Most In US Have False Sense of Online Security

BaCa sends along a link from Net-Security on a study of attitudes among Americans about the security of their PCs, versus their actual vulnerability. "More than half of computer users who think they are protected against online threats like spyware, viruses, and hackers actually have inadequate or no online protection, according to an independent research study conducted for Verizon... While 92 percent of participants thought they were safe, the scans revealed that 59 percent were actually vulnerable to a variety of online dangers. Ninety-four percent of those surveyed said they would find it helpful to be able to diagnose or check their online security status on a regular basis to make sure their PCs were safe."

Re:What am I supposed to do?

[Bert64]

Don't give her privileged access to any machine...
If you screw up your own account, wipe that user's files, the rest of the system should be fine and you can re-create the user.

I Smell Corporate Marketing, and /. fell for it

[StickyWidget]

the Radialpoint Software[me:the security advisor maker], in its default configuration, does not block ads from third parties or Verizon or its affiliates and business partners, and may not identify as spyware certain websites and applications from Verizon and its affiliates or business partners, Radialpoint Inc. and/or Verizon and its affiliates have the right and do access and modify the Software as well as the software (including registry settings on your computer) and/or your hardware for various purposes in connection with the Verizon Internet Security Suite (e.g. for the installation and implementation of the Software and updates to it) as well as to download, install and/or gather, obtain, collect and then use, in relation to the delivery and operation of Verizon Internet Security Suite, various information and data, including information necessary to identify you and your computer to ensure that Verizon Internet Security Suite is received as well as information necessary for the reporting of this service, and (iii) use of such information and data by Verizon will be in accordance with Verizon's privacy policy.

Lemme translate: This software collects data about you when you run it, will continue to collect data about you, and if Verizon's business partners happen to be skeeze, they won't warn you about their spyware. Do. Not. Want. By the way, by using their security advisor, I agree to use their "Internet Security Suite" as well. Which reports on me, and allows Verizon to edit settings on my computer. Sounds a little like remote access, yes?

Here's another thing: On the installation page itself, it says "Administrator rights are required to install this software." So that means that this ActiveX has access to ALL KINDS of fun functions and methods. Who is to say this can't be hijacked and turned into a mal-ware infection source?

~Sticky
/Cannot believe this made the front page of Slashdot.

Re:The best protection is a smart user.

[Phaldor]

> Firefox not having a history of letting websites run malicious code

You obviously do not pay too much attention to the news. There was one just released that had to do with Quicktime and Firefox. I know of several others where Firefox was either named specifically or generally, and why do you think they update their browser so often? More features? Get real dude, most of those updates are SECURITY VULNERABILITY fixes.

Re:At least once a year...

[secPM_MS]

This should be called the neverending story. Unfortunately, I think that name is already taken by a children's book. The query is a bit inappropriate. I am not safe simply if I have my AV and anti-malware SW installed and updated. I MAY be safer, but the AV and anti-malware SW can itself be a vulnerability.

Increasingly, the attacks are made at the application level, not the OS level. The OS can protect itself from a non-administrative user, but cannot be expected to protect itself from an administrative user who has been fooled into doing something inappropriate. The AV and anti-malware SW try to protect against known issues, but it is a best effort sort of thing.

If you are browsing, do you have javascript, java, flash, etc. enabled? If so, you have the neat functionality, but you are very vulnerable to compromise by hostile / compromised web servers.

If you are running as a normal (non-administrative) user such compromise can compromise anything you do. If you are running as an administrative user such a compromise can compromise your system (in Vista, you would have to OK the UAC prompt).

If you open .pdf attachements or pdf's on web sites, is your pdf reader fully updated? Exploitable security issues have been found routinely in certain pdf readers.

If you open Microsoft Office documents, is your Office software fully updated? Numerous attacks have been launched via such documents. Office 2007 has far fewer vulnerabilities than Office 2003. Note that using OpenOffice does not inherently protect you. The same type of vulnerabilities exist in OpenOffice.

If you have Apple's QuickTime, do you keep it updated? It has had large numbers of vulnerabilities.

Then we can go into the world of media and games, where many vulnerabilities exist and all too often the application in question is internet facing.

If you want ease of use, feature richness, and dynamic extensibility, you are not going to have a high level of "security / assurance". A web world of static HTML without any scripting and limited media is quite safe - but it is not what the customers want. A similarily restricted application functionality set can be made truly safe as well, but is not what customers want. Users feel comfortable and safe with what they routinely work with, even if this is inherently dangerous. This is as true for computer users as it is for industrial / research workers, who tend to get a bit casual about even truly dangerous issues (I used to be an industrial safety officer in research laboratories).