Consumer Reports on 'State of the Net'

netbuzz writes "A " State of the Net" survey to be released today by Consumer Reports contends that Americans lost $7 billion over the past two years to malware and myriad online scams. Not surprisingly, a significant portion of this financial pain appears to have been avoidable, as the survey reveals a widespread continuing negligence toward the use of home firewalls and virus protection. As for underage children using MySpace and the like? There, too, the risks in many case look to be self-inflicted, as 13 percent of children fail to meet the 14-year-old age minimum on MySpace, and, as the organization notes: "Those were just the ones the parents knew about."

In other news...

[Mattintosh]

People are stupid, lazy, and/or tech-illiterate. This makes people vulnerable to predatory criminal practices.

Re:

[iknownuttin]

People are stupid, lazy, and/or tech-illiterate.

I guess I'm lazy.

I just tried logging into my Hotmail account and I got this page saying "Hotmail is now Windows Live Hotmail" with a completely new domain name and everything. I don't know if this is legit or a phishing expedition and I didn't get any email in the last couple of days saying this will happen. You know what I'm going to do? I'm going to wait a couple of days and if I don't see any news of phishing of Hotmail accounts, maybe I'll go through the

Re:

[JKConsult]

No need to worry. That's legit. They just changed the way it looks to the Windows Live format. I used my years-old Hotmail account for something a few days ago, and everything was fine. Besides, what's the worst that can happen if someone gets your Hotmail password?

Re:

[StikyPad]

Apparently you're not just lazy, you're lazy AND technically illiterate.

If you go to the domain directly, it is not phishing, by definition. The web site may have been compromised, but that's not phishing. Moreover, if someone was to crack the website, they would almost definitely NOT do something obvious that would be noticed within seconds, like announcing a big change and redirecting everyone who logs in.

If you had clicked on a link to get to Hotmail, you might have a legitimate concern, but it wouldn'

What about DNS cache poisoning?

[furbearntrout]

I'm not sure how it's done; but the messages your DNS server receives from upstream are changed so that--
www.hotmail.com == 80.190.185.109 (warez.biz)
instead of
165.193.120.166 (the real thing)

Re:

[mgblst]

Yes, that is the problem. Most people don't really now the correct term. If only we could educate people to the correct terms to use, then we wouldn't have this problem.

You really think the average person wants or needs to know the difference between Virus/Trojan/Phishing Scam? Do you really see this as being the problem? You are the sort of guy who runs around the office refusing to help people because they don't ask the right question.

Re:

[SCHecklerX]

Yup. Whether it be computer networks or ringtones and joke-a-day to your cell phone. Oh yeah, ringtones. Talk about a business model that preys upon the stupid.

Re:

[antdude]

Yep, so are you as a stupid, lazy, and/or tech-illiterate. [grin]

viruses, malware, et cetera

[SolusSD]

I guess I'm not surprised they came up with such a huge figure for dollars lost-- I hate to be the person that's just going to get modded down for this-- but maybe if >80% of computer users werent using windows and there was more diversity on the net (client-wise, at least) viruses and, to a lesser extent, malware wouldn't find it so easy to inflict such damage. A monoculture can be brought to its knees by a common vunerability.

Re:viruses, malware, et cetera

[CaptainPatent]

I hate to be the person that's just going to get modded down for this-- but maybe if >80% of computer users werent using windows

Why yes... how dare you bash such a wonderful and secure operating system on a windows-loving forum.

Mods - Into attack mode

Re:

[CautionaryX]

Actually, I think I have a way to combat the problem:

Have mandatory 'securing your computer' classes at the high school and college levels. In these classes one would learn about viruses, various malware, spam, social engineering, etc. as well as ways to combat/prevent them from infecting your machine. At least it'll improve awareness (let's not dodge the bullet here, at least 90% of high school students - from my experiences in the past 4 years going to a high school which hands out Inspirion 600m laptops

Re:viruses, malware, et cetera

[nuzak]

Schools used to have "computer literacy" classes. They're largely redundant now, since the kids are usually more computer literate than anyone who could teach them.

Anyway, you get to fund this class.

Re:

[ender-]

Schools used to have "computer literacy" classes. They're largely redundant now, since the kids are usually more computer literate than anyone who could teach them.

They weren't terribly useful then either. I had a computer literacy class in 7th grade [86-87]. The only thing we were really taught was how to load games [and programs] from the floppy drive on a Commodore 64. I didn't have a C64 at home, so I don't even remember how to do that.

