When it comes to security, the old saying is that users are the weakest link in the security chain. Some people were starting to question this, however, with the prevalence of software vulnerabilities. More and more infections, it seemed, were being caused by exploits of common programs, such as web browser, and not because of something that the users did. Well, this data suggests that infections by software vulnerabilities are rare. Far more common are infections where people are duped to download something from the Internet or by opening email attachments.
We really have to understand and modify user behavior to improve the security situation.
The headline below is misleading — it is not the visiting of web sites that is the problem, it is the accepting of downloads being offered during that visit.
Malware most often spread by visiting malicious Web sites
From Jan. 1 to Nov. 25, the top 100 attack programs infected 53% of their victims by duping them into downloading something from the Internet. An additional 12% of the infections tracked globally were caused by users opening e-mail attachments.
Just 5% of the infections were related to an exploit of a software vulnerability, said Trend’s analysis.