Malware research report docx - ACMA

stuckwarmersMobile - Wireless

Dec 14, 2013 (3 years and 6 months ago)

151 views



Malware and harmful software


Consumer views
on

software

threats

and
use of
protection
s

OCTOBER

2013







Canberra

Red

Building

Benjamin Offices

Chan Street

Belconnen ACT


PO Box 78

Belconnen ACT 2616



T

+61 2 6219 5555

F

+61 2 6219 5353

Melbourne

Level 44

Melbourne Central Tower

360 Elizabeth Street
Melbourne VIC


PO Box 13112

Law Courts

Melbourne VIC 8010


T

+61 3 9963 6800

F

+61 3 9963 6899

Sydney

Level 5


The Bay Centre

65 Pirrama Road


Pyrmont

NSW


PO Box Q500

Queen Victoria Building

NSW 1230


T

+61 2 9334 7700


1800 226 667

F

+61 2 9334 7799




© Commonwealth of Australia
2013

This work is copyright. Apart from any use as permitted under the
Copyright Act 1968
, no part may be reproduced

by any process without prior written permission from the Commonwealth. Requests and inquiries concerning reproduction

and rights should be a
ddressed to the Manager,
Editorial Services
, Australian Communications and Media Authority,

PO Box 13112 Law Courts, Melbourne Vic 8010.


Published by the Australian Communications and Media Authority




Contents





a
c
m
a


|
iii


Executive summary

1

Perceived likelihood of experiencing malware infections

1

Protection of home computers and laptops against harmful software

2

Protection of mobile devices from harmful software

2

Who is responsible for protecting consumers against harmful software?

2

Introduction

4

Research objectives

4

Research methodology

4

Background information

5

Overview of internet use

7

Key findings

11

Introduction

what is malware?

11

Perceived likelihood of experiencing malware

11

Protections against harmful software and viruses

17

Who is responsible for protecting users against harmful softwa
re?

23

Appendixes

27

Appendix A

Survey design and methodology

27

Appendix B

Survey questionnaire (malware component)

29








a
c
m
a

|
1


Executive summary

In 2012, the Australian Communications and Media Authority (the ACMA) commissioned a
national telephone survey
with

1
,
500
Australians aged 18 years and over

and four focus
group discussions

also conducted with adults
.
Part of this

research examined
Austral
ians’
awareness of possible threats from malware (malicious software), the use of protections
against harmful software
,

and views on who
se

responsib
i
l
ity it is to

protect computers
against malware.


Malware infections enable computers
, and potentially tabl
ets and
s
martphones
,

to be
controlled remotely for illegal or harmful purposes without the users’ knowledge. Possible
repercussions for internet users include the mass distribution of spam, hosting of phishing
sites or identity theft.


This
research
provid
es a context for
the ACMA
’s activities relatin
g

to malware
, notably the
Australian Internet Security Initiative

(AISI)

under which
participating i
nternet
p
roviders

mainly
i
nternet
s
ervice
p
roviders (ISPs) and universities

are notified of malware infections

affecting their customers
;

and the
ACMA’s
Cybersmart program, which helps children and
families to use the internet safely and securely
.


Summary of internet use

To provide context for
these

research
findings
on malware, th
e

study found that 86 per cent
of Australian

adult
s used the internet for personal purpose
s
.
Personal i
nternet users

comprised almost all
of
the
18

24
age group

(99

per cent
)
and
usage

declined with age
.
P
eople aged 65 years and over

were least likely to be
internet users (60

per cent
)
.


A
lmost three
-
quarters of Australian

adults

(74

per cent
)

or
88

per cent

of internet users

reported making

online
financial transactions
which include
d

online banking, shopping or
paying bills. Australians aged 18

34 years were mo
re

likely to make
online
financial
transactions (91

per cent
)
than the 65 years and over age group (43

per cent
)
.


Perceived likelihood of experiencing malware infections

More internet users

reported
that
harmful software or
malware
was an unlikely

risk

to their
computer (43

50

p
er cent
)

than
a
likely

risk (28

33

per cent
).
1

A substantial minority (22

25

per cent
)

gave a neutral response (
that is,

neither likely nor unlikely) or said they did not
know

if the
re was

a risk
.


Perceptions
of

likely risk from malware increased with the

age of internet users, and
risk was
regarded

as
more
likely by people who speak language
s

other than English at home.

The
risk
of their computers being infected by malware was perceived as ‘highly unlikely’ by more
internet users who did not make online
financial transactions compared

to those who did
ma
k
e
these

transactions
.





1

Percentage ranges are given because survey respondents were asked about four different examples of harmful
software or malware. The
examples given were software that ‘allows others to use your computer to send out spam
or redirect you to fake websites’, ‘allows others to steal your personal or financial information’, ‘allows others to
identify the websites you have visited and access y
our emails’ and ‘affects the way your computer operates’.





2

|
a
c
m
a



Protection of h
ome computer
s

and laptops

against harmful
software

The research indicate
s

that
most
adult internet users
were

active in protecting their home
computers and laptops from harmful software and viruses.
However, a
notable

minority
report
ed

that
their home computer or laptop
does not have
protective software

(10

per cent
)

and a further eight per cent
that it

is
not
re
gularly updated
.

Nineteen per cent reported

that
operating systems are
not
kept up
-
to
-
date

(1
9

per cent
)
.


Various other methods
of minimising risks from harmful software
were

in use
, including
not
clicking on email links from unknown senders (82

per cent

of
internet users with

home
computers or laptops),
immediately
deleting emails from unknown sources (82

per cent
), not
visiting certain websites (79

per cent
)
, keeping browsers up
-
to
-
date (7
8

per cent
) and
keeping program software up
-
to
-
date (7
6

per cent
)
.


Key reasons
mentioned
for not
having protections

were
:


>

having a computer brand that does not
get
infections (15

per cent
)


>

having
no need

of
protections (12

per cent
)

>

not knowing how to install antivirus protection or how to update computer software (
nine

per cent
)
.


There
were

only minor differences between age groups with young adults aged 18

24 years
least likely to keep protective software up
-
to
-
date, click on email links from unknown senders

and delete emails from unknown sources. Older adults age
d 65 years and over were least
likely to update their
program software
.


Protection of m
obile devices

from harmful software

Internet users were considerably less
certain
about
whether their mobile phone and other
mobile devices are
protect
ed

against harmful software
.

Just over half (52

per cent
) of adults
who usually used a mobile

device

(for
financial transactions or social networking
)

said
it

is

protected. Almost a quarter reported
that it was
not protected (24

per cent
) and the same
propor
tion
said they
did not know (24

per cent
).


Key reasons for believing mobile devices are protected
from harmful software were
:

>

an
understanding that the operating system has built
-
in protections (36

per cent

of people
who said their device is protected)

>

having
install
ed
protective software themselves (29

per cent
)

>

not experiencing any problems or infections (
eight per cent
)

>

no reason/did not know (10

per cent
).


Who is responsible for protecting consumers against harmful
software?

The majority of

adult
Au
stralian
internet users report
ed

that protecting computers from
harmful software is a shared responsibility (82

per cent
)

a responsibility shared between
internet users, ISPs, computer program suppliers and/or government
.


I
t
was also

wide
ly

acknowledge
d

that internet users are
mostly

responsible for protecting
their
personal
computers, mobile phones and other mobile devices against harmful software.
Over three
-
quarters of internet users (77

per cent
)
report
ed

that

they
or
individual
internet
users
are mo
stly responsible.
Thirteen per cent of internet users
regard
ed

the protection of
their computer from harmful software
as their sole responsibility.







a
c
m
a

|
3


Whether
regarded as
a sole or shared responsibility
,
almost all internet users
said

th
ey or

individual inte
rnet users have at least some responsibility
for

protectin
g

their computers
from
harmful software
:

>

individual internet users (90

per cent

of internet users

reported

this
)

>

ISPs (57

per cent
)

>

computer software suppliers (45

per cent
)

>

government (22

per cent
)
.



Some
focus group
participants
seemed

to be

aware of potential security
risks

that can
result

from
a
malware

infection
,

and
that infect
ions can occur

without a user’s knowledge. Some
had
experienced compromises that
had
affected the operation of their
computer
.
Other
participants said they knew that malware and/or virus infections were ‘bad’ but they lacked
any further knowledge about possible consequences.


L
imitations
were recognised by a number of participants to
existing protections against
harmful
software and malware. This included a lack of trust and confidence in the security of
certain operating systems, and
the need to maintain and keep operating systems and
antivirus software up
-
to
-
date. Some
participants also
recognised that protective softwa
re
could
not guard against all infections, particularly new

and more sophisticated

forms of
harmful software or malware.


Some participants said they only used their personal computer
s

for

online banking
because
they perceived them as being more secure

th
an their mobile devices. Very few participants
were certain that their mobile device was protected from harmful software
and

assumed that
it
was

protected; some had not experienced harmful software,
and during discussions

others
began
to
question whether t
heir
s
martphone was actually protected.


