Survey: Most home PC users lack security

A survey of home PC users found 81 percent lacked at least one of three critical types of security, but the number of consumers using firewalls and updated antivirus software is improving, according to a report released Wednesday.

The vast majority of consumers surveyed were found to lack at least one of three types of critical security--a firewall, updated antivirus software or anti-spyware protection, according to a report by America Online and the National Cyber Security Alliance.

Of this group, 56 percent had no antivirus software, or had not updated it within a week, while 44 percent did not have a firewall properly configured, according to the report. Meanwhile, 38 percent of survey respondents lacked spyware protection.

"Even though most consumers think they are protected, this study shows the opposite," Ron Teixeira, National Cyber Security Alliance executive director, said in a statement. "Far too many people still lack the three fundamental protections they need to stay safe online."

Nonetheless, some improvements have been made. The number of homes with properly configured firewall protections rose to 56 percent from 28 percent a year ago.

The improvements were attributed to the default firewall that is installed with Windows XP Service Pack 2, according to the survey.

The percentage of home PC users with recently updated antivirus software on their computers rose to 44 percent this year, compared with 33 percent a year ago. And, the number of PCs with spyware and adware loaded onto their systems fell to 61 percent this year from 80 percent last year.

[Eggs Ackley]

Broadband [L]users

The biggest problem is with home bradband users who have no hardware firewall (e.g., a router). With the connection being persistent, these machines all eventually become zombies. The cable or DSL provider doesn't make the need for a firewall abundantly clear because they can sell the poor dumb bastards additional modems for each PC in the house.

I lost count of all the non-technical people I've known who just connected their PC right to a cable modem. Then, they wonder why their system gets hosed in no time.

[Betty Roper]

CDC

Blame the service providers. We need some Big Standards Body to demand that all cable and dsl providers provide modem/routers with built-in firewalls (some already do). But they don't because of cost (fewer service calls... at least in the short run).

Since one bad machine can infect many others, think of it as a matter of computer public health.

[rcsteiner]

A hardware firewall isn't a hard requirement.

I use a dedicated PC running a software firewall (BrazilFW, formerly known as Coyote Linux, a small and specialized single-diskette firewall/router distribution which runs in a RAMdisk), which I feel gives me far more flexibility than an (affordable) hardware firewall would.

My other systems are not vulnerable, since they are nestled safely behind the firewall box and are thus not connected directly to the internet. :-)

I agree with you, however, that ISPs need to make it clear to their users that a firewall is a good idea. I think it should be a hard requirement.

Of course, the saddest thing in all of this.

Is that there are extremely good firewall, AV, and adware/spyware screening utilities out there to be had...for free. In fact, much of the utilities software for sale out there just plain sucks. So the question remains for those with unsecured PCs. What is their ratio of stupid/lazy?

[vchmielewski]

Get a Mac

If you don't understand security, get a Mac and you won't have to
worry about protecting your system from viruses and spyware.
Instead of blaming users for not knowing enough, how about
blaming the operating system that makes these problems possible?

[EuroMarkus]

Macs are Magic?

ANY OS can be attacked, lay off the Koolaid.

[rcsteiner]

Any non-Windows OS will do.

My OS/2 box doesn't suffer from spyware or virus issues, and neither do my Linux or BeOS boxes.

That doesn't mean I don't exercise due diligence when downloading and installing software, and I do run a virus scanner on my OS/2 box when I download DOS or Windows software, but it does mean that many of the most common vectors used by spyware programs and other similar entities are simply not present on those platforms.

[ctinok]

Macs aren't magic

Macs are all that I own, but that doesn't mean I don't take the
threat seriously. I use my OS X firewall and my router. I use two
virus programs. I use bowswers with adware and spyware
blockers.

You are correct in that there have not yet been an deployed Mac
virus or worms, but they exist. Just read the threat portion of
this site and work backwards. You'll find the articles.

Apple produces security upates for a reason.

My two cents.

