October 25, 2004 6:17 AM PDT

Plague carriers: Most users unaware of PC infections

A study of home PCs released Monday found that about 80 percent had been infected with spyware almost entirely unbeknownst to their users.

The study, funded by America Online and the National Cyber Security Alliance, found home users mostly unprotected from online threats and largely ignorant of the dangers. AOL and the NCSA sent technicians to 329 homes to inspect computers.

"No consumer would walk down the street waving a stack of cash or leave their wallet sitting in a public place, but far too many are doing the exact same thing online," Tatiana Gau, AOL's chief trust officer, said in a statement. "Without basic protections like antivirus, spyware and firewall software, consumers are leaving their personal and financial information at risk."

Spying spyware
Looking for spyware fighters you can trust? CNET.com's reviewers uncloak the best countermeasures.

Nearly three in five users do not know the difference between a firewall and antivirus software. Desktop firewall software regulates which applications on a PC can communicate across the network, while antivirus software detects malicious code that attempts to run on a computer, typically by pattern matching. Two-thirds of users don't have a firewall installed on their computer, and while 85 percent of PC owners had installed antivirus software, two-thirds of them had not updated the software in the last week. The study found one in five users had an active virus on their machines.

The study comes during October, which the NCSA is promoting as National Cyber Security Awareness Month. The NCSA is a joint endeavor among industry, academia and government.

"Protecting the safety of our technology infrastructure means protecting the computers of individual Americans," Dan Caprio, deputy assistant secretary for technology policy at the U.S. Department of Commerce, said in a statement. "This study highlights just how important it is for individual Americans to take their cybersecurity seriously, not just as a matter of personal safety, but as a matter of our country's security as well."

The comments underscores the Bush administration's position--as outlined in the National Strategy to Secure Cyberspace--that the nation's cybersecurity by necessity has to rely on every computer owner to secure their own system. Yet, the study highlights the fact that most home users do not understand the risks involved in connecting their computer to the Internet nor how to secure their systems.

14 comments

Join the conversation!
Add your comment
Spyware invasion
Can anyone inform me as to how to either delete or quarantine spyware that is detected on the computer? I've been able to quarantine viruses detected by ad-ware-6 but spyware detected via Norton anti-virus scans defy any attempt to control or delete. Attempts to contact Norton on the matter are fruirtless.
Posted by (6 comments )
Reply Link Flag
Try SpyBot Search and Destroy
SpyBot Search and Destroy works great for me.
Posted by (5 comments )
Link Flag
with norton
you have to have the settings to detect/delete it... and if you cant... it should give instructions for manual deletion when you scan and click on the name...
Posted by volterwd (466 comments )
Link Flag
This seems AOL-specific and sensational
"AOL and the NCSA sent technicians to 329 homes to inspect computers."

Sounds like 329 AOL homes to me. Of course, AOL users are among the least experienced and informed of all Internet users, else they'd clearly understand AOL isn't required for their Internet access. This is a fairly important point which somehow CNet's reporting missed.

From the article:

"No consumer would walk down the street waving a stack of cash or leave their wallet sitting in a public place, but far too many are doing the exact same thing online," Tatiana Gau, AOL's chief trust officer, said in a statement. "Without basic protections like antivirus, spyware and firewall software, consumers are leaving their personal and financial information at risk."

Again, this is novice-quality information best suited for AOL's direct customer base as the same information has been widely circulated on the Internet for years and any experienced Internet user is already well aware of it.

From the article:

"Nearly three in five users do not know the difference between a firewall and antivirus software."

Actually, it's only accurate to say "nearly three in five of the AOL users examined in this AOL survey"...do not know the difference between a firewall and antivirus software.

From the article:

"Two-thirds of users don't have a firewall installed on their computer, and while 85 percent of PC owners had installed antivirus software, two-thirds of them had not updated the software in the last week. The study found one in five users had an active virus on their machines."

Again, first of all, data taken from this AOL-specific survey should not be extrapolated generally as applicable to the entire Internet market becuase it isn't. It's an internal AOL survey of a select group, and a very small group, of AOL subscribers.

Fascinating here is the CNet comment that "two-thirds of users don't have a firewall installed on their computer," as what that can only mean is that two-thirds of the AOL group surveyed aren't using WinXP, which has had "a firewall" built in for quite some time now, or else additionally aren't using M$'s recommended Service Pack 2 update to WinXP, which simply improves on XP's original firewall.

As I rather doubt that at this date two-thirds of the AOL users surveyed here are not using WinXP--but if they aren't and were using Win9x, for instance, then this is a very important fact which demands disclosure--and so we are left wondering whether the "firewall" the survey didn't find on two-thirds of the surveyed AOL boxes was actually a third-party firewall (such as Zone Alarm) instead of "a firewall" in general as found in WinXP.

