Slashdot Mirror

← Back to Stories (view on slashdot.org)

Most In US Have False Sense of Online Security

Posted by kdawson on from the can't-hear-you-la-la-la dept.

BaCa sends along a link from Net-Security on a study of attitudes among Americans about the security of their PCs, versus their actual vulnerability. "More than half of computer users who think they are protected against online threats like spyware, viruses, and hackers actually have inadequate or no online protection, according to an independent research study conducted for Verizon... While 92 percent of participants thought they were safe, the scans revealed that 59 percent were actually vulnerable to a variety of online dangers. Ninety-four percent of those surveyed said they would find it helpful to be able to diagnose or check their online security status on a regular basis to make sure their PCs were safe."

5 of 161 comments (clear)

  1. At least once a year... by betterunixthanunix · · Score: 5, Funny

    At least once a year, these results come out in yet another study. Perhaps we should declare a new holiday: False Sense of Security Day (and of course, False Sense of Security Eve, when a hacker in a Santa suit constructs an enormous botnet and takes down a few small mailservers with spam).

    --
    Palm trees and 8
    1. Re:At least once a year... by secPM_MS · · Score: 5, Informative
      This should be called the neverending story. Unfortunately, I think that name is already taken by a children's book. The query is a bit inappropriate. I am not safe simply if I have my AV and anti-malware SW installed and updated. I MAY be safer, but the AV and anti-malware SW can itself be a vulnerability.

      Increasingly, the attacks are made at the application level, not the OS level. The OS can protect itself from a non-administrative user, but cannot be expected to protect itself from an administrative user who has been fooled into doing something inappropriate. The AV and anti-malware SW try to protect against known issues, but it is a best effort sort of thing.

      If you are browsing, do you have javascript, java, flash, etc. enabled? If so, you have the neat functionality, but you are very vulnerable to compromise by hostile / compromised web servers.

      If you are running as a normal (non-administrative) user such compromise can compromise anything you do. If you are running as an administrative user such a compromise can compromise your system (in Vista, you would have to OK the UAC prompt).

      If you open .pdf attachements or pdf's on web sites, is your pdf reader fully updated? Exploitable security issues have been found routinely in certain pdf readers.

      If you open Microsoft Office documents, is your Office software fully updated? Numerous attacks have been launched via such documents. Office 2007 has far fewer vulnerabilities than Office 2003. Note that using OpenOffice does not inherently protect you. The same type of vulnerabilities exist in OpenOffice.

      If you have Apple's QuickTime, do you keep it updated? It has had large numbers of vulnerabilities.

      Then we can go into the world of media and games, where many vulnerabilities exist and all too often the application in question is internet facing.

      If you want ease of use, feature richness, and dynamic extensibility, you are not going to have a high level of "security / assurance". A web world of static HTML without any scripting and limited media is quite safe - but it is not what the customers want. A similarily restricted application functionality set can be made truly safe as well, but is not what customers want. Users feel comfortable and safe with what they routinely work with, even if this is inherently dangerous. This is as true for computer users as it is for industrial / research workers, who tend to get a bit casual about even truly dangerous issues (I used to be an industrial safety officer in research laboratories).

  2. I think there's a more telling bit of evidence ... by ubrgeek · · Score: 5, Insightful

    "Hi. I'm with Verizon. We're trying to see if your computer is secure. Mind if we scan it for vulnerabilities?"

    When they answered yes, why bother to go any further? In my mind, they're obviously potentially victims for spear-phishing types of attacks.

    --
    Bark less. Wag more.
  3. I know I'm secure by gEvil+(beta) · · Score: 5, Funny

    I know I'm secure. I use only genuine Microsoft products. I remember seeing an ad that said that they're the most secure computer company there is.

    --
    This guy's the limit!
  4. Re:Old news by Cro+Magnon · · Score: 5, Funny

    Exactly. As if removing the spyware also went back in time and actually prevented the spyware from HAVING SPIED on you already!


    That's why you need a Mac. It has a Time Machine.

    --
    Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.