Subscribe to RSS
Follow me on Twitter
Join me on Facebook
When you write about complex subjects such as security for a mainstream publication like The Washington Post — as I did for so many years until very recently — you sort of have to assume that a non-trivial number of your readers don’t have the strongest grasp of technology and security issues. But I’m curious how krebsonsecurity.com readers would describe their level of comfort with computers and the steps it takes to remain safe online.
Last week, Jerome Segura, a security analyst at ParetoLogic of Victoria, B.C., Canada, published a lighthearted blog entry in which he splits computer users into four basic classes:
-Extra-cautious (paranoiacs)
-Those who somewhat understand
-Those who are over-confident
-Security-conscious folks
Segura also suggests the delineations between these groups may break down along generational lines (pre-boomers, the early boomers, the 70s and 80s users, and the 90s to the present). I’m sure plenty of people would disagree with both of these sets of generalizations. I would add a 5th group, to describe the most recent generation, which I’d label the “complacent” or “invincible.” These users — typically in the teenage to young adult age group — often see security as something that’s optional.
Which type of Internet user are you? Pick the answer that best describes you in the poll below. Don’t see a match? Leave a comment and tell us which category is missing.
Loading ...
Tags: paretologic
What? No novices? C’mon people. This poll is for posterity!!
Seriously, though, it is at least anonymouse.
Like or Dislike:
2 
0
I voted Wary. But your categories are not well chosen for me. I know enough to know I don’t know enough.
I’m a retired engineer/physicist, and a student.
I’ve audited several courses in practical computer science (4 semesters of Cisco, A+, etc, and hope to take
a course on Windows Server 2008 this semester.)
I read your work almost everyday.
Roy
Like or Dislike:
2 
0
test
Like or Dislike:
0 
0
For posterity? What did posterity ever do for me?
Well-loved. Like or Dislike:
5 
1
I too have to say that the categories offered don’t realistically describe me – I’d call myself “Cautiously Invincible”. I don’t run Windows, yet many other dangers lurk that are independent of platform, so I am on lookout for them. And I read your blog, so I try to stay up to date on these issues.
BTW, 2 votes for “Novice” have appeared since your exhortation – were they really Novices, or were they just trying to make your day?
Like or Dislike:
0 
0
I marked “confident” as the most accurate answer for me. However, I would never say “bring it on.” I;m not sure how serious this poll is — not complaining, just saying.
Like or Dislike:
1 
0
What happened to the Extra-cautious (paranoiacs)? I am often defined as such, but I have worked with computer for far too long to take security lightly. It is probably the highest priority for me, so much so, I must spend nearly 1/2 my time checking geek blogs and get updates from sources the more knowledgeable IT techs get! I guess that would make me a “Paranoiac!”
Like or Dislike:
1 
0
Windows is for Losers, well said.
I’m more concerned about privacy than security on the Internet. With Firefox plus NoScript and GNU/Linux, all my ducks in order security-wise.
Just last month I deleted my Facebook account, that took a lot off my shoulder.
Eric Schmidt said that only 10% of Internet users care about security and privacy, all my life I knew that I didn’t fit in lol.
Well-loved. Like or Dislike:
5 
0
I’m a 52 year old woman and maybe that makes you think I should be in the novice category BUT I know more than my cohorts about computers and security. I went back to school three years ago and earned an AAS degree in computer science. Not exactly an MIT degree, but on the other hand I’m not trying to use the DVD drive as a cup holder.
Could be that novices just don’t read your blog? They are the ones that need the information the most but if they were inclined that way they wouldn’t be novices for very long.
Well-loved. Like or Dislike:
7 
0
Statisticians call that a “self-selecting sample”.
Like or Dislike:
4 
1
I have been installing and maintaining computers and computer networking technologies for 30+ years (I sent my first e-mail over what was to become the Internet in 1982). The technologies that most people take for granted today are indeed very complicated. If I have learned anything over the yearss it is to be wary of these technologies because things can and do go wrong.
When it comes to your survey I guess I am Wary Internet user, but I am by no means a novice user — quite the opposite in fact.
Well-loved. Like or Dislike:
4 
0
Most people describe themselves as confident – not very surprising given that all other categories sound slightly negative and nobody likes to describe himself in a negative way. I guess you will only really find out when you see the comments to your posts.
Like or Dislike:
0 
0
I come from the Compuserve days, when I used a Brother word processor with an attached modem to get online. I’d have to list myself as confident, considering my age, and my job. =)
Like or Dislike:
0 
0
I listed myself as confident, but I’m only confident because I’m paranoid.
I’m writing this via nano, and saw your page in w3m. I whitelist javascript per site. Etc, etc. Sure, I use konquerer and firefox+noscript sometimes, but this isn’t my “fun” disk. I dual boot, and swap drives to do so. Nothing on my “important” drive can get screwed up by a virus on the “fun” drive. And if the “fun” debian gets malware I can reimage it without losing anything important.
Like or Dislike:
1 
0
My first thought was that “oblivious” was an obviously missing group. Then I realized that the kind of users I had in mind (some current or former clients) would be very unlikely to read Krebs on security. If they did, they probably would choose confident. Count me wary-to-paranoid; certainly not bring-it-on confident.
Like or Dislike:
0 
0
And users’ behavior is different at work and at home. Same wary home user may be an invincible at work.
Like or Dislike:
0 
0
I’d argue that the overconfident users are enough of an overlap with the youth-of-today, Brian, that your fifth group is not necessary. There are plenty of overconfident users that are careless; security is just not their problem, it’s something that eventually comes because someone else does the work.
Their machine is owned by a Russian bot in either case, careless or clueless.
Like or Dislike:
0 
0
I don’t fit into any of those categories.
I’m a security practitioner and have been studying security for about 10 years now. I have been using computers for about 25.
The closest category I would fit into would be the “Bring it on.” option – except that sounds too overconfident for me. As an example: I can’t see the results of the poll because I don’t have javascript turned on.
I use computers assuming that I might be wrong about my setup and there might be someone smarter than me out there who is trying to get in. That might actually fit the “paranoiac” category from Jerome. But as the always say: “You’re not paranoid if they really are out to get you.”
Well-loved. Like or Dislike:
4 
0
I would have voted, but I surf with javascript disabled. “Confident”
Like or Dislike:
1 
0
Squeek!
Anyway. I found it hard to find my niche, because I’m confident, but I’m also pretty cautious because I know that it’s a jungle out there.
Who moved my cheese?
Like or Dislike:
0 
0
There’s no category for the security professional. I’ve been working in computer security professionally since 1985; on the internet since about 1979 (when I was a UCLA).
Like or Dislike:
1 
1
Complacent invisible – that’s good! And that’s them alright! LOL
Security for Windows (l)users – actually the shoe fits. And there’s way too little accent on how leaky unfit operating systems undermine our general security. Security for Windows (l)users sounds like ‘but oh I run a Mac I don’t have to worry Macs are cool’ which of course is the ultimate sucker POV because those people get screwed by social engineering and second grade hacks all the time. But educating the masses is easier if they don’t need to be educated. We devote way too much time to security today. We have to of course right now – but it’s not ideal. I firmly believe things would be dramatically better with only secure operating systems being used to connect to the net.
Like or Dislike:
0 
0
59 years old and methodically cautious
Like or Dislike:
1 
0
I, too, see methodical caution in my Internet habits, and I’m 63. I try to keep a healthy perspective regarding how much I don’t know about computer security in today’s sophisticated threat environment. Although I have paid subscriptions to AV, firewall, and anti-malware programs, I think the most important thing I do is conscientiously patch. I worry the most about shooting myself in the foot by inadvertently misconfigured security software resulting in conflicts and reduced protection. I also think it’s important to fight back, so I send my firewall logs to DShield every day.
You write informative, thought-provoking and timely posts, Mr. Krebs. I look forward to reading daily and learning much.
Like or Dislike:
3 
0
Only one I really fit is the confident option. Anyone that thinks themselves overconfident or invincible, is kidding themselves, and doomed to fail.
Like or Dislike:
0 
0
Brian: I’m having trouble relating to your categories. I’m very wary, but confident. I listen to a couple of security podcasts per week. I read multiple security feeds per week. I subscribe to a couple of security mailing lists. I’ve developed web sites. I’ve attempted to clean other peoples infected Windows machines. I do my banking and surfing mostly from a Linux OS.
Thanks for your reporting.
Like or Dislike:
0 
0
Being a Mac, Apple OS-X, only user, I’m less paranoid, but cautious by simply using common sense and the obvious firewall and system check programs. Mostly it’s just check where you go and what you do, and by all means don’t open files you don’t know.