The rest of the semester was spent playing the collection of games which the teacher had and whatever the students brought in. Oh we did learn that the teacher had been teaching at that school since it had opened in the 60's. I hav

Re:

[nuzak]

My class, also in 7th grade (85-86) was equally useless until they got around to teaching LOGO. Not much of it mind you, and I can't say it really gave me a great sense of power and enlightenment, but it certainly did give a little push to the direction I eventually took. We also played games, but they were the educational kind. Most of 'em sucked (I must be the only person who always hated Oregon Trail) but there was also Rocky's Boots.

Re:viruses, malware, et cetera

[UserChrisCanter4]

In addition to a 3DS Max course, I teach computer applications at the high school level. It, along with a few other courses (one called Business Computer Information Systems, Computer Science, and some specialized graphics courses) satisfy the state requirement for one year of computer credits. Those state level requirements are prescribed by the state, and are based on teaching certain concepts within a given type of program. Thus, we aren't told to "teach Word;" rather, we're told that any child passing our class should be able to do functions X, Y, and Z in a word processor. My course spends one semester on computer hardware and MS Office, and the subsequent semester on web design using HTML code and WYSIWYG editors, photo editing in Photoshop, and some simple animation in Flash. For an assortment of reasons, some which I support and some which I don't, nearly all of our software is closed-source. I say this only to provide a standard to analyze your statement:

The vast majority kids are not "computer literate" in any functional sense of the word. Honestly, this makes them much like the vast majority of adults, so it's no real surprise. When children (14-18) enter my class, they understand the mere basics of certain programs - thy understand how to instant message, but not necessarily how to uninstall an IM program. They know that some web-based proxy sites can't get around the myspace filter, but they don't understand what's going on or why it would be easier to type in a proxy server address for their browser. They don't understand the first thing about basic file management, or why naming files with descriptive names is a good idea, or why their Powerpoint presentation that's laden with images and sound won't fit on a floppy disk. And they really, really don't understand that a spreadsheet has uses beyond making tables of stuff, that the word "memory" can have different meanings, why their computer is "running slow", or that the concept of mail merge even exists.

In short, they are exactly like most non-techies that you probably interact with on a daily basis. To say that the people teaching the classes don't know anymore is pretty absurd; I'll grant that there are bad teachers, but it honestly isn't that hard to know more than the average person. In my experience, the people who teach these courses (at least the ones I've met) seem intelligent and experienced enough that they certainly have plenty to teach. They may not be "running apache under Gentoo on their toaster" geeks, but they're educated and intelligent, and (most importantly) they know their material.

At my school, the 10% who are geeks or gunning for extra GPA take our Computer Science AP course. The rest end up in my course or one of the similar ones. I assure you: most kids are not computer literate, and I truly believe they do benefit from some useful computer education.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[UserChrisCanter4]

I wouldn't deny that the geeks know more about particular computing topics than than a random Computer Lit. or equivalent teacher.

I wouldn't hold any teacher of an Applications-focused class in contempt for not recognizing a SQL query - it has no bounds on their job whatsoever. Nor would I find it "wrong" if a student in the class could explain recursion and the teacher couldn't. Most courses that function as Computer Literacy or similar have as their focus 1) teach about the basics of computer hardware a

Re:

[UserChrisCanter4]

That should be I would feel no less confident in a Computer Applications teacher who didn't recognize a SQL query than I would in one who couldn't mix in Audacity, texture in 3DS Max, or create an elevation drawing in a CAD program.

Whoops! Use the preview!

Re:

[recharged95]

Didn't you know, everything [basic] that society 'pushes' to be "important" (i.e. retirement, career, raising a family, dealing with mental health, basic health, safety, etc..) is never taught at school. It's the things society chooses as knowledge or skills to 'get ahead', which I think is BS as we should all move forward.

Luckily we have the simple basics of math, science, language, history, music, etc... so that the intelligent have a way out, but the main problems people have appear to be either stayin

Re:

[UserChrisCanter4]

I know you're partially joking, but yes, they do still use floppies. The district provides them space on a file server that's accessible from any school in the district. I've tried explaining the idea of emailing something home for the non-techies and I advocate getting a $10 USB flash drive at the beginning of the school year, but they still insist on bringing floppies.

On the plus side, I'm never hurting for disks for BIOS flashes; at the end of any year, I will have a stack of 20 or so floppies that the

Re:

[lonechicken]

Have mandatory 'securing your computer' classes at the high school and college levels

It doesn't even have to be a full semester long class. Just a week or two worth of teaching during whatever mandatory "intro to computer" level course. If it's boring for those that think they know all that, well all the better to pad their grade in that class during this section's test.

Re:

[mh1997]

a little mandatory education never hurt anyone, did it?

The people that are and have been re-educated in the People's Republic of China and Vietnam would tend to disagree with you.

Re:

[veganboyjosh]

I dunno, they might have some pretty positive things to say about it...else they might need to go back in for "re-re-education".

Re:viruses, malware, et cetera

[ColdWetDog]

Have mandatory 'securing your computer' classes at the high school and college levels.

That will work just as well as:

Mandatory driving classes
Mandatory civics classes
Mandatory typing classes

At a population level, people are Just Plain Stupid (TM, patent pending). It's the bell curve - the short bus tends to get pretty crowded.

Re:

[pthor1231]

Well, if it really did work out like the bell curve, a majority of the population would be about average, or within one std deviation of average. In fact, Only 15.8% of the population would fall into the short bus if you limited it to one std dev below the average. I don't really see that as crowded...

Re:

[vuffi_raa]

I never had any of those classes- they weren't mandatory @ my school

Re:

[LordSnooty]

The curriculum would change too often for it to be viable. Hell, I remember my "IS Tools" module in college, which amounted to pivot tables in Excel. Schools just don't have to know-how to be able to deliver this effectively.

3 problems with that:

[teh_chrizzle]

1) that would mean that people would have to take responsibility for their actions with a computer and that "i am not a computer person" would no longer be a defense. people don't take responsibility for their actions. ever. more so when computers are involved.

2) what about all of those "geeksquad" types and the screwdriver monkeys at the local PC shop? they are shysters that take people's money to fix a problem caused by other shysters. what are they going to do? go back to work at mcdonald's?

3)

Re:viruses, malware, et cetera

[Bacon Bits]

Security is a state of mind, not a software package.

Malware will be no less prevalent if Linux takes over the home market from Windows because the average home user still doesn't understand computer security (and has no desire to try). The vast majority of malware today is not installed through IE security holes and drive-by-downloads like they were in Windows 9x days. They're all trojans. No matter how tight the security on Linux, you can never stop a user from downloading and installing a malicious trojan for a "FREE SCR33NS4VER!1!!!".

Re:

[Anonymous Coward]

Malware will be no less prevalent if Linux takes over the home market from Windows because the average home user still doesn't understand computer security (and has no desire to try). The vast majority of malware today is not installed through IE security holes and drive-by-downloads like they were in Windows 9x days. They're all trojans. No matter how tight the security on Linux, you can never stop a user from downloading and installing a malicious trojan for a "FREE SCR33NS4VER!1!!!".

Ah, yes, but if you

Re:

[DimGeo]

How about putting the malware in $HOME/something and starting it up with $HOME/.bashrc ? What's to stop the bad guys from doing that even if the user is not root? If there's no competent person around to inspect .bashrc every now and then, the user will happily run the malware each time (s)he logs on.

Re:

[TheRaven64]

So, all it could do would be open ports numbered higher than 1024, connect to any machine on the Internet, read (and modify / erase) any file on the hard disk and log every keystroke made by that user. Good to know it couldn't do any real damage...

Re:

[Enoxice]

If they really want the FREE SCR33nS4VER!1!!!, they'll put their root password into the su/sudo box. Or are you suggesting we lock the PC owners out of their own machine?

Re:

[Timothy Brownawell]

Ah, yes, but if you prevent the home user from running as root.. it becomes significantly more difficult to get the trojan installed in areas where it could do real damage.. for now...

Damage to what, the OS, the network, or the user?

Damage to the OS is easy to fix, just reinstall.

Damage to the network only requires the ability to start outgoing connections. No root access needed.

Damage to the user can also be done without root access.

W^X

[SgtChaireBourne]

Ah, yes, but if you prevent the home user from running as root.. it becomes significantly more difficult to get the trojan installed in areas where
it could do real damage.. for now...

It helps there if the account for daily use has no sudo or admin privileges.

The next step would be keep things in order by applying the Write XOR Execute principle to disk partitions: put the user home directories on their own partition, mounted noexec, put everything else on another mount it read-only. /var can be symlinked to a directory in /home.

Knowing the partition sizes is the only tricky part.

Security-oriented systems are even applying the Write XOR Execute principle to memory [openbsd.org]

Re:

[sjames]

Security is a state of mind, not a software package.

