People are ALARMINGLY neglectful about privacy. They don’t care where their data flows. In most cases they present it willingly at MySpace and Facebook and whatnot. They don’t understand the threat. They just don’t see it.
That’s why they don’t care about a firewall.
And, in addition to the above mentioned reasons, remains the fact that the majority of people does not adopts any security policy, which is more than simply have a firewall, an anti-virus and another security tools. Here, we have to agree that must to exist a “package”, which consists of “men” (and all their knowledgement), “softwares” and “hardware”. Each of them has your own level of importance.
And in most of the cases an invasion, for example, could be prevented only by adoption of good practice while browsing, and even this is neglected. I think that the first level of security is the user itself. There is no advantage in having a powerful security suite (including firewall, anti-virus, anti-spyware, etc), if the user does not understands the basic rudiments about computers, LAN, internet and prevenction/security, and simply answers “yes/allow” to any popup showed by his firewall, for example, without any knowledgement of what he is doing, and about what will be the consequences of it action.
There is much to do, think and change on this field, yet. Knowledgement is an important point, but I don’t get to imagine yet a way to this be more effectively distributed, shared and “learned” by people. And, we have to consider the fact that most of the people simply don’t gets to learn anything at this respect.
They only wants to turn on their machines and browse the web, forgotting any common sense and don’t having the minimum concern about security. I don’t get to imagine a way (at least in a short term) to change this, and this is frustrating.
As mentioned by Melih, the cost is one of the involved barriers that prevents people to use security solutions. But, for example, we can find inumerous good solutions, and many of them totally for free (many thanks to Comodo here, and long life to them… hehehe 
).
Lots of users can afford security software, Melih, but don’t use it or don’t use it properly. The proper use of security software requires that the user must learn something about it, and they don’t want to do that. People get comfortable with what they know, and many of them are afraid to learn something new–which is what security software requires.
As in a lot of things, this requires education to fix the problem, and, as mentioned, sometimes it’s forced upon them by necessity. They do all right then, but that first step is hard for many people.
Regards,
i think that people don’t realise how many threats exist on the net… every day i see some post on other forums saying that firewalls are for paranoic people… no-one realises that the internet is not what it looks like.
I keep reading things like “no-one would hack my computer because only corporate computers get hacked”
sorry for being not exactly on-topic… just had to post something after reading some posts on this thread and some other posts i’ve just read on other forums
edit: errors on my typing 
As others have said, it’s essentially down to knowledge. A firewall, for the most part, requires some knowledge to maintain it. The majority of people that use the Net, just don’t want to be bothered with the detail.
Take for example the ‘silver surfers’ some are pretty canny, but most are not. How are you going to reach them?
I reinstalled XP on a friends PC a few days ago, because she had so much malware, it was impossible to do anything else. Prior to the reinstall, she had no security at all. I installed cfp 2.4 and configured it for her applications and put AV there too. Now I get 10 calls a day asking what she should do for one pop-up or another!
This is not what a average user wants, they want to get to all this useless social websites and download their favourite podcasts without being bothered by some pop-ups
it’s just like with an HIV - people don’t want to think of safety, they just want to have some sex :-)))) some use condoms, but these give a false sense of security, since in fact they aren’t much of a protection.
and you know, i think it’s also M$ to blame - they claim their OS (WinXP, didn’t touch Vista yet) is “even more secure”… I’d quote JB from “Tenacious D” - “Yeah, this is awesome! Compared to bullsh-t…”. Yes, it’s secure. Compared to Windows 95. All these Windows Updates are really giving a not-so-computer-savvy user a false sense of protection, since they don’t know anything about how does malware work and don’t WANT to know it. But at least following basic computer hygiene rules would be enough to drastically decrease the infection spreading. Middle ages, Black Death? Modern era, countless worms, trojans, viruses… Thank God this time no one dies.
I agree with every reply in this thread it falls on the user of the system to know what the alert is and means. I also know that people will push the limit when it comes to being pro-active in the security of there computer. I was in a forum just the other day and a member posted his own FW log & IP in the forum. now his system is very unsecured. anybody that has seen this has a direct access point to his system! and knows what type of FW they would have to defeat! it’s holes like this in security that people make for them selves. and no security that may be in place will help. I myself have ran in to alerts that I had no clue of what they where or meant but I know I can just Google it to find my answer and just knowing that it’s just a click that can allow some kind of deviants in the system should be enough to scare most people but like I said lots of people will push the limit.
{I've always said security starts with the person in control}
Unfortunately, most of the people forgets that an insecure computer is not only dangerous for them, but also for others. It is a snowball that grows day by day. People are very individualistic, too.
individualistic: yes but carelessness is what gets theme in trouble I have family members that will just click the x and close the warning! I have seen them do it many times it’s like it never happened and I ask why did you do that! the answer, “I do not know what that means”!!!, ok it says warning on it now to me a answer like that is just plane nuts. individualistic/stupidity I think is one in the same it’s these kind of holes in security no matter how good of a FW, antivirus, antispywear, a person has if they can just simply click a x and end the warning it will fell there is no further warning that will happen.
What most people (who are not using a firewall today) will need is an effective out-of-the-box product that gives them protection without questions to be asked.
I understand this is probably not the easiest to develop, but what good is a firewall to the general population as they click “yes/accept” to any pop-up they receive. (like my dad does…after having experienced that his internet connection was blocked after his first “deny”).
