58
Malware and harmful software Consumer views on software threats and use of protections OCTOBER 2013
Malware and harmful software Consumer views on software threats and use of protectionsOCTOBER 2013
CanberraRed Building Benjamin OfficesChan Street Belconnen ACT
PO Box 78Belconnen ACT 2616
T +61 2 6219 5555F +61 2 6219 5353
MelbourneLevel 44 Melbourne Central Tower360 Elizabeth Street Melbourne VIC
PO Box 13112Law Courts Melbourne VIC 8010
T +61 3 9963 6800F +61 3 9963 6899
SydneyLevel 5 The Bay Centre65 Pirrama Road Pyrmont NSW
PO Box Q500Queen Victoria Building NSW 1230
T +61 2 9334 7700 1800 226 667F +61 2 9334 7799
© Commonwealth of Australia 2013This work is copyright. Apart from any use as permitted under the Copyright Act 1968, no part may be reproduced by any process without prior written permission from the Commonwealth. Requests and inquiries concerning reproduction and rights should be addressed to the Manager, Editorial Services, Australian Communications and Media Authority, PO Box 13112 Law Courts, Melbourne Vic 8010.
Published by the Australian Communications and Media Authority
acma | iii
Executive summary 1Perceived likelihood of experiencing malware infections 1Protection of home computers and laptops against harmful software 2Protection of mobile devices from harmful software 2Who is responsible for protecting consumers against harmful software? 2
Introduction 4Research objectives 4Research methodology 4Background information 5
Overview of internet use 7
Key findings 11Introduction—what is malware? 11Perceived likelihood of experiencing malware 11Protections against harmful software and viruses 17Who is responsible for protecting users against harmful software? 23
Appendixes 27Appendix A—Survey design and methodology 27Appendix B—Survey questionnaire (malware component) 29
acma | iv
Executive summary
In 2012, the Australian Communications and Media Authority (the ACMA) commissioned a national telephone survey with 1,500 Australians aged 18 years and over and four focus group discussions also conducted with adults. Part of this research examined Australians’ awareness of possible threats from malware (malicious software), the use of protections against harmful software, and views on whose responsibility it is to protect computers against malware.
Malware infections enable computers, and potentially tablets and smartphones, to be controlled remotely for illegal or harmful purposes without the users’ knowledge. Possible repercussions for internet users include the mass distribution of spam, hosting of phishing sites or identity theft.
This research provides a context for the ACMA’s activities relating to malware, notably the Australian Internet Security Initiative (AISI) under which participating internet providers—mainly internet service providers (ISPs) and universities—are notified of malware infections affecting their customers; and the ACMA’s Cybersmart program, which helps children and families to use the internet safely and securely.
Summary of internet useTo provide context for these research findings on malware, the study found that 86 per cent of Australian adults used the internet for personal purposes. Personal internet users comprised almost all of the 18–24 age group (99 per cent) and usage declined with age. People aged 65 years and over were least likely to be internet users (60 per cent).
Almost three-quarters of Australian adults (74 per cent)—or 88 per cent of internet users—reported making online financial transactions which included online banking, shopping or paying bills. Australians aged 18–34 years were more likely to make online financial transactions (91 per cent) than the 65 years and over age group (43 per cent).
Perceived likelihood of experiencing malware infectionsMore internet users reported that harmful software or malware was an unlikely risk to their computer (43–50 per cent) than a likely risk (28–33 per cent).1 A substantial minority (22–25 per cent) gave a neutral response (that is, neither likely nor unlikely) or said they did not know if there was a risk.
Perceptions of likely risk from malware increased with the age of internet users, and risk was regarded as more likely by people who speak languages other than English at home. The risk of their computers being infected by malware was perceived as ‘highly unlikely’ by more internet users who did not make online financial transactions compared to those who did make these transactions.
Protection of home computers and laptops against harmful softwareThe research indicates that most adult internet users were active in protecting their home computers and laptops from harmful software and viruses. However, a notable minority reported that their home computer or laptop does not have protective software (10 per cent) and a further eight per cent that it is not regularly updated. Nineteen per cent reported that operating systems are not kept up-to-date (19 per cent).
