Slashdot Mirror
Most In US Have False Sense of Online Security
BaCa sends along a link from Net-Security on a study of attitudes among Americans about the security of their PCs, versus their actual vulnerability. "More than half of computer users who think they are protected against online threats like spyware, viruses, and hackers actually have inadequate or no online protection, according to an independent research study conducted for Verizon... While 92 percent of participants thought they were safe, the scans revealed that 59 percent were actually vulnerable to a variety of online dangers. Ninety-four percent of those surveyed said they would find it helpful to be able to diagnose or check their online security status on a regular basis to make sure their PCs were safe."
Actually, if you're really conscious about what you click, why would you need so many security layers?
It's not like this hasn't been noted before: PEBKAC Still Plagues PC Security. Your average user firmly believes what they are told by "experts" or the guy who sells them the computer. They are not web-savvy and don't dig into the background on computer security. They think that all they have to do is run their spyware remover and update their anti-virus and their fine. Heck, too many don't even know they have such utilities, and if the do know, aren't actually aware if they are running or not!
Computer security must be taken out of the hands of the user where the user is likely to not have a clue how it works.
GetOuttaMySpace - The Anti-Social Network
DTA: Don't Trust Anybody
And by "personal firewall" do you mean that POS built into XP, or the POS from Symantec? Or do you mean the router firewall?
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
Doesn't XP have a big green light that tells users they're secure with a firewall and anti-virus protection? If an OS tells an average user they're secure, even if they're only marginally more secure, I wouldn't expect the average user to question it.
Developers: We can use your help.
I don't have any virus scanner or malware blocker, or firewall or any kind of security software whatsoever installed on my computer. Actually, I have clamwin, but I only run it once a week. It never finds any viruses. Yet I would say that I'm adequately protected because I have a brain. I don't run software from sites I don't trust. I use Firefox, which doesn't have a history of letting websites run malicious code, and I try to stay on sites that I trust. I have a router, and no incoming ports are forwarded to my PC, so I'm safe in that way I guess. At work I have Norton installed, because it has to be. To date, it has blocked 0 spyware, 0 viruses, and 0 worms. Because it hasn't encountered any, because I practice safe computing. It hasn't actually done anything except slow my computer down. What a great waste of money that was.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
This would be the target demographic of the malware antivirus attack, where a site does a browser hijack, slows your computer to a crawl, then starts bombarding you with ads for its "solution" to the problem its own malware caused.
There is no single answer here. Affordable (or free) antivirus software that actually works would be a start, providing it isn't on the McAfee/Norton bandwagon of getting you to pay for a subscription and using up a fair amount of resources when running. There are good community-governed host file lists which can be a real help on many different levels - adware, phishing, malware, viruses, and some of the more onerous types of advertising. User education about basic practices is key - I'd like to see some Public Service Announcements on this, in the style of some of the American Lung Foundation's 1970's PSAs.
I have to tell people over and over: "It doesn't matter if you trust Jackie not to send you a bad file. You also have to trust that Jackie is vigilant about computer security, and that she knows a lot about the subject. You also have to trust that her computer hasn't been compromised, or that her e-mail isn't a spoof, which requires you to understand a lot about message headers at the very least. Is an animated stripper dancing on your start bar really worth the risk?"
"Hi. I'm with Verizon. We're trying to see if your computer is secure. Mind if we scan it for vulnerabilities?"
When they answered yes, why bother to go any further? In my mind, they're obviously potentially victims for spear-phishing types of attacks.
Bark less. Wag more.
Most In US Have False Sense of Security
There, fixed that for you.
There are no karma whores, only moderation johns
If you want news from today, you have to come back tomorrow.
We do NOT need to protect our children from the evils on the Internet. We need to protect people in general. While the US might have more people who are gullible, there are gullible people all over the world. Computers are not simple to use and operate like a toaster, or other kitchen appliance. Even if they were, one look at the statistics of fire departments on the day before and the day of Thanksgiving should tell you that people, in general, are not competent to operate anything more complex than the shoestrings of their shoes.
You can buy a car that costs less than some computers, but still need a license to drive it, and insurance in case you get into a wreck. Why should computing be any different? Oh, don't believe in the nanny-state? Well, stfu about kids needing protection from the evils of the Internet. Yes, give me that argument that motor vehicles are a life and death issue, or could be. I'll argue this, losing your identity or giving your life savings to some Nigerian prince is more or less a life and death issue, especially if you need that money in the near future for heart medicine.