That is true. However, a few MS-isms make it MUCH harder. In the old days, we used to tell users to avoid any attachment with .exe or .scr on the end. They 'got' that and most did as instructed. Then MS decided those nasty ol' extensions were confusing so they hid them. NOW how do I explain it?

The frankly broken security model screws plenty up as well. Not to mention the Rube Goldbergesque way the thing is put together so that it's fairly easy to hi

Re:

[Wingsy]

Security is a state of mind, not a software package. Malware will be no less prevalent if Linux takes over the home market from Windows because the average home user still doesn't understand computer security (and has no desire to try). The vast majority of malware today is not installed through IE security holes and drive-by-downloads like they were in Windows 9x days. They're all trojans. No matter how tight the security on Linux, you can never stop a user from downloading and installing a malicious troj

Re:

[Bacon Bits]

I'm a Windows admin. I haven't gotten a virus or malware on any of my systems in over 10 years (when I was still a teenager visiting BBSs) with the exception of malware that installs with other applications silently (WildTangent's games come to mind). There is no reason such piggyback applications can't exist for Linux. The only thing that makes it difficult for *NIX is the popularity of managed software repositories instead of the Windows model of unmoderated distribution.

Windows security works just fin

Re:

[SolusSD]

i think you missed my point-- i wasn't advocating a switch to linux, but rather a less homogeneous market. different flavors of unix/linux and windows. that way there is no "main target".

Re:

[Bacon Bits]

Oh, I realize that, but I still don't think it will fix things to have a 50/50 split. There will always be a basic homogeneous market: human users.

Re:viruses, malware, et cetera

[turnipsatemybaby]

You can't put the blame solely on Windows for this. There's *plenty* that can be done even with a Windows box to protect it. The single easiest step being to plug a cheap $20 router between the computer and the internet. Hell, I'm even starting to see modems with built in routers now.

One problem is education. A bigger problem is that users don't see this as being "their problem". The ISP should be protecting them. The banks should be protecting them. The gov't should be protecting them. They don't feel they need to bear any of the responsibility of what is going on. I remember one old neighbour who's computer was riddled with viruses, and their ISP cut them off. They proceeded to blast the ISP for cutting the service and not not protecting them in the first place.

Until people becoming willing to take responsibility, the education won't happen. Until the education happens, these problems cannot be prevented.

Re:

[badfish99]

There's *plenty* that can be done with a Windows box to protect it.
That's precisely the problem. If it were secure, there would be very little extra that could be done.

Re:

[sowth]

The single easiest step being to plug a cheap $20 router between the computer and the internet.

Let me guess: that would be either NAT or a firewall which blocks all incoming connections. So your solution to security problems is to break two way communication on the internet? I suppose your solution to someone being harrassed by telephone would be to put in a box which blocks incoming calls.

Yaar! Let's turn the inner-net into WebTV(tm).

Re:

[turnipsatemybaby]

I can't tell if you're being a troll or clueless.

Um... Yeah? You have a home computer. Unless you are running a server or doing something that REQUIRES incoming connections, then damn straight you block them all. Are you saying that you would PREFER to have random people on the internet poking at your machine?

Re:

[sowth]

I was talking about running a "server." The bans by home ISPs on "servers", floating IP addresses and such reduced what is "allowed" on the internet.

NAT and firewalls which block everything except web traffic will make it worse and doesn't really increase security. If they are not secure, you shouldn't be running daemons which are connected to internet bound ports anyway. If you are running a test web server bind it to localhost, not *.

Yeah, MS software often binds to ports and there is no easy way to t

Re:

[El_Oscuro]

That is exactly what I have. A NATed DSL modem/router connected to a H/W firewall (also NATed). Doesn't seem to affect my web surfing much.

Re:

[sowth]

web surfing -- exactly my point. The internet is supposed to work with much more than just your WebTV rig. Doing anything more these days isn't allowed on ISPs serving home users, which is exactly what I was complaining about.

Re:

[moore.dustin]

Give me a break. If the market was fractured you would still see just as much spam and malware. The problem would merely change - do you think that these people would not adopt? Throughout the short history of the modern internet, the malware/spam market has been ahead of the game, all things considered. It is much more of a reactionary industry than a preventative one. People make malware and then we stop it, that is how it goes. If your OS's market share proves to be worth targeting, it will be. That bein

Re:

[Anonymous Coward]

Oddly enough i once threw a redhat 9 box on the internet and within several hours someone had managed to become 'root' via a portmapper flaw. I know, your arguement is i didnt apply security fixes, etc right? Isnt this the same arguement to be made about the windows boxes? Portmapper was turned ON by default, allowing them to hack it.