1 Percentage ranges are given because survey respondents were asked about four different examples of harmful software or malware. The examples given were software that ‘allows others to use your computer to send out spam or redirect you to fake websites’, ‘allows others to steal your personal or financial information’, ‘allows others to identify the websites you have visited and access your emails’ and ‘affects the way your computer operates’.
acma | 0
Various other methods of minimising risks from harmful software were in use, including not clicking on email links from unknown senders (82 per cent of internet users with home computers or laptops), immediately deleting emails from unknown sources (82 per cent), not visiting certain websites (79 per cent), keeping browsers up-to-date (78 per cent) and keeping program software up-to-date (76 per cent).
Key reasons mentioned for not having protections were: > having a computer brand that does not get infections (15 per cent) > having no need of protections (12 per cent)> not knowing how to install antivirus protection or how to update computer software (nine
per cent).
There were only minor differences between age groups with young adults aged 18–24 years least likely to keep protective software up-to-date, click on email links from unknown senders and delete emails from unknown sources. Older adults aged 65 years and over were least likely to update their program software.
Protection of mobile devices from harmful softwareInternet users were considerably less certain about whether their mobile phone and other mobile devices are protected against harmful software. Just over half (52 per cent) of adults who usually used a mobile device (for financial transactions or social networking) said it is protected. Almost a quarter reported that it was not protected (24 per cent) and the same proportion said they did not know (24 per cent).
Key reasons for believing mobile devices are protected from harmful software were: > an understanding that the operating system has built-in protections (36 per cent of people
who said their device is protected) > having installed protective software themselves (29 per cent)> not experiencing any problems or infections (eight per cent)> no reason/did not know (10 per cent).
Who is responsible for protecting consumers against harmful software?The majority of adult Australian internet users reported that protecting computers from harmful software is a shared responsibility (82 per cent)—a responsibility shared between internet users, ISPs, computer program suppliers and/or government.
It was also widely acknowledged that internet users are mostly responsible for protecting their personal computers, mobile phones and other mobile devices against harmful software. Over three-quarters of internet users (77 per cent) reported that they or individual internet users are mostly responsible. Thirteen per cent of internet users regarded the protection of their computer from harmful software as their sole responsibility.
Whether regarded as a sole or shared responsibility, almost all internet users said they or individual internet users have at least some responsibility for protecting their computers from harmful software:> individual internet users (90 per cent of internet users reported this)> ISPs (57 per cent)> computer software suppliers (45 per cent)> government (22 per cent).
1 | acma
Some focus group participants seemed to be aware of potential security risks that can result from a malware infection, and that infections can occur without a user’s knowledge. Some had experienced compromises that had affected the operation of their computer. Other participants said they knew that malware and/or virus infections were ‘bad’ but they lacked any further knowledge about possible consequences.
Limitations were recognised by a number of participants to existing protections against harmful software and malware. This included a lack of trust and confidence in the security of certain operating systems, and the need to maintain and keep operating systems and antivirus software up-to-date. Some participants also recognised that protective software could not guard against all infections, particularly new and more sophisticated forms of harmful software or malware.
Some participants said they only used their personal computers for online banking because they perceived them as being more secure than their mobile devices. Very few participants were certain that their mobile device was protected from harmful software and assumed that it was protected; some had not experienced harmful software, and during discussions others began to question whether their smartphone was actually protected.
Many participants said they were unsure of the role played by ISPs in protecting computers from harmful software. While many supported the idea that ISPs inform their customers if they become aware that their computer is compromised, they were also concerned about their privacy and the possibility of being monitored by ISPs.
acma | 2
IntroductionIn 2012, the Australian Communications and Media Authority (the ACMA) commissioned quantitative and qualitative research with Australians aged 18 years and over into consumer awareness of malware (malicious software) threats, the use of protections against harmful software and views on who is responsible for protecting computers against malware.
Malware infections enable computers to be controlled remotely for illegal or harmful purposes without the computer users’ knowledge. While malware compromises may not be recognised by affected computer users, possible repercussions for internet users include the mass distribution of spam, hosting of phishing sites or identity theft.
This report presents research that formed part of a larger study into consumer views about unsolicited communications and malware. It provides a context for the ACMA’s activities relating to malware, notably the AISI under which internet providers are notified of malware infections affecting their customers, and the Cybersmart program, which helps children and families to use the internet safely and securely.