The point is, and well demonstrated in this report, that NOBODY is safe, and not just kids need some training and guidance. Using the Internet is not a game, and people should be taught better how to use it and avoid the pitfalls of modern life. If it sounds too good to be true, well it probably is. If someone is advertising it in an email, it probably is something you don't need or can live without. That goes also for television and other advertisements.
I think that it is high time we, the human race, began to look at things a bit more intelligently. False sense of security? If it were not for Dept. of Homeland Security, most people in the US would think that flying was safe. This and other such campaigns are not about raising awareness or traning, it is about selling antivirus and antimalware software.
Why this should come as a surprise to anyone is beyond me. How long did it take to get people to wear seatbelts? The public, at large, is wont to believe experts, yes, but this is true despite the news that those same experts are paid by large corporations more often than not, and have been shown to be less than 100% honest.
How long before 'made in China' means it is a lethal device? (won't happen) How long before people riot in the streets because the food we eat is not labeled correctly? (won't happen). This is just one more thing that the US populace in particular is blissfully ignoring. If you have to spend 2-6 months salary on something, you tend to figure out how it works and treat it with care, take it in for tune ups and such. How many reading this know of one or more people that just go get another pc when theirs acts up, or becomes slow?
Ranting done. If you can't get people to read directions on the kitchen appliances, or cleaning recommendations on the tag in their clothes, you can't protect them from the evils of the Internet. Who would have thought we'd need instructions (too small to read) on cigarette lighters to stop them from ending up in baby's mouths? or warning notes on coffee cups that the contents are hot? I don't want to imply that people are ignorant... but
Support NYCountryLawyer RIAA vs People
The interesting thing about these studies is that they often conflate "computer users" with "Windows users". The problem is, that as a Linux user, I have no need to run anti-virus software or a firewall. I know which services are running on my machine, and have accepted the security risk thereof. But, consequently, we, (and the Mac users) get counted in the insecure group because of the faulty study methodology.
I really don't think most users expect their machine to be secure. Microsoft Windows has been insecure for so long now that getting hacked is just expected after a certain period of time. In fact, I had a rather interesting conversation with an anasthesiologist:
Him: I'm thinking about buying a new computer. What kind should I buy...
Me: (I rattle off some specs) Why?
Him: Well, it's slowed down again.
Me: Well, why don't you just run Linux.
Him: Well, I do a lot of gaming. I figure you're going to have to replace your PC once a year, anyway.
Me: Why don't you just format and reinstall, and get yourself a good virus scanner and firewall?
Him: What, do all that work? And then I have to reinstall everything? No, I'll just buy a new PC.
Me: But you're just going to have the same problem a later on. You'll get infected by a virus, etc... and you'll have to buy antivirus software.
Him: No I won't - I'll just buy another PC. It's not worth my time to do all of that antivirus and firewall stuff...
Words failed me at that point. But he did have a point. Most users believe that computers "just wear out" and slow down like an old automobile. They think that virus infection is a normal part of owning a computer.
The problem isn't Windows, per se. It's that people don't expect any better.
The society for a thought-free internet welcomes you.
All the data that I actually care about compromising is in my user account so it's at risk no matter what. I suppose that I really should move my financial and other sensitive stuff to a different user account that never uses the internet. I don't know anyone who does that and I've never seen it in a list of security suggestions.
And I don't see anything that prevents my user account from being used in Denial Of Service attacks against external servers. Or that prevents my user account from attacking servers of any sort on my local PC or on the intranet. And what -- other than the fact that it's probably not necessary -- is to stop the virus maker from including a selection of privilege escalation exploits in his bundle of aggravation?
Overall, I think that the Don't_Run_As_Admin_And_You'll_Be_OK lot are another bunch of folks with a false sense of security. I'd fault them because unlike naive users, they should know better. (However, running as admin in a multiuser environment really does put other users at additional risk).
While we're talking about false sense of security, let's don't forget the smug Mac and Linux users. We don't need virus checkers. More accurate would be We don't need virus checkers yet. Both systems are built with the same flawed by design technologies used to build Windows. If we insist in coding in a language that permits buffer overflows, we are probably going to have buffer overflows. Same for many other attacks on sloppy/incomplete/nonexistent legality checking, etc. Carbon/Cocoa/Linux are by no means immune from these problems even if there are few current attacks.
I also strongly suspect that the biggest current positive factor preventing a total PC security meltdown is the use of NAT routing which strongly discourages unsolicited attacks on non-server PCs. What's going to happen when/if ipv6 comes along and NAT routing goes away?
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey