Less Than Half of Consumers Feel Safe Shopping Online

Less than half the consumers using the Internet feel safe shopping online, according to a survey expected to be released today by Symantec, a maker of anti-virus and security software.

The survey, based on a sample of 2,400 consumers, revealed that some 60 percent of those respondents felt less than safe shopping online.

“Only six percent of the people said they thought they were very safe and another 35 percent thought it was safe,” Symantec Security Response Senior Director Vincent Weafer [cq] told the E-Commerce Times. “So in general you’re finding a combination of people who are using online activities but they’re also wary of some of the threats and risks out there.”

Missing Message

Although 98 percent of respondents disclosed that they were doing “something” to protect their privacy online, only 63 percent check a shopping site’s security policy and 49 percent set their browser’s security settings to block cookies and other kinds of tracking software.

“The message is still not quite out there,” Weafer said. “While people are getting generally concerned, they’re not quite sure what actionable items they can do when they are at risk.”

It’s easy to understand why consumer concern is increasing in light of some other findings in the survey:

• 83 percent of respondents said they’d received e-mail from strangers;
• 82 percent revealed they’d received solicitations from companies they’d never done business with;
• 52 percent had received a fraudulent e-mail from someone asking they to buy something;
• 51 percent had been contacted through e-mail by someone pretending to be a real institution and requesting personal information; and
• 50 percent had been infected with a computer virus.

Fewer Pandemics

Those findings support the opinions of the security community that online misbehavior morphed this year from less mischief to more crime.

Pandemics, where a malware hacker tries to infect as many machines as possible with malevolent code, plummeted to five in 2005, compared to 32 in 2004, according to Weafer.

Although there are fewer pandemics, he noted, the actual number of viruses, worms and trojans released into the wild increased, year over year, 143 percent.

More Insidious Approaches

He maintained that an increasing amount of that malware is being aimed at pilfering personal information — key loggers, password savers and remote access trojans.

“We’ve gone from half of all malicious code to 74 percent being all about stealing personal information and exporting it from your machine,” he said.

Graham Cluley, senior technology consultant for Sophos in Aingdon, UK, noted his company’s labs have noticed a marked departure from past paths for malware writers.

“They’re no longer writing e-mail worms, they’re writing trojan horses,” he observed. “We’re seeing a real shift away from really loud viruses to more insidious types of infection.”

Hacking for Dollars

Sam Curry, Product Management Vice President for Etrust Security Managment in Islandia, N.Y., characterized 2005 as “the year of hacking for dollars.”

“These aren’t 14-year-old kids hacking in the basement writing viruses,” he told the E-Commerce Times. “They’re now doing this for a job. There’s real money involved in this and venture capital and business plans and a whole lot more.

“There are companies now manufacturing this bad-behaving software,” he declared. “That’s the story this year about the state of security.”

Bad Boy Sony

A prime example of that cited by Curry is the Sony Corporation which has incorporated a rootkit — a particularly insidious form of malware — into some music CDs it recently released.

“It’s a amazing that Sony claims that there’s nothing wrong with what they’re doing,” he said.

“But I don’t think that Sony is going to be an exception,” he continued. “I think a lot of companies will follow the same model.

“What we’re going to see,” he said, “either things will take a turn for the better and companies like Sony will be stopped from doing this or they’ll take a turn for the worse and other companies will start doing it, too. Then you’ll have seven, eight, nine, 10 rootkits fighting over your computer.”