The following chapters present survey findings from telephone interviews with 1,500 Australians aged 18 years and over. The survey data has been weighted to represent the Australian adult population with telecommunication access and includes people with fixed-line home phones and those with mobiles only.
Verbatim quotations from focus group participants are included alongside the survey findings. These help in understanding some of the ways that people speak about their use of online media and the protections they use against harmful software.
Research objectivesThis research sought to identify:> the proportion of adult Australians who participate in online banking, shopping, paying
bills and online social networking activities, and the devices typically used for these purposes
> general perceptions of adult Australians who use the internet for personal purposes about the likelihood of experiencing malware infections
> methods used to protect internet-enabled home computers from harmful software and viruses, and reasons for not using protections
> the extent to which adult Australians believe their mobile phones and mobile computer devices are protected from harmful software, and their reasons for believing this
> the views of adult Australian internet users on who is responsible for protecting personal computers and mobile devices against harmful software.
Research methodologyA nationally representative telephone survey of 1,500 Australians aged 18 years and over, comprising 1,207 household respondents with fixed-line phones and 293 mobile only phone users, was undertaken by Roy Morgan Research between 17 and 30 July 2012. A full description of the survey research methodology is provided at the end of this report (Appendix A).
Four focus group discussions were also conducted after the survey between 16 and 18 August 2012 to provide depth and richness to the national survey results. Two groups were conducted in Melbourne and two on the Sunshine Coast with eight to 10 participants in each group. Each group was mixed gender with two groups comprising people aged 18–34 years and two groups with people aged 35 years and over.
3 | acma
Interpretation of findingsSignificance testing at the 95 per cent confidence level has been applied to findings from the survey research. Specifically, significance testing throughout this report has been used to compare whether there is a reliable difference that is unlikely to be due to chance between each individual group or segment and the total group (for example, for gender, age, income).
In some cases, the report discusses differences that are not statistically significant where there is evidence of a consistent pattern of reported attitudes or behaviour.
The reader may notice some discrepancies between the sums of the component items and totals. This may occur due to the effects of rounding or exclusion of ‘don’t know’ responses.
Background informationThe ACMA is an independent statutory authority responsible for the regulation of broadcasting, the internet, radiocommunications and telecommunications in Australia. The strategic intent of the ACMA is to make communications and media work in Australia’s public interest.
To help the ACMA understand how changes in the communications and media environment affect regulatory settings, and the role of citizens and industry in Australia’s developing networked society and information economy, we run a comprehensive program called researchacma.
The ACMA has developed a three-year research acma overview that explains how external drivers, environmental pressures, the policy environment and internal business needs determine our annual research priorities. But at the heart of our strategic vision are five broad research areas that remain relatively constant:> market standards> content and cultural values> social and economic participation> safeguards> regulatory practice and design.
This report on malware contributes to the ACMA’s research theme on social and economic participation, which is directed to identifying the regulatory settings and interventions to assist citizens in protecting their personal information and digital data in an information economy.
The Australian Internet Security InitiativeThe AISI is a voluntary program administered by the ACMA that provides participating internet providers—mainly ISPs and universities—with reports on compromised computers and other internet-connected devices. These reports are derived from data that the AISI collects from various sources on computers and other devices on the Australian internet that exhibit behaviour consistent with a malware infection. Data in the AISI reports cannot be used to identify individual users.
The reports help AISI participants identify their customers who may have a computer or other device that is compromised by malware. Many AISI participants notify affected customers of compromises and provide assistance to resolve problems as necessary. The AISI assists internet providers to contribute to the reduction of spam, malware and other cybersecurity compromises.
acma | 4
Industry participants receive ‘daily’ reports of compromises that have been detected on IP addresses on their networks. They also receive weekly ‘repeated sightings’ reports that identify recurring compromises.
The AISI program has 134 participating members, including 118 internet providers and 16 universities. These providers are estimated to cover more than 95 per cent of Australian residential internet users.
More information on the ACMA’s AISI program is available at www.acma.gov.au/Industry/Internet/e-Security/Australian-Internet-Security-Initiative.
Other relevant ACMA researchThe report The Australian Internet Security Initiative: Provider responses to security-compromised computers presents results from telephone interviews with 24 AISI participants conducted by the ACMA in late 2011 and early 2012. Interviews were conducted to understand how internet providers use and act on the AISI compromised computer reports to assist customers who are affected by malware.
The research was conducted to understand the views of AISI participants about the operation of the AISI and how it might be improved. The report of this research is available at http://www.acma.gov.au/theACMA/Library/researchacma/Digital-society-research/the-aisiprovider-responses-to-securitycompromised-computers-acma.
5 | acma
Overview of internet useIn order to understand how adult Australians use the internet, and to provide context for this research on harmful software and malware, survey respondents were asked some questions about their internet use, online activities and the devices they used.
Eighty-six per cent of adult Australians reported using the internet for personal purposes. The internet was used by almost all young adults aged 18–24 years (99 per cent) and use gradually decreased with age to 60 per cent of people aged 65 years and over. See Figure 1.
Figure 1 Personal internet use by adult Australians, by age
Total 18+ 18–24 25–34 35–49 50–64 65+0
10
20
30
40
50
60
70
80
90
100
86
9996
92
82
60
Age in years
% a
dult
Aust
ralia
ns
Q3. Do you use the internet for personal purposes?Base: All respondents (n=1,500); aged 18–24 (n=149), 25–34 (n=283), 35–49 (n=396), 50–64 (n=378), 65+ (n=294)
Use of the internet to make financial transactions was reasonably high among internet users (88 per cent; that is, 74 per cent of Australian adults). This represents approximately three-quarters of internet users who reported using the internet for banking (77 per cent), shopping (75 per cent) or paying bills (73 per cent), as shown in Figure 2.
More than three in five internet users reported using the internet for social networking (63 per cent; that is, 54 per cent of Australian adults).
acma | 6
Figure 2 Internet users who make online financial transactions or participate in social networking
Total—make fi-nancial transac-
tions*
Banking Shopping Paying bills Social networking0
10
20
30
40
50
60
70
80
90
10088
77 75 73
63
% in
tern
et u
sers
Q45. Do you do the following on the internet? (i.e. banking, pay bills, shopping for any products or services, social networking such as Facebook).Base: Respondents who use the internet for personal purposes (n=1,257)*Includes people who used the internet for banking, shopping and/or paying bills.
Young adult internet users aged 18–24 years (96 per cent) and 25–34 years (88 per cent) were more likely to engage in social networking (87 per cent) and internet banking (88 per cent) compared with the older age groups.
The 25–34 age group (86 per cent) and 35–49 age group (79 per cent) were the most likely to use the internet for paying bills (82 per cent) and online shopping (83 per cent). See Figure 3.
People aged 50 years and over were least likely to participate in social networking—41 per cent of internet users aged 50–64 years and 23 per cent of those 65 years or over reported doing this.
7 | acma
Figure 3 Internet users who make online financial transactions or participate in social networking, by age
18–24 25–34 35–49 50–64 65+0
10
20
30
40
50
60
70
80
90
10091
9592
82
73
87 8880
69
54
70
82 83
72
5964
8679
68
54
9688
65
41
23
Total—make financial transactions* Banking Shopping Paying bills Social networkingAge in years
% in
terne
t use
rs
Q45. Do you do the following on the internet? (i.e. banking, pay bills, shopping on the internet, social networking).Base: Respondents who use the internet for personal purposes (n=1,257); aged 18–24 (n=148), 25–34 (n=270), 35–49 (n=364), 50–64 (n=301), 65+ (n=174)*Includes people who used the internet for banking, shopping and/or paying bills.
Figure 4 shows that the majority of people usually accessed the internet for banking, paying bills or shopping on their home computer or laptop (89 per cent). A smaller proportion used a personal mobile phone or other personal mobile device (31 per cent) or a work computer or mobile device (22 per cent). Home computers or laptops were also the most commonly used devices for social networking (82 per cent).
