The Internet and security

Nov 1, 2000 12:00 PM, Carey Adams

Survey reveals possibility of lapses in judgment. The Internet is quickly becoming the chief way to traffic information throughout the world. Everyday, thousands of new users log onto the Worldwide Web to download information, make business transactions, and post sensitive messages.

With so much information transit, security is a prime concern. Or at least one would think so. On the contrary, according to CarbonMedia Inc., a New York-based technology and marketing agency. Internet security awareness often is not a chief concern for companies or individuals. But the survey includes some good news, too.

According to a 24-page report published by the company, 46 percent of computer users are prone to be infected by computer bugs or viruses. The findings are based on answers completed by a sample of 2,000 respondents, who voluntarily took an Internet security questionnaire and "IQ test."

"The results are not surprising at all," says Frederic V. Farcy, CEO and director of technology at CarbonMedia. "A lot of people choose convenience over security. But, people have to learn to use security on the Internet."

The report, The Internet, Security, and You also reveals that 22 percent of the respondents have passwords that can be breached in less than seven minutes. According to Farcy, the lack of security consciousness may stem from the idea that users are depending on the computer industry to provide security. But Farcy says:

"Nowadays, the burden of security lies with the user/individual instead of with the industry. Yet, we have to start working with security issues in mind," says Farcy.

The initial survey was originally posted online at www.security-iq.com on April 24, 2000, just 11 days before the "I love you" virus hit 82.4 million computers and infected 2.6 million e-mail users. The virus caused an estimated $6.7 billion in damage.

The survey was conducted with four security "IQ ranges": low (score between 23-68), medium (score between 69-137), high (score between 138-192), and expert (score between 193 and above). Someone scoring in the low range is quite vulnerable to security breaches; someone scoring in the expert range is very security-savvy.

According to CarbonMedia, the average score was 148.3. Although CarbonMedia deems respectable a score of around 183, the agency was impressed by the overall scores.

"I was definitely surprised that there were more high scores (51. 8 percent) than any other," says Farcy.

Though a high score was the average, the survey pointed out that there are still lapses in security consciousness.

Only 9 percent of the respondents have a complex password (16 characters or more with either upper/lower characters, upper/lower characters with numbers or upper/lower characters with numbers and special characters) that would take a hacker years to break. Twenty-two percent of the respondents have a password length of 5-8 characters, but according to studies conducted by CarbonMedia, passwords of this nature can be breached in seven minutes. Thirty percent of the respondents have password lengths of 5-8 characters with case-sensitive characters and numbers. A password of this sort could be cracked in four days.

According to the study, password lengths should be 9-15 characters or more than 16 characters, with upper/lower characters mixed with numbers and special characters.

"I think people sometime lack the understanding about passwords. People are starting to get used to passwords, but they fail to understand that making a password more complicated can make it more secure," says Farcy.

Passwords should be changed at least three or four times a year, but 33 percent of respondents said that they only change their password when forced to do so. Another 17 percent change their password once a year and 18 percent said they never change their password.

Farcy says the lapse in security could be attributed to the fact that most people do not think about Internet and computer breaches until they are directly affected.

Forty-six percent of the 2,000 respondents answered that they do not use e-mail encryption when sending sensitive information. Forty-six percent of the respondents also said they open e-mail attachments without knowing if they have been scanned for viruses.

Anti-virus software is designed to protect computers against viruses and attacks, but 20 percent of survey respondents said they didn't have anti-virus software or did not know if they had anti-virus software installed on their computer. In addition, 23 percent said they updated their anti-virus software once a year. Updating once a year, however, is not often enough considering the number of known viruses.

"Fifteen years ago there were 20 to 40 viruses, now there are more than 46,000," says Farcy. "Precautions need to be taken."

Ages of the respondents ranged from 15 to over 50. It emerged that younger respondents scored better on the survey than older respondents. Twenty-seven percent of the respondents who scored in the expert range are under 20 years old. More than 43 percent of the respondents are over 31 years old. Only 18 percent of respondents ages 21-30 and ages 31-40 scored in the expert range, while respondents ages 41-50 and over 50 scored 8 percent and 11 percent, respectively, in the expert range.

According to the survey, people who are self-employed tend to be more security-conscious than people working in large organizations. More than 63 percent of the self-employed respondents scored in the "high-IQ range."

Despite low figures in such areas as password security, e-mail encryption, etc., Farcy said he is encouraged by the overall survey scores.

"I think people are becoming aware that there are issues out there. There were more high scores than I expected and that tells me people are starting to understand that security is an issue," says Farcy.

Farcy hopes that companies will take the initiative to reinforce security issues, through classes, or verbal or written reminders.

"You have to make it a team effort and that's what we are striving for," says Farcy.

For more information about the survey, The Internet, Security and You, call CarbonMedia at (212) 253-7180 or access the company's Web site at www. CarbonMedia.com.

Hand-held computers, cell phones and other wireless equipment seem untouchable when it comes to virus attacks or hackers. With few network connections, wireless communication devices are less vulnerable to attack, but they are still vulnerable.

As the Internet continues to whet the appetite for quick access to information, hand-held devices such as palm readers are being developed with network connection capability and the ability to download information. Network capability subjects wireless devices to being attacked just like personal computers.

F-Secure Corp., an Espoo, Finland-based wireless security technology company, is working to develop technology to keep wireless technology just as secure a networked-based technology.

F-Secure has developed an anti-virus product for wireless operating systems running the Symbian EPOC platform. The new security solution enables wireless application service providers to offer remotely managed security services to their corporate and consumer customers.

The Symbian platform has already been licensed to several mobile phone manufacturers, including Ericsson, Motorola, Nokia, Panasonic, Philips, Psion, and Sony.

"I don't think people have heard about breaches in wireless technology, but there are some suggestions of palm viruses," says Steve Gottwals, a spokesman in F-Secure's North American headquarters in San Jose, Calif. "It is just a matter of time before something like that happens. We want to prevent such attacks."

Gottwals says the EPOC system offers real-time protection against binary viruses, script language viruses, Trojan horses and e-mail bombs. The system is one of the first to have such capability. The system uses a mobile scanner technology to enable F-Secure researchers to analyze and disinfect future viruses.

Gottwals says that F-Secure understands that cell phones can become just as large an information provider as PCs, so securing them should become just a big an issue a securing a computer.

F-Secure is focusing on the corporate environment from a database standpoint. The company supports businesses with a range of centrally managed and widely distributed best-of-breed data security applications built on a scaleable management infrastructure.

The company has developed a system to combat attacks on hand-held computers or other wireless devices that can display Web information. WAP or wireless application protocols are now being developed for the wireless world that can create a PC environment of shared information and possible downloads.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue