Survey Finds Consumers Balk at Updating Malware Protection

E-Commerce Times ^ | 07/19/2006 | By John P. Mello Jr.

[Swordmaker]

"Overall, the research shows that many consumers have a false sense of security while online," ESET Chief Research Officer Andrew Lee said in a statement. "With the number of zero-day threats rapidly increasing, users need to be even more cautious and proactive in their own protection."

While nearly 90 percent of computer users have software on their machines to protect them from malware like viruses, Trojans, worms and spyware, almost two-thirds of those users are reluctant to upgrade the software after it's installed.

That was the finding in a survey released Monday by security software maker ESET, of San Diego.

The survey, which was conducted by Harris Interactive (Nasdaq: HPOL) , of Rochester, N.Y., showed that 88 percent of computer users have antivirus software on their PCs, but 65 percent of them have postponed updating the programs.

Disruption, Procrastination

Among the reasons unearthed by researchers for consumers dragging their heels on upgrading their antivirus protection:

• Too disruptive to what they were doing on the computer (38 percent);
• Something that could wait (32 percent);
• Would take too long (27 percent); and
• Unsure how to do it (14 percent).

Users continue to procrastinate, the study discovered, even though 42 percent of the survey sample, comprised of 2,079 U.S. adult computer users age 18 or older, admitted their machines had been affected by malware.

False Sense of Security?

Despite their bouts with malware, though, 55 percent of the respondents felt very confident or confident in the protection offered by the antivirus programs on their computers.

"Overall, the research shows that many consumers have a false sense of security while online," ESET Chief Research Officer Andrew Lee said in a statement. "With the number of zero-day threats rapidly increasing, users need to be even more cautious and proactive in their own protection."

"These findings are not surprising; disappointing, but not surprising," added Sam Curry, vice president, Security Management for CA in Islandia, N.Y.

"For years, we've been [seeing] iterations on a theme in the virus world, just cutting through defenses as if people weren't learning from their first mistake," Curry told the E-Commerce Times. "I've seen it in the corporate world and more so in the consumer world.

"It's unforgivable, really, that we can have dozens of worms that use the same techniques getting through dozens of times, sometimes on the same people's machines."

Staggering Findings

Ron O'Brien, a senior security analyst with Sophos in Lynnfield, Mass., noted that the survey findings gel with findings in his company's mid-year report.

"All the malware listed in our report is malware that's been around for a year or two, which means that there are large numbers of users who do not have any antivirus software or outdated software on their PCs," he told the E-Commerce Times.

"The results of this survey are staggering, but not unexpected," O'Brien added.

Many consumers are disgruntled with the upgrade process, he argued. "Some vendors try to take advantage of an upgrade opportunity to sell consumers something else," he said. "That's a deterrent for most people."

Out of Sight, Out of Mind

The nature of malware today has also affected users' attitudes toward upgrades, commented Patrick Hinojosa, chief technology officer for Panda Software, a security software maker in Glendale, Calif.

"In the last couple of years, malware authors have made their software a lot quieter so end users don't notice it as much," he told the E-Commerce Times. "If people don't notice anything wrong, they don't feel the need to update."

Andy Trask, co-founder of Geek Housecalls, a computer service and repair company in Lexington, Mass., explained that in the past, a user's computer could be crippled by spyware.

"It wouldn't take very much spyware on a system before a user became keenly aware of it because the machine would slow to a crawl," Trask told the E-Commerce Times.

"But as machines get more and more powerful, the capacity for them to host spyware is unknown," he continued. "They're getting faster processors and more memory, which simply means that these machines can keep more balls in the air at the same time so what used to be a crippling amount of spyware is just background noise today."

[js1138]

With enormous update files like Norton's, I'm sure it's a pain for dialup people to keep updated. AVG has fast updates.

[backhoe]

Excuse the boilerplate ( hattip: SWI forums )--

These are some recommendations that will significantly decrease the chances that you will have problems with malware in the future:

1) Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

Microsoft Anti-Spyware

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Keeping these programs up-to-date and running them regularly can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. A good free firewall is ZoneAlarm.
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: So how did I get infected in the first place?

