Today is the start of National Cyber Security Awareness Month in the US, and to mark the beginning of the month's efforts, security software vendor McAfee and the National Cyber Security Alliance (which has a useful section on Cyber Security Basics) have released a new study meant to draw attention to smart practices in computer security. What the study shows is that many users are at risk from malware without realizing it, due to overestimating the amount of protection they have along with lax updating habits.
The study shows the frustrations of many a helpdesk worker, who all too often find that while security tools are in place on client PCs, they're not well maintained. Or, to put it another way, one of the biggest problems securing the PC happens to be its most important component: the one sitting between the chair and keyboard.
We can take comfort in that fact that a whopping 98 percent of those participating in the study realize that it's important to have up-to-date security software on their PCs. 87 percent of the users contacted said they used antivirus software, while 70 percent use anti-spyware software. Less used were firewalls and anti-phishing tools. Only 64 percent of those surveyed by McAfee and the NCSA reported having their firewalls turned on, and only 27 percent use software designed to stop phishing attempts.
Most important, the study suggests that consumers are generally less safe than they believe, which leads to lackadaisical approaches to maintaining their security software. Given that one of the players involved in the study is a major vendor of PC security software, we have to stop and ask: is this about selling software? Perhaps, but the results can also be read as critical of the PC security software vendors themselves.
A subset of participants in the study allowed the researchers to conduct a remote scan of their PCs and those results were troubling. Of the 70 percent who report having anti-spyware software installed, only 55 percent of the PCs scanned turned up evidence of the software. When it came to protection against phishing, only 12 percent of the PCs scanned showed any evidence of anti-phishing software installed. On the flip side, more users had antivirus and firewall software installed on their PCs than were aware of it.
Data source: McAfee; NCSA
Part of the reason for that may be that a large number of users don't have adequate protection against phishing is that many of them don't even know what phishing is: 25 percent had never even heard of the term, while 46 couldn't correctly define it. Another problem is that many users don't know what cues to look for to determine if a web site is safe. 98 percent of the study participants said that they knew that it's important to determine a site's safety prior to visiting, 64 percent didn't know how to make the determination.
"Out of date" software a problem
The other major issue uncovered in the study is out-of-date software. Despite the vast majority of the survey's respondents saying that it's important to have up-to-date security software, just over half of them actually did. Of the PCs scanned, only 51 percent had recently updated virus and malware definitions.
McAfee believes that people don't bother keeping their security software up to date after the trial period expires. "The fact that the computer scans show so many PCs with out of date protection indicates people do not understand that the security software included with the purchase of their PC is usually a trial version that will expire if the user does not purchase a subscription," said Bari Abdul, McAfee VP of worldwide consumer marketing.
That's only part of the problem, however. We routinely hear from users who are frustrated to learn that anti-virus companies expect them to continue paying subscription fees for updates, even after shelling out for an anti-virus program. The move to subscription based security software doesn't necessarily help with keeping users' anti-virus definitions up to date.
For those of us who have had to play tech support for friends and loved ones who have suffered at the hands of malware writers, the study reinforces a couple of points we already know. First, it's important to stay on top of security. With malware writers constantly adapting their attacks in an attempt to stay a step ahead of security companies, it's crucial to make sure your security software is up to date. Second, it's still important to practice skeptical computing, looking critically at each and every web page, IM, and e-mail they see.
reader comments