Three Out Of Four Web Users Still Not Security Savvy

London, 2 September 2009: PC Tools today released the results of a worldwide survey¹ that analyses web surfer's security savvy. Research reveals that while many consumers are aware of potential points or sites of infection, the vast majority of consumers are at risk from new and unknown threats on social networking sites, instant messaging services and other online communication and networking tools.

While recent findings from Forrester Research confirm that increased awareness of and attention to cybercrime is prompting consumers to become more familiar and confident with issues around online security, consumers are unlikely to be able to recognise a socially engineered threat. According to the research conducted by PC Tools as many as 74% are not aware of the need for behavioural-based protection. Furthermore one in five do not understand the nature of zero-day threats, one of the more prevalent types of attacks designed to evade traditional antivirus software.

Michael Greene, Vice President Product Strategy, PC Tools, says of the research: "While consumers are generally security conscious, they are not yet security savvy. The increased use of the internet among consumers, almost all of whom are now online on a daily basis, is providing a lucrative market for cybercriminals. As a result, we are seeing more and more sophisticated techniques that lure consumers into clicking on malicious links or downloading malicious files, for example."

"The use of social engineering techniques means that traditional signature based antivirus software on its own is not enough to ensure online safety," Greene continues. "Users must make sure they're equipped with the latest behavioural-based protection to provide proactive defence against new and unknown threats in addition to understanding key methods of infection. This is particularly true for the 41% of global respondents who use only one or two passwords across all the sites they visit online and for the additional 8% who have only one password for all sites."

Regional analysis of the research demonstrates how the level of security vulnerability varies across different countries:

• The French are most likely to use the same password across all websites - 56% compared to 45% in Benelux, 35% in the UK and as few as 16% in Germany;
• One third of Brits never update their security software, making the Brits the most vulnerable citizens of all the countries that responded - compared to 5% of Germans, 7% of the French and 5% of the Benelux respondents;
• 9% of Brits also don't use any security protection when they surf the net, the highest figure from any respondent group (1% in BNL, 5% in France and in 4% Germany); and
• A cautious 9% of Germans will delete any link or file sent to them by email, instant messenger or social networking sites, compared to 8% of respondents in Benelux, 2% in France and less than 1% in the UK.

The research also showed that a significant proportion of people are aware of the need for some level of security protection for their PCs:

• 57% said that they have a security suite installed;
• 64% had their security software configured to update automatically as new information becomes available;
• 84% will always take action when they receive a security alert from the software they've installed; and
• 37% will verify a received link before following it.

"While it's promising to see that most respondents are security aware and have installed security products on their PCs, the results point to the fact that users may be bloating the system by installing too many security solutions," Greene adds. "Light or point solutions can help to minimise the drag on systems while ensuring the level of behavioural protection necessary to keep users safe online. Consumers can also pull together a range of point solutions to design their security suite of choice."

"Even with the best security protection, the methods used by cybercriminals continue to evolve every day, so users should always be on guard," said Greene.

How security savvy is the UK?

Compared to the global average, 77% of people in the UK have some form of software installed on their PC. However, a third of Brits never update their software which is worrying in today's climate where new threats arise every day. Furthermore, the research revealed that 53% say if they are alerted to a threat they read it but unless something strikes them as particularly dangerous, ignore it.

Results from the UK also highlighted a clear difference between male and female respondents:

• 47% of men use the same password to access all sites, compared to just 26% of women;
• Nearly two thirds of men would open a link or attachment from a friend without checking to see if they are legitimate first, compared to a more cautious 48% of women;
• 30% of men ignore threat alerts altogether because they're too busy to take notice or find them annoying;
• Despite this, men are more aware of online risks: 85% know the different channels through which threats can be transmitted (such as IM, email and webpages); and
• 44% of women are unaware that malicious threats can be transmitted on sites like Facebook and Twitter.

