Google Researchers: Users Have Way Too Much Faith in Antivirus Software
Wanna stay safe online? Patch your shit and use a damn password manager.
If you pay some attention to the news, you know that hacks and security breaches are—sadly—becoming the norm.
No one is safe: big companies like Target, important US government agencies, Syrian dissidents, online dating sites (more or less ethical), and even surveillance companies that provide hacking services themselves.
So what can we all do to stay safer online? The good news is that there are very basic and easy things anyone can do. The bad news is that regular people have an almost totally different idea of what they need to do compared to what actual security experts say we should do.
"Software updates, for example, are the seatbelts of online security; they make you safer, period."
For example, only 2 percent out of regular internet users polled by Google security researchers believe that installing updated and patching software is an important security practice, while more than one in three security experts believe it should be the top priority.
"Our findings highlight fundamental misunderstandings about basic online security practices," three Google researchers wrote in a post explaining their findings. "Software updates, for example, are the seatbelts of online security; they make you safer, period."
Iulia Ion, Rob Reeder, and Sunny Consolvo, the three Google researchers, asked 231 security experts and 294 regular internet users what people should do to stay secure online. The chart below sums up their findings.
As you can see, there is some common ground, but also some fundamental misunderstandings. Most regular users think Antivirus programs are the most important thing, and Antivirus is not a bad idea, but it's a solution that more and more experts believe is not enough anymore.
The easiest, and even cheapest, thing to do is simply keeping software up to date. As one expert quoted by the researchers said, "patch, patch, patch."
Use a damn password manager to make unique passwords
Oh, and please, use a damn password manager to make unique passwords, and enable two-factor authentication.
You can read the Google researchers' academic paper explaining how they did the research and what they learned here.