[aabcdefghij987654321]

Get a clue

n/t

Get A Mac

Yes I would agree with Vince. Why put up with bad and insecure
operating systems and blame everybody else for it. The only reason
these viruses came about is because Micro$oft kept ignoring its
customers calls for security. They'll never learn.

[aabcdefghij987654321]

'nother cluless one

n/t

[pentium4forever]

Security

A lot of people think that a hardware firewall that performs NAT is enough. I would say it isn't. A software firewall works up to Layer 7 of the OSI model, and on SMTP end with email. Also, the firewall in XP isn't complete, it only blocks incoming traffic. I used to not have a software firewall. I got hit with Blaster and then got on with it and downloaded ZoneAlarm. ZoneAlarm enabled me to stay on the net, block the horrible net traffic and patch my system.

4 freeware programs to give you good security:
antivirus: AVG Antivirus
firewall: ZoneAlarm
antispyware: Ad-Aware and Spybot Search & Destroy

[pentium4forever]

Macs are safer yes

Macs are safer, hackers aren't going after the Unix kernel that resides at the core of Macs. However, there have been vulnerabilities although very few compared to Windows. Do they even make software firewalls for Macs? LOL.

[open-mind]

Re: OS X software firewall?

Yes, included with OS X.

You click a button to turn it on.

[VI Joker]

Partially

No computer is going to tell a users not to their credit card on every site that has a deal on something you want or not to put your phone number\email address on every form. Security is a combination of the knowledge a use has and the technology they are using. If one fails or is lacking then there is the an opportunity for a breach, regardless if the other is sound.

[Michael00360]

knowledge is power

knowedge is power. The majority of users that I come across in the repair business don't know how to use a firewall or antivirus software. Some don't even know what it is. Someone has to tell them. Someone may have to sit down and explain it to them step-by-step so that they have a good understanding of why they need the security and why it's important. They don't have to know the inner workings of the machine and program, unless they want to. They just need to know the importance of security on the pc and other data sources. Only then, will we see a change in those numbers.

(by the way: one of those someones is me. I don't mind at all explaining how things work).

[Kev63]

Re; Knowledge is power

I am one of those who don't know if my security is set ok! I have XP and so have their firewall, I also have AVG antivirus, and Ad-aware and Spybot for getting rid of spyware. How do I know if my firewall is setup right? I regularly update also. I also use the internet for purchases and so it is a worry!!

[ctinok]

Is this article accurate?????

You reported that the number of people using Adware and
Spyware blockers was down. Should the question have been --
Have you started using browsers with automatic adware and
spayware blockers? Is this limited to Windows users? Does it
apply to all OS users (Windows, LINIX, Mac OS X, etc.)? Is there a
compelling case for adware and spyware blockers beyond
bowsers? AOL advetises it does this for you. Cox provides this
service.

I strongly your third conclusion is incomplete and speculative.

[ericchappuis]

Most home PC users lack security

Ask the right question, you may get the right answer!

Besides the fact that most users are non-technical people too often careless and that some software is free or is provided online, the question is: ?How much money is involved into the ?PSEUDO? protection and safety business? (I say ?PSEUDO? protection and safety with every reason and within limits, for despite the use of four different anti-virus soft and half a dozen firewall, I never get the certainty that the machine I?m repairing in my shop is really clean, safe, etc. and they all show different result when they don?t give false positive and eventually screw up another program or the OS!!! Great isn?t?!!!)

First, the funny thing is: why is there the need at all of all these anti- things, blocker-whatever you name it?

Considering the vast amount of growing threats known, why aren?t they scanned, stopped, cleaned off the WWW right at the beginning, it is to say servers/nodes??

A technical issue then? Don?t have the means to achieve this level of protection? Ehemmmm! Ask the poor and innocent people who have been in all sorts of ways been tracked down, webs closed, etc. etc. Even cops coming knock-knock on the door. (I?m talking REAL innocent people).

