For the last year, or more, I have had members of my group query every client on the state of Internet security, and the protective measures they have instituted to ensure both their own safety, and the safety of their systems, while connected to the Web.
While not in the realm of a scientific survey, never-the-less, the results from this survey are far more than just anecdotal evidence.
So here’s the scoop – a significant majority (more than 70%), simply do not care about, or understand, the vulnerabilities and issues that surround computer system security. It is fair to say however, that those who have a high degree of proficiency on their computer also have an understanding of how to avoid or mitigate risks, and critically – how to address issues when they arise.
Common responses from those who do not care, or who do not understand, vulnerabilities and exposures while connected to the Internet include:
Security applications are too confusing and hinder my “fun” by slowing down system response time.
I didn’t know I shouldn’t click the ‘YOU ARE A WINNER!!!!’ banner.
My anti-malware application has let me down – how was I supposed to know I was downloading a bad program!
I’m not sure how my machine got infected – it just happened.
I like to download from Crack sites and Peer-2-Peer networks. So what?
I got a popup saying I was infected, so I clicked on it. What else was I supposed to do!
I didn’t know I was supposed to read the End User License Agreement – I don’t even know what that is.
I thought I had Windows update activated.
What do you mean I should update ALL my applications?
What’s a Firewall – never heard of it?
On the face of it, it might appear as if these types of responses are somehow not very typical. Unfortunately, these responses are not only typical, but characteristic of the majority of the home computer users’ my group comes into contact with every day.
In a previous article, a year or so ago, I wrote:
“Being involved in computer security, I am amazed at the lack of knowledge exhibited by typical computer users, and most importantly, the lack of knowledge concerning the need to secure their machines against the ever increasing risks, previously noted, on the Internet.
I’m not talking about unintelligent people here. I’m talking about people who are intelligent in every other aspect of life, but who view computers like cavemen who saw fire for the first time.”
If anything, the results of this survey have hardened my view. It’s as simple as this – Lack of computer education coupled with a lack of accountability = A very unhappy, and inevitably an expensive experience.
I have no doubt that the problem is multifaceted. Part of the problem is simply fear. People do not understand computers, so they are afraid of them in a sense. Secondly, people generally, are simply not interested in learning about computers sufficiently to make the fear go away. The question is, of course, should they need to know anything other than how to turn on a computer? Well maybe not.
Many computer experts agree that it is primarily flawed computer software and not just inadequate user knowledge, or lack of proper procedure that is the biggest contributor to the proliferation of unsecured computer systems and cyber-crime, on the Internet.
It seems to me then, what is needed as a good first step, are machines that are designed with simple, but internally sophisticated operating systems, secure and easy to use for the majority of users; where limited user interaction is required to maintain the security of the system. Happily, Windows 7 has made great strides in this direction.
We now live in the age of the “Interconnectedness of All Things” in which we are beginning to enjoy the development and availability of large numbers of Internet connected devices. There is no doubt that this will lend new strength to computer-aided crime and as we are now beginning to see, terrorists.
Unless we develop a rational approach to the underlying security issues surrounding the Internet, and insist software companies’ stop rushing out new products with little regard for security, hackers will continue to flourish and successful attacks on computers over the internet will continue to proliferate.
Equally as important is the need for a concerted level of effort from law enforcement, at every level, to actively pursue those who continue to cause havoc on the Internet. Otherwise we run the risk of an Internet meltdown. If you disagree and don’t think we face such a harsh reality; the worldwide financial meltdown and the aftermath we are now forced to deal with, might dissuade you.
The following is a quote worth thinking about as it applies to the shared responsibility we have to protect our computer while attached to the Internet.
Property has its duties as well as its rights.
– Thomas Drummond (1797-1840)
There are steps you can take to decrease the likelihood you will be the victim of a successful attack on your computer.
The following is a brief guide to the basic security issues you should be aware of on the Internet, followed by a guide to some of the steps you can take to secure your computer for Internet usage.
Security risks on the Internet you need to be aware of.
