Two out of five UK home users don't have a clue about how to change the security settings of their home wireless network. The 21st century equivalent of a failure in understanding how to program home video recorders was exposed in a survey commissioned by privacy watchdogs at the Information Commissioners Office (ICO). The …
"Chris Davies, general manager for D-Link UK & Ireland argued that security settings on home networking kit have simplified over the years towards the point where there's no real excuse for getting it wrong."
Hm, Davies should meet my neighbor. He's running a shiny new D-Link 802.11n router with no security enabled. I'm enjoying using his bandwidth instead of paying for my own. And changing the admin password. And installing DD-WRT on his router.
Well done - you've told the world you're a thief!
...says one AC to another.
Three out of Five users
The rest of us realize that the security offered is so bad that there's no real point in enabling it anyway.
AC =not really anonymous
Posting as Anonymous Coward here isn't like on Slashdot, here you need to be logged in to post anything, Slashdot only requires you to pass a CAPTCHA.
But that doesn't stop you using freebie email addresses and VPNs/compromised PCs to try and mask your true IP.
Re: AC =not really anonymous
Then the question is whether, or how quickly, does The Reg forget which AC comments were posted by which user.
Good Job I use wired then
Threw the wireless router in the bin (recycling) as in flogged on eBay, and cat cabled the house, no worries about war drivers piggybacking then, too many wireless networks here and too few channels, data collisions and dropped connection rife.
re: how quickly does The Reg forget
I can still see my AC posts from over four years ago.
You're not anonymous to El Reg
Just the readers..
ok, mr. nice guy.
I, on the other hand, have 3 wireless devices. One of which I use, and two of which randomly take on the network names of my obnoxious neighbors.
Wireless sucks just like Paris.
I have a friend who is a Microsoft Certified Support Thingy Magigy and he sent me a message yesterday: "Help...i've spent two hours setting up my wireless router and i can't get the cd to run the software."
For which at that point I was gob smacked that he didn't realise it had a webUI.
You can make things easy but people still can't do it. Hell some routers require you to configure them by rerouting DNS on the first run.
MCSE == Diploma in being an IT Idiot.
When it comes to anything that is not in the Holy Microsoft Bible (aka the MCSE texts).
Don't even try to get one to use powershell properly. Well if you want to have a laugh then by all means.
The OP is not alone in his thinking that an MCSE is not worth the paperless it is not written on.
If you want to get them really scared tell them about the Cisco CNAA or the RHCE/RHCA tests.
Paris because she loves a good cry when things go wrong
Was speaking to a mate who just passed his CCNA a few weeks ago. I mentioned NAS boxes.
He looked at me bemused.
Didnt have a clue what a NAS box was.
Good to know these folks havent got a clue as to what might actually be connected to their network.
jason 7 CCNA...Ha!
So your expecting a network guy to know about servers? I'd expect a network guy to know what it is; but how to configure/install then no. Just like I know server guys know F%^K all about networking.
I have a friend that asked me to link their Toshiba Satellite Pro to their BT Homehub, as they couldn't get the 2 to talk. Try and I might I couldn't get them to talk either, and tried to link them together with every security type I could find on the box, WEP, WPA, WPA2 etc. I tried them all and nothing allowed the connection to take properly. In the end I tried with no security, and the 2 connected straight away no issues. So sometimes the user has no choice but to leave it unsecured, and maybe get a different router!
Like the homehubs had, which people created scripts that could work out the WEP key based on the hexcode at the end of the SSID?
I suppose at least with WPA it'll be harder to get a bunch of keys to work backwards from.
I'm not sure that security by default is any substitute to making users learn how to work the settings in the first place. I know some people are far more tech-savvy than others, but it's really not that difficult to follow instructions.
Security with a single button?
Yea, they all have that button. It works the same way on every single one I have tried. That is, it doesn't.
Privacy, yes, but what of "potentially legal liability risks"?
As far as I know, you are not liable for others using your internet connection without your knowledge or permission, and if you are then is not the case the ISP should actually do something about it if they supplied the router in the first place?
Also most of the 'software wizards' I have seen are crap things that often only work on a few versions of Windows. Setting up with a web browser to 192.168.1.1 should be simple, but some are crap and most ISP's lack useful technical help pages if you go down that route or find the wizard is broken. Thinking of you Tiscali...
At the end of the day, most computer users are technically illiterate and should NOT have anything to do with setting it up. But ISPs are cheapskates who won't send someone round to put it in and do it properly.