Harry
yes that is what a FW should do is block the connection now as for it being a permanent block that is for the user to decide there is a box that says always remember all that has to be done is uncheck the box and on the next start up it will run again that is the users of the program responsibility to learn how to use the program but most see a warning and freak out and do not take the time to read the warning the program is only doing what it is told to do the feature is there just some do not know how to work the programs and get mad and remove it or turn it off or just ok every thing
a partial answer is developing very extensive default ruleset. That is - automatic configuration for common software like browsers, IMs, e-mail clients, known security software, media players (i’d advice a default-deny policy for media players since i’ve read some stuff about numerous attacks through WMP’s *.wmv vulnerabilities), VoIP apps etc. Combined with an autoupdating IP blocker with known-to-be-malicious sites this could keep an average Joe secure and unannoyed with popups. Of course, with an option to disable these default rules. A good idea would be adding another option in “more options” with “Default template” AND making it selected by default (NOT the OK button). But that’s more of an UI question.
a partial answer is developing very extensive default ruleset. That is - automatic configuration for common software like browsers, IMs, e-mail clients, known security software, media players (i'd advice a default-deny policy for media players since i've read some stuff about numerous attacks through WMP's *.wmv vulnerabilities), VoIP apps etc. Combined with an autoupdating IP blocker with known-to-be-malicious sites this could keep an average Joe secure and unannoyed with popups.
I think that it is a very good idea, but maybe the implementation of something like this can not be very easy. A firewall, for example, may contain thousand of software in his database, but we have to agree that it is something increased day by day, and how could the developer handle it in a reliable and easy way?
Really, something like this would facilitate the use of a firewall by an user without any basic knowledgement, but for how long? I think that it would demand very hard work by the developers, work that, perhaps, may not provide a rapid response when necessary, due to the increasing development of applications, both with good and bad purposes.
maybe a community-driven database? like the HiJackThis one
Great. I imagine that something like that would be very powerful and would give some of the responsibilities to the users/community. Perhaps this seems a little dreamer, but why not?
I would be very happy (speaking here by myself) in be able to participate of something like this, in help the “community-driven database” to increases each day more. We all, users, would take advantage of this.
good idea!
The Comforting effect seeing that someone else done the same thing as you have is a good thing…
Melih
good idea! The Comforting effect seeing that someone else done the same thing as you have is a good thing..
And we have also to consider that the concept of a community helping in something like the tools that Comodo provides is approaching a little more of some concepts of the “opensource” world, at least with respect to the concept of community (I know, of course, that Comodo solutions are nor opensource).
It is also a good idea to improve Comodo spreading the world plan. I think that many people (I, included) would be very happy in participate in something like that. And, of course, it is a good opportunity to all of us manifestate our thanks to the Comodo Group.
And, this “way of help” could be inserted on the own application. Why not?
My point of view on this subject: I work and have worked part time for 8 years at a Internet provider company. My task is to configure new customers dial up modems for connecting to our services. But, some of my tasks are to trouble shoot problems for my EXISTING customers.
Most of my customers are around my age (60’s) and did not grow up with a computer. Most of them do not understand the operation of a computer, the Internet, and the hazards of surfing the Internet without having protection for their machines. When I get a call from them and try to help them with their problems I question them as to if they have “Malware Protection”, a firewall etc. They for the most part do not, don’t even know what a anti virus, anti spyware, a firewall is and don’t care. All they want to do is surf the Internet playing games, read and send e-mail etc and not listen to my FREE helpfull adivse. I have told many of them about the free products that Comodo has and how to find Comodo on the Internet.
I have also been told by some of them to “shut up” as they didn’t want to hear what I was saying. So, the end result for them is that they will be bringing their pc into our establishment for computer cleansing and repair at a later time. I have seen it happen over and over. A very few of the folks I talk to have actually thanked me for the information that I take time to inform them about proper protection. Sometimes I think it’s a losing cause but I will continue to advise them as I feel it’s my right and my duty to inform them.
I see newer generations having no idea about computers much like the older generations that did not grow up with computers. Computers are seen as an every-day thing and there for should be simple. This is not the case as most of us know. The second issue is that most viruses now are actually RAT(Remote access trojans) and/or bank stealing trojans/worms. So now we have the everyday 10 to 17 yr-old and mom and pop people against a potentially billion dollar underground industry. Who do you think will win?
Generally I think the newer generation are becoming more and more oblivious to the danger of black hat hackers much like the older generations that did not grow up with computers.
Another trend I have noticed is that Pen-Drives are being infected using the autorun.ini trick, look up symantec’s technical description of the latest and greatest and you’ll see what I mean.
the usb-drive autorun is indeed a serious threat. my friend ALWAYS has to clean her flash-drive, 'cos her university comp is infected.
As for the old generation… It’s really hard for them to understand the computer, if most of them think it is working on tubes, the screen is called “computer” and the tower is called “processor”… I don’t think they are able to understand what is dll injection and other stuff.
But young people are the same sometimes. I read countless messages on russian “humor” sites about someone’s girlfriend being so “stoopid” that when AV says she has 75 viruses on her computer, she decides that it’s easier to delete 1 antivirus than 75 viruses. No alerts - no problems. It’s very rare case when malware installs itself and start to annoy user (with exception of adware of course). So if visually nothing happens - everything’s right. And all the system lags, long system startup and/or shutdown, some error messages - these are “faulty Windows” to blame. It doesn’t really annoy the user too much. Oh, error message, press OK and forget. “I don’t know what that means”.