Many p
articipants
said they were

unsure of the role played by ISPs in protectin
g

computers
from harmful software.
While m
any support
ed

the idea that ISPs inform their customers if
they become aware
that
their
computer is compromised
,

they
were

also concerned about
their privacy and
the possibility of
being monitored by ISPs.










4

|
a
c
m
a



Introduction

In 2012, the Australian Communications and Media Authority (
the
ACMA) commissioned
quantitative and qualitative research with Australians aged 18 years and over into
consumer
awareness of malware (malicious software) threats, the use of protections against harmful
software and
views

on

who is responsible for protecting

computers against malware.



Malware infections enable computers to be controlled remotely for illegal or harmful
purposes without the computer users’ knowledge. While malware compromises may not be
recognised by affected computer users, possible repercussions for internet users inclu
de the
mass distribution of spam, hosting of phishing sites or identity theft.


This

report presents

research that formed part of a larger study into consumer views about
unsolicited communications and malware.

It
provides a context for
the ACMA
’s activit
ies
relatin
g

to
malware
, notably the
AISI

under which
internet providers

are notified of malware
infections affecting their customers, and the Cybersmart program, which helps children and
families to use the internet safely and securely
.



The following
chapters
present survey findings from telephone interviews

with

1,500
Australians aged 18 years and over. The survey data has been weighted to represent the
Australian adult population with telecommunication access and includes people with fixed
-
line home
phones and those with mobiles only.


Verbatim quotations from focus group participants are
includ
ed alongside the survey
findings
. These

help
in
understand
ing

some of the ways that people speak about their use of
online media and the protections they use a
gainst harmful software.


Research objectives

Th
is

research sought to identify:

>

the
proportion of
adult Australians
who
participat
e

in online banking, shopping
,

paying
bills and
online
social networking activities, and the devices typically used for these
purposes

>

general
perceptions
of adult Australians who use the internet for personal purposes
about
the likelihood of experiencing malware infections

>

methods used to protect internet
-
enabled home computers from harmful software and
viruses, and reason
s

for
not using protections

>

the extent to which
adult
Australians believe their mobile phones and mobile computer
devices are protected from harmful software
, and their reasons for belie
ving this

>

the views of adult Australian internet users on who is responsible

for protecting personal
computers and mobile devices against harmful software
.


Research methodology

A nationally representative telephone survey of 1
,
500 Australians aged 18 years and over,
comprising 1
,
207 household respondents with fixed
-
line phones an
d 293 mobile only phone
users, was undertaken by Roy Morgan Research between 17 and 30 July 2012.
A full
description of the survey research methodology is provided at the end of this report
(Appendix A).


Four focus group discussions were also conducted
af
ter

the survey between 16 and 18
August 2012 to provide
depth and richness to the national survey results.

Two groups were
conducted in Melbourne and two
o
n the Sunshine Coast with eight to 10 participants in each
group.
Each g
roup
was mixed gender with
two groups comprising people aged 18

34 years
and two groups with

people aged 35 years and over.






a
c
m
a

|
5



Interpret
at
i
on of
findings

Significance testing at the 95 per cent confidence level has been applied to findings from the
survey research. Specifically, significance testing throughout this report has been used to
compare whether there is a reliable difference
that is
unlikely to be

due to chan
c
e between
each individual group or segment and the total group (
for example,

for gender, age, income
).


In some cases, the report discusses differences that are not statistically significant where
there is evidence of a consistent pattern of
reported attitudes or behaviour
.


The reader may notice some discrepancies between the sums of the component items and
totals. This may occur due to the effects of rounding or exclusion of ‘don’t know’ responses.


Background information

The ACMA is an inde
pendent statutory authority responsible for the regulation of
broadcasting, the internet, radiocommunications and telecommunications in Australia. The
strategic intent of the ACMA is to make communications and media work in Australia’s public
interest.


To

help
the ACMA

understand how changes in the communications and media environment
affect regulatory settings, and the role of citizens and industry in Australia’s developing
networked society and information economy, we run a comprehensive program called
r
esearch
acma
.


The ACMA has
developed a three
-
year
research
acma

overview

that explains how external
drivers, environmental pressures, the policy environment and internal business needs
determine our annual research priorities. But at the heart of our strategic vision are five
broad research areas that remain relatively constan
t:

>

market standards

>

content and cultural values

>

social and economic participation

>

safeguards

>

regulatory practice and design.


This report on malware contributes to the ACMA’s research theme on social and economic
participation
,

which is directed to identi
fying the regulatory settings and interventions to
assist citizens in protecting their personal information and digital data in an information
economy.



The Australian Internet Security Initiative

The
AISI

is
a

voluntary program
administered by the ACMA
that provides participating
i
nternet
p
roviders

mainly ISPs and universities

with reports

on compromised computers

and other internet
-
connected devices
.
These reports
are derived from data that
the AISI
collects from various sources on computers and other d
evices on the Australian internet that
exhibit behaviour consistent with a malware

infection
. Data in the AISI reports
cannot be
used to
identify
individual
users.


The reports
help
AISI
participants identify
their
customers who may have a computer
or
othe
r device
that is compromised by malware. Many AISI participants notify affected
customers
of

compromises and provide assistance to resolve problems as necessary.
The
AISI
assist
s

internet providers
to
contribute to the reduction of spam, malware and other
cyber
security compromises.






6

|
a
c
m
a



Industry participants receive ‘daily’ reports of compromises that
have been
detected on IP
addresses on their networks.
They

also receive weekly ‘repeated sightings’ reports that
identify
recurring

compromises
.


The AISI progr
am has
13
4

participating members
, i
nclud
ing

11
8

internet providers and
16
universities. These providers are estimated to cover more than
95
per cent of Australian
resident
ial

internet users.


More information on the ACMA’s AISI program is available at
www.acma.gov.au/Industry/Internet/e
-
Security/Australian
-
Internet
-
Security
-
Initiative
.


Other relevant ACMA research

The report
The Australian Internet

Security Initiative: Provider responses to security
-
compromised computers

presents

results
from

telephone interviews with 24 AISI participants
conducted by the ACMA in late 2011 and early 2012. Interviews were conducted to
understand how internet providers use and act on the AISI compromised computer reports to
assist customers who are affected by ma
lware.


The research was conducted to understand the views of AISI participants about the
operation of the AISI and how it might be improved
.
The report o
f this research is available

at
http://www.acma.gov.au/theACMA/Library/researchacma/Digital
-
society
-
research/the
-
aisiprovider
-
responses
-
to
-
securitycompromised
-
computers
-
acma
.








a
c
m
a

|
7


Overview of
internet u
se

In order to understand how adult Australians use the internet
,

and to provide context for this
research on
harmful software and
malware, survey respondents were asked
some questions
about their internet use
, online activities

and the devices they used.


Eighty
-
six

per cent of adult Australians reported using the internet for personal purposes.
The internet was used by almost all young adults aged 18

24 years (99

per cent
) and

use

gradually
decreased with age
to 60 per cent of people aged 65 years
an
d
over
. See

Figure
1
.


Figure
1

Personal i
nternet use by adult Australians, by age


Q3. Do you use the internet for personal purposes?

Base: All respondents (n=1,500); aged 18

24 (n=149), 25

34 (n=283), 35

49 (n=396), 50

64
(n=378), 65+ (n=294)


Use of the internet
to make

financial transactions was
reasonably

high

among internet users

(88

per cent
; that is
,

74

per cent

of Australian adults
)
. This
represent
s
approximately three
-
quarters of

internet users

who
report
ed

us
ing

the internet for banking (77

per cent
), shopping
(75

per cent
) or paying bills (73

per cent
)
, as shown in Figure 2
.


More
than
three in five

internet

users

reported using the internet for social networking (63

per
cent
; that is
,

54

per cent

of Australian adults
).



86

99

96

92

82

60

0
10
20
30
40
50
60
70
80
90
100
Total 18+
18

24

25

34

35

49

50

64

65+
% adult Australians

Age in years





8

|
a
c
m
a



Figure
2

Internet users who make online financial transactions
or
participate in social networking


Q45. Do you do the following on the internet? (i.e. banking, pay bills, shopping
for any products or
services
, social networking

such as
Facebook
).

Base: Respondents who use the internet for personal purposes (n=1,257)

*
I
ncludes people who use
d

the internet for banking, shopping and/or paying bills
.


Young adult

internet users

aged 18

24
years (
96 per
cent
)

and 25

34 years
(
88 per
cent
)

were more likely to engage
in

social networking
(
87 per cent
)

and
internet banking (88

per
cent
) compared
with

the older age groups.


The 25

34
age group (
86

per cent
)

and 35

49 age group
(
79 per cent
)

were the most likely
to use the internet for paying bills
(82 per cent
)
and online shopping
(
83

per cent
)
. See
Figure 3
.


People

aged 50 years and over were least likely to
participate in
social networking

41

per
cent

of
internet users

aged 50

64
years
and

23

per cent

of those 65 years or o
ver

reported

doing this.



88

77

75

73

63

0
10
20
30
40
50
60
70
80
90
100
Total

make
financial
transactions*

Banking
Shopping
Paying bills
Social
networking
% internet users






a
c
m
a

|
9


Figure
3

Internet users who make online financial transactions
or
participate in social networking, by
age


Q45. Do you do the following on the internet? (i.e. banking, pay bills, shopping on the internet, social networking).