If linux had marketshare, there would be more pople looking to exploit it.

Re:

[UbuntuDupe]

I think it's important to differentiate stupidity-driven ("darwinian") from involuntary costs. For example, if you lose $X to phishing, or buying from a spammer, it's because you are an idiot and the loss was entirely avoidable. On the other hand, the best security expert in the world still has to expend resources to filter his spam. Avoiding the latter should have a higher priority than the former.

Re:

[DogDude]

I guess I'm not surprised they came up with such a huge figure for dollars lost-- I hate to be the person that's just going to get modded down for this-- but maybe if >80% of computer users werent using windows and there was more diversity on the net (client-wise, at least) viruses and, to a lesser extent, malware wouldn't find it so easy to inflict such damage. A monoculture can be brought to its knees by a common vunerability.

No. You'd still have lots and lots of stupid people online doing stupid t

Re:

[vuffi_raa]

I don't think that windows is the problem so much as using windows and not knowing how to protect it- sure windows is full of holes- but if you don't bend over in the shower you don't expose a big one. I can say that I have only really had one major virus in windows and that was in 2k from a java exploit- I tend to kill windows more than any outside forces by rewriting dlls and modding my system and screwing up from time to time. As linux grows you will see more linux viruses (yes it can happen) and then th

Re:

[AmberBlackCat]

That may be true, but it doesn't mean Windows is worse than anything else. It just means Windows is the biggest target.

How does this compare

[svendsen]

to the amount of money lost in the real world because people aren't educated or fail to take precautions or fall for scams...etc

Re:

[BillGod]

I like the fact there are so many morons out there. In fact I am dropping off my cousins neighbors computer that I just cleaned and picking up his other neighbors computer. Nothing like a little extra income from the rich idiots who know nothing about computers.

thankfully with vista out

[wakim1618]

those millions of people will be finally protected against viruses and spyware.... and against anything untrusted such as themselves

"Computer viruses have prompted 1.8 million households to junk their PCs over the past two years, while spyware has claimed another 850,000 machines in just the past six months."

Oh.. But Think of the Children!!

[mpapet]

If there was ever a justification for openly spying on *everyone* online, I'd say this is it.

Either that or more "family friendly" legislation to protect us from ourselves. (Which never works)

Or maybe some combination of the two.

Re:

[edwardpickman]

It also protects you from lots of commercial software and hardware.

No wonder...

[MarcoG42]

When I was in school I was punished for doing anything with a computer that wasn't within the teacher's scope of instruction; making spreadsheets and word processing. Most parents know next to nothing about how to operate a PC outside of simple browsing and email. Anything else is intimidating techno-wizardry. Teaching more advanced computer classes in grade school could easily reduce that "cost." I've found parents are more than willing to take little Bobby's advice on computer related topics, because at least he can program the damned VCR.

Re:

[spamking]

I've found parents are more than willing to take little Bobby's advice on computer related topics, because at least he can program the damned VCR.

If that's the case then maybe some parents shouldn't be allowed to purchase a computer . . .

I wonder if they day will ever come where you have to have a license to purchase a computer? Not a software license, but an actual certificate that documents your having some knowledge about what it is you're buying and the proper way to secure it.

Re:

[Xybre]

Man, if a 90 pound linux hacker tries to join the football team, he gets what he deserves. Seriously. I'm all about being a geek, but if your expertise lies in another field and you haven't prepared yourself for the new environment, someone should come to you and go "dude, you're not even trying, you're going to get yourself hurt". It should be the same way, sure, Joe Sixpack wants to get online and hit on girls on Myspace, and it's okay if he turns his computer into a steaming pile of feces because he deci

Re:

[pthor1231]

I'd rather the sales people be licensed first personally...

Re:

[spamking]

That would probably be even better . . .

Network Users or Network Providers

[newgalactic]

At first I was hoping this was a Consumer Reports report on Network Providers (Verizon, AT&T). I guess it's wishful thinking that this topic could break beyond the confines of tech media into the mainstream.

I'm pretty sure I know the response

[Opportunist]

The response will be more cracking down on MySpace and other community networking sites (thinkofthechildren and all the crap), because it's beyond the comprehension of kids to understand it might not be a good idea to click on every single craplink offered to you. After all, that's something even 30 year olds don't understand, how should 13 year olds?

Sure, it won't solve a thing. But hell, we did something. We didn't do anything that changed anything, but nobody can complain that we don't do anything.

