[ISN] Security for Internet Users Deemed Weak

From: InfoSec News (isn@private)
Date: Mon Oct 25 2004 - 02:58:26 PDT


http://www.washingtonpost.com/wp-dyn/articles/A60199-2004Oct25.html

By TED BRIDIS
The Associated Press
October 25, 2004

WASHINGTON - Internet users at home are not nearly as safe online as
they believe, according to a nationwide inspection by researchers.  
They found most consumers have no firewall protection, outdated
antivirus software and dozens of spyware programs secretly running on
their computers.

One beleaguered home user in the government-backed study had more than
1,000 spyware programs running on his sluggish computer when
researchers examined it.

Bill Mines, a personal trainer in South Riding, Va., did not fare much
better. His family's 3-year-old Dell computer was found infected with
viruses and more than 600 pieces of spyware surreptitiously monitoring
his online activities.

"I was blown away," Mines said. "I had a lot of viruses and other
things I didn't know about. I had no idea things like this could
happen."

The Internet always has had its share of risky neighborhoods and dark
alleys. But with increasingly sophisticated threats from hackers,
viruses, spam e-mails and spyware, trouble is finding computer users
no matter how cautiously they roam online.

The technology industry is feeling the pain, too.

Spurred by the high costs of support calls from irritated customers -
and fearful that frustrated consumers will stop buying new products -
Internet providers, software companies and computer-makers are making
efforts to increase awareness of threats and provide customers with
new tools to protect themselves.

Still, many computer users appear remarkably unprepared for the
dangers they face.

The study being released Monday by America Online and the National
Cyber Security Alliance found that 77 percent of 326 adults in 12
states assured researchers in a telephone poll they were safe from
online threats. Nearly as many people felt confident they were already
protected specifically from viruses and hackers.

When experts visited those same homes to examine computers, they found
two-thirds of adults using antivirus software that was not updated in
at least seven days.

Two-thirds of the computer users also were not using any type of
protective firewall program, and spyware was found on the computers of
80 percent of those in the study.

The survey participants all were AOL subscribers selected in 22 cities
and towns by an independent market analysis organization.

The alliance, a nonprofit group, is backed by the Homeland Security
Department and the Federal Trade Commission, plus leading technology
companies, including Cisco Systems, Microsoft, eBay and Dell.

The group's chief, Ken Watson, said consumers suffer from complacency
and a lack of expert advice on keeping their computers secure. "Just
like you don't expect to get hit by a car, you don't believe a
computer attack can happen to you," Watson said.

"There really is quite a perception gap," agreed Daniel W. Caprio, the
Commerce Department's deputy assistant secretary for technology
policy. "Clearly there is confusion. We need to do a better job making
information and practical tips for home users and small businesses
available."

Wendy Avino, an interior decorator in Lansdowne, Va., said researchers
found 14 spyware programs on her borrowed laptop and noticed that her
$50 antivirus software was not properly configured to scan her
computer at least monthly for possible infections.

"We don't go in funny chat rooms, I don't open funny mail," Avino
said. "If it says 'hot girls,' I delete it. We do everything in the
right way, so how does stuff get in there?"

She complained she was misled believing her commercial antivirus and
firewall programs would protect her from all varieties of online
threats; most do not detect common types of spyware.

"It is very complicated for the average home user," said Ari Schwartz,
an expert on Internet threats for the Center for Democracy and
Technology, a Washington civil liberties group.

"There's a lack of accountability all around, from consumers who don't
believe they should have to do this to companies who blame the
consumer. It's finger-pointing back and forth," Schwartz said.

Microsoft's chairman, Bill Gates, said the company spent nearly $1
billion on its recent upgrade to improve security for customers using
the latest version of its Windows software.

AOL purchased full-page advertisements in major newspapers this month
pledging better security for its subscribers. Dell has begun a
campaign to educate customers how to detect and remove spyware
themselves.

The government is increasingly involved, too.

The FTC this month filed its first federal court case over spyware.  
The House overwhelmingly approved two bills to increase criminal
penalties and fines over spyware. The Homeland Security Department
offers free e-mail tips for home Internet users to keep themselves
secure.

-=-

On the Net:

Cyber Security Alliance: www.staysafeonline.info
Homeland Security tips: www.uscert.gov



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Mon Oct 25 2004 - 06:20:49 PDT