Slashdot Mirror

← Back to Stories (view on slashdot.org)

Most Home PC Users Lack Security

Posted by Zonk on from the think-then-play dept.

Ant writes "CNET News.com and MSNBC report that a survey of home personal computer (P.C.) users found 81 percent lacked at least one of three critical types of security. However, the number of consumers using firewalls and updated antivirus software is improving, according to a report released Wednesday. The vast majority of consumers surveyed were found to lack at least one of three types of critical security--a firewall, updated antivirus software or anti-spyware protection, according to a report by America Online and the National Cyber Security Alliance. Of this group, 56 percent had no antivirus software, or had not updated it within a week, while 44 percent did not have a firewall properly configured, according to the report. Meanwhile, 38 percent of survey respondents lacked spyware protection..."

8 of 349 comments (clear)

  1. Bad metric by SilverspurG · · Score: 5, Insightful

    After witnessing how easily most consumer firewalls were abused by Sony's DRM I'd say that firewalls are no longer an indicator of computer security. At least on the Windows platform.

    --
    fast as fast can be. you'll never catch me.
  2. There is nothing to see here by LiquidCoooled · · Score: 5, Insightful

    We KNOW home users don't have security. Windows has been brought kicking and screaming from a single user insulated space into the big wide internet world.

    Home computing has evolved just like personal motoring has.

    Seat belts and safety features in cars used to be an addon luxury that not many people had or used, now every car comes with them and airbags and strengthening supports as standard.

    Spyware protection is a new tact, and should really be dealt with in the same malicious software category viruses fall into - it basically uses the same engine, and its only the AV companies themselves who made a distinguisher between installed with vague permission and none whatsoever.

    --
    liqbase :: faster than paper
  3. Re:lacking security? by BushCheney08 · · Score: 5, Funny

    Well, that answers that. I know for a fact that Linus keeps his security blanket nearby at all times.

    --
    Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
  4. Re:Best Free A/V? by wyckedone · · Score: 5, Informative

    The free ones that work the best are AVG, AntiVir (Classic, Premium isn't free) and Avast!. I currently use AVG but the new version of AntiVir is supposed to work better and have a smaller footprint.

  5. and this will be true as long as it's "optional" by ummit · · Score: 5, Insightful
    Most users use things out-of-the-box, as-is. They assume that the default configuration, as designed by the manufacturer, is "good enough". This is true of any product, not just computer operating systems. And it's not actually a bad assumption -- or shouldn't be.

    You shouldn't need an external firewall to protect your machine from hostile incoming connections -- your machine shouldn't be listening on ports it doesn't need to, and when it does listen, it shouldn't be possible for incoming connections to subvert it. You shouldn't need add-on antivirus software -- your machine should have a basic "immune system" of its own and shouldn't be vulnerable to the effects of running untrusted external code.

    It is possible to design operating systems that are inherently secure in these ways. One of the larger crimes committed by the designers of the currently-popular consumer-grade operating systems is to have convinced large swaths of the population, via ubiquitous, crashing mediocrity, that it's somehow an "impossible" problem. It was largely a solved problem 20 years ago, if anyone had listened.

  6. PCs should contain Defenses by digitaldc · · Score: 5, Informative

    When you purchase a PC, you should have the option of installing freeware that might help you in the incessant barrage of spam, viruses, spyware, adware, bots and phishing emails. It might also help to have a short tutorial on how your PC becomes infected/compromised/used to propogate malicious code. Maybe then Windows would be a better and safer O/S?


    For those who need some free help:
    http://free.grisoft.com/doc/2/lng/us/tpl/v5 (AVG anti virus)
    http://www.zonelabs.com/store/content/company/prod ucts/znalm/freeDownload.jsp (Zone Alarm firewall)
    http://www.lavasoftusa.com/software/adaware/ (Ad-Aware adware/spyware detection)
    http://www.safer-networking.org/en/download/ (SpyBot S&D adware/spyware detection)
    http://www.microsoft.com/downloads/details.aspx?Fa milyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displa ylang=en (MS Anti-Spyware adware/spyware detection)

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  7. Re:lacking security? by Anonymous Coward · · Score: 5, Insightful

    "They probably mean many people use Linux. You know, no antivirus, no antispyware..." - by Crayon Kid (700279) on Thursday December 08, @08:58AM

    Or, they probably mean they just follow what is written here @ this URL below, taking the 1/2 hour to implement its techniques (fully explained):

    http://www.avatar.demon.nl/APK.html

    THEN, you get what you stated & it works, on Windows 2000/XP/Server 2003, no questions asked.

