Sunday, June 07, 2009

Does being aware of the dangers on the Internet make you safe?

From a study done by PayPal one may conclude that the Dutch are the most naive about internet security, only 23% of the Dutch worry about loosing their digital identity versus 90% of Americans. But does being aware really make you safe enough on the Internet?

The quoted article seems to indicate that Americans are much smarter than the Dutch on the topic of being safe on the Internet. But from what I have seen and heard about the kind of threats that are out there no one not even Americans are aware enough to really be safe on the Internet.

There are countless ways in which your identity can be stolen or your computer can be infected even if you run the best anti virus software out there.

So maybe Americans are more aware than the Dutch which will help a little in not falling for "phishing" attacks, but your awareness is not going to help you if you naively click on a link you see in a comment section of your favorite (and thus trusted) online news or sports web site.

You click on the link and are taken to a web site that might or might not be interesting to you and before you can close the web page, a piece of malware will creep into your browser and from now on every time you visit a web site your user name and password are transmitted to the hackers web site. In other words your identity was stolen and all you did was click on a link on a trusted web site.

It is true that some anti virus solutions have a list of malware sites that are out there and will keep you from clicking on them, but there is no way they can keep up with the hackers who can create these links automatically in large numbers. So neither awareness nor anti virus solutions can totally protect you.

So what can we do? There are two ways: one is the kind of technology solution that BlueGem Security is providing (full disclosure I am one of their technical advisors), where they encrypt every keystroke such that even if a hacker could see the keystrokes they will not be able to decrypt them.

Another way is to change the way authentication is done on important web sites such as your bank, your online trading account and even PayPal. However changing the way you do authentication has to be done carefully; yes you can design some draconian method that will be very safe, but make it too draconian and you will scare away customers. It is time something is changed in the online authentication space.

No comments:

Post a Comment