Polls

There are stories about computer security in the news every day, but it can be hard to find an unbiased opinion, or even hard facts. Virus Bulletin would like to know your experiences and opinions about the topics that concern computer users. Whether you're the CEO of an anti-malware company, administrator of a large corporate network or a home user, we'd like to know about your experiences and opinions.

On this page you will find an overview of the previous polls that have run on Virus Bulletin. The current poll can be found on the right-hand side of the page.

Suggest a poll

Is there a question you think we should ask our users? Click here to suggest a poll!

Previous polls

Should Mac and Linux users be running security/anti-malware software?

Does your organization have a password policy?

How much trust do you put in the warnings that appear next to sites listed in search engine results?

Who in your company is responsible for installing software patches?

How are your spam levels compared to two months ago?

Should anti-virus software be free for personal use?

Will taking client-side security 'into the cloud' provide better security for the end user?

Will the current banking crisis lead to an increase in phishing attacks?

Have you ever been conned by a phishing email?

Is it reasonable to teach virus writing as part of a computer security course?

Have you ever actually read an End-User License Agreement?

Is 47 months imprisonment sufficient punishment for a convicted spammer?

Should AV software check search engine results for malicious sites even before the user clicks on them?

Will new browsers like Firefox 3, Internet Explorer 8 and Opera 9.5 help fight web-based malware?

When do you feel most at risk from malware and cybercrime?

What was the main reason for choosing your current anti-virus product?

Are virus-writing contests a good idea?

Should online banking customers be held liable for losses via phishing/online scams if they don't have adequate protection on their PCs?

How often do you check your spam folder for false positives?

Do you use security software on your mobile phone?

Do you ever forward chain letters?

The results of 1.3 per cent of all Google searches contain sites serving malware. Should search engines do more to prevent malicious sites appearing in their results?

Who should take ultimate responsibility for computer security?

Has your antivirus software ever produced a false alert?

Some reports suggest that less than 3% of email traffic in December was legitimate. How many spam messages get past your spam filter and make it through to your inbox?

$3.2 billion was lost in phishing attacks in 2007. Do you think this is going to be worse in 2008?

Should governments be allowed to write viruses to bug terrorists?

Has Windows Vista made the web a safer place?

Do you feel safe banking online?

Have you suffered a malware infection that wasn't spotted by your anti-virus software?

Does your company block any social networking sites?

Is it acceptable to demand money for information on software vulnerabilities?

Current poll

How should software and OS patching/security updates be managed?

Comments

Well...it depends on type of internet connection - like in case of slow dial-up, it should be manual , at user's discreation but a user with fast internet connection wouldn't be effected if 'tis automatic. For fast internet - it should be automatic & silent.

by Anish Girdhar, 17 May 2009, 11:07

Opting out HAS to be available, especially with Micro$oft updates!

by Andre Ruel, 18 May 2009, 15:54

Opting out has to be available but the default must be to install with no user intervention. Then by default users get the updates unless they specifically choose not to receive them. Most users don't know or care about updates until they have a problem, and since most Windows updates don't cause any problems now this sort of default will offer the best overall protection without removing the user's control.

Obviously systems on a corporate network should be able to take control of all this, as is already generally the case.

I know it's a grey area but I think security updates (but not other updates) should be available and installed as above even for users of unlicensed/pirated software and it should be known that they are made available. Often users who know their software is not legit disable updates to avoid having their software deactivated, and these unpatched systems becone infected causing more problems for those of us who do run 100% licensed software.

by Paul, 18 May 2009, 16:10

As has yet been said, under a low-bandwidth connection, a manual approach would be the only reasonable choice.

In a Corporate environment, an automatic update is usually "enforced", by policy or platform configuration.

Both make sense, in respective situation.

FOR ME, on my puters, I really prefer a manual process, regardless the bandwith I have at the moment.

That because in some situations, on lab machines, I experienced some "system hiccups" and even a couple of crashes after uptades (of operating system and/or applications).

In this scenario, having selected manually what to update makes quicker and more accurate the troubleshooting to be done...

by Roberto, 18 May 2009, 17:00

provided there is a DSL connection active...

by diego nassetti, 18 May 2009, 18:48

No defaults, let the user choose at install, I prefer automatic notification but manual install. Some updates for applications fail because I am not Administrator, then when I log in as Admin, some don't have options to update now. My children are confused at update prompts or failure reports. We like to know what is updated for my firewall prompts, if the firewall prompts, my youngest son usually selects No.

by Wayne, 18 May 2009, 21:17

The key is that anything requiring a *reboot* MUST wait to reboot for the user's permission. If no reboot is required, then keep the user safe.

by Tony Meyer, 18 May 2009, 21:48

The problem with updates is the same as with the initial product, if they were bug free, then no problems with auto updates. BUT they are not bug free & often cause unforeseen issues. A particular update cannot be looked at in isolation, it must be looked at in terms of everything about a particular machine. Given the infinite combinations of hardware & software, I think it is best left to the user to decide when is best the best time to upgrade. Murphy's law says an auto update will cause maximum inconvenience at the time you most need your machine.