I don’t think we’ll ever have complete secure computers (the Cheney logic). Hackers will always still work to find holes to exploit and Microsoft, Apple, Adobe, Google, etal, will continue to react with patches and updates. It’s the risk you take and the price if you’re not prepared.
Like or Dislike:
1 
0
I’m unable to participate in the poll because I’m running NoScript. What category does that put me in? How about, “Wary and Educated: PC ISN’T slow today… I’m a SANS GSEC certified IT Technician. Haven’t had malware in years.”
Like or Dislike:
1 
0
I work as the IT Security Advisor for an Aussie Federal Gov’t department (small one), and have been heavily involved in IT for over 25 years; the last ten in IT security. So I’m pretty sure of my ability to protect myself, but not so cocky as to think “It couldn’t happen to me!”.
So I rated myself as Confident. I have tried various A-V products and settled on the one that I have greatest confidence in, I have a top-notch firewall and other bit and pieces, I practice good (ie, cautious) online behaviour, but most importantly, I test myself and my assumptions pretty regularly, and I stay up-to-date with events from sites like this one.
Brian, the reason there may be very few in the Novice category in your poll is that ours is a pretty small industry. And while I believe you are among the best (if not THE best, IMHO) investigative reporter in this sphere, you’ll forgive me if I point out that you don’t have the audience draw of Bruce Schneier…yet!
So novice users probably haven’t found you, and maybe won’t. Just us pros.
Like or Dislike:
0 
0
I couldn’t take the poll because it requires Javascript to be enabled.
Like or Dislike:
2 
0
Yeah and who can’t find the ‘any’ key?
Like or Dislike:
0 
0
Invincible because paranoid. I back up my data regularly (thank the FSM for Time Machine), don’t open attachments from unknown people, or people I wasn’t expecting attachments from, and take the other usual precautions.
Like or Dislike:
0 
0
I’m confident but that’s because I know how to take all reasonable precautions.
Like or Dislike:
0 
0
I’m a paid professional paranoid who’s been around IT long enough to remember Teletypes and punch cards.
Like or Dislike:
1 
0
I don’t fit into any of those categories – “bring it on” is overconfident.
I put myself in the category Vigilent But Not Overconfident or Paranoid.
I pay for what I consider to the best antivirus program, rather than using a lesser free program. I keep Vista’s UAC turned on. I have IE8′s SmartScreen Filter turned on. I keep Windows and all applications up to date, including Flash and Adobe Reader. I currently have Java turned off in Adobe Reader.
Like or Dislike:
0 
0
I’m a wary novice. I can fix most hardware issues and install and remove legitimate software but it comes to recognizing and effectively removing malware I’m in over my head. I do use a linux live CD for online banking.
Like or Dislike:
0 
0
There was no category for paranoid, which is where I belong. I long ago took your advice and cruise the internet as a limited user. So I registered as ‘confident.’
Like or Dislike:
0 
0
I am a software developer, and have worked on network protocols, and have used and developed code that uses both Kerberos and secure shell, and others. I have worked on both Linux and Windows.
I see things both from the enterprise level (where we rarely if ever have problems) and from the home user point of view (where people don’t know squat and view the computer as an appliance of sorts, and you have people trying to download “free games”).
I guess what alarms me the most is how blase most users are related to security. I suppose if you never used a credit card # or did online banking, there isn’t as much danger (but you could still give up enough info for identity theft). But most people buy stuff online, and lots of people do online banking.
When we encounter bugs, there is oftentimes a chain of events – one unexpected result can lead to failures downstream that can cause other unexpected behavior. While one might fix it by fixing only one of these issues, that still isn’t very robust – typically I would want to understand the entire chain of events, and break as many of the links in the chain as possible.
Security is sort of the same way – there are multiple levels of protection. I remember the old days before people commonly used firewalls and all of the malware that did port scanning and tried to infect buggy network clients. Now firewalls are much more common, and some people assume that this together with good AV software gives you complete protection. In some ways it is even more dangerous in that it gives people a sense of complacency in that they think that they are no longer vulnerable.
What is most interesting to me now are the phishing and social networking attacks which appear to be far more effective in getting people to infect themselves with malware.
Like or Dislike:
2 
0
I’m confident, but I don’t want anyone to “bring it on.”
If they do, however, I can just reformat and reinstall Windows. I do that three or four times a year anyway…
Like or Dislike:
0 
1
I chimed in as confident as well.
FF with NoScript, java/adblock and all the rest of the usuals that a security minded user should have. But as others have said, I chose ‘confident’ simply due to my comfortable paranoia and the counter/preventative measures that I have in place.
Like or Dislike:
3 
0
I also marked myself as confident, but don’t want anyone to “bring it on”. I run FF w/ No Script + AdBlock on Linux and Windows 7. I’m probably a bit paranoid though, submitting most downloaded executables to virustotal and Sunbelt Sandbox before running them. However, I’ll trust the applications installed through apt-get or from a well known provider such as MS or Adobe.
Like or Dislike:
1 
0
I agree with others that I don’t fit in any category. I am a long time reader of Security Fix. As such, I take strong precautions to keep my computer locked down (non-admin account, Firefox with NoScript, anti-virus software, always on top of updates to OS and software, etc.), but I know I can still be hit. I read-up on the latest confidence attacks so I don’t get fooled by phishers, etc., but never feel complacent.
As far as knowledge goes, I am professional web developer, so I am knowledgeable about security from a user’s perspective as well as a site administrator/developer’s perspective (heavily involved with PCI compliance these days). I read other security blogs and magazines for the server/admin side of things and Brian Krebs has been my number one source for the browser/user side for some time.
I very excited about the new blog. Good luck!
Well-loved. Like or Dislike:
6 
0
I am a wary user not because I don’t understand the technology but because I do understand what can and will go wrong with the technology.
As soon as we get complacent up pops some new attack that no one ever envisioned.
Nothing is ever 100% and that is how I have used computers since my Radio Shack TRS-80 days.
Like or Dislike:
3 
0
Although I checked “confident,” I think you need a category between “wary” and “confident.” Let me say that I feel confident enough to do a number of things on our PCs & Macs, including maintaining security settings & updates, and confident enough to call in an expert when I sense things aren’t going right!
Like or Dislike:
1 
0
I voted Wary … which is why I read this blog to find out what’s going on.
Like or Dislike:
2 
0
Paranoid enough (and apparently not the only one) to disable javascript.
Like or Dislike:
3 
0
i’m not sure if it’s even worth it to bring this up but i question the utility of a poll about how people feel about security/technology when people’s feelings about such things are often completely disconnected from reality.
Like or Dislike:
0 
1
Where’s the paranoid option? I don’t even use the built-in M$ Firewall (XP) or the M$ Security Essentials, just on the general “fox and the hen-house” principal.
Like or Dislike:
1 
1
Wary vote here.
I’m the #2 tech at a busy little SW US repair shop (15 – 30 PCs /week) and we speak with many varieties of computer users and the issue we confront most is the glassy-eyed stare we get when we try to gently but firmly point out that Antivirus (anti-whatever) products are not the answer to acceptable security. But stepping up security measures for novices is a repair shop’s nightmare (time=money). Call me a fatalist but right now I don’t see how anything but a write-protected Windows OS could provide salvation for the masses in the near term. Thanks to Brian and other commentators. Back to work now–gotta go dance with another nasty rootkit.
Like or Dislike:
1 
0
Like others who have posted comments here, I am confident that my computer system is as secure as I have been able to make it. For example, I run Firefox with NoScript in a Sandboxie sandbox. However, experience has shown that sooner or later something will find yet another vulnerability to exploit, and it might do that before either I or anyone else can create and implement a remedy.
So, I don’t challenge anyone to “bring it on” for the same reason that I seldom participate in “beta testing” anymore. I just don’t want to devote the time and energy that is likely to be required to deal with the adversity unless and until, of course, there is no other choice.
Like or Dislike:
0 
0
Brian – I voted ‘confident’ but am actually between ‘wary’ and ‘confident.’ Wary because I know the challenges; confident because I have layer after layer of defense-in-depth.
I agree with Kurt Wismer that in matters of security how we feel can be totally disconnected from reality. A recent true-to-life example: After your Washington Post piece last September on cyber crooks targeting schools, I emailed a private-school client of ours to review their online bank procedures. Their IT director emailed me back that they use 2nd-factor authentication and went on to write that “I can’t imagine this isn’t safe.” I emailed her back, pointing to your earlier piece about the problems with 2nd-factor authentication. Her imagination notwithstanding, the flaws in 2nd-factor had been well publicized during the couple of months prior to her writing that ‘she couldn’t imagine …’.
This ‘failure of imagination’ is, I believe, one of the biggest challenges we in the information security community face helping our clients [or our companies] properly secure their sensitive information. As Will Rogers said: “It’s not what people don’t know that get them into trouble. It’s what they do know that just ain’t so.”
One of the key reasons for the ‘failure of imagination’ is that information security is very arcane and totally out of the normal context of the average business decision-maker. That’s why what you do — writing about this problem in a way that non-techies can connect to — is so very very important.
Keep up the good work!
Well-loved. Like or Dislike:
6 
0
There are some really terrific comments in here. Thanks to all who responded.
I realize the poll is somewhat lame and limited, but believe it or not it does help to know one’s audience to a degree, and these comments help even more.
Well-loved. Like or Dislike:
7 
0
There really are only two types of computer users: those who have lost valuable data, and those who are about to…
Am more confident since consciously seeking to be become better informed, and thus, better prepared, via security websites such as Kreb’s.
More confident definitely, but ALWAYS vigilant.
Like or Dislike:
3 
0
A “comfortable and vigilant” category is needed.
Like or Dislike:
2 
0
I would rate my use as cautious and conscientious. I have good security skills and software, but am aware that there is always someone looking to take advantage.
Like or Dislike:
3 
0
zmlp puts it well; I too am confident … but vigilant.
Like or Dislike:
0 
0
wary and vigilant but knowing that no protection system is perfect, every system is vulnerable.
I say that as a mac user who helps family members who still use pcs, have NO idea what to do, how to do it properly, when to do it, etc … and again I write that knowing that: NO system is invulnerable and no system created thus far is actually user friendly but the marketing makes it seem so.
Most regular non-tech users have absolutely no idea what is going on in their systems or how to protect or fix them, etc.
keep up the great work/carry on from your work at the WP — i hope you continue in the same easy to understand approach. all the uber geek-tech sites exist for terminal users and code heads — it’s folks like me who need your type of expertise in practical language.
Like or Dislike:
1 
0
I’m wary. I do take precautions (FF, No Script, Request Policy, limited-user account, etc.), but I must confess that half the stuff in your columns is over my head. So while I would like to be confident, I’m not technically adept enough to be there.
Thank you for writing clearly enough that I can follow the other half of your advice.
Well-loved. Like or Dislike:
5 
0
I’m wary regardless of which OS I’m using. I use Linux, Mac OSX, and several versions of Windows. I run a firewall on all and AV on Linux and Windows. Mostly, I use Firefox with NoScript on Windows though I do think IE8-64 running in protected mode on Vista or Win 7 is about as secure.
I also keep abreast of security issues through several different sources and track malware trends. Most importantly, I practice safe browsing on the net. I will use public WiFi for some things, but certainly not transactions or banking unless I’m going through a VPN.
I don’t consider myself paranoid, just aware of the fact that even after taking all reasonable precautions there is still some risk of compromise, albeit relatively small.
Like or Dislike:
1 
0
I counted myself among the “Wary” because in my looong years of computer experience (since…gasp…2003) I’ve come to see that the many, many, onion-skin layers of complexity involved with these “machines” seems to be just asking for penetrations of all sorts. Hence, I place confidence in folks like our Brian Krebs here to keep me alert, and who has dedicated a blog to delve into all of this “whack-a-mole” potential.
I like to mention that I’m 78 years old and think that keeping up (“or trying to” in the words of Rob Pegoraro, another top notcher.) is vital for brain tone.
Keep a’ clickin’, geezers! Use it or lose it.
Like or Dislike:
3 
0
You didn’t have any category for “Confident but Cautious – I know what I’m doing but don’t invite attacks”.
Like or Dislike:
1 
0
I’m not paranoid, and still I run different applications in different sandboxes. Don’t run IE unless needed for a company website, Don’t run Flash, have Acrobat’s JavaScript disabled.
At the sametime I bypass inane security controls implemented by my company, and publish my life online with every social network you can imagine, although this is mostly automated.
Like or Dislike:
1 
1
I’m wary enough that I now do any remote computing related to work on a laptop I installed Ubuntu on (and I still run Clam anti-virus and use a firewall). All my on-line purchasing is also through the Ubuntu machine.
If not the Ubuntu machine then I use my Mac (where I also run an anti-virus program and use the firewall).
Even so, I pay careful attention to what I do.