 

Things you need(all FREE)
Anti-Virus
AVG

Avast
Firewall
Kerio(Direct Download)

Zone Alarm
Misc.
IE Spyads SpywareBlaster Spyware Guard
Windows Update
get all CRITICAL Updates

Things you want(Still Free)
Mozillia Firefox
Google Toolbar (stops pop-ups)
Ad-Aware
Spybot S&D
MS MVP Hosts file

 

Run a hardware firewall-- with today's LAN's, it's easy. You need a hardware firewall.

---

Dropping out of cut n' paste, lurk & link mode for a moment?

Some online scanners, like Ewido, also scan for spyware, and sometimes find what the more popular Ad-Aware or Spybot seem to miss.

I've used AVG on the home machines for a couple of years, but after a trial of Avast! found one .dll file AVG and all the online scans missed, I switched the main PC to Avast!

[Swordmaker]

With enormous update files like Norton's, I'm sure it's a pain for dialup people to keep updated. AVG has fast updates.

A friend of mine has a PC with a dial-up connection... she will not leave her computer until it is completely shut down. This can mean she sits and waits while "update 4 of 7" installs after she has told it to shut down. She gets VERY frustrated. Her computer is almost unusable for about five minutes after startup as her anti-malware updates are serially downloaded and installed.

As a result, she logs onto her computer only once a week now... which of course exacerbates the time to download and install more updates.

[Iris7]

"While nearly 90 percent of computer users have software on their machines to protect them from malware like viruses, Trojans, worms and spyware, almost two-thirds of those users are reluctant to upgrade the software after it's installed."

I was going to make a wisecrack about how such people must vote the Democrat ticket. But, really, this study is talking about 50% of anti-virus users. Good Lord. Only a miracle can save us.

Oh, yes, update nightly and have auto update running on those programs that support it. This system is also fully patched. I still had a two bad trojans earlier this year. Am having good luck these days with Firefox with NoScript, NetVeda Safety.net firewall (excellent freeware), Ewido, and AVG. Thinking about Trojan Hunter and NOD 32.

[Iris7]

AVG is a good program. The AVG Resident Shield has my respect. Ewido is worth the extra money (the scan function is freeware) for it's Resident Shield. I think Ad-Aware is slipping.

I am pretty sure I got the last trojans through scripts (the camels nose under the edge of the tent, heh, heh). Firefox with the NoScript add-on is very nice.

[js1138]

A router is a pretty effective firewall. The main use for a hardware product specifically sold as a firewall is that it is configurable.

[backhoe]

A router is a pretty effective firewall. The main use for a hardware product specifically sold as a firewall is that it is configurable.

Yes, that's what I meant about setting up a LAN ( local area network )-- the new ones seem to filter out about 90% of the probes. I keep hearing about the Barracuda on the radio, which I take to be a dedicated, outboard firewall, but figured anything that doesn't mention price is probably, well, kinda pricey.

[js1138]

I use a Netgear firewall at home and maintain D-Link firewalls at the companies I consult for. They stealth everything except the ports we need for email and remote login.

The log files for these guys is pretty scary.

[backhoe]

The log files for these guys is pretty scary.

Yea, I like to rummage through the log and backtrack the quadrette numbers, just to see who's nosing around.

[ShadowAce]

[Kaylee Frye]

Ok, I will preface this with - I am in IT, I am a programmer, I am not a complete idiot.

Having said that, you're probably going to think I'm an idiot. For years, all I've done is run my computer behind a router and use Norton antivirus. Well, that and update my computer with Microsoft Updates regularly. I've never had a virus...

When I installed Spybot and those sorts of programs, it brought my computer to a crawl and broke several of my programs. Perhaps my case is unusual, but it seems to work for me. I've just never understood why I would need a software firewall if I keep all my ports closed on my router? Maybe someone can explain that to me.

[Swordmaker]

I've just never understood why I would need a software firewall if I keep all my ports closed on my router? Maybe someone can explain that to me.

If you trust the other computer users ON THIS SIDE OF THE ROUTER, you don't need a software firewall in addition to the hardware one in the router... but if you don't trust them, then you should have another layer of protection.

[Kaylee Frye]

If you trust the other computer users ON THIS SIDE OF THE ROUTER, you don't need a software firewall in addition to the hardware one in the router... but if you don't trust them, then you should have another layer of protection.

Well, I hope I trust my husband! :) Nope, it's just us on the inside of the router. That pretty much confirms what I figured. Thanks.

[bitt]

bumpppppppppppppppp