Base: Respondents who use the internet for personal purposes (n=1,257); aged 18

24 (n=148), 25

34 (n=270), 35

49 (n=364),

50

64 (n=301), 65+ (n=174)

*
I
ncludes
people

who used the internet for banking, shopping and/or paying bills
.


Figure 4 shows that t
he majority of people
usually accessed the internet for

banking, paying
bills or shopping on their home computer or laptop (89

per cent
). A smaller proportion use
d

a
personal

mobile phone or other

personal
mobile device (31

per cent
) or a work computer or
mobile device (22

per cent
). Home computers or laptops were also the most commonly used
devices for social networking (82

per cent
).


Personal mobile devices were used more
commonly for s
ocial networking
(56

per cent
)
than
for
banking, paying bills or sho
pping (31

per cent
).



91

95

92

82

73

87

88

80

69

54

70

82

83

72

59

64

86

79

68

54

96

88

65

41

23

0
10
20
30
40
50
60
70
80
90
100
18

24

25

34

35

49

50

64

65+
% internet users

Age in years

Total

make financial transactions*

Banking
Shopping
Paying bills
Social networking
Total proportion of
Australian adults

who made online financial transactions (by age group):


9
1% (18

24 yrs)

91% (25

34 yrs)

85% (35

49 yrs)

66% (50

64 yrs)

43% (65+ yrs)






10

|
a
c
m
a



Figure
4

Computer devices used for financial transactions
or
social networking


Q46. What computer or device do you usually use to do online banking, shopping or paying bills? Do you use…

Q47. What
computer or device do you usually use for social networking? Do you use …

Base: Respondents who do online banking, shopping or paying bills (n=1,103), who do online social networking (n=780)




11

56

82

22

31

89

0
10
20
30
40
50
60
70
80
90
100
Work computer or mobile device
Personal mobile device
Home computer or laptop
% internet users

Banking, shopping or paying bills
Social networking





a
c
m
a

|
11


Key findings

Introduction

what is malware?

Malware is a type
of computer program that installs itself on a user’s computer without the
user’s knowledge. It includes viruses and often enables a computer to be controlled remotely
for illegal and harmful purposes. It also often collects sensitive and personal informati
on
stored on the computer, such as online banking passwords or credit card details. This
information is then sent to criminals who use it to steal from the user’s bank account or
commit fraud.


A user’s computer can be at risk of malware if they click on m
alicious web links or ‘URLs’ in
emails or download files from unknown sources. Computer users can help protect their
computer against malware by
:


>

installing
,

and keeping up
-
to
-
date
,

antivirus or anti
-
malware software

>

not opening attachments or clicking on

links in emails from unknown sources

>

not clicking on pop
-
up windows
,

which may direct the user to a website that automatically
uploads malware.


Perceived likelihood of experiencing malware

Survey respondents were
asked to rate the risk to their computer
from four different
examples of
harmful software or
malware on a scale
of 1 to 5
where 1 is highly unlikely and
5 is highly likely
. There was little variation
in perceived risk
across the different malware
examples, where

up to a third of internet users
in
dicated it was ‘likely’ or ‘highly likely’ (
a
rating of 4 or 5
) that their computer was at risk from software

that could
:

>

send spam or redirect them to fake websites (28

per cent
)

>

steal their personal or financial information (29

per cent
)

>

identify website
s they had visited and access their emails (32

per cent
)

>

affect the way their computer operated (33

per cent
).


More internet users
perceived

harmful software or malware as
an

unlikely


or ‘highly unlikely’
risk to their computer (up to a half of internet

users)
, and

a

substantial
minority

(
up to a
quarter
)

were
not
sure and
g
ave

either a neutral
(
that is,
neither likely nor

unlikely)
or ‘don’t
know’
response

to th
ese

question
s
. See

Figure 5
.







12

|
a
c
m
a



Figure
5

Perceived likelihood of experiencing harmful software or malware, by
malware

type


Software that …


Q48. When people use the internet there can be risks from harmful software or malware. Thinking about your use of the interne
t, on a
scale of 1 to 5
where 1 is highly unlikely and 5 is highly likely, in your opinion how likely are the following types of software to be a ris
k to
your computer
: software that allows others to steal your personal or financial information
;

or
that affects the way your compu
ter operates
(e.g. slows it downs, causes it to crash or erases information
)
;

or
that allows others to use your computer to send out spam or redirect
you to fake websites
;

or
that allows others to identify the websites you have visited and access your emai
ls
?

Base: Respondents who use the internet for personal purposes (n=1,257)



Some focus group participants knew more about malware than others. There were those
who demonstrated an understanding of how malware can seriously compromise computers,
and that
computers can be infected by malware without the user’s knowledge. Others were
uncertain
.

T
hey knew that malware and viruses are ‘bad’ for computers but lacked further
knowledge about the potential dangers.


Malware is stuff that is being loaded onto your
computer without you knowing about it, tracking
cookies and Trojans and key

loggers (aged 35+)
.


If it is a login virus then it can capture all of your bank details and everything. They’re terrible if
you get them (aged 35+)
.


[When] companies track where
you are, so they put like a little tracking thing that checks where
you have been and it can take your
bank
details ... As opposed

to viruses
, they [malware] are kind
of in the background; you don’t really know they are there (aged 18

34)
.


I know what the
y [malware and viruses] are, but I think of them both as sort of the same thing,
well not the same thing, but both bad (aged 35+)
.


It [malware and viruses] is in the same bag. I have never found out, if there is a virus [on the
computer] and it has to be
fixed up, but I don’t know the technical details, what exactly happens
(aged 35+)
.


7

6

9

6

20

21

22

21

8

8

10

12

16

16

15

19

21

25

20

21

29

24

24

22

0
10
20
30
40
50
60
70
80
90
100
Allows others to use your
computer to send out
spam or redirect to fake
websites
Allows others to steal
personal or financial
information
Allows others to identify
websites you've visited
and access your emails
Affects the way your
computer operates
% internet users

1

highly unlikely

2

unlikely

3
4

likely

5

highly likely

Don't know





a
c
m
a

|
13



Some focus group participants
said they
had
experience

of

malware
that affected their email
service and involved spam.


I’m not sure if it was a virus or what it was, but
it came through on an email, but as soon as you’d
open it up you’d know that you’ve done the wrong thing and over the next couple of weeks, things
start happening to the computer, something is in the computer, and I’m sure it’s come from that
spam email an
d that’s why we got SPAM fighter; it just



it stopped that problem. The computer
runs nicely now (aged 35+)
.


I have had my email compromised. I have had to change it a few times. I was overseas … and
everyone got an email to say that I was in Spain and I

needed money but it wasn’t the way I
speak, so they knew it wasn’t me. It wasn’t like any Australian would speak … They said to put so
many thousands dollars in [a bank account]
.

They didn’t [have] an account though (aged 35+)
.




Age variation

For each of the four examples of malware given
to

survey
respondents
, the perception of
likely
risk increased with age.
Fewer y
ounger
internet users

consider
ed

their computers
were
at risk from harmful software or malware compared to older age groups
.
The
majority
of
users aged
18

24 years reported

that it was unlikely
their computer was at risk from
malware that could:

>

steal personal or financial information (62

per cent

of internet users)

>

use your computer to send out spam or redirect you to fake websites

(60

per cent
)

>

identif
y

the websites you have visited and access your emails (55

per cent
)

>

affect the way your computer operates (51

per cent
)
.


A
ge variations are shown in
F
igures 6 to 9.


Figure
6

Malware that allows others to use your computer to send out spam or redirect you to fake
websites

perceived likelihood of risk, by age

Scale rating: 1 = highly unlikely, 5 = highly likely


Base: Respondents who use the internet for personal purposes
(n=1,257); aged 18

24 (n=148), 25

34 (n=270), 35

49 (n=364),

50

64 (n=301), 65+ (n=174)




4

6

7

8

12

19

23

31

34

27

19

22

16

12

9

60

49

46

46

52

0
10
20
30
40
50
60
70
80
90
100
18

24

25

34

35

49

50

64

65+
% internet users

Age in years

1

2 (is unlikely)

3
4

5 (is likely)

Don't know




14

|
a
c
m
a



Figure
7

Malware that allows others to steal your personal or financial information

perceived
likelihood of risk, by age

Scale rating: 1 =

highly unlikely, 5 = highly likely


Base: Respondents who use the internet for personal purposes (n=1,257); aged 18

24 (n=148), 25

34 (n=270), 35

49 (n=364),

50

64 (n=301), 65+ (n=174)



Figure
8

Malware that allows others to identify the websites you have visited and access your
emails

perceived likelihood of risk, by age

Scale rating: 1 = highly unlikely, 5 = highly likely


Base: Respondents who use the internet for personal purposes
(n=1,257); 18

24 (n=148), 25

34 (n=270), 35

49 (n=364),

50

64 (n=301), 65+ (n=174)


Figure 9 shows less
age differentiation for perceptions of
likely
risk from malware that affects
the way their computer operates

compared to
the other malware examples.