Why is it that a virus able to attack servers etc. NEVER get into our home machines but the whole host of others roam and spread freely? Do they possess THE ultimate hardware/software we don?t?
Simple enough, because there is ABSOLUTELY no will to put an end to the juicy business of antis-things software producers and computer repair shop might get a little sad too! We are the bread and butter, the cow to milk!!! (I?ve known people talked and tricked into buying a new PC for a virus issue!)

So, why when needed for some kind of authority/interest/business, the means are largely and greatly deployed?

How much time, how much money we?re loosing, at a whole? Not only because of malicious, malignous wrongdoers.

We could talk about spam too, it follows the same rules. How many messages have been sent to our trash bin that were in fact real messages from a customer, a friend, etc.? And sometimes it just gets worse, I?ve answered once to an announcement by clicking on - ?I don?t want to receive any more messages from this site? and the next in-box message I got was from some official ?US-Robocop-something-web watcher? telling me I?ve been put on the black list and declared Spammer!!! Followed by an avalanche of Spams!!! Quite a cute trick, no?

Apart from finding and prosecuting virus inventors, hackers, spammers ?, why aren?t the producers of OS, soft etc. also made responsible for having produced such crappy unsafe products? After all, your car producer replace free of charge the faulty item, no?

And then working the same way, trying to protect your lives from terror aggressions, you?ve got ?the Patriot Act? with all its might and resources!!! Don?t let me laugh, I?ll explode with such laughter within the next ten seconds you?ll all hear me there, all the way to America, although I live in Spain!!! And if you don?t like me to laugh, don?t let me cry, you might get flooded but this time with no time to build an Ark!!! Poor America!!!

[Mendz]

Securing Home PCs

Most OEM OS powered home PCs sold today are bundled only with 30-90 day trial versions of security software. It is a solution to require bundling OEM OS powered home PCs with a complete and licensed security software renewable after a year or during a warranty period or so.

[mstlyevil]

Get a Clue.

So now you are saying that the technically challenged should learn a whole new OS just to keep their pc more secure? If that is the case then it would just be cheaper to install Linux and learn that instead. Because both OS's are Unix based they have the same security features. Why should a computer user pay twice as much for their hardware and sacrifice flexibility just for security. Even if that user spent the money for a hardware firewall and a security suite they still spent far less money for a Windows pc than a Mac. Using a Mac makes sense if you like the look and feel of the operating system and you like the harware that it is run on. Buying a Mac for security is a poor decision when you can get a free copy of Linux and save a boatload of money for the same security features. Besides we are talking about people who barely took the time to learn Windows basics. They are not going to take the time to learn Tiger os just for security reasons.

[Earl Benser]

Basic problem.....

... the quantity and quality of Linux based software is rather dismal.
Having a cheap safe computer which can't do anything useful is
much of an accomplishment.

Remember, we're dealing with the technically challenged here.....

[RouterGod]

Enough already

I have watched for quite awhile now, the Linux zealots and Mac high preists preach the merits of their OS. The question I have is how secure would these OS's be if they had the marketshare that MS has. The vulnerabilities are there, it's just that noone has taken the time to discover them because of the miniscule number of machines that run these OS's. The only time I've seen Linux used in a production environment is as a server. I've never seen a Mac in a production environment. Face facts, it's a MS world, like it or not.

[vchmielewski]

I don't agree

I don't agree with your premise and there is no proof that you are
correct. The fact is that this argument is used all the time, but
there are plenty of examples where higher market share does not
result in more security problems, Apache being the first example
that comes to mind. Also, if we presume you are correct, why
would an IT manager not choose Linux or Mac OS X for security
reasons regardless of why they are more secure? Your argument
simply doesn't make sense. For the record, my IT department does
use Apple Xserves in production and we love them.

[Rebelx7]

Hi guys as a newbie to the world of computers ........ what would you rate my computer security at? I run windows XP service pack 3 with online armour version 2.5.0.9 and avast 4.8 professional. I'm guessing in a rating out of 10, I would safe to say a 6 or a 7 or do you think it would be higher?
Would be very interest in your views on this.