9 out of 10 work PC's fail on basic security

Discussion in 'Computer Security' started by ~BD~, Jun 9, 2009.

  1. ~BD~

    ~BD~ Guest

    From Graham Cluley's blog

    Ninety percent of corporate PCs are a security risk because they are not
    fully patched, or do not have basic security such as anti-virus software
    and firewalls properly installed.

    That's the rather staggering revelation made by the results from
    Sophos's free Endpoint Assessment Test*, which has scanned Windows
    computers on thousands of different business networks over the last
    year.

    See:
    http://www.sophos.com/blogs/gc/g/2009/06/02/ten-work-pcs-fail-basic-security/
     
    ~BD~, Jun 9, 2009
    #1
    1. Advertising

  2. ~BD~

    Root Kit Guest

    On Tue, 9 Jun 2009 08:45:44 +0100, "~BD~" <>
    wrote:

    >From Graham Cluley's blog
    >
    >Ninety percent of corporate PCs are a security risk because they are not
    >fully patched, or do not have basic security such as anti-virus software
    >and firewalls properly installed.
    >
    >That's the rather staggering revelation made by the results from
    >Sophos's free Endpoint Assessment Test*, which has scanned Windows
    >computers on thousands of different business networks over the last
    >year.
    >
    >See:
    >http://www.sophos.com/blogs/gc/g/2009/06/02/ten-work-pcs-fail-basic-security/
    >


    A very "surprising" message coming from a security vendor, isn't it?

    Gee, referring to anti-virus and firewalls on clients as "basic
    security" says it all....
     
    Root Kit, Jun 9, 2009
    #2
    1. Advertising

  3. ~BD~

    Leythos Guest

    In article <h0l3vg$pce$-september.org>,
    says...
    > Ninety percent of corporate PCs are a security risk because they are not
    > fully patched, or do not have basic security such as anti-virus software
    > and firewalls properly installed.
    >


    And that would be mostly inflammatory and designed for the masses to
    scare them.

    Not all patches are necessary in all environments - so the statement is
    incorrect to start with.

    I have yet to find a Corporate environment without AV software running
    and fetching updates - so, again, the security risk because of the
    stated reasons is more FUD designed to just scare the masses of people
    ignorant about security.

    Where I've seen security fail is in what access is permitted, something
    that neither patches or AV software can prevent.

    --
    You can't trust your best friends, your five senses, only the little
    voice inside you that most civilians don't even hear -- Listen to that.
    Trust yourself.
    (remove 999 for proper email address)
     
    Leythos, Jun 9, 2009
    #3
  4. ~BD~

    ~BD~ Guest

    All comments appreciated. Thank you.

    Perhaps you'd like to provide your thoughts on how many privately owned
    (non-work) computers you think may be similarly compromised - without
    the knowledge of the user.
    --
    Dave
     
    ~BD~, Jun 19, 2009
    #4
  5. ~BD~ wrote:
    > All comments appreciated. Thank you.
    >
    > Perhaps you'd like to provide your thoughts on how many privately owned
    > (non-work) computers you think may be similarly compromised - without
    > the knowledge of the user.


    At least 10 out of 10 computers with Microsoft Windows installed.
     
    Kelb tal-Fenek, Jun 19, 2009
    #5
  6. ~BD~

    Leythos Guest

    In article <h1fec9$1qi$>, ~BD~@nomail.afraid.com says...
    >
    > All comments appreciated. Thank you.
    >
    > Perhaps you'd like to provide your thoughts on how many privately owned
    > (non-work) computers you think may be similarly compromised - without
    > the knowledge of the user.


    Of the 2000+ systems that I know of, none are compromised, of the
    hundreds of home systems that I know of, about 10% get compromised from
    time to time with the newest threats... All windows based machines.

    --
    You can't trust your best friends, your five senses, only the little
    voice inside you that most civilians don't even hear -- Listen to that.
    Trust yourself.
    (remove 999 for proper email address)
     
    Leythos, Jun 19, 2009
    #6
  7. In alt.computer.security, ~BD~ cross-posted:

    > All comments appreciated. Thank you.
    >
    > Perhaps you'd like to provide your thoughts on how many privately
    > owned (non-work) computers you think may be similarly compromised -
    > without the knowledge of the user.


