Most Home PC Users at Risk for Attack

The bulk of home PC users are largely open to attack through the Internet, with nearly half of all broadband connections running without a firewall, nearly 70 percent without updated antivirus protection, four in five users with spyware or adware on their machines, and nearly 90 percent of those victims unaware of the compromise.

The findings come from a home-user-focused study sponsored by America Online and the National Cyber Security Alliance (NCSA), which indicated that in the face of threats from viruses, spyware and adware, users suffer from confusion and a "perception gap" that has a large majority of them believing falsely that their computers and information stored on them are safe.

Home Security

The thrust of the study was to increase awareness and educate individual users of their importance in the overall security of the Internet and communications infrastructure.

"Using viruses, remote attacks, and drone machines, a single attacker could mobilize thousands of compromised computers from unsuspecting users," said Dan Caprio, U.S. Department of Commerce deputy assistant secretary for technology policy, in a statement.

"This study highlights just how important it is for individual Americans to take their cyber-security seriously, not just as a matter of personal safety, but as a matter of our country's security as well."

Corporations Protected

While corporations have been forced to address computer security issues -- which if exploited can result in downtime and lost dollars -- home users have remained heavy targets of attackers looking to infect and exploit their systems.

Ken Dunham, iDefense director of malicious code intelligence, told TechNewsWorld that home users are even at risk while setting up a new system and installing software because attackers quickly pounce on new Internet protocol (IP) addresses.

Dunham said that while corporations are monitoring ports and using advanced security tools to fend off infection and attack, home users -- who have less technical sophistication -- are left more susceptible, sometimes even lacking firewall and anti-virus defenses.

"It's a nasty situation," Dunham said.

Lots of Bots

Dunham said the use of attack tools to compromise computers and then use them for spreading malicious software, spamming or other illicit activity is on the rise. The compromised computers, which are amassed by attackers for bragging rights, denial of service (DoS) or other attacks, are known as "zombies" or "bots."

"We have seen hundreds and hundreds of bots released this year," Dunham said. "The number of families of [bot] variants is just shooting through the roof.... If the trend continues, we can expect to see thousands and thousands of new bot variants in 2005."

Making matters worse, Dunham said the latest malicious code making its way onto unsuspecting users' machines -- in the form of viruses, spyware, Trojans and more -- is relatively easily created and more conspicuous than ever.

Primordial Soup

Webroot vice president of threat research Richard Stiennon, whose company focuses on spyware, said both home users and university computing environments are highly exploited by computer attackers.

"Those two combined create this primordial soup of viruses out there," Stiennon told TechNewsWorld.

Stiennon agreed that malicious code is increasingly more covert, but added that while corporations are generally better secured than consumers, there continues to be a prevalence of spyware and even keystroke loggers on enterprise IT systems.

"It's not necessarily true that corporations are totally invulnerable to this stuff," Stiennon said.

Information Risk

For home users, the AOL/NCSA study also indicated that at the same time consumers are unaware of their vulnerability, they are also leaving important information at risk on home computers.

The study said while nearly 40 percent of home wireless networks are completely open without any encryption, the vast majority of study respondents indicated they keep sensitive information on their PCs and use their home computers for banking, medical or other transactions.

"For the first time, we've reviewed the actual security protections that consumers use for the sensitive information they keep on their home computers, and results validate our purpose -- to raise awareness and change behavior," said a statement from NCSA chairman Ken Watson.