Users' Bad Habits Invite Malware

Some estimates suggest spyware problems in the U.S. are decreasing, but writers of all kinds of malware are prevailing – partly because of computer user behavior, antispyware experts have stated.

Computer users far too often run outdated antivirus software, operating systems and browsers that have not been updated or patched since time immemorial because they're scared of change, said Janie "CalamityJane" Whitty, administrator of security software vendor Lavasoft's online support forums.

Whitty sees people running a 2003 version of antivirus software, she said during an Anti-Spyware Coalition conference in Washington, D.C. "The nature of malware has changed since 2003," she added.

In addition to problems caused by users, there's a healthy underground market for the kinds of data compromised by spyware and other malware, said Stefan Savage, director of the Collaborative Center for Internet Epidemiology and Defenses at the University of California in San Diego. The center monitored a popular malware-trading IRC forum for about six months in 2006 and found the advertised value of compromised bank accounts offered there was US$54 million.

While some estimates show the spyware problem shrinking, U.S. companies and consumers are losing the battle against malware in general, Savage said. Antivirus vendors, in unguarded moments, will say they're able to catch less and less malware as criminals become more sophisticated, he said.

The chances of an Internet fraudster getting caught are "virtually zero," he added.

"By any objective measure... this is something we end up losing on," Savage said. "The more money these guys make, the more money they can invest to get better."

The panel on consumer behavior kicked off a day-long session on fighting spyware, during which many experts said they continue to have major concerns about spyware and other malware. Those concerns remain despite Consumer Reports' annual estimate of spyware that suggests the problem is declining. The magazine estimated that 850,000 U.S. households had to replace computers in the first half of 2007, with the cost of fighting spyware at $1.7 billion for the year. In 2006, spyware cost U.S. individuals and businesses an estimated $2.6 billion, the magazine said.

Part of the problem is that people hang on to outdated operating systems and browsers, even though newer ones have better security controls, because they don't want to learn how to operate the new software, Whitty said. "The malware changes," she said. "If we don't change with it, they're going to win."

Computer users seem to be of two minds when it comes to giving up personal information, added Susannah Fox, associate director at the Pew Internet and American Life Project, a research organization. Many young computer users will refuse to disclose personal information to e-commerce sites, she said. "But yet this is the same group that is putting their whole lives" on social-networking sites, she said. One private detective has told Fox that social-networking sites make it significantly easier to track down details about people, Fox said.

No one hast to have outdated antivirus and anti-spyware and anti-malware software. There are great programs out there to be had for FREE that will do the job properly and often better than the paid-for bits of software and on the other hand there are also operating systems out there available for free that are not even susceptible to any such threats. However, for the Windows PC user rather than the Linux PC user antivirus and other protection software, as well as all the patches, is a must and programs like AVG from will give great anti-virus protection for FREE, and then there is Spyware Search & Distroy, Spyware Blaster, and AdAware. All are free to the home user. All people must do is (1) download and install then, (2) regularly, ideally daily, update them and (3) run regular checks.

A protected Windows PC is a happy PC. Otherwise get a Linux PC; that is an even happier PC.

Michael Smith (Veshengro), February 2008