Ninety-two percent of users thought they were safe, but scans showed that 59 percent were actually vulnerable to a number of online dangers. Ninety-four percent said they would find it helpful to diagnose or check their online security status on a regular basis to make sure their computers were safe.

"Internet security protection is like a smoke alarm," said Bill Heilig, vice president for Verizon broadband services. "As long as it works, it’s great. But with a dead battery, it’s worse than no smoke alarm at all, because it creates a false sense of security.

"That’s the position that most Internet consumers find themselves in today, and what they don’t know is definitely hurting them."

The study also found that 92 percent believed their PC was safe from spyware but a scan found that 58 percent were "at risk" or "potential risk" from spyware infection. When it came to virus protection 92 percent thought their PC was protected as well. A scan revealed that 45 percent were "at risk" or "potential risk" from virus infection.

Gary Sidaway from ID and authentication firm Tricipher said the extra security precautions could make customers more jittery about banking online. "The banks have to make this channel secure," he said, "but there is crumbling confidence in it."

Andrew Moloney, financial services market director for RSA Security, said banks know that increasing security around online banking could have a negative outcome. "It registers as a concern," he said, "there could be too much security and there’s a danger of over-selling a new technology,’ he told the BBC.

"This is not just about combating fraud," he added. "It’s about customer retention rates, user experience and customer satisfaction."

In 2005 the U.S. Federal Financial Institutions Examination Council created guidelines that made banks do more to protect online accounts.

Phishing statistics show a shift by fraudsters to European banks and to smaller European banks that have less sophisticated online security.

A spokeswoman for the Association for Payment and Clearing Services, which regulates online banking, said its numbers showed that the message concerning safe banking was being heard.

Statistics from October found that online banking fraud for the first six months of 2007 had dropped 67 percent over the previous year. During the same time period the amount of phishing attacks increased 42 percent.

"The reason we are seeing that fall, despite the increase in phishing attacks, is because consumers are becoming more aware of how to protect themselves," said the spokeswoman.

Respondents said they would spend $100-$1000 more per year with other payment methods. Many online shoppers already use alternative methods of payment such as PayPal or a similar service. The Javelin study focused on consumers who believe existing payment options are not safe.

Improved security and credit alternatives were the main factors that would convince consumers to make more online purchases.

Two-thirds of respondents limited their online shopping because of fear of identity theft.

The main fear of those who do not buy online was the possibility of information being intercepted during a transaction or accessed by unauthorized parties.

While retailers have done a good job addressing consumers worries about online shopping, a third of Internet users were still not online buyers in 2006.

eMarketer Senior Analyst Jeffrey Grau says, "Many of the concerns consumers have about online buying are based on irrational fears. Nevertheless, these fears must be addressed."

"Having a simple return or order cancellation policy, displaying customer product recommendations and reviews, and having an easy-to-use site all help build consumer trust."

Both in the distribution of malware servers and in the locations of compromised websites, Iraq, Cuba, most of Africa and several other countries in South America and Asia were rated “green,” meaning that there were incidences. China, the United States and Russia, respectively, fared worst in these categories.

Google’s not just sharing this tidbit so we can all look cool at our next dinner party. They state that:

[A] sample-based analysis puts the fraction of malicious pages at roughly 0.1%. The analysis described in our paper covers billions of URLs. Using targeted feature extraction and classification, we select a subset of URLs believed to be suspicious for in-depth investigation. So far, we have investigated about 12 million suspicious URLs and found about 1 million that engage in drive-by downloads. In most cases, the web sites that infect your system with malware are not intentionally doing so and are often unaware that their web servers have been compromised.

They tout their anti-malware efforts, will warn you if search results are potentially dangerous and can prevent malicious downloads with Google Desktop. Additionally, they recommend that you keep your browser and OS updated with all the latest security patches. If you’re really worried, they say:

If you want to be really sure that your system does not become permanently compromised, you might even want to run your browser in a virtual machine, which you can revert to a clean snapshot after every browsing session.

Sounds a little extreme to me—or can you never be too safe? What do you think?

Comments

Tag:

Nothing like a jolt of reality to go with a system administrator’s morning caf mocha, is there? It might be a good time to switch to decaf and double check the patch management and antivirus signatures around the old enterprise today.

According to Symantec’s Internet Threat Security Report, what was out there in late 2004 posing a threat to PCs worldwide has grown in number. Educational institutions were the most frequent targets of attacks, and small businesses and financial services were next.

Bigger businesses have been more rigorous in keeping up to date with software patches, and ensuring antivirus software engines and signature files are current. Those firms generally have dedicated staff to do this, something small businesses frequently lack. That could be why criminals have shifted their attention away from some of the larger targets.