I can't believe that I am about to . . . . . . . stand up for ISPs
"ISPs are cheapskates who won't send someone round to put it in and do it properly"
ISP's are businesses and they are not going to do that for free despite what you might like to think.
You have two choices;
1) Charge the user for the service directly
2) Recoup the costs indirectly by charging everyone more for their Internet service.
Now, personally, I don't need some numbnut from an ISP to come over and mess around with my network. I also don't want to be paying via my monthly bill for all the "free" onsite support calls used by thousands and thousands of other numpties who can't configure their networks properly.
The cheapskates here are the ignorant users, those people who don't want to invest (either time and/or money) in getting their home network working properly. If Joe Sixpack doesn't want to pay for the services that HE REQUIRES then why the hell should I pay it for him through higher bills?
2 out of 5.. that high?
I'm surprised it's as many as 2 out of 5. At least most ISPs are now spoon feeding people by coming with all their security settings pre-installed and set up. All people need to do is enter a key in and away they go.
The problem in doing this is that the customer doesn't learn anything, they don't know why they have to connect with a secure key and they wouldn't know how to replace their own router should it fail.
I'd rather have ignorant customers with a secure wi-fi connection than someone who thinks they know what they are doing but have it set up incorrectly.
And people don't know how to fix a car.
The point is that ISPs have to spoon-feed the customers because the customers aren't interested in getting their hands dirty. Many people DON'T WANT to know the dirty details. If something like that were to break, they'd seek out the local geek-on-call, whatever he/she/they may be named. Just as they'd take a cantankerous car to the local garage. To them, the cable modem is like the phone and the TV: just make it work so I can get on with my life.
A bit scaremongering...
Although most members of the public have no idea what WEP or WPA2 are, most of these people will be using the router supplied by Sky/BT etc... Which come with security turned on and a little sticker on the bottom giving them the key. I've been to fix countless computers as various homes and asked "Do you know your wireless password?", I get the same blank look, so I just pick the router up and look on the bottom.
The only people at risk are those with enough technical knowledge to change their router, and somehow configure their ISP connection details, but not manage the wireless, like AC 16:42's neighbour.
Router setup software CDs suck
I have had dismal experience with setting up new home routers using the install CD (any brand); I now just plug it in and go directly to the administration web page.
Why the hell would *anyone* have to use a damn cd to setup a fecking router anyway?
It's counterintuitive and downright stupid.
The sticker on the bottom of the preconfigured device is enough.
But if too many people secure their wireless then I might have to start paying for internet.
That damn budgie!
wpa 1 and 2 of various types
My wifi is secure.
However, everytime i get roped into setting up someone's wifi security i have to check the type of WPA they are using and which fits.
Sometimes people like BT give you a CD to install a whole load of unnecessary junk on your PC which will also set up your wifi, sometimes its a web interface accessible by an IP address usually 192.168.1.1 etc
This is all pretty straight forward for most readers on here, but pretty scary to most ordinary users, even those who are a "whizz on excel".
One setting, on/off plus password. That is simple.
Security Settings, puh!
My Wifi is wide-screaming, help-yourself open.
When you have about 50+ wifi-enabled gadgets, it's just simpler that way.
The first ring of security is living in the forest on several acres of land. The second ring of security is that I couldn't care less.
Ooo look at me
Wow. Lucky you.
But I bet my willy is bigger than yours.
living in the forest
where the loony survivalists are plotting the overthrow of the state, and happy to have use of your connection.
It might not even be
a case of they don't know how to do it. They might not be aware that it's even an option.
If they get a router from their ISP and it works out of the box, why would they know that they need to set up a key?
If they see the other wireless networks have got keys on, they might not even believe that theirs can do it. Must be a different model surely?
Lets start by teaching the users something they might not know about at all first, then we can teach them how to sort it out. One step at a time.
My BT HomeHub thingy needs me to go in as admin to turn off security - and then it asks if I'm sure, then if I'm really sure (The Mrs Doyle effect).
My ancient wireless print hub from Belkin (hack, spit) won't let me access the wirless security part of its setup menu if I go in via ethernet and it means I'm going to have to drop the wirless security to set it up just to avoid tripping over a long USB lead.
Sod it - I'll gaffa the cable to the floor instead.
I like the ones...
.... that have security set up, but you can work out the key from the SSID and on those ones the default admin passwords are never changed.
Belkin seems to be doing it right
The most recent router that I bought from them had WPA2 enabled and preset with a random SSID and password, which was printed on a tag you could slip into a slot under the router.
That's only half of the problem.
They still have to figure out how to enter that really long key in every single one of their devices. Most people simply can't figure out how do it, or they keep typing it in wrong, or there's some compatibility issue preventing it from working.
