Users Clueless About Malware, Careless About Security Measures: Survey

A pair of surveys focusing on end-users found some worrying patterns and misconceptions about Internet safety and poor security practices.

When it comes to enterprise security, user misconceptions of safe online behavior may be the weakest link, according to two recent research studies.

Users are in the dark about the "reality" of malware threats, according toG Data Software's global survey released June 24. The massive survey included responses from nearly 16,000 users worldwide, of which more than 5,500 were based in the United States.

More than 40 percent of the respondents from the U.S. said it was more dangerous to go to adult content sites than to hobby sites such as horseback riding, the survey found. In actuality, hobby sites are "usually easier" to attack and pose a "greater infection risk" than adult sites because visitors aren't expecting any danger, according to G Data.

"The level of awareness among Internet users is still inadequate and out-of-date in many respects," the researchers wrote in the report.

Nearly all the U.S.-based respondents said they would be able to recognize when their computer has been infected because their machines would crash, slow down or display pop-up windows, the survey found. These users don't realize that modern malware is usually stealthy and can exist on the computer for long periods to "surreptitiously" steal information without sounding any alarms, the researchers wrote in the report.

"The aim of online criminals is to earn as much money as they can, which means that they want to keep infections hidden from users for as long as possible," the researchers wrote.

More than half the U.S.-based respondents regularly click on social networks, the survey found, with about 19 percent clicking on links, regardless of where they come from, the survey found. Those users are "easy targets" for cyber-criminals, according to researchers.

At least users are employing some form of security software on their computers, the survey found. Nearly 88 percent of respondents from the U.S. reported using security software, with about half relying on free versions. About 82 percent believed that free software was just as good as paid, the survey found. The United Kingdom had the highest number of users running security software, at 94 percent, and Russia had the lowest, at 83 percent.

A separate study by GFI Software found that users are not protecting themselves when they are on the Internet at home, and their carelessness has implications on enterprise security. In a survey of 1,070 adults and their teenage children, 65 percent of parents said at least one of their home computers has been infected by malware. Of these, 62 percent of them have been either "somewhat" or "very" serious problems, and 55 percent have been infected more than once, the report found.

Nearly three-quarters of the parents in the survey were working parents and were questioned about their online practices as it related to work. Of the parents who have been issued work computers at home, 90 percent said they've used them for non-work-related purposes and about a third let other members of the family, including their teens, use them for personal use.

It was "surprising" that parents were engaged in "highly insecure computing practices like letting their children use their work computers," said Alex Eckelberry, general manager of GFI Software's security business unit.

Similar to the G Data survey, most users appear to have some kind of antivirus software. However, there's a big difference between having it and actually using it correctly, as only 28 percent of the parents in the GFI research reported updating their definition files daily. An eye-popping 24 percent was unsure if they were updating the definitions at all.

"Home Internet use is a source of significant risk, not only to families, but also to employers," Eckelberry said.