    There was a piece on my local TV news a couple of months ago. The anchor
    person started with "91% of personal computers are infected with some
    sort of viruses and spyware...", then went on to give a few generic
    details[1], all the while showing monitor closeups of people browsing
    with Internet Explorer.

    Duh!

    [1. which weren't really all that useful, consisting mostly of "pay for
    current anti-virus software" and "take your computer to the geek store."

    --
    -bts
    -Friends don't let friends drive Windows
     
    Beauregard T. Shagnasty, Jun 19, 2009
    #7
  8. ~BD~

    ~BD~ Guest

    Hmmm! Have you any evidence to support your theory? <grin>

    --
    Dave

    "Kelb tal-Fenek" <> wrote in message
    news:h1feu0$a6c$...
    > ~BD~ wrote:
    >> All comments appreciated. Thank you.
    >>
    >> Perhaps you'd like to provide your thoughts on how many privately
    >> owned
    >> (non-work) computers you think may be similarly compromised - without
    >> the knowledge of the user.

    >
    > At least 10 out of 10 computers with Microsoft Windows installed.
    >
     
    ~BD~, Jun 21, 2009
    #8
  9. ~BD~

    ~BD~ Guest

    "Leythos" <> wrote in message
    news:...
    > In article <h1fec9$1qi$>, ~BD~@nomail.afraid.com says...
    >>
    >> All comments appreciated. Thank you.
    >>
    >> Perhaps you'd like to provide your thoughts on how many privately
    >> owned
    >> (non-work) computers you think may be similarly compromised - without
    >> the knowledge of the user.

    >
    > Of the 2000+ systems that I know of, none are compromised, of the
    > hundreds of home systems that I know of, about 10% get compromised
    > from
    > time to time with the newest threats... All windows based machines.
    >
    > --
    > You can't trust your best friends, your five senses, only the little
    > voice inside you that most civilians don't even hear -- Listen to
    > that.
    > Trust yourself.
    > (remove 999 for proper email address)


    I'm a little confused by your use of the word 'system', Leythos.
    Regardless, you seem to suggest that perhaps 1 in 10 of 'home' use
    computers become 'infected'.

    Worldwide, I feel that you are underestimating the problem.

    --
    Dave
     
    ~BD~, Jun 21, 2009
    #9
  10. ~BD~

    ~BD~ Guest

    "Beauregard T. Shagnasty" <> wrote in message
    news:h1fv2t$ctb$-september.org...
    > In alt.computer.security, ~BD~ cross-posted:
    >
    >> All comments appreciated. Thank you.
    >>
    >> Perhaps you'd like to provide your thoughts on how many privately
    >> owned (non-work) computers you think may be similarly compromised -
    >> without the knowledge of the user.

    >
    > There was a piece on my local TV news a couple of months ago. The
    > anchor
    > person started with "91% of personal computers are infected with some
    > sort of viruses and spyware...", then went on to give a few generic
    > details[1], all the while showing monitor closeups of people browsing
    > with Internet Explorer.
    >
    > Duh!
    >
    > [1. which weren't really all that useful, consisting mostly of "pay
    > for
    > current anti-virus software" and "take your computer to the geek
    > store."
    >
    > --
    > -bts
    > -Friends don't let friends drive Windows


    Thanks for replying BTS.

    I know you are not fond of Windows - but there are *lots* of users; I
    suspect that without it, though, many folk would never have got to grips
    with 'computing' at all! It is hardly the fault of the average user that
    the product had/has inherent flaws.

    My guess is that only 1 in 10 users has any clue about all the bad
    things which can happen once one connects to the Internet - especially
    with a broadband connection!

    --
    Dave
     
    ~BD~, Jun 21, 2009
    #10
  11. ~BD~

    ~BD~ Guest

    "Tim Jackson" <> wrote in message
    news:...
    > ~BD~ wrote:
    >> All comments appreciated. Thank you.
    >>
    >> Perhaps you'd like to provide your thoughts on how many privately
    >> owned (non-work) computers you think may be similarly compromised -
    >> without the knowledge of the user.
    >> --
    >> Dave
    >>
    >>
    >>