Bot-controlled computers have increased in number, with Symantec observing 10,352 new ones per day for the first six months of 2005, on average. The period of time between vulnerabilities being identified and exploits for them being created dropped to an average of six days.

Windows was a favorite target of virus and worm writers, like those who created the Zotob worm. Zotob was reported in the wild five days after Microsoft disclosed a vulnerability in its plug and play utility. For the first six months, there were 10,866 worms and viruses in existence to plagued Windows platforms.

David Utter is a staff writer for WebProNews covering technology and business. Email him here.

IPLocks offers a press release today, listing seven topics a business needs to consider in terms of security. The topic list reads as follows:

1. Your partners and employees will steal from you
2. Bust up policy barriers
3. It’s all about privacy
4. Don’t stop working
5. Don’t spend foolishly
6. Be afraid — it will happen to you
7. No silver bullet

After spending ten years in information technology, this writer concurs with the IPLocks list. The recent story concerning bank employees stealing thousands of customer records from four banks further bolsters every single listed topic.

Read more about all seven laws online.

David Utter is a staff writer for WebProNews covering technology and business. Email him here.

Building on AOL 9.0 Optimized, AOL 9.0 Security Edition is the first version of America Online to focus specifically on safety and security and is especially beneficial for people who use a basic high-speed Internet connection. It offers online consumers a convenient and easy-to-use package of essential safety and security protections, among them: McAfee VirusScan Online, AOL Spyware Protection, Simplified Spam Control tools, McAfee Personal Firewall Express, Pop-up controls, Money Alerts, and Parental Controls.

“More often than not when a member faces a performance issue with the computer, they think they just have a performance problem, but what they really have is a virus or spyware,” stated Danny Krifcher, executive vice president for the AOL service.

As part of its multi-faceted “Commitments to Members” marketing campaign, America Online will promote AOL 9.0 Security Edition through online promotions, television advertising, and will make the newest version available to consumers online and soon through CDs distributed in a wide range of retail stores and other outlets.

“First among our commitments to our members and the online community is that ‘AOL will always help our members feel safer and more secure,’ ” said Jon Miller, Chairman and CEO, America Online, Inc. “One example of how we’re making the commitment real is that we’re giving our members advanced virus protection software at no additional charge. And we’re making it easier to stay safer online by giving AOL members the essential safety and security protections they need – anti-virus and anti-spyware coverage, controls for pop-ups, spam and spIM, a broadband firewall, parental controls and safety alerts – in one package with AOL 9.0 Security Edition.”

Mr. Miller continued: “Safety and security have never been mere buzzwords here. They are, quite simply, the foundation of the America Online service and mission, and essential to improving our members’ peace of mind. The Internet is a wonderful place, filled with endless possibilities – but our work won’t finish until all our members get everything they want out of it, and less of what they don’t want.”

In addition to these protections, America Online’s technology works behind the scenes to continually help protect members’ online safety and security. This includes: server-side spam filters; automatic scanning and blocking of virus attachments from incoming and outgoing e-mail and embedded jpeg images; targeted blocking of virus links in instant messages and IM rate limiting to help protect against spIM; automatic identification and securing of accounts with unusual and unauthorized activity; and monitoring and blocking of password cracking efforts.

For bilingual households, this version provides the ability to set English or Spanish language preferences for each individual Screen Name so that members can easily choose between the AOL service in English or the AOL Latino service in Spanish. America Online is the first and only national Internet Service Provider to offer this level of integrated functionality for a bilingual experience.

For another layer of security, AOL recently launched the AOL PassCode which offers members a second level of AOL account protection through the use of a keychain-sized device that generates and displays a unique six-digit numeric code every 60 seconds. To access their account, AOL members using PassCode must enter their normal account password and the current code on the PassCode device.

WebProNews | Breaking eBusiness News
Your source for investigative ebusiness reporting and breaking news.

In addition, large majorities of home computer users have been infected with viruses and spyware and remain highly vulnerable to future infections. Yet at the same time, most keep sensitive personal and financial information on their computers.

“For the first time, we’ve reviewed the actual security protections that consumers use for the sensitive information they keep on their home computers, and the results validate our purpose –to raise awareness and change behavior,” said Ken Watson, Chairman of the National Cyber Security Alliance . “Extrapolating the percentages in our survey, this indicates that millions of Americans are at risk – and are already infected – by viruses, spyware, and adware. With October as National Cyber Security Awareness Month, now is the perfect time for every American to review the protections they have and make sure those protections are up-to-date and complete. ”

“Protecting the safety of our technology infrastructure means protecting the computers of individual Americans. Using viruses, remote attacks, and drone machines, a single attacker could mobilize thousands of compromised computers from unsuspecting users. This study highlights just how important it is for individual Americans to take their cyber-security seriously, not just as a matter of personal safety, but as a matter of our country’s security as well,” said Dan Caprio, Chief Privacy Officer and Deputy Assistant Secretary for Technology Policy at the U.S. Department of Commerce.