5

5

5

8

6

17

25

32

35

35

16

16

20

13

10

62

54

43

45

49

0
10
20
30
40
50
60
70
80
90
100
18

24

25

34

35

49

50

64

65+
% internet users

Age in years

1

2 (is unlikely)

3
4

5 (is likely)

Don't know
4

7

7

11

15

25

27

35

37

33

17

19

16

12

10

55

47

42

40

41

0
10
20
30
40
50
60
70
80
90
100
18

24

25

34

35

49

50

64

65+
% internet users

Age in years

1

2 (is unlikely)

3
4

5 (is likely)

Don't know





a
c
m
a

|
15


Figure
9

Malware that affects the way your computer operates

perceived likelihood of risk, by age

Scale rating: 1 = highly unlikely, 5 = highly likely


Base: Respondents who use the internet for personal purposes(n=1,257);
aged 18

24 (n=148), 25

34 (n=270), 35

49 (n=364),

50

64 (n=301), 65+ (n=174)


Variation by online activity

The perception of risk from
harmful software or
malware
was

similar for internet users who
reported doing

various internet activities
.

Approximatel
y the same proportion

of people
perceived
the risk
to be at similar

level
s

whether they
banked, shopped or paid bills online
or
participated in
social network
ing
.


Figure 10

shows

the results for one example of malware
, that is, malware
that allows others
to steal personal or financial information
. The results were similar for the ot
her three types of
malware
that were explored
in
this study
.


Figure
10

Malware that allows others to steal your personal or financial information

perc
eived
likelihood of risk, by internet activity

Scale rating: 1 = highly unlikely, 5 = highly likely


Base: Respondents who use the internet for personal purposes (n=1,257) for: banking (n=960); shopping (n=944), paying bills (
n=913),
social networking
(n=780)

3

4

5

7

11

29

27

36

38

30

18

27

19

15

13

51

42

40

40

46

0
10
20
30
40
50
60
70
80
90
100
18

24

25

34

35

49

50

64

65+
% internet users

Age in years

1

2 (is unlikely)

3
4

5 (is likely)

Don't know
5

5

5

5

28

30

29

28

18

17

19

17

49

48

48

50

0
10
20
30
40
50
60
70
80
90
100
Banking
Shopping
Paying bills
Social networking
% did online activity

1

2 (is unlikely)

3
4

5 (is likely)

Don't know




16

|
a
c
m
a



However, it is apparent
that
internet users
who made online financial transactions
perceived

themselves
to be
at greater risk from
harmful software or
malware.
Fewer
of these
users
perceived
their risk from malware as ‘highly unlikely’
(22

per
cent
)
compared with

people
who
did not
ma
k
e these transactions (
37

per cent
).
Figure 11

illustrates th
ese

finding
s

for
malware that allows others to steal personal or financial information
. Similar results were
obtained for the other three malware examples used in
the

study
.
2




Figure
11

Malware that allows others to steal your personal or financial information

perceived
likelihood of risk, by people who did and di
d not make financial transactions


Base: respondents who use the internet for personal purposes (n=1,257); make online financial transactions (n=1,103),

did not make online financial transactions (n=154)


Variations by language spoken at home

The
proportion of people who rate
d

the
risk
of malware
as


likely


or

highly likely


was

consistently higher for those who speak a language other than English at home
,

compared to
those who only speak English

at home
.


As shown in Figure
1
2
, people who speak
a language other than English at home tend
ed

to
have a higher level of concern
about
some types of malware. While these results should be
regarded as indicative because of the small base of respondents who speak a language
other than English at home (n=187
), there is a consistent pattern indicat
ing

the
y

have a
higher perception of risk and generally perceive malware a
s


likely


or

highly likely


to be a
risk to their computer.






2

The other three examples of harmful software or malware used in the study were software that: ‘allows others to
use your computer to send out spam or redirect you to fake websites’, ‘allows others

to identify the websites you
have visited and access your emails’ and ‘affects the way your computer operates’.

10

5

25

22

6

8

8

17

15

26

37

22

0
10
20
30
40
50
60
70
80
90
100
Made no online financial transactions
Made online financial transactions
% did online activity

1

highly unlikely

2

unlikely

3
4

likely

5

highly likely

Don't know





a
c
m
a

|
17


Figure
12

Perceived likelihood of experiencing ha
rmful software or malware infections, by language
spoken at home

Scale rating: 1 = highly unlikely, 5 = highly likely


Base: Respondents who use the internet for personal purposes (n=1,257); English only spoken at home (n=1,070), another langua
ge
spoken at home (n=187)


Protections against harmful software and viruses

Most adult Australians reported having an internet
-
enabled home computer or laptop (81

per
cent
), which
represents

almost all
adult Australians
who
report
ed

using the internet for
pe
rsonal purposes

(95

per cent
).


A
notable

minority
of people
with
home
-
based
,

internet
-
enabled computers or

laptops

reported they ha
d

not
installed protective software
(10

per cent
)

and

a further eight per cent

did not
keep their protective software
up
-
to
-
date
.
Nineteen per cent
did not keep their
operating systems up
-
to
-
date
.
Many people
applied

various other methods to
minimise risks
from
harmful software and viruses, including not click
ing

on email links from unknown
senders (82

per cent
),
or
immed
iately delet
ing

emails from unknown sources (82

per cent
).


A small group (
four per cent
) reported applying all methods of protection against malware
that are listed in the survey questionnaire
. See

Figure 1
3
.


31

45

30

53

34

46

40

51

23

18

26

14

16

15

18

15

40

32

38

26

43

30

37

28

6

6

6

7

7

9

5

6

0
10
20
30
40
50
60
70
80
90
100
Other language
English only
Other language
English only
Other language
English only
Other language
English only
AFFECTS WAY
COMPUTER
OPERATES
SENDS OUT SPAM/
REDIRECT FAKE
WEBSITES
IDENTIFIES
WEBSITES
VISITED/ ACCESS
EMAILS
STEAL PERSONAL/
FINANCIAL
INFORMATION
% internet users

MALWARE TYPES



1

2 (is unlikely)

3 (neutral)
4

5 (is likely)

Don't know




18

|
a
c
m
a



Figure
13

Methods used to protect
internet
-
enabled home
-
based computers

from

harmful software
and viruses


Q49. Do you have an internet
-
enabled home computer or laptop?

Q50. Which of the following do you do to protect your internet
-
enabled home computer or laptop

from harmful software and viruses?

Base: Respondents who have
an
internet
-
enabled home computer or laptop (n=1,194)

*E
xcludes the 10 per cent who reported having no protective software
.


The survey findings show only minor differences in the use of the various methods to protect
internet
-
enabled computers or laptops across the different age groups (Figure
1
4
). However
,

it is worth noting that the youngest (18

24) and oldest (65+) age group
s were less inclined to
report
us
ing

protective methods compared to the other age groups.


Having protective software to keep an internet
-
enabled home computer or laptop protected
from harmful software was the most common method used across all age groups,

while
keeping program software up
-
to
-
date was the least common across all age groups.




0

1

2

4

76

78

79

81

82

82

82

90

24

22

21

19

18

18

8

10

0
10
20
30
40
50
60
70
80
90
100
None of the above
Don't know/can't say
Other
All of the above
Keep program software up-to-date (e.g. word
processing, photo editing mobile apps)
Keep browsers up-to-date (e.g. internet explorer,
firefox, safari, chrome)
Do not visit certain websites
Keep operating systems up-to-date (e.g. microsoft
windows, mac osx, android)
Immediately delete emails from unknown sources
(without opening them)
Do not click on email links from unknown senders
Keep protective software up-to-date*
Have protective software (e.g. antivirus, anti-spyware,
anti-malware)
% have internet
-
enabled home computer/s

Yes
No





a
c
m
a

|
19


Figure
14

Methods used to protect
internet
-
enabled home computers

from harmful software and
viruses
, by age


Base: Respondents who have
internet
-
enabled home computer or laptop (n=1,194)



F
ocus group
participants

indicated varying degrees of confidence in using the internet for
banking. For
security purposes,
some participants

gave consideration to the type of
operating systems

they used
for
online banking

and recognised the importance of
maintaining these systems and keeping antivirus software up
-
to
-
date
.



I am also a bit paranoid about Windows, so my machine [is] set up with dual boots and I can put it
into Linux and I sort o
f do my internet banking. I don’t do internet banking in Microsoft

(aged 35+)
.


It pays to have another malware scanner and it’s a continual thing; keep your Microsoft patching
up
-
to
-
date, you’ve got to keep your computer in good shape. You’ve got to under
stand what’s
happening and if you don’t, you might get caught (aged 35+)
.


[I do the] updates from Microsoft or use Linux (aged 35+)
.


I just think Linux is a more secure place, there seems to be less malicious activity taking place in
that environment
because it has got a more robust level of security (aged 35+)
.


I don’t trust the [Microsoft] operating system, the engineering of the operating system (aged 35+)
.


Ninety per cent of people use Microsoft so the villains [hackers] … are targeting Microsoft
, and if
you’re using an obscure operating system then you’re safer just because you’re not using
Microsoft (aged 35+)
.