@Belkin seems to be doing it right
Jolly good! But not used them yet. My local shop sells the TP-LINK ones, nice boxes, but open by default. Also several recent routers I have tried allow administration over the WiFi link - a very bad idea in my view:
(1) It allows more mischief from local ne'er-do-wells (with weak/no security), and by malicious software on the user's PC, such as changing DNS to poisoned ones, etc. Thankfully the TP-LINK models I have used have UPnP turned off by default.
(2) If you bork it (even temporarily) you have to get an Ethernet cable hooked up anyway.
So why not allow administration only by cable by default?
Admin by wifi is good
So the next time my Orange Livebox starts acting up, I can log in and reboot it from the other side of the house. Admin by cable only makes sense if your router is sat right between your computers within easy cable reach, but for some the lack of cables is a more useful setup. Then again, so is changing the default user credentials...
Or you could just get a router that works.
Really, such simple tried-and-tested technology should not be crashing regularly.
re: keep typing it in wrong
Connect by Ethernet, go to router admin page, copy and paste the key. Simples.
Fair point, but...
...I have a backup router, but sadly there seems to be a shortage of inexpensive models that support VoIP (which is necessary as the "land line phone" runs through the box).
@ Security with a single button?
It really works 100%. That is, if the button in question is the one built in to the side of the mains socket. Let's see you hack my wireless /now/.
Some people like playing
I once came across someone who sat in his garden and reset all the unsecured WiFi names in the area to rude words.
Now spanners.... that's funny!
Finally, an amusing and harmless way to spend a Sunday afternooon...... pure genius!!
I think we need a Facebook page for those clueless wireless neighbors and call it something like ..... I don't know... Wild and Wacky Wireless Pranks? Are there any more good stories out there ? Please share. Nothing like a little hands-on education...
So much trolling...
I bet you that was me doing that. I do that whenever I go to a friend's home during our D&D sessions much to chagrin of my friends who have to explain to their mom not to connect to 'TitsNAss'.
No prior technical knowledge
For what value of "No?"
First thing is that people have to realise that they even need security.
Home users are expected to be network engineers these days. There is as much in many homes as there is in many small to medium offices. Security and encryption is not lesson-one stuff.
I retired before wifi became common in the work place. To be honest, I know little about it and understand less.
Yup. Most of us would agree there.
I wish I had some of those no-security neighbours. The router in my flat is a complete mystery. The landlord installed it. No, it doesn't have a sticker on the bottom. Other residents have got their computers working, but just reply with, er... dunno, in response to questions. The end result is, I have had to install a long+ cable all the way to the router.
Maybe one day I'll work it out. If I'd successfully connected to at least one wireless router before, then I could have a chance. It isn't easy. The whole thing is tricky (and i is a IT hexpert)
If two out of five *don't* know then can not we assume that three out of five *do* know? This seems like good news to me!
5 years ago I would have bet you that only one in five would have even understood the question!
Here in Oz, the amount of people that I speak to on a daily basis concerning help setting up email addresses is scary.
This is a task which should take no more than 2 to 4 minutes tops for the average punter however, the amount of people out there with no computer skills regularly turns it into a 10+ minute tooth extraction with a rusty razor and pliers.
The fact is that people are lazy and they will not use any security until they either get hacked resulting in a huge bill or they are forced to by law.
It's about time that Governments had the balls to do everyone a favour and make it compulsory to make anyone who buys a computer to do a basic computer skills night / weekend course at their local TAFE college and make it illegal for anyone to have an internet connection without anti-virus - they *are* out there and more widespread than anyone thinks.
I've had people tell me it's too complex for them setting up an email password before today; when there is this level of people buying a computer it's hardly surprising that they would probably be the same that have no router security in place either, simply because it's "too hard".
Paris? Because her IQ matches a lot of people out there on the 'net...
Re: Not surprising...
Even assuming that people actually learnt something in the weekend course you propose, all you do is raise the bar slightly. This may stop some random passer by from using your network to find out what time the next bus is but it won't stop anyone with truly nefarious intentions and now , in their eyes, its the governments fault they've been hacked because they did everything they'd been told in class.
I'm not saying that education isn't a good thing, it clearly is. You're not going to teach people, who don't want to learn, all about internet security in a weekend though.
Further to this, sooner or later, the majority of people will secure there network anyway either because they've been hacked or they know somebody who has.
It'll make bugger all difference though. Everyone has locks on their doors these days but people still get burgled.
As for your anti virus suggestion, do you work for McAfee ?