    Using it, you simply are "closing the doors" to it being possible, or AS POSSIBLE as the default setup of various Win32 OS (specifically NT/2000/XP, since Windows Server 2003 follows much of what is stated in that article) is not as 'strong' as it can be proofing your system vs. various threats online!

    (I've been using that setup for years now, & not a single infection because of it - that, & being saavy about opening attachments in emails from folks you know & trust ONLY, & the same with programs you may download also.)

    Between good practices, patching your OS + apps (time consuming but worth it) keeping them up-to-date, as well as running antivirus/antispyware that covers email & filesystems AND, not accepting attachments from strangers on networks like IRC) & doing what's in that article step-by-step, you're pretty solid security-wise.

    * Keep that all in mind, & you don't get nailed by malware/spyware/virus, etc.- et all, period. Especially patching/updating your apps & libs your apps &/or OS call - they too, in their API's & code, can be vulnerable as well as the core OS files & functions.

    By the way - Here @ slashdot not TOO long ago, there was an article stating Windows & Linux security was "neck & neck", see here:

    http://linux.slashdot.org/article.pl?sid=05/07/14/ 1639242&tid=172&tid=109&tid=106&tid=218

    APK

    P.S.=> By the way, there are more secured versions of Linux available as well, such as SELinux:

    http://www.nsa.gov/selinux/

    The point it even exists, means that Linux' default installs from other vendors DO present possible avenues of infections/infectors also in their default setup... and, Linux DOES have infectors specific to it as well, see here:

    http://linux.slashdot.org/article.pl?sid=05/11/08/ 140203&tid=220&tid=106

    "Linux Lupper.Worm In the WIld"

    Nuff said! Worms, virus', &/or malware's out there for Linux as well as Win32 OS, period... hence, doubtless part of the "WHY" SELinux exists @ all!

    apk

  8. Re:lacking security? by Anonymous Coward · · Score: 5, Informative

    As far as the Windows registry settings?

    Start right here @ "the horses mouth" for Windows NT-based Os':

    http://support.microsoft.com/default.aspx?scid=kb; EN-US;q120642

    (That's a starting point for BOTH Tcp & NetBT & that tends to be "NT/2000 centric" but, most of it applies to Windows XP/Server 2003 as well!)

    Here are more, & the very ones I used to define & understand the .reg files entries on that site:

    Microsoft Windows Server 2003 TCP/IP Implementation Details MAIN PAGE:

    http://www.microsoft.com/technet/prodtechnol/windo wsserver2003/technologies/networking/tcpip03.mspx

    Microsoft Windows Server 2003 TCP/IP Implementation Details Parameters:

    http://www.microsoft.com/technet/prodtechnol/windo wsserver2003/technologies/networking/tcpip03.mspx# ECAA

    SECURITY CONSIDERATIONS FOR NETWORK ATTACKS:

    http://www.microsoft.com/technet/archive/security/ prodtech/windows/iis/dosrv.mspx

    TCP Transport Entries (all esoteric/unusual settings found here):

    http://support.microsoft.com/kb/q102973/

    TCP/IP Exploits and Countermeasures for Windows 2000 Server:

    http://www.microsoft.com/technet/security/guidance /secmod150.mspx

    Network Hardening and Security - Packet filtering Udp/Tcp - PortsAllowed + EnableSecurityFilters:

    http://www.microsoft.com/technet/security/guidance /legsgch3.mspx

    Prevent Session Hijacking

    http://www.microsoft.com/technet/technetmag/issues /2005/01/sessionhijacking/default.aspx

    ADDITIONAL REGISTRY SETTINGS - FOR AFD SETTINGS (ESPECIALLY):

    http://www.microsoft.com/technet/security/guidance /secmod57.mspx

    FOR TUNING PARAMETERS FOR SPEED FOR CABLEMODEM/DSL vs. 57.6k/33.6k/28.8k/14.4k DIALUP MODEMS:

    http://www.speedguide.net/

    * ENJOY! Those will define the settings altered/hardened & also explain EACH in detail as needed for your reference.

    APK

    P.S.=> What's in my initial URL is years of research since the NT 4.x-2000 days, & still works/applies to XP/Server 2003, & has had any added info. possible for them as well as the older NT-based OS' also... apk