Greene concludes: "As cybercriminals adopt more sophisticated methods to trick users into downloading malicious files or clicking on malicious links, consumers need to be aware that even the most technical are at risk of infection. Risks can vary from high-profile attacks like the Koobface virus to downloads of movies that haven't yet been released, videos or links that appear to be sent from friends, or false and malicious URLs posted on Twitter, for example."

"By ensuring they are using the right software to reflect their online behaviour and by being aware of the latest threats, consumers can be much better protected online and be both technically and security savvy."

Visit http://www.pctools.com/ for information and access to the latest behavioural online security protection including the award winning Spyware Doctor software, Registry Mechanic, PC Tools Internet Security and PC Tools Antivirus.

-ends-

Additional information: recent threats to watch out for

Twitter: Hackers are continuing to use Twitter to target victims online. One of the latest scams on Twitter redirects users to the malicious Koobface worm, which, upon successful infection, attempts to gather sensitive information about the victims such as credit card information. Twitter users may see a tweet in their stream that reads "my home video :)" or "cool video! WOW" with a link that redirects them to a set of spoofed social networking pages. The pages then prompt for a plugin install, often stating "Flash Player required", which contains the malicious threat with the link "setup.exe".

This is another example of how cybercriminals are compiling techniques and trying to capitalise on sites like Twitter with large public interest. Twitter users need to be wary if they receive a Tweet from someone unknown, particularly if it directs to a page that prompts a download.

Global events and major news stories spark online threats:

Global events and major news stories are often seen to result in spikes of related malware attacks. Some recent examples include:

• The Swine Flu Pandemic: A new trojan was reported to appear in the wake of the Swine Flu news story, containing keylogger and backdoor functionalities. The malware appeared as a word document purporting to come from the US Centre of Disease Control with important information about swine flu. Incorporated within the document was the malicious file "Novel H1N1 Flu Situation Update.exe". As well as this specific malware attack, the media hype triggered an outbreak of spam, using swine flu as its hook.
• 2010 FIFA World Cup™ spam attacks: Spam attacks have already been witnessed targeting the 2010 FIFA World Cup™ Tournament and these are only set to escalate. During the previous FIFA World Cup™, related phishing attacks jumped by 40%. We are predicting that this pattern will happen again, perhaps on a larger scale, if current outbreak trends are anything to go by.
• Harry Potter and the Half-Blood Prince: Prior to its release, cybercriminals were reported to push "blackhat" search engine optimisation tactics to target the most popular file sharing and P2P networks, including digg.com, blogspot.com and others, targeting those most likely to download the movie in advance of its screening. Cybercriminals baited fans with text like 'Watch "Harry Potter and the Half-Blood Prince" online free'. The link then redirected to a blogspot post with more images and links to the movie, any one of which would prompt users to download and install an additional "streamviewer" which in turn installed malware onto the computer.
• Chris Brown Apology Video: Cybercriminals recently capitalised on the Chris Brown Apology Video with malicious links which directed users to rogue antispyware installations.
• Windows 7: A pirated version of the new Windows 7 operating system release was found circulating online. Thousands of Windows 7 BETA builds were recently downloaded on Torrent and P2P sharing sites containing a malicious trojan, with the potential to cause system failure and result in identity theft for the end user .

¹Windows is a registered trademark of Microsoft Corporation in the United States and other countries.

ABOUT PC TOOLS

PC Tools offers leading security and utility products, including the multi award-winning Spyware Doctor™. PC Tools is an industry leader in real-time anti-spyware and has a number of key patents pending. The PC Tools Malware Research Center monitors trends and emerging spyware issues and provides security solutions for the consumer and enterprise marketplace.

PC Tools has offices in Sydney, San Francisco, London, Shannon (Ireland), Melbourne, Kiev, and Boulder. PC Tools has a global network of distributors, resellers and retailers.

MEDIA CONTACT

Lauren Young
Public Relations Manager
PC Tools Software E: pr@pctools.com
Phone: +61 (0) 2 8922 6394
Mobile: +61 410 541 562