Oct 08
Security, the reality….
2004 at 11.15 am posted by Veerle
I don’t have to draw a picture on how insecure the PC world is and you would think that with all the media attention people realize that security is serious and necessary. Well think again! Since October is National Cyber Security Awareness Month in the US they conducted a poll at the Digital Edge Expo in Washington, D.C. To put it lightly the figures we’re a bit of a shock to me.
The poll found that significantly more computer users recalled the name of the Super Bowl halftime entertainment performer (Nipple Gate = Janet Jackson) (almost 90 percent) than the last time they updated their computer security protection software (less than 60 percent). The poll also highlight the contradictions in average computer users' perceptions about cyber security. While more than 70 percent of respondents note that they are more concerned about cyber security this year than last, they fail to grasp the pervasiveness of cyber threats. More than 30 percent of respondents believe that they are more likely to get struck by lightning, get audited by the IRS, or win the lottery than become the victim of a cyber security/privacy breach. This number increases to 40 percent in the under-25 age group. Historical data paints a very different picture:
- Odds of winning the lottery: 1 in 135,145,920 (0.000000739 percent)
- Odds of getting audited by the IRS: 0.58 percent of individual returns
- Odds of getting struck by lightning: 300 in 294,330,406 (0.0000102 percent)
- Odds of becoming a victim of computer security breach: 7 in 10 (70 percent)
As of this moment 185 million Americans own a computer that is connected to the Internet. It's also safe this say that this isn't only a US problem, if there was a similar poll in Europe my guess is that the result would be about the same. Don't ever think in terms of "I am not a target because there is no useful information on my computer like credit card numbers or passwords etc". A hacker would have great use for your broadband connection alone.
Maybe we can start a little non-scientific poll of our own to see if there is difference between the US and Europe or other countries or to get a better understanding of how serious the situation really is. Personally our company hasn't been hit by any virus or security breach but that's probably because most of the machines here are Mac's and one lonely PC. This PC is protected by a firewall and anti-virus software, not enough to be totally secure since it is also about how you deal with working on the PC. Probably a factor to consider is that this pc isn't used for mail since 86% get infected that way. 11% get infected by stupid downloads and another 4% by surfing the web and getting spy-ware on their computer.
Don't forget to come back on Monday because we'll publish some REAL FACTS of our server location at Level 3. The figures will be an eye opener I promise. In Monday's article we will also post some tips on how to improve security on your PC. We will use the weekend to interrogate Kenneth our sever admin thoroughly and get some useful data out of him ;-) We love to abuse :-p
I think most of my visitors are not computer newbie's but I am still curious about when the last time was that you have been hit by a nasty spy-ware app, virus etc. So post what it was, what hit you and where your location is etc.
9served
1
Personally, I use a Mac ... which I regularly update when security patches come out. At work, it is a completely different situation. Our server is running NT4 which was patched the last time we had a power failure ... not to long ago, but I am sure there are several patches available at this time. Workstations run W2K and only a few of them are patched/updated on a regular basis. We don’t have a dedicated IT person to do this and I don’t have the time (mind you my job is completely unrelated to computers, but I fix most of what goes wrong). Such is the reality of a small EU company.
Previously I lived in the US and the situation was marginally better with 3-4 IT people patching the workstations on a reasonably regular basis, but they also had a nasty habit of ghosting drives and not updating the image too often. So whenever a workstation went down, they ghost it and it takes another 3 weeks for them to patch it ... if ever.
Use Macs, if you can.
2
This is a great post (Feld Thoughts) in the respect of internet security on Windows machines. Solution: Thunderbird, Firefox by Mozilla.
3
I can’t recall when my machine (Windows XP Professional) was last hit by spyware/malware/adware/virusses/hacks/… or whatever. It’s reasonable to say that Windows has it’s fair bit of security flaws, but it’s even more reasonable to say that security starts with the user itself. I run a firewall and anti-virus program, both freeware (Zonealarm and AVG Virus Scanner). I’ve never had any problems.
Signed, a Windows user :p
4
Same experience as Lode: no viruses, malware, spyware or other nonsense on any of the five or six Windows computers in the house. Ever. In over ten years.
The closest I’ve ever been was when I found a Windows 3.x virus in an old executable off a backup CD.
Nothing to do with luck, just keeping up to date with all patches & service packs, have a fairly restrictive firewall policy, never run as an administrator, and a firm Don’t Download Crap rule.
At my parents’ however… seems like every time I see their computer there’s more malware on it.
5
I am also aware that 80-85% of viruses come from e mail. I think the first step to securing computers, is to implement a more robust e mail client, that is not integrated with windows messenger, explorer, and the operating system.
Thunderbird mail client (although in its infancy) does just that, but still does not protect the user from himself.
I also think that another important issue that will hopefully be enforced is the installation of spy ware. Again, Internet Explorer is very vurnerable to such an attack compared to other browsers such as Mozilla and Firefox. I think a first step is for Microripoff to swallow some pride and have serious psycological sessions with “Dr. W3C”
It just irks me when my wife uses my computer and explorer jumps to some viagra page as the homepage and I have to go search 5 different spots for it to remove it! (I will now get down from the soapbox)
6
Excluding all the mails I get with virusses in them, the last infection at home would be a year or two ago.
At work we got one yesterday (friday), though, I got some strange increase of my firewall log a few days before and closed a few ports which kept my portable virus-free.
Personally I think that because of the ignorance of normal users, virusses and other malware are so common and are able to spread. Simply not opening every mail-attachment without checking the source, plus a decent and up to date anti-virus software keeps your PC quite safe.
7
We run only macintoshes, eversince.. the one and only xp machine is for previewing websites, it has a second disk with 98 on it for the same reason. XP has been formattted twice, it wouldn’t start up anymore. We didn’t even run email on it! It did run NAV and a popup killer. Virusses are killing Internet! Spam might be just as worse!
Our network has one open port: afp. Never had any intruders. The first and last Mac virus I got is from ages ago, and slowed down the OS 9 system dramatically.
I know there is no simple answer to spam and virusses, but a OS has to be secure! These days even more then before. The succes of future OS-sen is build on security.
I would like to see a world without MS.
8
We have 4 computers in the house, all hooked in to a DSL connection. We have 1 Mac, 2 WinME and 1 WinXP units. Our son (WinXP) chooses to ignore our warnings and is always having trouble with viruses and the rest. He turns off his firewall and anti-virus software, supposedly to play games online and then forgets to turn them on again. Having locked him out of our network for our own safety, he is starting to learn because we have refused to help him fix it any more. His problems are starting to slow and he is learning rather than relying on us.
None of the other computers has ever suffered from anything since the last century!
9
A couple of years ago, the Linux-gateway at work got cracked because of a remote exploit in the kernel. Complete reinstall and daily updates kept it safe.
A few months ago a workstation running Win98 got a virus and started sending spam-mail, which was detected by our ISP. Format and complete reinstall solved part of the problem, educating the users the rest. :P
Other than that I’ve had no problems the last couple of years. At home I do security updates on a daily basis.