Like or Dislike:
0 
0
As a prior poster said where is the ‘paranoid’ category? I chose ‘confident’ instead to reflect the degreee of mitigation I employ. I consider myself very well informed about what kinds of attack are possible and consequently run OS X with my own set of firewall rules, Privoxy and a non-mainstream web browser.
I’d switch to a more secure BSD (Apple are proving atrocious at keeping their open source components up to date – see Rixstep’s ‘The Version Race’ article at http://rixstep.com/1/2/20091211,00.shtml) but I’m a sucker for their top-drawer user experience ;o)
Like or Dislike:
1 
0
Brian, great question – like many I checked “confident” when the more appropriate alternative would be “paranoid expert”. It’s tough to get the appropriate selections into a manageable granularity, good job.
What would be very interesting to me is whether there is a correlation with technical skills, or if ignorance is bliss. Do the folks who are confident really have the technical skills to provide a foundation, or are they counting on a recipe that just applies patches provided for them?
FYI, my own technical level would have me asking “why doesn’t this codec work?” only on the first build after I finished writing my custom driver software for it – on subsequent builds I’d already know why…
In other areas my past professional experience includes designing and building enterprise security platforms as well as debugging on hardware to the board and chip levels.
Another dimension is confident in the face of what threat or adversary? In the CISSP material the phrase “a sufficiently resourceful and determined adversay” is used, that’s a good yardstick. Is the confidence about herbal viagra vendors or fake a/v scareware, or is it the hostile nation-state actors that sometimes target home PCs of government employees as a way of making an end run around the work security perimeter? So maybe another question might be “who are the attackers you are defending against?” – that, with realistic appraisal of technical skills and confidence level would give a really good self-evaluation of one’s security posture.
Like or Dislike:
0 
0
Although I voted confident; I believe a more appropriate choice is “Aware: Choose to avoid higher-risk activities”. I’m not inviting malicious users/criminals to bring it on, yet I don’t figure my computer has a virus if it running slowly, either as that for “Wary”.
I recognize many attempts to spread malware and choose to avoid higher-risk activities as I realize I can’t outsmart all attempts to compromise my system/information.
Like or Dislike:
2 
0
You may be a security/computer expert, Brian, but you need work at creating a decent research question.
:#)
I, too, fit none of the above categories. I’m security cautious. Since I take precautions, I have a level of confidence, but am always on the lookout. But I’m not one who frets every time my computer seems to lag a little.
Like or Dislike:
2 
1
I would like to think I’m “prepared”, by keeping all apps patched via Secunia PSI, using the Opera browser, SuperAntiSpyware, updating XP each month, and not going to any shady sites.
Like or Dislike:
1 
1
Wary. Which as someone said above, is why I read your blog every day. I use Opera on a mac.
Like or Dislike:
2 
1
I am vigilant at keeping Windows and AV up to date. I am also wary that updates and AV solutions lag the criminals efforts to steal and plunder. So, I guess I’m confident, but wary!
I always enjoyed your column and chats at the Post, Brian. I wish you success in your new venture! You help to fill a security vacuum in the media . . . particularly for people like me . . . and I have tried to take advantage of the advice you have offered.
Good luck with the blog!
Well-loved. Like or Dislike:
5 
1
Confident. With free avast! and two paid anti-malwares I’ve been clean for four years. As soon as I replace a sick processor, Windows goes back in WITH that darn Limited User Account.
Like or Dislike:
2 
2
Wary: am using Debris Linux now…relaxing a little…Windows caught something even on a limited user account! Will be counting on your new site for any Linux malware reports…will let you know if I get any.
Like or Dislike:
3 
0
http://oreilly.com/catalog/9780596003234/
Like or Dislike:
0 
2
Firefox running noscript on a Mac, and I read you columns, hell yeah I’m confident ;~)
Good luck on the blog!
Like or Dislike:
3 
2
I got tired of the constant maintenance (and vigilance) required to run Windows, and went to a Mac several years ago. I’m not one who thinks Macs are bulletproof, but I’ve never regretted it. I still do all the security updates on my kid’s (Windows) laptop to remind me of what I don’t miss.
Well-loved. Like or Dislike:
4 
0
I am extremely wary and yet I use Firefox for my browser . The only time I use IE is when I am forced to do so.
Some point of time someone will find a way exploit the weakness in any computer system as well as the users so the best way to keep your security up to date at all time. At the same delete any kinds of email selling products or claiming you won a prize or a bank representative job and the address is a throwaway account (gmail or yahoo and etc)
Like or Dislike:
1 
1
I find no benefit in saying ‘I am confident’ about security. That’s actually nonsensical. Security should not be a continual daily challenge. Nor it is wrong to say security is just for Windows lusers. If Windows disappeared tomorrow, the world would be so radically different that no one here would recognise it. Windows has hundreds of thousands of malware strains in the wild; only people who’ve devoted time to helping the helpless with Windows know how utterly horrible it is; reps from MSFT themselves estimate spam accounts for 92-97% of all SMTP traffic – to attempt to sidestep this is to pussyfoot around the real issues. We don’t need more security consciousness – we need an OS regime change.
The options in the survey are incorrectly formulated.
Like or Dislike:
2 
1
Anyone who runs Windows is just a click away from pwnage.
Like or Dislike:
1 
5
Windows is not perfect, but it is getting better with Win7. I’m not sure it matters since the biggest security hole on any computer is the user. Technology can only go so far.
To be on the paranoid side I browse with Firefox, adblock plus and noscript. And I run it in a limited user sandbox.
I agree that “The options in the survey are incorrectly formulated.”
Like or Dislike:
3 
2
It’s not like they’ve had decades to get their crap together or anything…..
They got their heads handed to them and ever since XP SP2 they’ve been trying to patch the holes as they get exploited. A billion dollar whack-a-mole.
Like or Dislike:
1 
0
Living on Linux now after my family and friends have had their computers ravaged time after time. I know, I know…..I am not overconfident, my machine can get infected too but at least I have a fighting chance. I recommend dual boot into linux or virtual windows machines to survive
Like or Dislike:
1 
0
I think I just totally cursed my PC Security with this vote. The results came back and I’m voter # 666…there’s no way that can be good! I took a screen shot to remind myself that regardless of how I voted I now belong to the Super Paranoid group.
Like or Dislike:
3 
0
Well, I put confident… and I am.. Though I surf as a limited user, never disable my antivirus and spend most of my time in security cleanup forums.. I remain confident… Oh, the reason I spend time in the cleanup forums is…. I am cleaning up other folks computers who were…. Confident, wary, overconfident or invincible… Unfortunately with the threats today…. They all show up at some point.
Like or Dislike:
3 
2
I don’t get viruses, but I can get rootkit-ed. Odds of the latter are a whole lot lower, but it could happen.
Perhaps a better measure would be based on action: what steps to you take to protect yourself:
NAT w/ all ports closed.
IP firewall with statefull inspection and monitored services.
DMZ
Sacrificial Goat in DMZ for outside access (in and outbound).
There is a similar chain for password security (e.g., changing your password on the way out to avoid trojans), full process monitoring to detect trojans, etc.
Depending on how far you’ve gone to set up a full firewall and safety procedures we know how much you care to know — and do — about security.
Like or Dislike:
0 
0
Extra-cautious (paranoiacs)
I think I am the template to the paranoid category that Jerome often refers to. I am surfing in Linux, in Firefox, with “no script”, “adblock plus”, and “flashblock”. There are some site that we have found out there we will only surf to with wget.
Like or Dislike:
0 
0
Wary. Which is why I read your blog every day.
Like or Dislike:
1 
0
Confident – I am working in the I.T industry and have to deal with this on a daily basis. I can’t say the same to all the users who I have to deal with everyday.
Like or Dislike:
0 
1
I have become paranoid as I discovered that on-line access to my commercial bank is via ONLY IE with Active X on. Most other banks require the same. Would like to use only linux/firefox but seems the banking world just won’t allow customers to be security conscious.
Like or Dislike:
0 
0
Download Opera and see if it Just Works ™ — you may have to tell it to fake what it describes itself as.
After that ask yourself if you really want to deal with a bank that is not interested in your security. If not, then find a place that doesn’t require the security holes (on your part) to make use of their online services.
Like or Dislike:
0 
0
Checked “wary” but am also confident … running Firefox w/ NoScript on a 5 yr old HP desktop, but unhappy w/ FFox slowness lately & am using Chrome, too.
eSet NOD32, malwarebytes, webroot spysweeper (cumbersome but seems effective at finding/warning of problem potential), etc.
so far, so good (fingers crossed).
likely to go to my parents’ little used iMac w/ dual boot/Parallels + Win7 in a few months/a year.
Thanks for your great work.
Like or Dislike:
0 
0
Depends. I’m currently in ‘bring it on’ mode – that’s because I have booted my PC with a Live Linux distribution from a USB memory stick. Not so easy to infect a read-only operating system.