Some
participant
s

noted the difficulty of

protecting computers against

new risks
because

viruses
are constantly
being developed, and expressed concern about
the limitations of
antivirus software
that does not
provide complete protection.
Generally, participants agreed
that there is
an inevitable cost of using
and protecting
computers

from harmful software
.


70

71

72

79

80

79

82

89

74

76

81

81

87

81

87

91

78

84

82

85

85

87

85

91

78

81

80

79

78

82

82

88

73

78

76

81

76

75

75

87

0
10
20
30
40
50
60
70
80
90
100
Keep program software up-to-date
Keep browsers up-to-date
Do not visit certain websites
Keep operating systems up-to-date
Immediately delete emails from unknown sources
Do not click on email links from unknown senders
Keep protective software up-to-date
Have protective software
% have internet
-
enabled home computer/s

18

24 years

25

34 years

35

49 years

50

64 years

65+ years




20

|
a
c
m
a





I thin
k the problem is that ... everyone’s getting very clever and the viruses are obviously more clever
… the people making them are getting more clever so if we don’t upgrade our virus protection to
something that’s more current for now, is it going to protect

all these new things coming in
because there are new things (aged 35+)
.


[I used to have antivirus software]. I had a virus and they would say we can’t protect you against
everything. I said well, if that’s the case, you can’t charge me. If you can only s
top 50 per cent of
the viruses, only charge me 50 per cent of the premium and you have these long arguments to
get them to actually do something for you so it was not just worth it. So I just use the free one
(aged 35+)
.



Nature of the people interviewed

Two
-
thirds (66

per cent
) of the respondents interviewed in this study who had protective
software on their home computer or laptop identified themselves as the person who usually
installs or updates that software, as shown in Figure 1
5
.


Almost one in
five reported that their spouse or partner usually installs or updates protective
software (18

per cent
), and one in ten had a computer technician (10

per cent
) or a friend or
relative (
nine per cent
) do it for them. Six per cent reported that one of their

children usually
does this.


Figure
15

Person who usually installs or updates protective software on home
-
based computer or
laptop


Q56. Who usually installs or updates the protective software on your home computer or laptop to

protect it against

harmful software and viruses?

Base: Respondents who have internet
-
enabled home computer or laptop and have protective software (n=1,078)




66

18

10

9

6

3

0
10
20
30
40
50
60
70
80
90
100
You
Your spouse
or partner
Computer
technician
A friend or
relative
One of your
children
Automatic
updates
% have protective software on home computer/s






a
c
m
a

|
21


Reasons for not using protective methods

Internet
-
enabled home computer
and/
or laptop owners
were asked
their reasons for:

>

not
hav
ing

protective software

>

not
keep
ing protective
software up
-
to
-
dat
e

>

not
keep
ing

their operating systems up
-
to
-
date.


The main reasons
given
were
that their

brand of computer does not get malware or viruses
(15

per cent
),

they don’t need
protections
(12

per cent
)
,

and
they do not know how to install
antivirus protection or how to update their computer
software
(
nine per cent
).


Figure
16

Top
nine
reasons for not having protective software
,

not keeping
protective software


up
-
to
-
date, or not keeping operating system up
-
to
-
date


Base: Respondents who do not have protective software installed, do not keep protective software up
-
to
-
date,
or
do not keep

operating systems up
-
to
-
date (n=188)
3

*This response appears to describe a protective action rather than a reason for not taking action



Malware and mobile devices

Of

the
people who use
d

their internet
-
enabled mobile phone or other
mobile d
evice
for

online
banking, paying bills, shopping or social networking,
just
over

half

believed
their mobile
device

was protected against harmful computer software and viruses (52

per cent
)
. Almost a
quarter
said

their mobile device
was not protected (24

per cent
)

and the same
proportion
was

not sure if
it

was
protected

(
24

per
cent). See Figure 17.






3

Please note that these respondents were recontacted after the main survey and asked this question in a second
interview.

5

6

7

7

8

9

12

12

15

0
10
20
30
40
50
60
70
80
90
100
I don't use the computer often
Couldn't be bothered
Too expensive
Never experienced a problem/ don't see any reason
to
Don't have time
Don't know how to do/install/update
Don't need to
Other people take care of that for me*
The brand of computer I have does not get malware/
viruses
% do not have main protections





22

|
a
c
m
a



Figure
17

Perceptions on whether internet
-
enabled mobile phone
s

or mobile device
s

are protected
from harmful software and viruses


Q52. To

the best of your knowledge, is your internet
-
enabled mobile device protected from harmful computer software and viruses?

Base: Respondents who
usually
use a mobile phone
s

or other mobile device
s

to do online banking, pay bills, shopping or social
networki
ng (n=500)


The main reasons given for believing that
their
mobile devices
are
protected from harmful
software
include
d

an

underst
anding

that the device

ha
s

built
-
in protections (36

per cent
), and

because
the user

had installed the protective software themselves (29

per cent
)
, as shown in
Figure 18
.


Figure
18

Top
six

reasons for believing that mobile devices are protected


Q53. Why do you say that your mobile device is protected from
harmful software and viruses?

Base:
Respondents who usually use a mobile phone or other mobile device to do online banking, pay bills, shopping or social
networking
and
report

the
device
is protected from harmful software and viruses (n=
259
)


The findings

presented in the previous chapter on the higher use of home computers and
laptops for online banking, paying bills and shopping

and social networking to a lesser
degree

also suggest that greater consumer confidence is placed on the security of home
comput
ers and laptops compared to mobile phones and other mobile devices.




52%

24%

24%

Yes

I know it's protected

No

I know it's not protected

Don't know
4

6

8

10

29

36

0
10
20
30
40
50
60
70
80
90
100
Cautious which sites I go to/go to secure websites/
cautious what I download
I understand that my internet service provider does this
Had no problems/device has not been infected so far
Don't know/not sure
I have installed protective software myself
I understand that the operating system has built-in
protections
% typically use mobile device for online activities






a
c
m
a

|
23



Despite using mobile devices to check emails and for internet banking, v
ery few focus group
participants were certain
that
their mobiles

are

protected from harmful software. Some
assumed the
ir

iPhone is

protected and others
did not regard harmful software as an issue
because they
had no experience

of

it

on their mobile phones.

Also mentioned was the
installation of antivirus software
by an own
er of

a tablet with
an
Android operating system.



iPhones are sort of pre
-
protected (aged 35+)
.


I use my mobile phone for banking and the internet all the time. In fact I will sit at home quite
often, it is easier than getting on the computer, I will jus
t use the wireless internet so I am not
using [my mobile phone internet data plan allowance].

… Maybe I am being complacent but I just
assume that the iPhone is reasonably protected

(aged 35+)
.


I put some antivirus software on an Android tablet … (aged
35+)
.


One participant raised the concern that even though they had virus protection on their
computers at home which they used to check emails, they also opened their emails on their
phone and were not sure how safe that is.


My worry about the
s
martphone

is that

and it’s the biggest scary thing



… we have our emails
at our home and we make sure we have all this virus protection at home

… [but] my concern is
that I check my emails all the time on my
s
martphone (aged 35+)
.


S
ome participants did not use th
eir mobile phone for online banking
.


As a rule [I don’t do internet banking] on a mobile phone because it doesn’t have the protection a
computer does (aged 35+)
.



Who is responsible for protecting users against harmful
software
?

Those who had a home computer or a mobile device were asked who is

most responsible


for protecting their computer and mobile devices against harmful software and viruses
.

See
Figure
1
9
.


Over
three
-
quarters

(77

per cent
)
reported
the individual user as being the most responsible.
A further one in
ten

(nine per cent)

suggested that their
ISP

wa
s

most responsible
,

and a

small group (
eight per cent
)
identified

the computer software provider or supplier.

The
government was mentioned by three per cent.



Those who were able to identify who they thought was most responsible for protecting their
computer or mobile device from harmful software and viruses were then asked who else is
responsible. This is also

shown in Figure
1
9

as
‘also responsible’
.


While t
hree per cent
said

that it was firstly the
g
overnment’s responsibility
,

a
further

19 per
cent identified some responsibility for government.


Overall, n
ine in ten (90

per cent
) indicated that the individ
ual user was responsible for
protecting their computer and mobile devices against harmful software and viruses, followed
by ISP
s

(57

per cent
), computer software provider
s

(45

per cent
)
,

and the
g
overnment
(22

per cent
).







24

|
a
c
m
a



Figure
19

Views on who is responsible for protecting computers and mobile devices against harmful
software and viruses


Q54. In your opinion, who is most responsible for protecting your
computer and mobile devices against harmful software and viruses?

Q55. Who else, if anyone else, do you think is responsible?

Base: Respondents who
use the internet for personal purposes (n=1,252)


Most internet users (82

per cent
) indicated that
responsibility for the protection of computers
is shared between t
wo or more players,
while
13 per cent mentioned one player as solely
responsible

(almost all of these people reported
that
the individual user
is

solely
responsible)
, and five per cent said
they did not know who is responsible
.

See
Figure
20
.


