Study Finds Home Computer Security Is Failing

I recently came across a slightly dated press release from McAfee, Inc., as part of their work with the National Cyber Security Alliance (NCSA). The NCSA is a not-for-profit 501(c)(3) public/private organization made up of companies like McAfee, Symantec, Microsoft, CA, Cisco and government organizations like DHS, FTC and the FBI Infragard. Normally I view these reports from this type of cyber security organization, heavily industry supported by vendors with a stake in the game, with some skepticism. Ok, make that a lot of skepticism.

What made this report different than most of the kind of questionable ones that I often read, is that our own review of hundreds of end-user systems during incident responses and computer forensic reviews agree with the reports general analysis. Most user's computers are at risk, even though the end user thinks they are safe. While the report focuses on the lax computer security of home users, we frequently find that security posture of end user laptops and workstations in many corporations isn't any better.

We frequently see all of the items that the McAfee/NCSA report documents such as:

  • Expired Antivirus Software
  • Disabled Firewalls
  • Lack of Spyware Detection
  • No Phishing Protection

The report goes on to state that most people know that computer security is important, they just don't know how to implement it on their own. I tend to agree with this analysis but I also question how much the end user can be expected to do to keep themselves safe online. I don't expect the average user (I'm thinking about my Mom the Avon lady and a friend who is a restaurant owner) can be expected to know about firewall configuration and increasingly complex suites of anti-virus/spyware/phishing/whatever. I frequently find the constant pop-ups and warnings from the complex set of security software that I run on my own workstation to be a bit daunting and time consuming. I don't even like to think about how my Mom handles those pop-ups and warnings.

We frequently hear from end user that they thought they were protected because there was AV protection on their system when the purchased it. The message that AV has to be update regularly, that it expires annually and vendors usually bundle 90-day trial editions of AV solutions just doesn't seem to have made it into the normal users consciousness.

Unfortunately, in our numerous responses to computer intrusions at companies we find lots of out-dated AV signature files, AV that has been shutdown or more commonly AV that has been unable to identify the intrusion application. These situations combined with a general lack of Extrusion Detection (I point you to the TaoSecurity Blog by Richard Bejtlich) at most companies leads to a lot of successful intrusions aimed at corporate end users. That combined with malware authors constantly changing the signatures of their binaries and testing their tools against common AV products doesn't make for a comforting computer security situation.

I'm not saying that the sky is falling or that we should throw all our computers away. I have two suggestions that I know work; educate your employees at all levels and don't rely on a single product or solution. I know you were hoping for some sort of earth shattering cyber security insight but good computer security can be just that simple.

I'll do a follow-up post soon with some of our ideas to the common computer security mistakes with see repeated during incident responses.

Submit to Delicious Submit to Digg Submit to Facebook Submit to Google Bookmarks Submit to Stumbleupon Submit to Twitter Submit to LinkedIn
© 2012 Jones Dykstra & Associates, Inc.
5850 Waterloo Rd, Suite 140, Columbia, MD 21045
P:(410) 480-7190 F:(410) 480-7191
contact@jonesdykstra.com