals

No spitting on the Bus! Thank you, The Mgt.

Close