When I’m booting this machine with Windows, I’m a lot less confident – I know my Reader/Flash/Java/… versions are not not necessarily the latest and greatest, and it’s an employer-supplied machine.
Like or Dislike:
0 
0
Where’s the “Gets headaches from overly tight tinfoil hat” option…?
Erik raises a good point. I think the poll would reveal some interesting info if modified so people could rate what sort of internet user they are *depending on what platform they’re running*. The only time I go into Bring It On mode from a Windows machine is if it’s a test beater box that’s already one reboot away from a complete nuke ‘n pave.
Then again, such a poll would only make sense to (and for) the sort of user demographic that frequents blogs like these in the first place.
Which highlights the underlying issue with the broader user demographic: the silicon is not the problem – it’s the carbon we have to deal with.
Like or Dislike:
0 
0
I voted Confident, but as was already said, I would never say “Bring it on”. I work in the Computer security field and have never had an infection on my work computer. But I am very careful….
Like or Dislike:
0 
0
I voted for confident, but only because I am careful when I do surf and use Site Advisor as a guide (guide only). Also, I don’t download anything except what comes from a security neurotic friend who insists I keep my computer safe — as she does hers.
I am not a gamer so that potential threat area is missing.
I have a special on the web e mail for anyone who does a lot of forwarding of ‘stuff’ found on the net.
So I am ‘wary’, too.
And I read this blog regularly for added security and wariness!
Like or Dislike:
0 
0
I consider myself “wary” (I run nessus on my home LAN occasionally, even though it crashes my Brother networked laser printer and congests the logs on my Linux machines, and every potential flaw it finds is intentional). But I think that the current crop of software that we all use every day makes virtually every category “vulnerable”, like it or not.
When I was a security professional, we used to half-seriously say that “the product of security and utility is a constant”, and that our job was to raise the value of the constant. The problem we all face is that we still want SOME utility out of our systems! For example, cautious people shut off javascript and flash, but did you also shut off loading jpegs and png’s? Based on past exploits, you still could have been hit. Where do you draw the line? Text-only web browsing just isn’t much fun!
The real answer is basically what someone pointed out in an earlier comment, the ultimate expression of the “least-privilege” principle: you just can’t trust a system that you use for fun things with any of your secrets. ASSUME the fun system will be taken over every time you use it. NEVER type a password or credit card number into anything but your production system, and do everything you know how to do to keep that one safe – and NEVER do anything but your business on it. Virtual machines make this pretty easy and very cheap – check out VMWare and Virtualbox, both free.
Like or Dislike:
0 
0
I was directed to your blog by the guys at PaulDotCom.com
You have good content and I look forward to reading future articles.
What kind of Internet user are you?
Everyone should be (or strive to be) confident unless they just crawled out from under a rock and are still delivering letters with a stamp.
Everyone should also be cautious. Surfing the web is no different from driving around in your car. Sometimes you find youself in strange places where you need to lock the doors and not stop to ask for directions.
Like or Dislike:
1 
0
It’s my experience that there is a sizable group of people who refuse to attempt to understand anything about computers, feeling that they are too complicated. This attitude seems to cut across all ages/generations. I am 61 yrs old, been working with computers since the DOS/BBS days. I still work in IT for a non-profit, so I have to deal with employees and volunteers in a kind way (not often easy). Security is not easy, but I do have everyone more or less trained to call me the instant anything unusual happens. Hopefully. With my small amount of knowledge I am often totally amazed that networks and the internet work at all, not to mention as well as they do. Scary.
Like or Dislike:
1 
0
I’ m afraid I fit into the category of those “who somewhat understand”. I too have been around abit (TI) Texas Instruments…But I must confess I always felt that security was something that lacking and it’s true meaning to “WEB” or internet was dismissed in favor of “glitz and glammer”. Securing your enviroment should be first and foremost on everyone’s agenda. And this blog(Shameless Plug) is one of the best I’ve participated in…..
Like or Dislike:
0 
0
B;
Anyone who follows some of the security websites on a regular basis and IS NOT paranoid just doesn’t get it.
I’ve moved from the 2 hours a day fixing, updating, reading about and backing up a Windows home network, to another world: Linux.
Not entirely carefree, but now I have about 10 hours a week to dedicate to actual creative work on a computer.
Like or Dislike:
0 
0