Most Home PC Users at Risk for Attack

The bulk of home PC users are largely open to attack through the Internet, with nearly half of all broadbandconnections running without a firewall, nearly 70 percent without updated antivirus protection, four in five users with spyware or adware on their machines, and nearly 90 percent of those victims unaware of the compromise.

The findings come from a home-user-focused study sponsored by America Online and the National Cyber Security Alliance (NCSA), which indicated that in the face of threats from viruses, spyware and adware, users suffer from confusion and a “perception gap” that has a large majority of them believing falsely that their computers and information stored on them are safe.

Home Security

The thrust of the study was to increase awareness and educate individualusers of their importance in the overall security of the Internet andcommunications infrastructure.

“Using viruses, remote attacks, and drone machines, a single attackercould mobilize thousands of compromised computers from unsuspecting users,”said Dan Caprio, U.S. Department of Commerce deputy assistant secretary for technologypolicy, in a statement.

“This study highlights just how importantit is for individual Americans to take their cyber-security seriously, notjust as a matter of personal safety, but as a matter of our country’ssecurity as well.”

Corporations Protected

While corporations have been forced to address computer security issues –which if exploited can result in downtime and lost dollars — home usershave remained heavy targets of attackers looking to infect and exploit theirsystems.

Ken Dunham, iDefense director of malicious code intelligence, toldTechNewsWorld that home users are even at risk while setting up a new systemand installing software because attackers quickly pounce on new Internet protocol(IP) addresses.

Dunham said that while corporations are monitoring ports and using advancedsecurity tools to fend off infection and attack, home users — who have lesstechnical sophistication — are left more susceptible, sometimes even lackingfirewall and anti-virus defenses.

“It’s a nasty situation,” Dunham said.

Lots of Bots

Dunham said the use of attack tools to compromise computers and then usethem for spreading malicious software, spamming or other illicit activityis on the rise. The compromised computers, which are amassed by attackersfor bragging rights, denial of service (DoS) or other attacks, are known as”zombies” or “bots.”

“We have seen hundreds and hundreds of bots released this year,” Dunhamsaid. “The number of families of [bot] variants is just shooting through theroof…. If the trend continues, we can expect to see thousandsand thousands of new bot variants in 2005.”

Making matters worse, Dunham said the latest malicious code making itsway onto unsuspecting users’ machines — in the form of viruses, spyware,Trojans and more — is relatively easily created and more conspicuous thanever.

Primordial Soup

Webroot vice president of threat research Richard Stiennon, whose companyfocuses on spyware, said both home users and university computing environmentsare highly exploited by computer attackers.

“Those two combined create this primordial soup of viruses out there,”Stiennon told TechNewsWorld.

Stiennon agreed that malicious code is increasingly more covert, butadded that while corporations are generally better secured than consumers,there continues to be a prevalence of spyware and even keystroke loggers onenterprise IT systems.

“It’s not necessarily true that corporations are totally invulnerable tothis stuff,” Stiennon said.

Information Risk

For home users, the AOL/NCSA study also indicated that at the same timeconsumers are unaware of their vulnerability, they are also leavingimportant information at risk on home computers.

The study said while nearly 40 percent of home wireless networks arecompletely open without any encryption, the vast majority of studyrespondents indicated they keep sensitive information on their PCs and usetheir home computers for banking, medical or other transactions.

“For the first time, we’ve reviewed the actual security protections thatconsumers use for the sensitive information they keep on their homecomputers, and results validate our purpose — to raise awareness and changebehavior,” said a statement from NCSA chairman Ken Watson.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

LinuxInsider Channels