by pagogrp, 19 May 2009, 01:11

User level varies greatly. Whether automatically or manually, providing only one way is inadequate. Novice users tend to ignore options and leave everything as default whereas veterans usually recognize what options they have and utilize them accordingly. Therefore, updates should be set to automatic at default while users being told that it has been set to automatic and it is possible to change it.

by eClass, 19 May 2009, 04:47

I always disable 'AutoUpdate' options (except my firewall/IS system). I do not like to be in the middle of a Gig+ download, only to have a Windows box appear and tell me that I need to reboot my computer.

By default, Windows ships with 'auto-updating' enabled, which I believe is proper. If a user is savy enough to want/need other options, they may set them to their needs. If they don't know 'how', they NEED to keep it at the MS default, else they will end up with a vulnerable system. If 'auto-update' was not the default, over half of the Vista machines would still be sitting on OEM installs with NO updates.

by John, 19 May 2009, 06:47

I agree with Tony Meyer , updates that require a reboot should be manual,but automatically notified, otherwise should just automatically install with no disturbance to users.

by Steve Joyce, 20 May 2009, 11:17

There should be another option: Manually or automatically, at the user's discretion.

by Dennis Candy, 01 June 2009, 03:56

Automatically and silently, with option to run unpatched

by Ori Lahav, 02 June 2009, 13:23

Manually.

Why? Because of freedom of choice ;) Not every patch is good one.

Automatically, only for servers and bussines pc-s.

by Marko, 11 June 2009, 10:55

Depending on the Operating System, I do not adhere to the 'need-to-know' policy and a fixed schedule to rollout updates. I have always believed that vulnerabilities should be disclosed immediately and patches should be available and pushed ASAP. Doomsday "Patch Tuesdays" are troublesome, these type of security policies cause the most economical damage and create frustrated end-users.

I advocate Instant Disclosure and rapid secure fixes made available to all without any hesitation.

by Kevin Gregg, 14 June 2009, 00:06

I certainly agree with people who use discretion as cautionary updaters of security holes. It pains me to see that some OS developers take 7 years to patch a serious remote exploit. True as was said, not all patches work; I prefer an intelligent OS that can apply patches efficiently and properly after being fully tested, as opposed to big service packs that fumble the ball and usually don't work on most production and non-production machines, whether as a push or as a manual download. Better developers create better proactive security measures against unauthorized access and bugs and malware, trojans, spyware, and the like. Defense in-depth is a must and more than one company should be consulted before certain OS frameworks are patched, because many proprietary companies do not inform but slip a fix under the table and do not disclose unless it has been clearly pointed out to them. This is a big problem in the industry for the home and business user and the security industry in general.

by Kevin Gregg, 14 June 2009, 00:13

Enforced patching/updating is appealing for the rest of us who understand what the internet is but I could not agree to something with no "opt out". By all means "on by default" because the dangerous people might not find the switch but with no opt out the terrorist types will have too much power. Everyone should be afforded a fair opportunity to show there are no weapons of mass destruction regardless of their power, assets, beliefs, customs or anything else peculiar to a culture or situation.

My preference is none of those suggested. I would prefer :

"Automatically, randomly and silently, on by default with opt-out system."

I could also go with a nag screen if a system is un-patched.

by Redrik, 19 June 2009, 07:04

I would say it depends on who the user is and what the computer is used for. For most users doing Email and surfing the web, updates should be silent and no option to run unpatched. For users working, using web based apps I would say there has to be an option to opt out since some OS patches may 'break' the app the users need to do their work.

by Lizard, 19 June 2009, 15:17

An annoying and productivity sapping trend is underway.

Some software vendors are providing 'security updates' to their packages with a frequency which is quite excessive. These updates are usually accompanied by pop-ups and fanfare which leads me to believe that it is marketing & sales, not software driven. However, there is a security downside to all this.

I have seen one trojan which pretends to be a vendor's update and then asks the user to download a 'fix'. Due to the excessive frequency of updates the unfortunate user has been conditioned into agreeing to such updates without a second thought... Oops.

by Mak Jeng, 25 June 2009, 23:39

Leave a comment

Poll

How should software and OS patching/security updates be managed?
Manually, at the user's discretion
Automatically via an optional, user-defined schedule
Automatically via a fixed, but optional schedule
Automatically via a fixed schedule, on by default with opt-out system
Automatically and silently, with no option to run unpatched

Leave a comment
View 19 comments
Jobs Career Sidebar

Malware Prevalence

Dropper-misc |################|
Waledac |###############|
Agent |###########|
NetSky |#######|
Invoice |######|
 View this month's full report
Virus Bulletin currently has 165,662 registered users.