When you write about complex subjects such as security for a mainstream publication like The Washington Post — as I did for so many years until very recently — you sort of have to assume that a non-trivial number of your readers don’t have the strongest grasp of technology and security issues. But I’m curious how krebsonsecurity.com readers would describe their level of comfort with computers and the steps it takes to remain safe online.
Last week, Jerome Segura, a security analyst at ParetoLogic of Victoria, B.C., Canada, published a lighthearted blog entry in which he splits computer users intoย four basic classes:
-Extra-cautious (paranoiacs)
-Those who somewhat understand
-Those who are over-confident
-Security-conscious folks
Segura also suggests the delineations between these groups may break down along generational lines (pre-boomers, the early boomers, the 70s and 80s users, and the 90s to the present). I’m sure plenty of people would disagree with both of these sets of generalizations. I would add a 5th group, to describe the most recent generation, which I’d label the “complacent” or “invincible.” These users — typically in the teenage to young adult age group — often see security as something that’s optional.
Which type of Internet user are you? Pick the answer that best describes you in the poll below. Don’t see a match? Leave a comment and tell us which category is missing.
[poll id=”2“]
Wary. Which as someone said above, is why I read your blog every day. I use Opera on a mac.
I am vigilant at keeping Windows and AV up to date. I am also wary that updates and AV solutions lag the criminals efforts to steal and plunder. So, I guess I’m confident, but wary!
I always enjoyed your column and chats at the Post, Brian. I wish you success in your new venture! You help to fill a security vacuum in the media . . . particularly for people like me . . . and I have tried to take advantage of the advice you have offered.
Good luck with the blog!
Confident. With free avast! and two paid anti-malwares I’ve been clean for four years. As soon as I replace a sick processor, Windows goes back in WITH that darn Limited User Account.
Wary: am using Debris Linux now…relaxing a little…Windows caught something even on a limited user account! Will be counting on your new site for any Linux malware reports…will let you know if I get any.
http://oreilly.com/catalog/9780596003234/
Firefox running noscript on a Mac, and I read you columns, hell yeah I’m confident ;~)
Good luck on the blog!
I got tired of the constant maintenance (and vigilance) required to run Windows, and went to a Mac several years ago. I’m not one who thinks Macs are bulletproof, but I’ve never regretted it. I still do all the security updates on my kid’s (Windows) laptop to remind me of what I don’t miss.
I am extremely wary and yet I use Firefox for my browser . The only time I use IE is when I am forced to do so.
Some point of time someone will find a way exploit the weakness in any computer system as well as the users so the best way to keep your security up to date at all time. At the same delete any kinds of email selling products or claiming you won a prize or a bank representative job and the address is a throwaway account (gmail or yahoo and etc)
I find no benefit in saying ‘I am confident’ about security. That’s actually nonsensical. Security should not be a continual daily challenge. Nor it is wrong to say security is just for Windows lusers. If Windows disappeared tomorrow, the world would be so radically different that no one here would recognise it. Windows has hundreds of thousands of malware strains in the wild; only people who’ve devoted time to helping the helpless with Windows know how utterly horrible it is; reps from MSFT themselves estimate spam accounts for 92-97% of all SMTP traffic – to attempt to sidestep this is to pussyfoot around the real issues. We don’t need more security consciousness – we need an OS regime change.
The options in the survey are incorrectly formulated.
Anyone who runs Windows is just a click away from pwnage.
Windows is not perfect, but it is getting better with Win7. I’m not sure it matters since the biggest security hole on any computer is the user. Technology can only go so far.
To be on the paranoid side I browse with Firefox, adblock plus and noscript. And I run it in a limited user sandbox.
I agree that “The options in the survey are incorrectly formulated.”
It’s not like they’ve had decades to get their crap together or anything…..
They got their heads handed to them and ever since XP SP2 they’ve been trying to patch the holes as they get exploited. A billion dollar whack-a-mole.
Living on Linux now after my family and friends have had their computers ravaged time after time. I know, I know…..I am not overconfident, my machine can get infected too but at least I have a fighting chance. I recommend dual boot into linux or virtual windows machines to survive
I think I just totally cursed my PC Security with this vote. The results came back and I’m voter # 666…there’s no way that can be good! I took a screen shot to remind myself that regardless of how I voted I now belong to the Super Paranoid group.
Well, I put confident… and I am.. Though I surf as a limited user, never disable my antivirus and spend most of my time in security cleanup forums.. I remain confident… Oh, the reason I spend time in the cleanup forums is…. I am cleaning up other folks computers who were…. Confident, wary, overconfident or invincible… Unfortunately with the threats today…. They all show up at some point. ๐
I don’t get viruses, but I can get rootkit-ed. Odds of the latter are a whole lot lower, but it could happen.
Perhaps a better measure would be based on action: what steps to you take to protect yourself:
NAT w/ all ports closed.
IP firewall with statefull inspection and monitored services.
DMZ
Sacrificial Goat in DMZ for outside access (in and outbound).
There is a similar chain for password security (e.g., changing your password on the way out to avoid trojans), full process monitoring to detect trojans, etc.
Depending on how far you’ve gone to set up a full firewall and safety procedures we know how much you care to know — and do — about security.
Extra-cautious (paranoiacs)
I think I am the template to the paranoid category that Jerome often refers to. I am surfing in Linux, in Firefox, with “no script”, “adblock plus”, and “flashblock”. There are some site that we have found out there we will only surf to with wget.
Wary. Which is why I read your blog every day.
