It’s not a seismic shift, but a recent survey on security seems to show a trend, at least among the security conscious, away from Microsoft’s Internet Explorer browser and paid antivirus products in favor of Chrome, Firefox and free antivirus software.
Many readers might say, “What took them so long?”
The growing number of exploits targeting IE for some years prompted recommendations to replace it with alternatives from Google or Mozilla — or to at least limit use of IE. And antivirus has become a low-priority commodity. More intelligent anti-malware tools are taking precedence over signature-based applications. Nobody wants to get rid of the signature-based tools because when they work, they work. But why pay for them? Just use a free download and save your money for more sophisticated products.
Still, I found the degree of the shift interesting.
The survey was conducted by AV Comparatives, an Austrian non-profit that does independent antivirus testing. The results come from 4,715 computer users from around the world, about 16 percent of them in North America. The respondents came primarily from Europe (about 43 percent) and Asia (about 26 percent).
AV Comparatives says that it used control questions to filter out security experts and others trying to spin the results, so that the results reflect average users. Still, if I were a betting man I’d bet that the respondents skew toward the security aware and the paranoid. Who else is likely to take the time to answer a security survey?
As you might expect, operating systems used were dominated by Microsoft, with nearly 62 percent using Windows 7 (32- or 64-bit versions) and about 17 percent using Widows 8. The company noted that Windows 8 use by respondents is significantly higher than among the general public, according to commercial metrics. Older versions of Windows, including XP (12.5 percent) and Vista (about 4 percent) still outranked Apple OSes, which totaled 2.4 percent, although Apple accounts for 7.2 percent of the North American market.
But when it comes to browsers, Microsoft lost its advantage among the survey respondents. About 39 percent said they use Mozilla Firefox and 35 percent use Google Chrome. IE was a distant third with 14.4 percent. The results reflect what had been a trend worldwide away from IE, long the dominant browser, and toward Firefox and Chrome. However, recent statistics from Net Applications show that IE has rebounded with the release of IE 9 and 10. In February, IE held 55.8 percent of the worldwide market, followed by Firefox (20.12 percent), Chrome (16.27) and Safari (5.42).
As for security software, about 40 percent of respondents are paying for a commercial suite of security tools, and nearly 16 percent are paying for stand-alone antivirus. This combined percentage was about 10 percent higher last year, the company said. About 37 percent were using free antivirus solutions. In North America, free antivirus accounts for 40 percent.
The top choices among antimalware providers also varied with geography. In North America, the top providers in the survey were, in order, Microsoft, Symantec, Avast, Kaspersky and AVIRA. Worldwide, the top providers were Avast, Kaspersky, AVIRA, ESET and Microsoft.
Apparently users are satisfied with the security of the tools they are using. Although they ranked good malware detection rates as more important than impact on system performance, they said vendors needed to work more on reducing the impact on computer performance than on detection rates.
If the people who took this survey know what they are doing, maybe it’s time for those of us who have stuck with Microsoft IE and are paying for antivirus to reevaluate priorities.
Posted by William Jackson on Mar 28, 2013 at 9:39 AM3 comments
I recently solicited comments on what the killer app might be that would drive demand for and adoption of IPv6, the next generation of Internet Protocols. From what the readers had to say, the killer app is the Internet itself. Despite the possibilities for improved functionality in the new protocols, the overriding reason for using them is simply to keep the Internet alive and well as the old address pool dries up.
With the current IPv4 infrastructure becoming increasingly fragmented and fragile, “the Future is IPv6, or no Internet,” one reader commented. “You choose.”
There were no examples offered of anyone actually using the capacity or capability of the protocols for anything innovative. The only reason for enabling them is that this is where future growth of the Internet must take place, and anyone who wants to remain accessible without living behind increasingly congested bottlenecks will have to accept IPv6 traffic.
Two readers offered examples of current applications that would benefit from eliminating the fragmentation caused by Network Address Translation, voice over IP and multicasting for delivery of radio and television over the Internet. Some current trends support these ideas.
The NPD Group recently announced that there are more than half-a-billion Internet-connected devices in the U.S. homes, an average of 5.7 per household. Since the beginning of 2013, the number of tablets in use grew by nearly 18 million and the number of smart phones by 9 million.
This growth in IP is occurring at the same time that reliance on traditional electronic media is shrinking. As early as 2010, the National Center for Health Statistics reported that nearly 27 percent of American homes did not have traditional wireline telephones. And the Nielsen Co. estimated that the number of households in the United States with television dropped from 115.9 million in 2011 to 114.7 million in 2012. The drop started with the digital conversion of television in 2009. The poor economy and demographic shifts with more young people relying on Internet for entertainment also contributed to the decline.
It appears that for the near future, the primary job of IPv6 will be keeping the Internet robust enough to enable its continued expansion as communications, information and entertainment medium. But that does not mean that the new protocols will not be put to some interesting and innovative uses.