Instead, it could maybe be a good idea to educate people that they should use some AV kits, firewall kits and most important some brains when clicking up and down the 'net. Yeah, I know, I know, everyone wants to replace good ol' common sense (why is it called "common" sense is beyond me, but hey, you know, maybe in the old times when those idioms were created, it was actually common) with technology, we want to bubblewrap our kids instead of preparing them for life, but hey, it simply and plainly does not work. It never did and never will.

Education and information is the key weapon against trojans. Sure, that requires you to learn how to protect yourself and how to defend yourself against malware. You don't want to? Ok, then I don't want you in my net. Get outta here 'til you learned how to operate safely in an environment where your clueless, careless actions cause harm to other people!

How that harms me? Well, considering that there are DDoS sheeps worth a few hundred gigabit/sec, one could see (if one knows how BGP works) how this could be a minor inconvenience to the internet as a whole. So far, "critical mass" is not yet obtained, and they are not in a centralized hand. But I shudder at the thought that it might be. Imagine someone actually having the ability to bring the net to its knees with sheeps firing intercontinentally simultanously. We're heading there. Think he could do the Dr. Evil prank of asking for (pinky-at-mouth) a million bucks and he'll be paid?

All made possible by clueless people who don't give a jack about security, ignorantly participating in DDoS attacks every day.

And what's best about it, they're not even liable for it. I wonder, maybe one should set up a protest through the 'net, and whoever wants to participate and protest against some oil company that fills our seas with crud or clothing companies that employ kids at sweatshops, simply lets himself be infected by a trojan which then DOSes those companies' internet access lines. Hey, don't worry, you're not liable for it. You're just a poor victim yourself, infected by that nefarious trojan.

Re:

[morgan_greywolf]

Education and information is the key weapon against trojans. Sure, that requires you to learn how to protect yourself and how to defend yourself against malware. You don't want to? Ok, then I don't want you in my net. Get outta here 'til you learned how to operate safely in an environment where your clueless, careless actions cause harm to other people!

Wow. Here, have some lemonade. We tried that, remember? We tried to educate the clueless during the 'September that never ended' period, and we failed. F

Re:

[Opportunist]

That's exactly what's not happening! ISPs do NOT cut the clueless trojan sluggers. Why should they? They're their cash cows! What's better than someone who uses the net at best for some email and maybe, once in a blue moon, for finding a hotel? No traffic, no calls, the customer of your dreams. Yeah, sure, every now and then he pumps out a few megs of spam, but hey, compared to those torrent freaks...

The problem is exactly that this is NOT happening. If ISPs were required to cut the slack, I'd agree with yo

Maybe there's a connection?

[mrsbrisby]

In other words, IIS Gaining on Apache [slashdot.org] cost Americans $7 billion over the past two years.

Do your patriotic duty: Install Apache [apache.org].

I second...

[thatskinnyguy]

I second all the people on this board who say that it's always something stupid and preventable and the users don't want to learn how to avoid it. Of the many home computers I have fixed for people about 95% of all the issues could have been prevented with a little "don't click that" common sense.

I always tell people what they did wrong and what to look-out for while they are surfing the series of tubes. But I almost always, with few exceptions, have repeat customers over the exact crap on a different da

report accuracy

[ArcadeX]

While I am sure the numbers they have are much more accurate than how many millions I cost the music industry by downloading one song, I am curious as to the accuracy of the report, and what all is quantified. Majority of my salary (helpdesk) can be comprised of fixing the types of crap mentioned... never thought I'd have malware and viruses to thank for job security...

RIAA figures, Consumer Reports figures, all calculated in Taiwan.

...and if that would include europeans

[iampiti]

...that would include the million or so that I lost to online sports betting. I never learn :P

$400,000,000 (yearly) more

[karl.auerbach]

It may not be classed as a "scam" (because there is no illegality about it), but it is certainly as effective as one.

I am speaking of a kind of private internet "tax" that amounts to roughly $400,000,000 every year.

The internet now has a regulatory apparatus, called ICANN, that requires that domain name buyers pay about $400,000,000 in excessive domain name fees every year. This is a result of ICANN imposing a roughly $7 "registry fee" on every domain name sale every year even though the actual cost of providing that service is only a few cents.

It may not be phishing, but the ICANN tax certainly pays off for Verisign and the very few other lucky DNS registrars. In fact it is better than phishing because smart consumers can avoid being caught, but with the ICANN tax the buyers of domain names have no choice but to pay.

What To Do.