    >
    > That is a non-sequitor.
    >
    > Cluley didn't say they were compromised, he said they were a security
    > risk. That implies they were vulnerable, not actually infected. In
    > the same way and to the same extent that anyone not using mouthwash is
    > vulnerable to gum disease, or anyone not using cologne is vulnerable
    > to sexual rejection.
    >
    > I'm sure few computers are vulnerable in this way "without the
    > knowledge of the user". Since at home, only the user is responsible
    > for security, any omission can hardly be "without knowledge", unless
    > you consider users who can ignore the heavy advertising for AV
    > software that comes with Windows to not be informed of their options.
    >
    > Whereas in a corporate environment security is handled by the IT
    > department and users need have no knowledge of, well, anything really.
    >
    > If what you meant to ask is how many computers have software installed
    > without the user's knowledge and not to the users benefit, you can
    > start with the adware bundled into Windows, and say all of them, yes.
    >
    > Or perhaps you want to know is what proportion have software of this
    > ilk downloaded unknowingly from the internet, then count anyone who
    > uses 'free' social networking, file sharing etc. services. But if
    > they understand the adage "there ain't no free lunch" then surely they
    > are "knowingly" compromising their machines.
    >
    > Another option would be to ask what proportion have software installed
    > that would allow their computer to be controlled by a hostile third
    > party. That is probably the most meaningful question, and I don't
    > know the answer. Given that in my experience any PC that starts
    > behaving in an antisocial manner will fairly quickly get squashed by
    > any self-respecting ISP, it is only dormant zombies that count, and I
    > don't know of any way of counting them except by reference to the
    > numbers that have become active in the past. That makes it a fairly
    > small percentage.
    >
    >
    > Tim Jackson


    Thank you for your comprehensive response, Tim.

    Here is an article with which you may find of interest.
    Cybersecurity Groups Launch "Chain of Trust" Initiative to Combat
    Malware
    WASHINGTON, May 19, 2009 -- Three of the world's leading cybersecurity
    groups today launched a new initiative to combat malicious software
    (malware) by establishing a "Chain of Trust" among all organizations and
    individuals that play a role in securing the Internet.

    Developed by the Anti-Spyware Coalition (ASC), National Cyber Security
    Alliance (NCSA) and StopBadware.org, the Chain of Trust Initiative will
    link together security vendors, researchers, government agencies,
    Internet companies, network providers, advocacy and education groups in
    a systemic effort to stem the rising tide of malware.

    Applying many of the same approaches used to bring nuisance adware under
    control, Chain of Trust Initiative aims to establish a united front
    against a threat continues to grow exponentially. Kaspersky Labs
    recently reported that malware distributed through social networking
    sites is successful 10 times more often than scams distributed via
    email.

    "Strong security in any one organization or sector is not enough to
    combat an agile, fast evolving threat like malware, which exploits
    security breakdowns between entities," said Ari Schwartz, ASC
    Coordinator and Vice President of the Center for Democracy & Technology
    (CDT). "We all need to work together to build a system that withstand
    and repel the next generation of exploits."

    The first order of business in the Chain of Trust Initiative is to map
    the complex, interdependent network of organizations and individuals
    that make up the chain. Only by identifying all the vulnerable links and
    understanding how they connect to one another can malware fighters get a
    handle on the problem and begin to develop consensus solutions.

    "Online safety and security is a shared responsibility that requires the
    involvement of governments, corporations, non-profit institutions and
    citizens," said Michael Kaiser, Executive Director of the NCSA. "The
    Chain of Trust Initiative will focus furthering the development of tools
    that provide better protections. However, we must also continue to
    ensure that all of us implement universal behaviors online that protect
    us against a multitude of threats."

    ASC, NSCA and StopBadware.org will lead the mapping effort and jointly
    develop ideas and initiatives to form stronger bonds between links on
    the chain. Leaders of the initiative have already begun reaching out to
    key players and identifying critical areas for collaboration. In the
    next six months, the Chain of Trust Initiative will produce a paper
    tracking the results of the mapping project and propose initial
    recommendations to strengthen the chain.

    "Organization and collaboration are our best tools against an enemy that
    doesn't play by any rules," said StopBadware.org manager Maxim
    Weinstein. "Just by nature of how the Internet works, malware
    distributors have a technological advantage, but we can respond by
    strengthening our shared networks and by better understanding our shared
    responsibilities."

