TechWeb

Home Users See Spyware and Viruses Through Rose-Colored Glasses

Oct 25, 2004 (10:10 AM EDT)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=52600331


People who believe their PCs are free of malware that can track their computer usage or gain control over their machines are most likely wrong.

A study by America Online Inc. and the National Cyber Security Alliance found that most computer users believe they're safe from viruses, spyware and adware, when in fact their machines are infected with some form of malicious code. Even worse, computer users' false sense of security has led the majority of them to store sensitive personal information, like health and financial records, in their machines without adequate protection.

The study, based on in-person interviews and technical analyses with 329 dial-up and broadband computer users, indicates that typical consumers don't understand the threats they face online, and are ignorant about the software tools available to protect them.

The numbers from the study are grim. More than 3 in 4 computer users believe they are safe from online threats, yet researchers found that 80 percent of computers analyzed were infected with spyware, which is any software that secretly gathers user information through their Internet connection. Spyware is planted in a computer unbeknownst to the user, and is often used for advertising purposes. However, it can also be used to try to steal passwords used in online banking or other Internet accounts.

Ken Watson, NCSA president, said he was surprised at the huge gap between perception and reality among respondents.

"I didn't think the numbers would be that high," Watson said. "The degree of perception versus reality points out that there's a lot of complacency. People believe it can't happen to them."

Three in 5 computer users in the study said they felt safe from hackers, who usually try to gain access to a person's computer by getting a user to open an email attachment carrying a virus. This sense of security, however, was false in most cases, given that two-thirds of the study participants did not have updated anti-virus software in their machines. One in 7 users had no anti-virus software at all.

The lackadaisical approach to virus protection existed despite the fact that two-thirds of the respondents said they had been victims of a virus infection, and 1 in 5 had at least one infection currently on their home computer.

The numbers related to spyware infection were even gloomier. Researchers found that that the average infected computer had 93 spyware components. The most found on a single computer were 1,059. An overwhelming majority of the computer users, 89 percent, did not know their machines were infected, and 90 percent didn't know what the programs are or what they do.

Firewalls, which could defend against hackers, weren't used by two-thirds of the computer users. Among people using narrowband and broadband connections, the numbers were 93 percent and 49 percent, respectively.

Confusion over what technology to use and how to use it was prevalent among respondents. The study found that 3 in 5 computer users didn't understand the difference between a firewall and anti-virus software, and more than half didn't know what a firewall is and how it works.

Despite this ignorance, 84 percent of the study's participants keep sensitive personal information on their home computers, and nearly three quarters said they use their machines for sensitive online transactions, such as banking or reviewing personal medical information.

As a result of their parents' ignorance in fighting malware, children were also at risk. The study found that more than 4 out of 5 computer users with children did not use parental-control software, including less than 1 in 20 broadband users.

Experts say unsecured home computers pose a threat not just to the individual user, but to the nation, since hackers could commandeer thousands of computers over the Internet and use those machines to launch remote attacks against corporate or government computer systems.

"This study highlights just how important it is for individual Americans to take their cyber-security seriously, not just as a matter of personal safety, but as a matter of our country's security as well," Dan Caprio, chief privacy officer and deputy assistant secretary for technology policy at the Commerce Department, said in a statement.

Improving security in home computers will require continued educational campaigns from government and high-tech vendors, easy-to-use technology from Internet service providers, software makers and computer manufacturers and more diligence on the part of consumers, Watson said.

"It's a shared responsibility among the vendors, service providers and consumers," he said.

Recent efforts by high-tech vendors include Microsoft Corp.'s recent upgrade to Windows XP, the company's latest operating system. Microsoft chairman Bill Gates said the company has spent nearly $1 billion on the upgrade to improve security.

AOL this month bought advertisements in major newspapers pledging better security for its subscribers, and computer maker Dell Inc. has begun an educational campaign to help consumers detect and remove spyware.

For their part, consumers need to change their behavior, so security becomes second nature, "like brushing your teeth or looking both ways before crossing the street," Watson said.

The study, which used a sample of 194 broadband users and 135 dial-up users, has a margin of error of +/- 5.4 percent. AOL is a division of Time Warner Inc., and the NCSA is a nonprofit group backed by the Homeland Security Department, the Federal Trade Commission, and leading technology companies, including Cisco Systems Inc., Dell, eBay Inc. and Microsoft.