Wheres the Review?
The first several pages of the story are not a review, but a story on online threats and how you can protect yourself ("Protect Yourself Online. The Biggest Threats & The Best Solutions"). It's filled with data sourced to eMarketer, a market research firm. The data in the story, including all of the claims of prevelance of threats and so on, therefore come from self-reported survey results from the general public. As an IT professional-as I assume most eWEEK readers are-ask yourself if you would trust the average computer-using consumer to accurately report what security software features they are running and what threats they have suffered from. Me, I wouldn't trust them, but CR does. Thus we learn that "...the rate of serious spyware problems has declined 54% and serious virus problems 32% over the years that we've tracked them." The only malware terms the story uses are spyware and viruses, so I will assume that "virus" here also means trojan horse malware, the dominant form, and I'm pleasantly surprised to learn that it's been on the decline for a while, as has spam according to the story.The pitfalls of having end users report on security create havoc all over the story. When the survey shows that "36 percent didn't have an antispyware program, and 75% didn't use an antiphishing toolbar" I'm extremely suspicious. Many who are running anti-virus software probably think they don't have an antispyware program, yet they certianly have a great deal of antispyware protection, and in fact the distinction between anti-spyware and anti-virus has always been a phony one. And while neither IE7 nor Firefox 3 have an antiphishing toolbar as such, both have live antiphishing protection. Is CR saying that 75% of users are not using those versions? I suspect not. So are they saying it's better to have it in a toolbar? Right. The only reasonable conclusion from this data is that CR's authors and editors don't understand how security software or browsers work these days. The story also has numerous tips for users to avoid security problems and a list of 7 blunders users make. Many of these are well thought out, but a few are overstated or just plan bewildering. Consider this advice: "Use a separate credit card just for your Internet shopping, as did 7 percent of resondents to our survey." Why? What does this accomplish? Someone, please let me know.
On the other hand, it reports that 1 in 94 households had monetary losses from a phishing attack in the past 2 years. That sounds high to me. Mind you, another research report from eMarketer, dated August 6, claims that the online identity theft threat is overstated: "The actual risk of having your identity stolen online is not as high as many people think," said Susan Menke, senior analyst at Mintel, in a statement. "Financial services companies are trying to reassure consumers, but their marketing messages aren't sticking. Companies need to find innovative new ways to convince Americans that their identities are secure online and when using e-mail." I'm confused; is it a big threat or not?