“The ‘Killer App’ is, first and foremost, the increased connectivity implicit in the larger address space,” one reader commented. “What comes from that increased connectivity is, well, up to you to decide!”
Posted by William Jackson on Mar 22, 2013 at 9:39 AM7 comments
The volume of IPv6 traffic, though still small, has grown steadily over the last year. Although most federal agencies missed the Sept. 30, 2012 deadline for enabling the new protocols on public facing Web sites, they are slowly adopting IPv6. Hurricane Electric, which bills itself as the world’s largest native IPv6 backbone, has announced that it has connected more than 2,000 IPv6 networks.
But the world still is waiting for a reason to make the move. To date, the main reason for transitioning to the new Internet Protocols is that you have to. The Office of Management and Budget told agencies in 2010 that they had to enable IPv6, and the pool of available IPv4 addresses is drying up. Anyone who wants large blocks of new addresses now must get them in IPv6.
So far, however, the new protocols are being used pretty much like the old ones. When will we see a killer app that will make people want to use IPv6, and what will it be?
There has been a lot of talk in the last decade about the improved security that can be achieved with IPv6, the new Internet of Things it will enable and the benefits of true end-to-end connectivity once everyone gets rid of Network Address Translation (NAT). A global organization such as the Defense Department stands to benefit from access to a nearly endless supply of IP endpoints that could be used to monitor, track and control millions of things anywhere in the world.
But despite changes such as the rapid growth of mobile devices, we still are using IP devices pretty much the same way we have for years. Screens are smaller, keyboards are virtual and there is some location-specific functionality, but a mobile device essentially is a little IPv4 PC.
Owen DeLong, IPv6 evangelist for Hurricane Electric, obviously is a fan of the new protocols. He thinks doing away with NAT will be a good thing. So what does he think the killer app for IPv6 will be? “None,” he says. People don’t feel they are missing anything with IPv4 now, and the benefits of a new set of Internet Protocols are too complex for today’s short attention spans. “It’s not something you can explain to the average user in a 10-word sound bite,” he said.
But the interesting thing about killer apps is that, like the Spanish Inquisition, no one expects them. They are unplanned and become part of our lives before we know it. Is the next one already out there?
Are there any innovative uses of IPv6 by your agency or office? Has anyone found a use for the protocols that enables some functionality that was not practical before? Do you have a problem that you think IPv6 can solve? Drop me a line at firstname.lastname@example.org and tell me if the new protocols are being used, how they are being used, or how you would like them to be used. Maybe we can identify a driver for the move to IPv6.
Posted by William Jackson on Mar 14, 2013 at 9:39 AM9 comments
It is no surprise that the government faces serious challenges in protecting its information systems, both because agencies are high-profile, high-value targets and because agencies lack the speed and flexibility to effectively counter rapidly evolving threats.
“We have once again designated federal information security and cyber infrastructure protection as governmentwide high-risk areas,” Greg Wilshusen, director of information security issues for the Government Accountability Office, told a Senate panel at a recent hearing.
There are some promising developments in government cybersecurity. The Homeland Security Department, which has the nominal lead in protecting civilian agency systems, is taking the initiative to help develop tools and programs that could do a better job of monitoring, evaluating and mitigating risks. But those programs are being threatened by the unwillingness or inability of Congress to effectively fund government operations.
“Sequestration reductions will require us to scale back the development of critical capabilities for the defense of federal cyber networks,” DHS Secretary Janet Napolitano told legislators during the hearing.
Napolitano offered no specifics, but with across-the-board cuts mandated under sequestration it is inevitable that worthwhile programs will be hit just as hard as unnecessary ones.
Tools being developed or advanced by DHS include the Cyberscope automated FISMA reporting systems, which leverages commercial products that use the Security Content Automation Protocol from the National Institute of Science and Technology.
There also is the National Cybersecurity Protection System that includes the Einstein intrusion prevention system. The department’s Science and Technology Directorate cooperates in the development of secure Internet protocols, and Napolitano said that DHS was a leader in the development of the Domain Name System Security Extensions (DNSSEC).
The National Protection and Programs Directorate is developing a commercial Continuous Monitoring-as-a-Service capability to deploy sensors and feed cyber risk data to an automated, continuously-updated dashboard to help agencies see and respond to day-to-day threats.
It is not government’s job to create the technology needed to secure the nation’s cyber infrastructures, and government is unlikely to ever be as nimble and efficient as the private sector in developing security products. But government certainly has a role to play in fostering development of critical tools, especially those such as Cyberscope and SCAP that address government needs.
DHS programs and their results are open to criticism, but it is taking responsibility to help provide agencies with the tools they need to do their jobs. It would be a shame to arbitrarily slash efforts that could produce real benefits.
Posted by William Jackson on Mar 08, 2013 at 9:39 AM1 comments