While most Internet users think they are safe online, they're not, according to a new study released Wednesday by America Online and the National Cyber Security Alliance. In fact, about 80 percent are exposed to common Internet threats, the study found.
More than half of the participants either had no anti-virus protection or had not updated it within the last week, researchers found. About half did not have a properly-configured firewall, and four in ten didn't have spyware protection. Taken collectively, more than 4 in five consumers lacked at least one of the three types of basic protection.
Still, 83 percent told researchers they were "safe from online threats," the study found.
The results mirror a similar study conducted last year by AOL and Cyber Security Alliance. The sweeping study is thorough; researchers follow-up survey responses with in-home visits, and technicians inspect consumers' PCs. Among the key findings — consumers often falsely believe their computers have up-to-date Internet pest protection when they don't.
"People have a false sense of security," said Tatiana Platt, senior vice president at AOL.
Researchers also asked participants to save all their e-mails for a month, and found that about one in four had received an e-mail scam — a phishing e-mail — that attempted to lure sensitive personal information. Perhaps more alarming, some 70 percent of those consumers thought the e-mails were from legitimate companies.
Of those receiving the phony e-mails, most thought they might be from legitimate companies — seven in 10, or 70 percent, were fooled by the e-mails, said the report.
Keeping consumers safe is becoming even more critical as more engage in Internet commerce and financial transactions, Platt said. The study found nearly three-quarters of those surveyed use their computers for sensitive transactions such as banking, stock trading or reviewing medical information.
Still, there is much confusion about what consumers need to do to keep their computers safe, said Ron Teixeira, executive director, National Cyber Security Alliance. For example, many never update the antivirus software that comes loaded with their PCs, he said.
"We do need to make sure if people are not Internet security experts that it's easy to keep the software up to date," Teixeira said. "A lot of programs have automatic updates, but they just need to be turned on."
There was some good news in the survey. More consumers are keeping antivirus software up to date than last year, the study found. A year ago, only 33 percent had updated their antivirus software in the past week. This year, 44 percent had. And twice as many consumers (56 percent compared to 28 percent ) had properly configured firewalls, thanks in part to changes in Microsoft's Windows XP program that turn on the firewall by default. (MSNBC is a Microsoft-NBC joint venture.)
But new technology and new attacks are making it a tough battle. The study found that while more homes are connecting to the Internet using wireless networks, too few of them are properly set up to keep out intruders. More than one out of four homes had a wireless network (26 percent), and nearly half of these homes (47 percent) failed to encrypt their connection, a safety precaution needed to protect wireless networks from outside intruders.
The study also confirmed at least a casual link between spyware infections and children's surfing habits: 69 percent of homes with children under age 18 had spyware/adware, as opposed to 58 percent of households without kids.
Corporations continue to work on ways to make computers safer, but Teixeira said all that new technology can be foiled by users with unsafe Internet habits
"The security is only as good as the user," he said.
The researchers conducted in-home interviews with more than 350 Internet users nationwide. The researchers also reviewed the e-mails received by those households.
The Federal Trade Commission has several tips to keep from getting hooked by phishers:
- If you get an e-mail asking for personal information, call the company directly or type in the company’s correct Web address. Do not click on the link provided in the e-mail.
- Use antivirus software and a firewall. This can protect a user from accepting unwanted files that could harm a computer or track a consumer’s Internet activities.
- Don’t e-mail personal or financial information.
Additional information about the National Cyber Security Alliance, including tips to stay safe online, and the complete results of the AOL/NCSA Online Safety Study are available at www.staysafeonline.org.