Figure
20

Number of entities responsible for the protection of computers from harmful software


Base: Respondents who use the internet for personal purposes (n=1,252)


Age
variation

Internet users

aged 25

34 years
were
most likely to report individual user
s

as

most
responsible for protecting their computer
s

and mobile device
s

(85

per cent
).
T
hose aged 65
years
or over
were
least likely to report
this

(67

per cent
).

1

3

8

9

77

2

19

37

48

13

0
10
20
30
40
50
60
70
80
90
100
Other
Government
Computer software provider/supplier
Internet service provider
You (or individual users)
% internet users

Most responsible
Also responsible
13%

57%

24%

5%

One player responsible
Two players
Three or more players
Don't know
Total = 90%

Total =
57
%

Total =
22
%

Total =
45
%

Total =
3
%






a
c
m
a

|
25


Internet

users

aged 50 years and over
were
more likely than
the
other age groups to report
ISP
s

as

being
most responsible
for protecti
ng

computers against harmful software
(13

per

cent

of
the
50

64
age group
and 15

per cent

of 65+

age group
).


Figure
21

Views on who is most responsible for protecting computers and mobile devices, by age


Base: Respondents with a home computer or mobile device (n=1,
252
); 18

24 (n=
148
), 25

34 (n=
269
), 35

49 (n=
364
),

50

64 (n=
299
), 65+ (n=
172
)



During the focus groups, participants were asked about the role of their ISP in protecting
them from harmful software. Most were unsure about the role played by ISPs in protecting
computers and mobile devices and whether ISPs should be responsible in p
roviding such
protection
.



I think they manage your email account, because your email is going to Telstra first and I think
they go through it to a certain extent, pulling out your spam, but if they miss it they will send it
onto you, but I am not aware
of them having any other sort of antivirus packages through Telstra
or anything like that (aged 35+)
.


They just give you the service and that is it (aged 18

34)
.


I don’t think they should be responsible. I don’t think it is them, they’re just


providing
the service (aged 18

34)
.


They’re just providing a connection (aged 18

34)
.




2

2

4

3

2

4

4

10

8

9

5

10

7

3

8

13

15

79

85

76

76

67

0
10
20
30
40
50
60
70
80
90
100
18

24

25

34

35

49

50

64

65+
% internet users

Age in years

You (or individual users)
Internet service provider
Computer software provider
Government
Other
Don't know/can't say




26

|
a
c
m
a




Some other participants, however, agreed that ISPs should
provide some sort of protection.



I think [they should provide some sort of protection from viruses] to keep their
customers happy,
especially if you’re infected

… it is in their interest I think. My spam filtering comes from Optus on
my Optus account, so that is a good thing (aged 35+)
.


When asked what their response would be to
the possibility of
their ISP informing

them of a
malware compromise on their computing device, most participants supported this proposal.
However, the possibility that they were being monitored was a concern to many.


Privacy is always a concern; it is just the world we live in now (aged 35+)
.


If there is a user who is constantly sending out viruses then they might want to have that
information to hand, but there has to be some sort of stop as to where they stop collecting
information about people (aged 35+)
.


They can possibly access other i
nformation (aged 18

34)
.


I think if you rang them saying I have got reliability issues and there was a test they could run
then that

would be understandable, but not just there in the background lingering around what is
going on (aged 18

34)
.










a
c
m
a

|
27


Appendixes

Appendix A

Survey

design and methodology

The main objective of the main quantitative survey phase was to obtain robust estimates of
Australian consumers


experiences with unsolicited telemarketing calls and email and SMS
spam.


A total of 1,50
0 computer
-
assisted telephone interviews (CATI) were conducted, with
Australian residents aged 18 years and older.


The sample was
designed as a quota sample to ensure that survey coverage was
representative of the Australian population aged 18 years or ol
der in terms of age, gender
and geographic characteristics.
The sample design also included the increasing proportion of
people who do not have a fixed
-
line phone but do have access to a mobile phone. Mobile
phone only users were separately recruited from
the Roy Morgan Single Source database
.
4



The sample comprised two main subsamples:

>

respondents with a fixed
-
line home phone connected (n=1,207), sourced through
Random Digit Dialling (RDD)

>

respondents with mobile phones only

that is, had a mobile phone an
d no fixed
-
line
phone connected in the home (n=293), sourced through re
-
contact of respondents from
the Roy Morgan Single Source database.


All interviews were conducted on weekday evenings (5.00

pm to 8.30

pm) or on weekends
(11.00

am to 4.00

pm) from 1
7 to 30 July 2012.


Quotas were set for both samples to ensure that their demographic profile (age, sex and
area) were representative of the population of Australians aged 18 years and over. This
included both fixed
-
line phone households and mobile phone
only households, as
determined by the latest Roy Morgan Single Source and the Australian Bureau of Statistics
(ABS) data.


Proportional weights were applied to the data to reflect the true distribution of these users.
These were an
interlocking weight of

area by sex, area by age and area by region
(metro/country), and a rim weight for the sample type (respondents with fixed landline and
with mobile phones only).

The weights used were calculated from the latest Roy Morgan
Single Source data.


Final survey
results can be generalised to the Australian population aged 18 and older with
telecommunication
s

access (home or mobile phone).


Statistical reliability of the quantitative results

The estimates derived for this study are based on information obtained fr
om a sample survey
and are therefore subject to sampling variability. They may differ from results that would be
obtained if all people in Australia were interviewed (a census)
,

or if the survey was repeated
with a different sample of respondents.


One
measure of the likelihood of any difference is the standard error (SE), which shows the
extent to which an estimate might vary by chance because only a sample of people were



4

Every year, Roy Mo
rgan Research conducts over 50,000 face
-
to
-
face interviews in Australia. This forms the basis
of Single Source. Approximately 40 per cent also return additional self
-
completion diaries
, the Product Poll and
Media Diary.





28

|
a
c
m
a



interviewed. An alternative way of showing this is the relative standard error (RS
E), which is
the SE as a percentage of the estimate.


The t
able
below
shows the SE for various sample sizes and response levels, and

can be
used to assess if there are statistically significant differences between results within the
study. For example:

>

If
the sample size was 1,500 a response set of 50 per cent has a SE of +/

2.5 per cent at
a 95

per cent confidence level (that is, there are 95 chances in 100 that a repeat survey
would produce a response set of between 52.5 and 47.5 per cent).

>

If there were 500 respondents to a question and 50 per cent gave a particular response,
then the SE for that response is +/

4.4 per cent.


Where the RSE is between 30 and 49 per cent, results should be regarded as moderately
reliable. Where the RSE is 50

per cent or higher, results should be regarded as indicative
estimates only.


For results based on the total study sample of n=1,500, this sample size constrains the
maximum sampling error to +/

2.5 per cent.


Table

A1
Estimated sampling error

Total sam
ple and subsets

Survey size
estimate

2,400

2,250

2,000

1,750

1,500

1,250

1,000

750

500

300

Sample variance (+/

) 95% confidence intervals


%

%

%

%

%

%

%

%

%

%

10%

1.2

1.2

1.3

1.4

1.5

1.7

1.9

2.1

2.6

3.4

20%

1.6

1.7

1.8

1.9

2.0

2.2

2.5

2.9

3.5

4.5

30%

1.8

1.9

2.0

2.1

2.3

2.5

2.8

3.3

4.0

5.2

40%

1.9

2.0

2.1

2.3

2.5

2.7

3.0

3.5

4.3

5.5

50%

2.0

2.1

2.2

2.3

2.5

2.8

3.1

3.6

4.4

5.6

60%

1.9

2.0

2.1

2.3

2.5

2.7

3.0

3.5

4.3

5.5

70%

1.8

1.9

2.0

2.1

2.3

2.5

2.8

3.3

4.0

5.2

80%

1.6

1.7

1.8

1.9

2.0

2.2

2.5

2.9

3.5

4.5

90%

1.2

1.2

1.3

1.4

1.5

1.7

1.9

2.1

2.6

3.4










a
c
m
a

|
29


Appendix
B

Survey questionnaire

(malware component)




R07417

ACMA
-

UNSOLICITED ELECTRONIC COMMUNICATIONS (RDD)

July,
2012



All ANSWER Categories

[Single]

Good [Morning/ Afternoon/ Evening], my name is (say name) from Roy Morgan Research.
I'm calling on behalf of the Australian Government. We are conducting an important survey
about telecommunications and the Internet.


IF GOVERNMENT AGENCY QUERIED, SAY: Th
e study is being conducted for the
Australian Communications and Media Authority
-

the ACMA
-

the Commonwealth
Government agency responsible for regulating telecommunications in Australia.


May I please speak to the youngest male at home who is aged 18 or

over?


IF NO MALES AVAILABLE ASK: May I please speak to the youngest female at home who is
aged 18 or over?


IF NECESSARY REPEAT INTRODUCTION


IF RESPONDENT ASKS HOW LONG THE SURVEY WILL TAKE, SAY: It will take about 20
minutes.


IF NECESSARY SAY: The

information you provide will only be used for research purposes
and will remain strictly confidential. You will not be identified in any way in the results.


IF NECESSARY SAY: If you would like any more information on this research you can call
our hotli
ne on 1800 337 332.