From the article:

"Protecting the safety of our technology infrastructure means protecting the computers of individual Americans," Dan Caprio, deputy assistant secretary for technology policy at the U.S. Department of Commerce, said in a statement. "This study highlights just how important it is for individual Americans to take their cybersecurity seriously, not just as a matter of personal safety, but as a matter of our country's security as well."

As this quote does not stem from the context of the internal AOL survey that is the subject of this Cnet article, and is merely indicative of the kinds of general comments circulating for years on the subject of "Internet security," one wonders as to its inclusion here.

The fact of the matter is that US governmental agencies have been among the last groups chronologically to talk about "Internet security," if not among the last groups to actually understand the concept to some degree. Major technology companies and groups, on the other hand, have been saying similar things for years and long before this particular Department of Commerce statement was made.

From the article:

"The comments underscores the Bush administration's position--as outlined in the National Strategy to Secure Cyberspace--that the nation's cybersecurity by necessity has to rely on every computer owner to secure their own system. Yet, the study highlights the fact that most home users do not understand the risks involved in connecting their computer to the Internet nor how to secure their systems."

I really do wish Cnet would refrain from attempting to politicize nearly every single technology issue it reports on. The truth is that whatever the "Bush administration" recommends people do isn't remotely related to what individuals choose to do themselves in response. It's akin to implying that the blame for highway speeding is somehow the fault of the states because it's the states which put up speed-limit signs on the highways...;)

The fact that people may electively choose not to heed the advice they encounter, regardless of the advising entity, is never a reflection of the quality of the advice given. Thus, the "yet" as used in the above paragraph has literally no meaning.

I mean, I really cannot understand what CNet is getting at here. Would CNet prefer that "the government" start snooping into people's homes and fining or incarcerating them for "firewall non-compliance"? Is Cnet fundamentally incapable of acknowledging that a key component of "freedom" is that people be led to water as opposed to being forced to drink it? The ultimate arbiter as to an individual's well being should be the individual as opposed to his government. Much better to take advice because you see the wisdom of it than to be forced to take it by a government which believes you are too stupid to know what's "best for you."

From the article:

"The 329-person study found that, while eight of 10 users had spyware, the vast majority of them--nearly 90 percent--had no inkling that their systems had picked up a digital hitchhiker."

Again, Cnet is extrapolating generally without a basis for doing so. This should read, "while eight of the 10 users studied in this internal AOL survey had spyware..."

From the article:

"Spyware can allow unknown intruders steal important personal or financial information from victims' computers, and some allow the attacker to have full control of the systems. When networked together, the systems can from a digital army, known as a bot net, that can be used to attack other networks."

It might've been nice to see Cnet at least *once* manage to put this kind of information in context, which is, of course, that the vast majority of people using the Internet these days simply are not infested with "spyware." As it is this simply underscores why you can't take the data presented in this tiny AOL internal study sample and extrapolate it universally.

Recommending that Internet users avoid porn sites (traditionally hotbeds for spy-ware, mal-ware, viruses and the like), that they decline to use so-called "file-sharing" software like Kazaa (because you don't need a "file-share" program such as Kazaa to simply "share files" with friends and associates), guard their email addresses the same way they guard their private telephone numbers, use an auto-update virus & mal-ware program, and make use of at least the WinXP firewall, if nothing else (preferably a good third-party firewall on the order of Zone Alarm--I use ZA and the WinXP SP2 firewall automatically recognizes its presence and disables its own firewall in deference to ZA), are all beneficial recommendations for CNet to make--if only CNet would make them...;)

Most importantly, I think, Internet users should be advised to shun the so-called "free software" available for Internet download, such as some browsers (excluding Firefox, which has no ad-ware component that I can find), browser plug ins, and a wide variety of public domain software, because at the least these programs install "ad-ware" that bombards the user with pop-up ads and at worst these programs can serve as vehicles for trojan programs of a wide variety of mal-ware in general. The "free" offer in many cases unfortunately is merely a hook to get users to install trojan programs they would not have voluntarily installed otherwise.

When CNet talks about "Internet security" in a manner which illustrates only the absolutely worst-case scenario conceivable for "spyware," it's little better than fear-mongering and seems targeted towards eliciting an emotional response from its readers instead of a presentation of objective information compiled to inform and educate the reading public.

Imagine what it would do to the airline industry if the only information ever publicized about airline travel amounted to horrific film clips of airliners being obliterated as they collided with the World Trade Center, or news-footage of the various tragic airliner crash scenes over the years. If this was the only information on the subject of air travel in general to which the public was exposed I imagine the industry would collapse internationally in short order.