[RealProgrammer]

Part of this may sound like preaching to the choir, but bear with me. There is a tendency to want the government to do something about every problem, and the hassle of online scumbaggery is no exception. Individuals (and their guardians) need to take responsibility for their own protection, and not expect either the government to protect them (which it cannot) or for faceless strangers to be kind to them, which a tiny but significant portion will not.

Each of these steps solves roughly half of the remaining problems not solved by the previous ones.

1. A fool and his unarchived data are soon parted. If you want it, make an offline copy of it.
2. Switch to Linux, a Mac, or Anything But Windows. Most of the following only apply if this one won't work for you.
3. Switch to Mozilla Firefox [mozilla.com].
4. Buy and install a firewall box.
5. Buy and install a virus scanner.
6. Download and install Lavasoft Ad-Aware [lavasoft.com] or similar spyware detector, even if your virus scanner says it provides that protection.
7. Don't open email with attachments, or respond to spam with so much as a single click. You have been warned.
8. Stay away from porn sites. They're bad for your computer.
9. Stay away from online games except those you know to be crap-free.
10. You don't know that any of them are crap-free.
11. Don't download commercial music except from commercial vendors to whom you pay a fee. Yeah, sucks to be us. But you get what you deserve, and if you're trying to get something for nothing, you'll give something for nothing in return.

So what do you do if your kids download some game, P2P app, or other crapware-laden piece of stupidity? Take away the computer. What if you have several kids, and you don't know who did it? Enlist their aid and hold them all accountable. Tell them that if any of them downloads crapware and the guilty party won't come forward, they all do their homework at the library (for a week or month or whatever).

Re:

[Acy James Stapp]

"Tell them that if any of them downloads crapware and the guilty party won't come forward, they all do their homework at the library (for a week or month or whatever)."

Collective punishment like this is a war crime and disallowed by the Geneva convention. It's no good for prisoners of war and it's no good for your kids.

Re:

[RealProgrammer]

war crime

What a bunch of baloney. While it may be that collective punishment is barred by the Geneva Conventions, it is most certainly allowed in other venues which don't include prisoners of war or protected non-combatants.

Also, there are lots of things that the GCs disallow, such as corporal punishment, that are left to the judgment of parents. I would add that a kid old enough to use a computer unsupervised is past the age of spanking. There are things allowed by the GCs that I would never do, such as

Re:

[KevReedUK]

There are things allowed by the GCs that I would never do, such as imprisoning my kids.

I guess this is a question of degrees... While I believe collective punishment of children is, and should be, allowable (heck, they use it in schools and youth groups all the time in my experience), your suggestion that non imprisonment of your kids should not be allowable could be interpreted as saying it should be illegal to ground your kids. While I recognise there are those parents who wouldn't ground their kids

Re:

[logicpaw]

So what do you do if your kids download some game, P2P app, or other crapware-laden piece of stupidity? Take away the computer.Only give them accounts inside vmware-like environments. To "take away their computer" is just a reinstall from image.

Re:

[ascendant]

What a wonderful post. Seriously, I'm a fan now.

Be a teacher!

[fuffer]

I think that toshe of us who are tech-savvy have a hard time understanding the actions of those who aren't. People are quick to throw out "Well if they didn't click every damn thing" anytime a report like this comes out.

I'm telling you, though, that it's not that simple. The scammers are savvy...sometimes even more savvy than us!

The best defense is education. Here at the office I've been offering some lunchtime classes on basic computer stuff - how they work, how scammers work, how computers get in

"Lost" 7 billion

[fermion]

Over the past month I "lost" $1000 due to traffic.

During a year of not working i "lost" 50K.

By downloading my albums from itunes rather than buying locally, my local record shop "loses" perhaps $100 a year.

Of course all of these are not even paper loses, as they do not represent money that is any way real. They barely qualify as opportunity costs.

I really don't understand why these numbers are represented as losses. If a firm pays $.25 for each advertisement, do they lose that money for customers who do not buy anything, or do they just alginate the entire thing as a loss, or do they say it costs, say $2 to acquire a customer. When a computer is down, is this a loss, or cost of doing business with that computer. Presumable if the computer started generating actual losses, the firm would no longer use it. In fact machines are brought in because not using machines costs more money, and represent real losses. Of course, once the machines are in the savings are often not as great as one calculated, which some might consider a loss.

Of course even if this is a loss, it hardly seems significant. It is like $20 per person. The recent price increase at Starbucks likely has a greater impact.