    About the Anti-Spyware Coalition: The Anti-Spyware Coalition (ASC) is a
    group dedicated to building a consensus about definitions and best
    practices in the debate surrounding spyware and other potentially
    unwanted technologies. Composed of anti-spyware software companies,
    academics, and consumer groups, the ASC seeks to bring together a
    diverse array of perspective on the problem of controlling spyware and
    other potentially unwanted technologies.

    About National Cyber Security Alliance: The National Cyber Security
    Alliance is a non-profit organization. Through collaboration with the
    government, corporate, non-profit and academic sectors, the mission of
    the NCSA is to empower a digital citizenry to use the Internet securely
    and safely protecting themselves and the cyber infrastructure. NCSA
    works to create a culture of cyber security and safety through education
    and awareness activities. Visit www.staysafeonline.org for more
    information.

    About StopBadware.org: StopBadware.org is a partnership among the
    academic community, consumer groups, technology industry leaders, and
    volunteers committed to protecting Internet users from threats to their
    privacy and security caused by bad software. StopBadware.org is led by
    Harvard University's Berkman Center for Internet & Society. The
    initiative is supported by Google, PayPal, Mozilla, AOL, and Trend
    Micro. For more information, please visit http://www.stopbadware.org.

    ***********************************

    The original may be found here: http://cdt.org/press/20090519press.php

    --

    Dave
     
    ~BD~, Jun 21, 2009
    #11
  12. ~BD~

    Leythos Guest

    In article <h1ks2q$r9m$-september.org>,
    says...
    >
    > "Leythos" <> wrote in message
    > news:...
    > > In article <h1fec9$1qi$>, ~BD~@nomail.afraid.com says...
    > >>
    > >> All comments appreciated. Thank you.
    > >>
    > >> Perhaps you'd like to provide your thoughts on how many privately
    > >> owned
    > >> (non-work) computers you think may be similarly compromised - without
    > >> the knowledge of the user.

    > >
    > > Of the 2000+ systems that I know of, none are compromised, of the
    > > hundreds of home systems that I know of, about 10% get compromised
    > > from
    > > time to time with the newest threats... All windows based machines.
    > >
    > > --
    > > You can't trust your best friends, your five senses, only the little
    > > voice inside you that most civilians don't even hear -- Listen to
    > > that.
    > > Trust yourself.
    > > (remove 999 for proper email address)

    >
    > I'm a little confused by your use of the word 'system', Leythos.
    > Regardless, you seem to suggest that perhaps 1 in 10 of 'home' use
    > computers become 'infected'.
    >
    > Worldwide, I feel that you are underestimating the problem.


    Sadly it has more to do with how how stupid the users are than with the
    OS. Since you can secure a Win machine against most all attacks that a
    typical home user would experience, the issue is more that stupid people
    don't secure them. For more than a decade the warnings have been in the
    news, articles, on MS's website, mentioned by friends, etc... Normally
    we would say that these people are "Ignorant", "Unfortunate", etc... I
    really think it's beyond that - in this day and age there is not a
    single excuse for not already knowing about the threats and where to
    find information on how to secure the computer... Except for Zero-day
    exploits, anyone that gets compromised is just stupid.

    --
    You can't trust your best friends, your five senses, only the little
    voice inside you that most civilians don't even hear -- Listen to that.
    Trust yourself.
    (remove 999 for proper email address)
     
    Leythos, Jun 21, 2009
    #12
  13. In alt.computer.security, ~BD~ cross-posted:

    > "Beauregard T. Shagnasty" wrote:
    >> In alt.computer.security, ~BD~ cross-posted:
    >>> All comments appreciated. Thank you.
    >>>
    >>> Perhaps you'd like to provide your thoughts on how many privately
    >>> owned (non-work) computers you think may be similarly compromised -
    >>> without the knowledge of the user.

    >>
    >> There was a piece on my local TV news a couple of months ago. The
    >> anchor person started with "91% of personal computers are infected
    >> with some sort of viruses and spyware...", then went on to give a
    >> few generic details[1], all the while showing monitor closeups of
    >> people browsing with Internet Explorer.
    >>
    >> Duh!
    >>
    >> [1. which weren't really all that useful, consisting mostly of "pay
    >> for current anti-virus software" and "take your computer to the geek
    >> store."