Trojan horse programs
Back door and remote administration programs
Denial of service
Being an intermediary for another attack
Unprotected Windows shares
Mobile code (Java, JavaScript, and ActiveX)
Cross-site scripting
Email spoofing
Email-borne viruses
Hidden file extensions
Chat clients
Packet sniffing
Security Checklist: Actions you can take to protect your computer system.
Don’t open unknown email attachments
Don’t run programs of unknown origin
Disable hidden filename extensions
Keep all applications (including your operating system) patched
Turn off your computer or disconnect from the network when not in use
Disable Java, JavaScript, and ActiveX if possible
Disable scripting features in email programs
Make regular backups of critical data
Make a boot disk in case your computer is damaged or compromised
Turn off file and printer sharing on the computer
Install a personal firewall on the computer
Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
Ensure the anti-virus software scans all e-mail attachments
Bill Mullins' Weblog - Tech Thoughts 
my experience with people that have the “it just works” mentality, is that they are just unaware of the nefarious virants that infect their computers. i know they sure as heck care when they’ve been infected and run for the nearest computer store or techy to get them back to normal again.
the unfortunate problem is there aren’t enough mainstream popular education sites (LIKE YOURS) to keep them up to speed.
I’ve said it many times Bill. I didn’t know squat about protecting my computer until I started visiting here. Keep up the articles and little by little, we can all make a difference!!!
Hey G,
Thanks for your support.
Bill
I am a tech — “in the trenches”. I deal almost exclusively with “home users”.
I can tell you stories…
You start out this article by pointing at the uneducated user. Fair enough. There is no doubt that that, as programmers work hard to produce more secure software, and issue updates and ‘patches’, and network admins work harder to secure the network, that the cybercriminals have shifted the focus of their attacks at us — the “end user”, largely using very old methods that have a new name — “social engineering”.
Frankly, these ‘tricks’ are so real looking now, that I can hardly blame the operator for thinking it is Windows telling them they’re infected, nor can they be blamed (after how many years of conditioning???) for “clicking here”.
That’s what you do. You click.
I was very happy to see that you didn’t stop there – at the user, though. Yes, the “average person” hasn’t a clue how a computer functions — not really — nor do they stop and think, “just how does my little note travel clear across the country, and land in my friend’s Inbox?”
There is no excuse – today – for software to come to us written in the same manner it was in the days of the “dot com bubble” and Windows 98. The emphasis – then – was “make it work without causing ‘hangs’ and lets get everyone online!!!”. Security wasn’t even considered. The TCP/IP protocol is a prime example.
Fortunately (and I’m not a Programmer) I believe that security has, or is in the process of, becoming a great concern to those who write software.
The Programmer is a key component in our security.
And you’re absolutely right. Without a concerted effort by International Law Enforcement agencies (The folks at F-Secure are calling it “Internetpol”, and I think that’s just ‘catchy’ enough) to go after these criminals — no matter where they currently are finding sanctuary — they will only grow bolder, stronger, and more capable. Preventing them from moving their stolen money would aid greatly, so the banking folks need to be a part of the cure too.
I think it took guts to write this, and I – for one – applaud you for it. Yes — Microsoft and Apple and Dell and Google — the end user cannot be counted on to protect their machines. There has been personal computers in the hands of the masses long enough now that the evidence is in. They can’t or they won’t. So you do it.
The UN can “boycott” nations who fail to live up to International Agreements..
ISP’s could implement a basic NAC..
But I think it has already gotten so bad that the only solution is the same as the one for the Gordinian Knot..
In case you think I’m over-reacting.. $105 BILLION in cybercrime losses last year.
That we know about.
Hey TechPaul,
As always you have added great information.
Thanks,
Bill
Pingback: Computer Security - Do You Even Care? « Tech–for Everyone
Bill,
I can relate to your points in this article. Our society lives in a “turn it on” and “turn it off” world; what happens in between, people truly have no interest. Most users, especially our age group, look at their computer as a TV; not having a clue that the computer is interactive (even when you don’t realize it). It is hard to explain to someone that there identity can be taken away from them when all they see is what they consider a TV.
Rick
Rick,
You make a good point with the TV analogy.
Thanks.
Bill