“No consumer would walk down the street waving a stack of cash or leave their wallet sitting in a public place, but far too many are doing the exact same thing online,” said Tatiana Gau, AOL’s Chief Trust Officer and Senior Vice President for Integrity Assurance. “Without basic protections like anti-virus, spyware protection and a firewall, consumers are leaving their personal and financial information at risk. Now that we know the scope of the problem, we can redouble our efforts to educate consumers about the solutions to staying safe online.”

Among the key findings:

PERCEPTION GAP: The large majority of users falsely believe that they are safe from online threats.

– More than three quarters (77%) said they think their computer is very or somewhat safe from online threats.

– Almost the same percent (73%) said they think their computer is very or somewhat safe from viruses.

– Three in five (60%) said they feel very or somewhat safe from hackers.

VIRUSES: Yet most computer users do not have updated anti-virus protection on their computers and either have been or are currently infected by viruses:

– Two-thirds of users (67%) do not have current anti-virus software (updated within last week).

– One in seven users (15%) has no anti-virus software at all on their computer.

– Almost two-thirds of respondents (63%) said they have been the past victim of a virus infection.

– One in five users (19%) has at least one virus infection currently on their home computer.

SPYWARE: Spyware and adware infections were endemic but almost completely unknown to users.

– Four in five users (80%) have spyware or adware programs on their computer.

– The average infected user has 93 spyware/adware components on their computer, and the most components found on a single computer during the scan was 1,059.

– An overwhelming majority of users (89%) who were infected with spyware/adware said they didn’t know the programs were on their computer.

– Nine in ten infected users (90%) said they don’t know what the programs are or do.

– Almost all of the infected users (95%) said they never gave permission for the programs to be installed.

– All but a handful of infected users (86%) asked the technicians doing the study to remove the programs.

FIREWALL: Most computer users don’t have adequate protection against hackers.

– Two-thirds of all computer users (67%) do not have any firewall protection at all – half of those with a broadband connection lack a firewall.

– Almost three-quarters (72%) do not have a secure firewall (with no open ports).

– Almost two in five wireless network users (38%) leave their connection completely open (without any WEP or WPA-PSK encryption).

SIGNIFICANT CONFUSION: Users said that they are confused by the protections they are supposed to use and how to use them:

– Three in five users (58%) said they don’t understand the difference between a firewall and anti-virus software very well or at all.

– More than half (53%) said they don’t understand what a firewall is and how it works.

SENSITIVE INFORMATION: Despite this confusion and lack of cyber-protections, online users are increasingly moving sensitive information and activities online:

– The vast majority of respondents (84%) said they keep sensitive information like health or financial records on their home computer.

– Nearly three-quarters (72%) said they use their home computer for sensitive online transactions like banking or reviewing personal medical information.

PARENTAL CONTROLS: Despite the importance of protecting children online, most users – including parents – do not use parental controls software.

– More than four out of five users with children (83%) do not use parental controls software.

– Less than one in 20 broadband users (4%) uses parental controls software.

DIAL-UP vs BROADBAND: The study also found that narrowband users are at particular risk from viruses and spyware, perhaps because their use of a firewall is dramatically lower:

– 25% of NB users currently have a virus infection (vs. 15% of BB users)

– 88% of NB users have spyware/adware on their computer (vs. 74% of BB users)

– Only 7% of NB users have any firewall (vs. 51% of BB users).

SPYWARE SYMPTOMS: Although the overwhelming majority of users are infected, most users don’t recognize the symptoms of spyware/adware:

– Nearly two-thirds of users with a pop-up blocker (63%) said they get pop-ups anyway.

– Two in five users (43%) said their home page has been changed without their permission.

– Almost the same number (40%) said their search results are being redirected or changed.

– Users with spyware/adware said they get twice as many pop-ups on average each week as users without spyware/adware (31 vs. 15).

Can you boost sales on your Web site by promoting your use of tough security? Web-site security-monitoring firm ScanAlert argues that the answer is yes and says it has the facts to back up that claim.

Click below to read this article at the InformationWeek Web site:

http://www.informationweek.com

InformationWeek.comis the online component of InformationWeek. It includes the print stories plus daily news, exclusive features and opinion columns, E-mail newsletters and an interactive community (the Listening Post). Informationweek.com is the site for people who build, buy, invest in, seek to understand or manage business technology, offering strategic insights and research unduplicated by any other IT Web site. In 2001, the site won the prestigious Jesse H. Neal National Business Journalism Award for best business-to-business Web site.