Personal mobile devices were used more commonly for social networking (56 per cent) than for banking, paying bills or shopping (31 per cent).
acma | 8
Total proportion of Australian adults who made online financial transactions (by age group):
91% (18–24 yrs) 91% (25–34 yrs) 85% (35–49 yrs) 66% (50–64 yrs) 43% (65+ yrs)
Figure 4 Computer devices used for financial transactions or social networking
Work computer or mobile device
Personal mobile device
Home computer or laptop
0 10 20 30 40 50 60 70 80 90 100
11
56
82
22
31
89
Banking, shopping or paying bills
Social networking
% internet users
Q46. What computer or device do you usually use to do online banking, shopping or paying bills? Do you use…Q47. What computer or device do you usually use for social networking? Do you use …Base: Respondents who do online banking, shopping or paying bills (n=1,103), who do online social networking (n=780)
9 | acma
Key findingsIntroduction—what is malware?Malware is a type of computer program that installs itself on a user’s computer without the user’s knowledge. It includes viruses and often enables a computer to be controlled remotely for illegal and harmful purposes. It also often collects sensitive and personal information stored on the computer, such as online banking passwords or credit card details. This information is then sent to criminals who use it to steal from the user’s bank account or commit fraud.
A user’s computer can be at risk of malware if they click on malicious web links or ‘URLs’ in emails or download files from unknown sources. Computer users can help protect their computer against malware by: > installing, and keeping up-to-date, antivirus or anti-malware software> not opening attachments or clicking on links in emails from unknown sources> not clicking on pop-up windows, which may direct the user to a website that automatically
uploads malware.
Perceived likelihood of experiencing malwareSurvey respondents were asked to rate the risk to their computer from four different examples of harmful software or malware on a scale of 1 to 5 where 1 is highly unlikely and 5 is highly likely. There was little variation in perceived risk across the different malware examples, where up to a third of internet users indicated it was ‘likely’ or ‘highly likely’ (a rating of 4 or 5) that their computer was at risk from software that could:> send spam or redirect them to fake websites (28 per cent)> steal their personal or financial information (29 per cent)> identify websites they had visited and access their emails (32 per cent)> affect the way their computer operated (33 per cent).
More internet users perceived harmful software or malware as an ‘unlikely’ or ‘highly unlikely’ risk to their computer (up to a half of internet users), and a substantial minority (up to a quarter) were not sure and gave either a neutral (that is, neither likely nor unlikely) or ‘don’t know’ response to these questions. See Figure 5.
acma | 10
Figure 5 Perceived likelihood of experiencing harmful software or malware, by malware type
Software that …
Allows others to use your computer to send out spam or
redirect to fake web-sites
Allows others to steal personal or financial
information
Allows others to iden-tify websites you've visited and access
your emails
Affects the way your computer operates
0
10
20
30
40
50
60
70
80
90
100
7 6 9 6
20 2122
21
8 810
12
16 1615 19
21 25 20 21
29 24 24 22
1—highly unlikely2—unlikely34—likely
% in
tern
et u
sers
Q48. When people use the internet there can be risks from harmful software or malware. Thinking about your use of the internet, on a scale of 1 to 5 where 1 is highly unlikely and 5 is highly likely, in your opinion how likely are the following types of software to be a risk to your computer: software that allows others to steal your personal or financial information; or that affects the way your computer operates (e.g. slows it downs, causes it to crash or erases information); or that allows others to use your computer to send out spam or redirect you to fake websites; or that allows others to identify the websites you have visited and access your emails?Base: Respondents who use the internet for personal purposes (n=1,257)
Some focus group participants knew more about malware than others. There were those who demonstrated an understanding of how malware can seriously compromise computers, and that computers can be infected by malware without the user’s knowledge. Others were uncertain. They knew that malware and viruses are ‘bad’ for computers but lacked further knowledge about the potential dangers.
Malware is stuff that is being loaded onto your computer without you knowing about it, tracking cookies and Trojans and key loggers (aged 35+).
If it is a login virus then it can capture all of your bank details and everything. They’re terrible if you get them (aged 35+).
[When] companies track where you are, so they put like a little tracking thing that checks where you have been and it can take your bank details ... As opposed to viruses, they [malware] are kind of in the background; you don’t really know they are there (aged 18–34).
I know what they [malware and viruses] are, but I think of them both as sort of the same thing, well not the same thing, but both bad (aged 35+).
It [malware and viruses] is in the same bag. I have never found out, if there is a virus [on the computer] and it has to be fixed up, but I don’t know the technical details, what exactly happens (aged 35+).
11 | acma
Some focus group participants said they had experience of malware that affected their email service and involved spam.