IF QUERIED ABOUT HOW NAME/NUMBER WAS SOURCED (e.g. UNLISTED NUMBER):
We are contacting people from all over Australia. A computer has randomly generated
numbers for us to phone.


IF NECESSARY ADD: To ensure a representative sample of

Australian households it is very
important to include households like yours in the survey.


IF THEY SAY THEY ARE ON THE DO NOT CALL REGISTER, READ: The Do Not Call
Register is a Government initiative that allows people to opt out of receiving telemarketi
ng
calls. Research organisations can still make calls to numbers on the Register because we
are not trying to sell you anything. Participation in the survey is voluntary.


IF NECESSARY, SAY: Is now a good time or would it be more convenient if I made an
a
ppointment to speak to you at another time?


IF NECESSARY, MAKE AN APPOINTMENT.

1


YES
-

CONTINUE

2


NO


IF REFUSES (CODE 2 ON QINTRO)





30

|
a
c
m
a




ENDIF

[Single]

QI1. This call may be monitored by a supervisor for training purposes. Supervisors are
bound by
the same confidentiality requirements as interviewers. Do you agree to this call
being monitored?

1


YES

2


NO


IF NO (CODE 2 ON QI1), SAY:



INTERVIEWER: ALERT SUPERVISOR TO EXCLUDE FROM MONITORING
-

CONTINUE


ENDIF

[Quantity] {Min: 800, Max:
99999, Default Value:9998Refusal Code:9999}

SCR1. Can you please tell me your postcode?

[Single]

SCR2. RECORD SEX OF RESPONDENT

1


MALE

2


FEMALE

[Single]

SCR3. Could you please tell me your age?

1


14
-
17

2


18
-
19

3


20
-
24

4


25
-
29

5


30
-
34

6


35
-
39

7


40
-
44

8


45
-
49

9


50
-
54

10


55
-
59

11


60
-
64

12


65
-
69

13


70
-
74

14


75
-
79

15


80+

99


REFUSED






a
c
m
a

|
31


IF UNDER 18 OR REFUSED (CODE 1 OR 99 ON SCR3), SAY:



Thank you for your time, but we can only speak to people in certain age
groups.


ENDIF

[Single] {Removed}

AREA

1


SYDNEY

2


OTHER NEW SOUTH WALES/ACT

3


MELBOURNE

4


OTHER VICTORIA

5


BRISBANE

6


OTHER QUEENSLAND

7


ADELAIDE

8


OTHER SOUTH AUSTRALIA/NT

9


PERTH

10


OTHER WESTERN AUSTRALIA

11


TASMANIA


IF RDD

SAMPLE COMPUTE ANSWER AS CODE 1, OTHERWISE FOR MOBILE
SAMPLE, ASK:


[Single]


Q1. Do you have a fixed
-
line phone at home?


1


YES


2


NO


99


REFUSED


ENDIF


IF MOBILE SAMPLE RECORD ANSWER AS CODE 1, OTHERWISE FOR RDD SAMPLE,
ASK:


[Single]


Q2. Do you have a mobile phone for personal use?


1


YES


2


NO


99


REFUSED








32

|
a
c
m
a



ENDIF

[Single]

Q3. Do you use the Internet for personal purposes?

1


Yes

2


No

99


Refused

[Single]

Q3A. Do you have an email address that you use for personal
emails?

1


Yes

2


No

99


Refused



NOTE:
A large part of this questionnaire has been deleted because it is not relevant to
this
report on m
alware

and harmful software
.



IF USES THE INTERNET (CODE 1 ON Q3), ASK:



Q45. Do you do the following on the

Internet? READ OUT


[Single]


Banking


1


YES


2


NO


3


(DO NOT READ) DON'T KNOW/CAN'T SAY


4


(DO NOT READ) REFUSED


[Single]


Pay bills


1


YES


2


NO


3


(DO NOT READ) DON'T KNOW/CAN'T SAY


4


(DO NOT READ) REFUSED


[Single]


Shopping for any products or services


1


YES


2


NO


3


(DO NOT READ) DON'T KNOW/CAN'T SAY


4


(DO NOT READ) REFUSED


[Single]


Social networking such as Facebook


1


YES


2


NO


3


(DO NOT READ) DON'T KNOW/CAN'T SAY


4


(DO NOT READ) REFUSED



IF UNRECORDED ON Q45A
-

Q45D, SAY






a
c
m
a

|
33




YOU HAVE LEFT A QUESTION UNANSWERED, YOU WILL NOW BE
TAKEN BACK TO Q45. PLEASE MAKE SURE AN ANSWER IS
SELECTED ON EACH QUESTION



ENDIF



IF YES (CODE 1) ON Q45A, B OR C, ASK:


[Multiple] {Spread:20 }


Q46.
What computer or device do you usually use to do online banking,
shopping or paying bills? Do you use... READ OUT


1


Home computer or laptop


2


Personal mobile device (i.e. phone, tablet, notebook)


3


Work computer or mobile device


97


Something
else (Specify)


98


(DO NOT READ OUT) DON'T KNOW/CAN'T SAY


99


(DO NOT READ OUT) REFUSED



ENDIF



IF YES (CODE 1) ON Q45D, ASK:


[Multiple] {Spread:20 }


Q47. What computer or device do you usually use for social networking?
Do you use... READ
OUT.


1


Home computer or laptop


2


Personal mobile device (i.e. phone, tablet, notebook)


3


Work computer or mobile device


97


Something else (Specify)


98


(DO NOT READ OUT) DON'T KNOW/CAN'T SAY


99


(DO NOT READ OUT) REFUSED



ENDIF


ENDIF


IF HAS THE INTERNET (CODE 1 ON Q3), ASK:


When people use the internet there can be risks from harmful software or malware. Thinking
about your use of the Internet, on a scale of #/1 to 5 where 1 is 'not likely' and 5 is 'highly
likely'/5 to 1 where 5 is

'highly likely' and 1 is 'not likely'/, in your opinion how likely are the
following types of software to be a risk to your computer? READ OUT

[Single]

Q48A. Software that allows others to steal your personal or financial information.

READ OUT: Would
that be...

1


1
-

Highly unlikely

2


2
-

Unlikely

3


3
-

Moderately likely

4


4
-

Likely





34

|
a
c
m
a



5


5
-

Highly likely

98


(DO NOT READ OUT) DON'T KNOW/CAN'T SAY

99


(DO NOT READ OUT) REFUSED

[Single]

Q48B. Software that affects the way your computer
operates (e.g. slows it downs, causes it
to crash or erases information READ OUT IF NECESSARY.

1


1
-

Highly unlikely

2


2
-

Unlikely

3


3
-

Moderately likely

4


4
-

Likely

5


5
-

Highly likely

98


(DO NOT READ OUT) DON'T KNOW/CAN'T SAY

99


(DO NOT

READ OUT) REFUSED

[Single]

Q48C. Software that allows others to use your computer to send out spam or redirect you to
fake websites READ OUT IF NECESSARY.

1


1
-

Highly unlikely

2


2
-

Unlikely

3


3
-

Moderately likely

4


4
-

Likely

5


5
-

Highly

likely

98


(DO NOT READ OUT) DON'T KNOW/CAN'T SAY

99


(DO NOT READ OUT) REFUSED








a
c
m
a

|
35


[Single]

Q48D. Software that allows others to identify the websites you have visited and access your
emails READ OUT IF NECESSARY.

1


1
-

Highly unlikely

2


2
-

Unlikely

3


3
-

Moderately likely

4


4
-

Likely

5


5
-

Highly likely

98


(DO NOT READ OUT) DON'T KNOW/CAN'T SAY

99


(DO NOT READ OUT) REFUSED

[Single]

Q49. Do you have an internet
-
enabled home computer or laptop?

1


YES

2


NO

98


DON'T KNOW/NOT

SURE

99


REFUSED


IF HAS INTERNET ENABLED HOME COMPUTER OR LAPTOP (CODE 1 ON Q49), ASK:


[Multiple] {Spread:20 }


Q50. Which of the following do you do to protect your internet
-
enabled home
computer or laptop from harmful software and viruses? READ OUT.

PROBE: Anything else?


1


Have protective software (e.g. antivirus, anti
-
spyware, anti
-
malware)


2


Keep
protective software up
-
to
-
date


3


Keep operating systems up
-
to
-
date (e.g. Microsoft Windows, Mac
OSx, Android)


4


Keep program software up
-
to
-
date (e.g. word processing, photo
editing, mobile apps)


5


Keep browsers up
-
to
-
date (e.g. Internet Explorer,

Firefox, Safari,
Chrome)


6


Immediately delete emails from unknown sources (without opening
them)


7


Do not click on email links from unknown senders


8


Do not visit certain websites


95

Openend

(DO NOT READ OUT) OTHER (Specify)


96

Single

(DO NOT

READ OUT) ALL OF THE ABOVE


97

Single

(DO NOT READ OUT) NONE OF THE ABOVE


98

Single

(DO NOT READ OUT) DON'T KNOW/CAN'T SAY


99

Single

(DO NOT READ OUT) REFUSED








36

|
a
c
m
a




IF CODE 97 OR NOT CODE 1, 2, OR 3 ON Q50, ASK:


[Multiple] {Spread:20 }


Q51. And
can you please tell me why you don't #/have any protective
software installed on your computer, // #/keep operating systems up to
date, //#/do anything //to keep your internet
-
enabled home computer or
laptop from harmful software and viruses ? DO NOT READ
OUT.


