While Internet security has reached critical mass in terms of consumer awareness, a large percentage of Americans are far less protected than they realize. That’s the bottom line of a report from McAfee and the National Cyber Security Alliance (NCSA), the latter of which conducted the survey.
The NCSA-McAfee survey was conducted over the phone and respondents had their computers probed over the Internet by NCSA software to examine how secure they were.
The survey found 98 percent of respondents agreed keeping online security up-to-date is important, but the NCSA scans found only 48 percent of those surveyed had updated their security software in the past month. Given that Internet threats mutate almost hourly, those computers might as well have no security at all.
Even in a market as crowded and competitive as anti-malware, Bari Abdul, vice president of McAfee’s consumer division, knew something was off. “Every survey said consumers believed they know how to protect themselves, but as I correlated that with market size and sales, it just didn’t match,” he told InternetNews.com.
The survey found 87 percent said they use antivirus software, 73 percent said they use a firewall, 70 percent said they use anti-spyware software and 27 percent said they use anti-phishing software.
But as John Wayne would say, hold on there, pilgrim. The computer probes found that while 81 percent had a firewall installed on their computers, only 64 percent actually turned it on. It also found that while 70 percent of respondents said they have anti-spyware software, only 55 percent actually did, and while 27 percent claimed to have anti-phishing protection, only 12 percent actually did.
People are paying the price for it, too. Fifty-four percent of those surveyed said they had been hit with a virus and 44 percent thought they were infected with spyware. Worse, nine percent said they had suffered identity theft.
Bari identified several problems. First, many computers come with trialware security, which expires in 30 or 90 days, and the consumers don’t realize they are no longer protected when the trial period ends.
Second, people didn’t run manual updates. Most AV programs do automatic updates of their signatures databases, which helps them recognize known malware, but the executable often needs to be updated, and that has to be run manually.
Third, many programs require the consumer to register with the vendor at installation, which they don’t want to do for whatever reason, so consumers skip installation altogether.
But the biggest problem is people letting their software subscriptions expire. Virtually all antivirus vendors use annual subscriptions, meaning the consumer has to purchase another year’s protection each year, and they either don’t want to or don’t think to do it because the majority of software products don’t require you to keep paying for the software every year.
It’s also an issue of teaching consumers to think of their computers as something that requires regular maintenance. Many consumers look at their PC as though it were a TV or microwave, which don’t really require heavy-duty upkeep, but that’s a mistake. “You take your car in for an oil change every 3,000 miles or a regular tune-up. You need to do the same for your computer,” said Abdul.
A significant change in consumer education is required, said Abdul, one of depth of knowledge. Americans know about Internet threats and know the terms, but they don’t know what it all means. For example, the survey found 46 percent of respondents knew of the term “phishing”
“They don’t connect the term phishing to the e-mails,” said Abdul. “It really is about perception and reality.”
Hopefully October will make a difference. The National Cyber Security Division (NCSD) of the Department of Homeland Security designated it National Cyber Security Awareness Month. The NCSD, NCSA, the Multi-State Information Sharing and Analysis Center (MS-ISAC) and pretty much every software security vendor will be making even stronger than usual efforts to raise awareness of online safety.