Most Home PC Users Lack Security

Ant writes "CNET News.com and MSNBC report that a survey of home personal computer (P.C.) users found 81 percent lacked at least one of three critical types of security. However, the number of consumers using firewalls and updated antivirus software is improving, according to a report released Wednesday. The vast majority of consumers surveyed were found to lack at least one of three types of critical security--a firewall, updated antivirus software or anti-spyware protection, according to a report by America Online and the National Cyber Security Alliance. Of this group, 56 percent had no antivirus software, or had not updated it within a week, while 44 percent did not have a firewall properly configured, according to the report. Meanwhile, 38 percent of survey respondents lacked spyware protection..."

Bad metric

[SilverspurG]

After witnessing how easily most consumer firewalls were abused by Sony's DRM I'd say that firewalls are no longer an indicator of computer security. At least on the Windows platform.

There is nothing to see here

[LiquidCoooled]

We KNOW home users don't have security. Windows has been brought kicking and screaming from a single user insulated space into the big wide internet world.

Home computing has evolved just like personal motoring has.

Seat belts and safety features in cars used to be an addon luxury that not many people had or used, now every car comes with them and airbags and strengthening supports as standard.

Spyware protection is a new tact, and should really be dealt with in the same malicious software category viruses fall into - it basically uses the same engine, and its only the AV companies themselves who made a distinguisher between installed with vague permission and none whatsoever.

and this will be true as long as it's "optional"

[ummit]

Most users use things out-of-the-box, as-is. They assume that the default configuration, as designed by the manufacturer, is "good enough". This is true of any product, not just computer operating systems. And it's not actually a bad assumption -- or shouldn't be.

You shouldn't need an external firewall to protect your machine from hostile incoming connections -- your machine shouldn't be listening on ports it doesn't need to, and when it does listen, it shouldn't be possible for incoming connections to subvert it. You shouldn't need add-on antivirus software -- your machine should have a basic "immune system" of its own and shouldn't be vulnerable to the effects of running untrusted external code.

It is possible to design operating systems that are inherently secure in these ways. One of the larger crimes committed by the designers of the currently-popular consumer-grade operating systems is to have convinced large swaths of the population, via ubiquitous, crashing mediocrity, that it's somehow an "impossible" problem. It was largely a solved problem 20 years ago, if anyone had listened.

Re:lacking security?

"They probably mean many people use Linux. You know, no antivirus, no antispyware..." - by Crayon Kid (700279) on Thursday December 08, @08:58AM

Or, they probably mean they just follow what is written here @ this URL below, taking the 1/2 hour to implement its techniques (fully explained):

http://www.avatar.demon.nl/APK.html

THEN, you get what you stated & it works, on Windows 2000/XP/Server 2003, no questions asked.

Using it, you simply are "closing the doors" to it being possible, or AS POSSIBLE as the default setup of various Win32 OS (specifically NT/2000/XP, since Windows Server 2003 follows much of what is stated in that article) is not as 'strong' as it can be proofing your system vs. various threats online!

(I've been using that setup for years now, & not a single infection because of it - that, & being saavy about opening attachments in emails from folks you know & trust ONLY, & the same with programs you may download also.)

Between good practices, patching your OS + apps (time consuming but worth it) keeping them up-to-date, as well as running antivirus/antispyware that covers email & filesystems AND, not accepting attachments from strangers on networks like IRC) & doing what's in that article step-by-step, you're pretty solid security-wise.

* Keep that all in mind, & you don't get nailed by malware/spyware/virus, etc.- et all, period. Especially patching/updating your apps & libs your apps &/or OS call - they too, in their API's & code, can be vulnerable as well as the core OS files & functions.

By the way - Here @ slashdot not TOO long ago, there was an article stating Windows & Linux security was "neck & neck", see here:

http://linux.slashdot.org/article.pl?sid=05/07/14/ 1639242&tid=172&tid=109&tid=106&tid=218

APK

P.S.=> By the way, there are more secured versions of Linux available as well, such as SELinux:

http://www.nsa.gov/selinux/

The point it even exists, means that Linux' default installs from other vendors DO present possible avenues of infections/infectors also in their default setup... and, Linux DOES have infectors specific to it as well, see here:

http://linux.slashdot.org/article.pl?sid=05/11/08/ 140203&tid=220&tid=106

"Linux Lupper.Worm In the WIld"

Nuff said! Worms, virus', &/or malware's out there for Linux as well as Win32 OS, period... hence, doubtless part of the "WHY" SELinux exists @ all!

apk