Re:

[hax0r_this]

Anyway, how can money be "lost"? If some guy gets a virus while he is looking at porn, then I go and charge him $100 to fix his computer was $100 lost? Hell no, $100 was merely transferred into worthier hands... Well, maybe not, but you get my point.

7 billion?

[Orig_Club_Soda]

Thats like $22 per American if they were all on the net. Kinda crazy, if you believe this hocus pocus. These loses are always pumped up via mystery numbers equaling potential profit and potential sales. If 7 billion were really lost, the interent would be a ghost town.

13%

[AmiMoJo]

Surely that should be 77.777777777777%?

18/14*100... 77% of children don't meet the MySpace age 14 requirement? No?

Blame the parents

[BrianRagle]

This is an ironic article to read so shortly after receiving an email from the AFA seeking my signature on a petition to have Congress protect kids from online "obscenity". While I am both a parent and IT professional and, thus, a little more versed in the dangers which exist and the easily obtained remedies for them, I still blame modern parents for what their children gain access to on their home computers.

For example, my 8 year old daughter does have her computer in her room. It's an old machine I fix

Re:

[rossz]

Be prepared to be flamed by a bunch of young punks who are years away from being a parent. They'll accuse you of being a tyrant, a fascist, and an asshole. Ignore them for the idiots they are. You are doing the right thing.

I had the same exact problem with my step-daughter in her teen years -- probably worse than your situation. Because she was getting into trouble, her access was extremely limited and she did NOT have a computer in her room. Because of how serious the situation was, I went so far as t

Mad Magazine

[rapidweather]

Consumer's Reports is what we started to read to get a laugh after we got through reading Mad Magazine. They both attacked the establishment, and back in the late 50's and early 60's, we thought that was hilarious. Consumer's Reports told us that a certain car "rode like a log wagon", and steered like a "drunk was behind the wheel". The seats felt like "park benches". Getting in the back seat required one to "shrink to 1/3 your size".
These are fictional examples, but typical of the attacks on the establishment that Consumer's Reports dished out in every issue. Not even a lowly coffee pot was safe from their critical reviews.
Just one step away from being a Mad Magazine of Products. Great fun to read.
They justified their reports by selecting one as a "best buy", but sometimes, none were acceptable, adding to the funny-factor. All these serious manufacturers making products that turned out to be downright dangerous, or totally useless for the intended purpose.

Now, on to the 'Net. Did Consumer's Reports draw any correlation between an OS like Windows, installed on a hard drive where Trojans can be placed, and the financial losses that they have reported? Sure, any OS can be used by the unsuspecting to fall for a trap on a web site. Back when comic books had advertisements in the back, one could "send off" for a "movie projector", at a very low price, only to get a cardboard one, that you placed over a table lamp. Excuse given for not sending the one in the advertisement, "Shortage of Metal, caused by the Korean War."
Only now, Mac, Windows, Linux users can "send off" for rip offs like that via web sites, and the financial loss is not the fault of the OS.
However, the "ability" of an OS to accept and retain Trojans, viruses, etc. that have as their purpose the stealing of passwords, credit card numbers, account numbers, etc. stored on a hard drive is the point that should be made when blaming an OS. In that case, the user is not choosing to "order something from a web site", and get ripped off when the product never shows up, or is not accurately represented. The computer is just turned on, and is attacked by not having an up-to-date virus scanner, or is attacked by a drive-by when visiting a link.
Surely most of the loss reported by Consumers Reports is from Windows Computers, even if no Trojan or virus was present in the particular loss, the OS was just the one most computer owners were using when the rip-off purchase was made from a web site. That kind of loss is not really the fault of Windows. One could say that since Windows comes preinstalled, requiring no technical knowledge at all to get on the 'Net, then too many average people are able to use a computer to go on the internet, find web sites that can rip them off. They are simply exposed to more opportunities to buy items than they would if they just looked in magazines, or drove to stores.
In a magazine, if it is a well-known magazine, advertisements may tend to be more from trustworthy companies. On the 'Net, all web sites stand alone, unless linked from a trustworthy site.
Consumer's Reports may not be drawing all of these conclusions, and may just be blaming the losses on the 'Net, rather than on the consumer, and the OS.
I didn't RTFA, but I doubt that the Consumer's Reports that I have known all these years would put the blame on the computer users themselves, rather than on the established 'Net, OS providers, and computer manufacturers. CR tends to say, "This product is faulty, you should not buy it", rather than "This is a good product in the right hands, most of you are not using it right, and are going to get ripped off"

Rapidweather