I’m not sure if it was a virus or what it was, but it came through on an email, but as soon as you’d open it up you’d know that you’ve done the wrong thing and over the next couple of weeks, things start happening to the computer, something is in the computer, and I’m sure it’s come from that spam email and that’s why we got SPAM fighter; it just … it stopped that problem. The computer runs nicely now (aged 35+).
I have had my email compromised. I have had to change it a few times. I was overseas … and everyone got an email to say that I was in Spain and I needed money but it wasn’t the way I speak, so they knew it wasn’t me. It wasn’t like any Australian would speak … They said to put so many thousands dollars in [a bank account]. They didn’t [have] an account though (aged 35+).
Age variationFor each of the four examples of malware given to survey respondents, the perception of likely risk increased with age. Fewer younger internet users considered their computers were at risk from harmful software or malware compared to older age groups. The majority of users aged 18–24 years reported that it was unlikely their computer was at risk from malware that could:> steal personal or financial information (62 per cent of internet users)> use your computer to send out spam or redirect you to fake websites (60 per cent)> identify the websites you have visited and access your emails (55 per cent)> affect the way your computer operates (51 per cent).
Age variations are shown in Figures 6 to 9.
Figure 6 Malware that allows others to use your computer to send out spam or redirect you to fake websites—perceived likelihood of risk, by age Scale rating: 1 = highly unlikely, 5 = highly likely
18–24 25–34 35–49 50–64 65+0
10
20
30
40
50
60
70
80
90
100
4 6 7 8 12
1923
31 34 2719
2216 12
9
6049 46 46
52
1–2 (is unlikely)34–5 (is likely)Don't know
Age in years
% in
tern
et u
sers
Base: Respondents who use the internet for personal purposes (n=1,257); aged 18–24 (n=148), 25–34 (n=270), 35–49 (n=364), 50–64 (n=301), 65+ (n=174)
acma | 12
Figure 7 Malware that allows others to steal your personal or financial information—perceived likelihood of risk, by ageScale rating: 1 = highly unlikely, 5 = highly likely
18–24 25–34 35–49 50–64 65+0
10
20
30
40
50
60
70
80
90
100
5 5 5 8 6
1725
3235 35
16
16
20 1310
6254
43 45 49
1–2 (is unlikely)34–5 (is likely)Don't know
Age in years
% in
tern
et u
sers
Base: Respondents who use the internet for personal purposes (n=1,257); aged 18–24 (n=148), 25–34 (n=270), 35–49 (n=364), 50–64 (n=301), 65+ (n=174)
Figure 8 Malware that allows others to identify the websites you have visited and access your emails—perceived likelihood of risk, by age Scale rating: 1 = highly unlikely, 5 = highly likely
18–24 25–34 35–49 50–64 65+0
10
20
30
40
50
60
70
80
90
100
4 7 7 11 15
2527
3537 33
1719
1612 10
5547 42 40 41
1–2 (is unlikely)34–5 (is likely)Don't know
Age in years
% in
tern
et u
sers
Base: Respondents who use the internet for personal purposes (n=1,257); 18–24 (n=148), 25–34 (n=270), 35–49 (n=364), 50–64 (n=301), 65+ (n=174)
Figure 9 shows less age differentiation for perceptions of likely risk from malware that affects the way their computer operates compared to the other malware examples.
13 | acma
Figure 9 Malware that affects the way your computer operates—perceived likelihood of risk, by age Scale rating: 1 = highly unlikely, 5 = highly likely
18–24 25–34 35–49 50–64 65+0
10
20
30
40
50
60
70
80
90
100
3 4 5 7 11
29 2736
38 30
1827
19 1513
5142 40 40
46
1–2 (is unlikely)34–5 (is likely)Don't know
Age in years
% in
tern
et u
sers
Base: Respondents who use the internet for personal purposes(n=1,257); aged 18–24 (n=148), 25–34 (n=270), 35–49 (n=364), 50–64 (n=301), 65+ (n=174)
Variation by online activityThe perception of risk from harmful software or malware was similar for internet users who reported doing various internet activities. Approximately the same proportion of people perceived the risk to be at similar levels whether they banked, shopped or paid bills online or participated in social networking.
Figure 10 shows the results for one example of malware, that is, malware that allows others to steal personal or financial information. The results were similar for the other three types of malware that were explored in this study.