    >
    > Thanks for replying BTS.
    >
    > I know you are not fond of Windows - but there are *lots* of users;


    ...and the answer is because that is what is available in the computer
    store.

    > I suspect that without it, though, many folk would never have got to
    > grips with 'computing' at all! It is hardly the fault of the average
    > user that the product had/has inherent flaws.


    I suspect that if the average home users visited the store and found
    that 9 in 10 computers available were preinstalled with Mac OSX or
    Linux, that is what they would buy. I believe that most home users do
    not set out to purchase a specific operating system; they go looking for
    a computer they can use for email, writing word documents, tweeting,
    processing photos, etc and do not care what the OS is.

    > My guess is that only 1 in 10 users has any clue about all the bad
    > things which can happen once one connects to the Internet - especially
    > with a broadband connection!


    "1 in 10 with clue" is probably a pretty good estimation.

    Please trim signatures; thanks for your consideration.

    --
    -bts
    -Friends don't let friends drive Windows
     
    Beauregard T. Shagnasty, Jun 21, 2009
    #13
  14. ~BD~

    ~BD~ Guest

    "Leythos" <> wrote in message
    news:...
    > In article <h1ks2q$r9m$-september.org>,
    > says...
    >>
    >> "Leythos" <> wrote in message
    >> news:...
    >> > In article <h1fec9$1qi$>, ~BD~@nomail.afraid.com says...
    >> >>
    >> >> All comments appreciated. Thank you.
    >> >>
    >> >> Perhaps you'd like to provide your thoughts on how many privately
    >> >> owned
    >> >> (non-work) computers you think may be similarly compromised -
    >> >> without
    >> >> the knowledge of the user.
    >> >
    >> > Of the 2000+ systems that I know of, none are compromised, of the
    >> > hundreds of home systems that I know of, about 10% get compromised
    >> > from
    >> > time to time with the newest threats... All windows based machines.
    >> >
    >> > --
    >> > You can't trust your best friends, your five senses, only the
    >> > little
    >> > voice inside you that most civilians don't even hear -- Listen to
    >> > that.
    >> > Trust yourself.
    >> > (remove 999 for proper email address)

    >>
    >> I'm a little confused by your use of the word 'system', Leythos.
    >> Regardless, you seem to suggest that perhaps 1 in 10 of 'home' use
    >> computers become 'infected'.
    >>
    >> Worldwide, I feel that you are underestimating the problem.

    >
    > Sadly it has more to do with how how stupid the users are than with
    > the
    > OS. Since you can secure a Win machine against most all attacks that a
    > typical home user would experience, the issue is more that stupid
    > people
    > don't secure them. For more than a decade the warnings have been in
    > the
    > news, articles, on MS's website, mentioned by friends, etc... Normally
    > we would say that these people are "Ignorant", "Unfortunate", etc... I
    > really think it's beyond that - in this day and age there is not a
    > single excuse for not already knowing about the threats and where to
    > find information on how to secure the computer... Except for Zero-day
    > exploits, anyone that gets compromised is just stupid.
    >
    > --


    You are no doubt correct, Leythos - yet just recently on the BBC news
    here in the UK was a report that cybercrime is still increasing
    exponentially - it seems there are *lots* of stupid people!

    --
    Dave
     
    ~BD~, Jun 22, 2009
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?c3RlZXJwaWtl?=

    Domain names fail to access the internet, ip addresses work ok

    =?Utf-8?B?c3RlZXJwaWtl?=, Jan 3, 2006, in forum: Microsoft Certification
    Replies:
    3
    Views:
    628
    =?Utf-8?B?Z3RyaWdodA==?=
    Jan 6, 2006
  2. Jaime
    Replies:
    2
    Views:
    570
    Jaime
    Sep 20, 2003
  3. Black Baptist

    Find target and open containg folder options fail to work

    Black Baptist, Jul 18, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    447
    Black Baptist
    Jul 18, 2004
  4. Jimmy Dean
    Replies:
    3
    Views:
    1,151
    Duane Arnold
    Jul 25, 2005
  5. Sharp Dressed Man

    TurboTax Basic vs. Taxcut Basic?

    Sharp Dressed Man, Jan 10, 2009, in forum: Computer Support
    Replies:
    1
    Views:
    684
    Sharp Dressed Man
    Jan 12, 2009
Loading...

Share This Page