Confident – I am working in the I.T industry and have to deal with this on a daily basis. I can’t say the same to all the users who I have to deal with everyday.
I have become paranoid as I discovered that on-line access to my commercial bank is via ONLY IE with Active X on. Most other banks require the same. Would like to use only linux/firefox but seems the banking world just won’t allow customers to be security conscious.
Download Opera and see if it Just Works ™ — you may have to tell it to fake what it describes itself as.
After that ask yourself if you really want to deal with a bank that is not interested in your security. If not, then find a place that doesn’t require the security holes (on your part) to make use of their online services.
Checked “wary” but am also confident … running Firefox w/ NoScript on a 5 yr old HP desktop, but unhappy w/ FFox slowness lately & am using Chrome, too.
eSet NOD32, malwarebytes, webroot spysweeper (cumbersome but seems effective at finding/warning of problem potential), etc.
so far, so good (fingers crossed).
likely to go to my parents’ little used iMac w/ dual boot/Parallels + Win7 in a few months/a year.
Thanks for your great work.
Depends. I’m currently in ‘bring it on’ mode – that’s because I have booted my PC with a Live Linux distribution from a USB memory stick. Not so easy to infect a read-only operating system.
When I’m booting this machine with Windows, I’m a lot less confident – I know my Reader/Flash/Java/… versions are not not necessarily the latest and greatest, and it’s an employer-supplied machine.
Where’s the “Gets headaches from overly tight tinfoil hat” option…?
Erik raises a good point. I think the poll would reveal some interesting info if modified so people could rate what sort of internet user they are *depending on what platform they’re running*. The only time I go into Bring It On mode from a Windows machine is if it’s a test beater box that’s already one reboot away from a complete nuke ‘n pave.
Then again, such a poll would only make sense to (and for) the sort of user demographic that frequents blogs like these in the first place. ๐
Which highlights the underlying issue with the broader user demographic: the silicon is not the problem – it’s the carbon we have to deal with.
I voted Confident, but as was already said, I would never say “Bring it on”. I work in the Computer security field and have never had an infection on my work computer. But I am very careful….
I voted for confident, but only because I am careful when I do surf and use Site Advisor as a guide (guide only). Also, I don’t download anything except what comes from a security neurotic friend who insists I keep my computer safe — as she does hers.
I am not a gamer so that potential threat area is missing.
I have a special on the web e mail for anyone who does a lot of forwarding of ‘stuff’ found on the net.
So I am ‘wary’, too.
And I read this blog regularly for added security and wariness!
I consider myself “wary” (I run nessus on my home LAN occasionally, even though it crashes my Brother networked laser printer and congests the logs on my Linux machines, and every potential flaw it finds is intentional). But I think that the current crop of software that we all use every day makes virtually every category “vulnerable”, like it or not.
When I was a security professional, we used to half-seriously say that “the product of security and utility is a constant”, and that our job was to raise the value of the constant. The problem we all face is that we still want SOME utility out of our systems! For example, cautious people shut off javascript and flash, but did you also shut off loading jpegs and png’s? Based on past exploits, you still could have been hit. Where do you draw the line? Text-only web browsing just isn’t much fun!
The real answer is basically what someone pointed out in an earlier comment, the ultimate expression of the “least-privilege” principle: you just can’t trust a system that you use for fun things with any of your secrets. ASSUME the fun system will be taken over every time you use it. NEVER type a password or credit card number into anything but your production system, and do everything you know how to do to keep that one safe – and NEVER do anything but your business on it. Virtual machines make this pretty easy and very cheap – check out VMWare and Virtualbox, both free.
I was directed to your blog by the guys at PaulDotCom.com
You have good content and I look forward to reading future articles.
What kind of Internet user are you?
Everyone should be (or strive to be) confident unless they just crawled out from under a rock and are still delivering letters with a stamp.
Everyone should also be cautious. Surfing the web is no different from driving around in your car. Sometimes you find youself in strange places where you need to lock the doors and not stop to ask for directions.
It’s my experience that there is a sizable group of people who refuse to attempt to understand anything about computers, feeling that they are too complicated. This attitude seems to cut across all ages/generations. I am 61 yrs old, been working with computers since the DOS/BBS days. I still work in IT for a non-profit, so I have to deal with employees and volunteers in a kind way (not often easy). Security is not easy, but I do have everyone more or less trained to call me the instant anything unusual happens. Hopefully. With my small amount of knowledge I am often totally amazed that networks and the internet work at all, not to mention as well as they do. Scary.
I’ m afraid I fit into the category of those “who somewhat understand”. I too have been around abit (TI) Texas Instruments…But I must confess I always felt that security was something that lacking and it’s true meaning to “WEB” or internet was dismissed in favor of “glitz and glammer”. Securing your enviroment should be first and foremost on everyone’s agenda. And this blog(Shameless Plug) is one of the best I’ve participated in…..
B;
Anyone who follows some of the security websites on a regular basis and IS NOT paranoid just doesn’t get it.
I’ve moved from the 2 hours a day fixing, updating, reading about and backing up a Windows home network, to another world: Linux.
Not entirely carefree, but now I have about 10 hours a week to dedicate to actual creative work on a computer.
Meh.Ive been a user for 15 years now and got hit with two viruses.None in the last 10 years.Ive always been in the security conscious crowd.Gotta keep one foot in reality at all times.
If there is one thing i know its human nature.
“Surfing the web is no different from driving around in your car. Sometimes you find youself in strange places where you need to lock the doors and not stop to ask for directions.”-
Good advice for anyone.