1


Too expensive


2


My computer operates well now


3


Don't know how to do/ install/ update


4


Don't need to


5


Don't have time


6


Couldn't be bothered


7


Never experienced a problem/ Don't see any reason to


97

Openend

OTHER (Specify)


98

Single

DON'T KNOW/CAN'T SAY


99

Single

REFUSED



ENDIF


ENDIF


IF HAS MOBILE DEVICE (CODE 1 ON Q2 OR CODE 2 ON Q46 OR Q47), ASK:


[Single]


Q52. To the best of your knowledge, is your internet
-
enabled mobile device
protected from harmful
computer software and viruses? READ OUT


1


Yes
-

I know it's protected


2


No
-

I know it's NOT protected


3


(DO NOT READ) DON'T KNOW/NOT SURE



IF YES ABOVE (CODE 1 ON Q52), ASK:


[Multiple] {Spread:20 }


Q53. Why do you say that your mobile
device is protected from harmful
software and viruses? DO NOT READ OUT.


1


I have installed protective software myself


2


I understand that the operating system (e.g. Apple,
Android, Windows) has built
-
in protections


3


I understand that my internet

service provider does this


97

Openend

OTHER (Specify)


98

Single

DON'T KNOW/NOT SURE


99

Single

REFUSED



ENDIF


ENDIF


IF HAS HOME COMPUTER OR MOBILE DEVICE (CODE 1 ON Q49 OR CODE 1 ON Q2
OR CODE 2 ON Q46 OR Q47 ), ASK:


[Single] {Random}






a
c
m
a

|
37



Q54.

In your opinion who is most responsible for protecting your computer and
mobile devices against harmful software and viruses? READ OUT.


1


You (or individual users)


2


Government


3


Internet Service Provider


4


Computer software provider/
supplier


5

Fixed

(DO NOT READ) OTHER


98

Fixed

(DO NOT READ OUT) DON'T KNOW/CAN'T SAY


99

Fixed

(DO NOT READ OUT) REFUSED



IF CODE 1 TO 4 ON Q54, ASK:


[Multiple] {Spread:20 }


Q55. Who else, if anyone else, do you think is responsible? READ OUT.


1


You (or individual users)


2


Government


3


Internet Service Provider


4


Computer software provider/ supplier


5


No one else


97

Openend

OTHER (Specify)


98

Single

(DO NOT READ OUT) DON'T KNOW/CAN'T SAY


99

Single

(DO NOT READ OUT) REFUSED



ENDIF


ENDIF


IF HAS HOME COMPUTER OR LAPTOP AND HAS PROTECTIVE SOFTWARE (CODE 1
ON Q49 AND CODE 1 OR 2 ON Q50), ASK:


[Multiple] {Spread:20 }


Q56. Who usually installs or updates the protective software on your home
computer or laptop to protect
it against harmful software and viruses? DO NOT
READ OUT


1


YOU


2


YOUR SPOUSE OR PARTNER


3


ONE OF YOUR CHILDREN


4


A FRIEND OR RELATIVE


5


COMPUTER TECHNICIAN


97

Openend

OTHER (Specify)


98

Single

DON'T KNOW/CAN'T SAY


99

Single

REFUSED


ENDIF


The following questions will be asked for research purposes only, and will not be used in any
way that could identify you.

[Single]

Z1. How many people aged 18 years or over live in your household, including yourself? DO




3
8

|
a
c
m
a



NOT READ

1


1

2


2

3


3

4


4

5


5

6


6+

98


DON'T KNOW

99


REFUSED

[Multiple] {Spread:20 }

Z2. Could you please tell me the highest level of primary or secondary school you personally
have completed? Was it ...? READ OUT

1


Year 9 or below

2


Year 10

3


Or, year
11 or 12

4

Openend

(DO NOT READ) OTHER (Specify)

98

Single

DON'T KNOW

99

Single

REFUSED

[Single]

Z3. What is the highest educational qualification you have completed? INTERVIEWER:
ONLY READ OUT IF RESPONDENT QUERIES HOW MUCH DETAIL IS NEEDED

1


SOME, FINISHED PRIMARY SCHOOL

2


SOME SECONDARY SCHOOL

3


SOME TECHNICAL OR COMMERCIAL

4


4TH FORM/ INTERMEDIATE/ YEAR 10

5


5TH FORM/ LEAVING/ YEAR 11

6


FINISHED TECHNICAL OR COMMERCIAL/ TAFE

7


FINISHED OR NOW STUDYING FOR MATRIC/ H.S.C./ V.C.E./
YEAR 12

8


SOME UNIVERSITY/ C.A.E. TRAINING

9


NOW AT UNIVERSITY

10


TERTIARY DIPLOMA, NOT UNIVERSITY

11


UNDERGRADUATE DEGREE

12


POSTGRADUATE DEGREE

98


(DO NOT READ) DON'T KNOW

99


(DO NOT READ) REFUSED

[Single]

Z4. Are you now in paid employment?


IF YES, ASK: Is that FULL
-
TIME for 35 hours or more a week, or PART
-
TIME?

1


YES, FULL
-
TIME

2


YES, PART
-
TIME

3


NO


IF NOT EMPLOYED (CODE 3 ON Z4), ASK:


[Single]


Z5. Are you now looking for a paid job?







a
c
m
a

|
39


IF
NOT LOOKING, ASK: Are you retired, a student, a non
-
worker or home duties?


1


LOOKING FOR A PAID JOB


2


RETIRED


3


STUDENT


4


NON
-
WORKER


5


HOME DUTIES


6


REFUSED/ CAN'T SAY


ENDIF

[Single]

Z6. Roughly speaking, into which of the following

ranges would your annual household
income fall?

1


Under $15,000

2


$15,000 to $19,999

3


$20,000 to $24,999

4


$25,000 to $29,999

5


$30,000 to $39,999

6


$40,000 to $49,999

7


$50,000 to $59,999

8


$60,000 to $69,999

9


$70,000 to $79,999

10


$80,000 to $99,999

11


$100,000 to $129,999

12


$130,000 or more

98


CAN'T SAY

99


REFUSED


IF CAN'T SAY/ REFUSED TO GIVE HOUSEHOLD INCOME (CODE 98 OR 99 ON Z6),
ASK:


[Single]


Z7. Well could you tell me whether your HOUSEHOLD INCOME would be
over
$50,000 or under $50,000 per year?


1


UNDER $50,000 PER ANNUM


2


OVER $50,000 PER ANNUM


98


CAN'T SAY


99


REFUSED


ENDIF

[Single]

Z8. Roughly speaking, into which of the following ranges does your personal annual income
before tax fall?

1


Under $15,000

2


$15,000 to $19,999

3


$20,000 to $24,999

4


$25,000 to $29,999

5


$30,000 to $39,999

6


$40,000 to $49,999





40

|
a
c
m
a



7


$50,000 to $59,999

8


$60,000 to $69,999

9


$70,000 to $79,999

10


$80,000 to $99,999

11


$100,000 to $129,999

12


$130,000 or more

98


CAN'T SAY

99


REFUSED


IF CAN'T SAY/ REFUSED TO GIVE PERSONAL INCOME (CODE 98 OR 99 ON Z8), ASK:


[Single]


Z9. Well could you tell me whether your PERSONAL INCOME would be over
$50,000 or under $50,000 per year?


1


UNDER
$50,000 PER ANNUM


2


OVER $50,000 PER ANNUM


98


CAN'T SAY


99


REFUSED


ENDIF








a
c
m
a

|
41


[Single]

Z10. Do you speak a language other than English at home?

1


YES

2


NO


IF YES (CODE 1) ON Z10, ASK:


[Single]


Z11. Which language other than English
do you speak at home?


1


Chinese (Mandarin, Cantonese, etc.)


2


Vietnamese


3


Arabic (inc. Lebanese)


4


Greek


5


Italian


6


Persian (Farsi)


7


Spanish


8


Turkish


9


Macedonian


10


Serbian


11


German


12


Hindi


98


Other


ENDIF

[Single]

Z12. Do you consider yourself to be an Indigenous Australian
-

Aboriginal or Torres Strait
Islander?

1


YES
-

ABORIGINAL

2


YES
-

TORRES STRAIT ISLANDER

3


YES
-

BOTH ABORIGINAL AND TORRES STRAIT ISLANDER

4


NO

99


REFUSED


Thank you for your time and assistance. This market research is carried out in compliance
with the Privacy Act and Telecommunications and Research Calls Industry Standard, and
the information you provided will be used only for research purposes.


We are c
onducting this research on behalf of the Australian Communications & Media
Authority.


If you would like any more information about this project or Roy Morgan Research, you can
phone us on 1800 337 332


END
-
OF
-
QUESTIONNAIRE