Oddly enough, most media and press organs seem to have little difficulty portraying the airline industry objectively and the tragedies the industry has suffered over the years in context--namely, the context that the vast majority of people who fly live to expire from some other cause wholly unrelated to air travel. So why is it, I wonder, that these same "news" organizations seem incapable of objectivity and context and perspective when addressing the various topics surrounding computer technology? It certainly baffles me.


From the article:

"Educating users about such threats is one of the initiatives called for by the United States' National Strategy to Secure Cyberspace. Microsoft has also added enhanced security to its Windows XP operating systems in an update known as Service Pack 2."

One of the wonderful things about "education" is that the government is not its sole supplier...;) (At least within most western democracies, that is.) Information is the key commodity offered by the Internet, but it is imperative that the wheat be separated from the chaff, of course. As that sort of "wheat thrashing" seems ostensibly a central purpose for entities such as CNet, it would have been nice to see CNet "educate" its readership to the fact WinXP and SP2 for WinXP include a *firewall* which is there to aid Internet users who use WinXP as their primary OS when Internet browsing.

Instead, only in the very last sentence of the article's final paragraph does CNet inform its readership that "Microsoft has also added enhanced security to its Windows XP operating systems in an update known as Service Pack 2."

I think it only proper that CNet might have "educated" its CNet readership to the fact that what CNet means when it says "enhanced security" is that M$ builds in a *firewall* within WinXP, among other things. I can only hope that CNet isn't waiting on a government agency to provide that information to the CNet reading public, or that CNet isn't waiting for a confirmation by the Department of Commerce that, yes, WinXP *really does* include a firewall, as that isn't likely to occur anytime soon for a lot of obvious reasons...:D

Seriously, I thought it simply amazing the lengths to which the author of this article extended himself to sensationalize and dramatize all kinds of "problems" and "threats" surrounding "Internet security" while almost completely avoiding specific mention as to what technology companies are doing about those issues in terms of remedies, not to mention scant comment as to the simple things people can do to *protect themselves* from such "threats." I cannot recall reading another article anywhere on this subject which used the word "firewall" so many times but never once specifically describes the WinXP firewall (as if it simply did not exist.)

The only question remaining to be answered here is this:

Does CNet know the difference between the terms "enhanced security" and "firewall"...? From this article it certainly doesn't appear that way. (I mean, if you aren't going to educate your readers as to what you mean precisely by "enhanced security," there's little point in using the phrase, is there?)
Posted by Walt Connery (89 comments )
Reply Link Flag
Wow
You seem to have way too much time on your hands. This has
got to be the longest comment I've ever seen.
Posted by (10 comments )
Link Flag
thats as long as the original article
good points... AOL users are pretty dumb...

with regards to kazaa... use kazaa lite... or sharezaa.. they both have no spyware and if you have a virus scanner and little common sense you should have no prob with p2p other than RIAA

overall... you are much more educated than these writers... but hey what can you expect... they are only journalists... and barely at that
Posted by volterwd (466 comments )
Link Flag
Bravo....very well put...
I like your thinking...

It amazes me that in this age of such great technology, that so ignorance is not only so abundit but is also promoted. The menchan of AOL at the very beginning of the article raised a red flag almost instantly as I thought to myself..."of course". I know that AOL's subscriber base is the least tech savy of all net users. To see their numbers getting smaller puts a big smile on my face.

One of the things I comment on so often is the lack of interest that so many netizens have in the realities of being online. So many people just don't care to learn anything more than email, downloading music, playing a game or two, or perhaps online porn. This really bothers me. What's worse is that this kind of ignorance is promoted so much by companies like AOL that claim the "one-click-fix" and virus scanning email before it comes to you. I know that not everyone will want to know how to build computers, but there really needs to be atleast some real desire by ALL those who are online to learn something about being online. It is somewhat promising that poeple are getting smarter and more tech-aware.
Posted by Prndll (382 comments )
Link Flag
Using windows....
Using windows is like sleeping with a prostitute.
Posted by 198775425444042216790779840523 (102 comments )
Reply Link Flag
average user courses
Figures, most average (home) user courses (book or otherwise) will take your money, will take your time, teach you about various programs you can also buy and introduce you to 'free' software with build-in dangers (MSN for one) but will not teach you how to defend yourself against what, how to succesfully rebuild your computer from scratch without loosing too much data (including settings) and what kind of maintenance is needed. Let alone give you hands-on experience with a few of the other OS's out there.

I guess such courses are aiming for repeated visits.

Then again, teaching people how to defend their Windows computers maybe a bit too much to ask from them. I frequently run into MCSE's who don't have a real clue as to how to protect a PC. Let alone an entire network.
Posted by arthur-b (31 comments )
Reply Link Flag
There is a better way...
...just buy a Mac. And enjoy.
Posted by (17 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.