Figure 10 Malware that allows others to steal your personal or financial information—perceived likelihood of risk, by internet activity Scale rating: 1 = highly unlikely, 5 = highly likely
Banking Shopping Paying bills Social networking0
10
20
30
40
50
60
70
80
90
100
5 5 5 5
28 30 29 28
18 17 19 17
49 48 48 50
1–2 (is unlikely)34–5 (is likely)Don't know
% d
id o
nlin
e a
ctiv
ity
Base: Respondents who use the internet for personal purposes (n=1,257) for: banking (n=960); shopping (n=944), paying bills (n=913), social networking (n=780)
acma | 14
However, it is apparent that internet users who made online financial transactions perceived themselves to be at greater risk from harmful software or malware. Fewer of these users perceived their risk from malware as ‘highly unlikely’ (22 per cent) compared with people who did not make these transactions (37 per cent). Figure 11 illustrates these findings for malware that allows others to steal personal or financial information. Similar results were obtained for the other three malware examples used in the study.2
Figure 11 Malware that allows others to steal your personal or financial information—perceived likelihood of risk, by people who did and did not make financial transactions
Made no online financial transac-tions
Made online financial transactions0
10
20
30
40
50
60
70
80
90
100
10 5
2522
6
8
8 17
15
26
37
22
1—highly unlikely2—unlikely34—likely5—highly likelyDon't know
% d
id o
nlin
e ac
tivity
Base: respondents who use the internet for personal purposes (n=1,257); make online financial transactions (n=1,103), did not make online financial transactions (n=154)
Variations by language spoken at homeThe proportion of people who rated the risk of malware as ‘likely’ or ‘highly likely’ was consistently higher for those who speak a language other than English at home, compared to those who only speak English at home.
As shown in Figure 12, people who speak a language other than English at home tended to have a higher level of concern about some types of malware. While these results should be regarded as indicative because of the small base of respondents who speak a language other than English at home (n=187), there is a consistent pattern indicating they have a higher perception of risk and generally perceive malware as ‘likely’ or ‘highly likely’ to be a risk to their computer.
2 The other three examples of harmful software or malware used in the study were software that: ‘allows others to use your computer to send out spam or redirect you to fake websites’, ‘allows others to identify the websites you have visited and access your emails’ and ‘affects the way your computer operates’.
15 | acma
Figure 12 Perceived likelihood of experiencing harmful software or malware infections, by language spoken at home Scale rating: 1 = highly unlikely, 5 = highly likely
Other language
English only
Other language
English only
Other language
English only
Other language
English only
IDEN
TIFIES
WEB
SITES
VISIT
ED/ A
CCES
S EMA
ILS
0 10 20 30 40 50 60 70 80 90 100
31
45
30
53
34
46
40
51
23
18
26
14
16
15
18
15
40
32
38
26
43
30
37
28
6
6
6
7
7
9
5
6
1–2 (is unlikely) 3 (neutral) 4–5 (is likely) Don't know% internet users
MALW
ARE
TYPE
S
Base: Respondents who use the internet for personal purposes (n=1,257); English only spoken at home (n=1,070), another language spoken at home (n=187)
Protections against harmful software and virusesMost adult Australians reported having an internet-enabled home computer or laptop (81 per cent), which represents almost all adult Australians who reported using the internet for personal purposes (95 per cent).
A notable minority of people with home-based, internet-enabled computers or laptops reported they had not installed protective software (10 per cent) and a further eight per cent did not keep their protective software up-to-date. Nineteen per cent did not keep their operating systems up-to-date. Many people applied various other methods to minimise risks from harmful software and viruses, including not clicking on email links from unknown senders (82 per cent), or immediately deleting emails from unknown sources (82 per cent).
A small group (four per cent) reported applying all methods of protection against malware that are listed in the survey questionnaire. See Figure 13.
Figure 13 Methods used to protect internet-enabled home-based computers from harmful software and viruses
acma | 16
None of the above
Other
Keep program software up-to-date (e.g. word processing, photo editing mobile apps)
Do not visit certain websites
Immediately delete emails from unknown sources (without opening them)
Keep protective software up-to-date*
0 10 20 30 40 50 60 70 80 90 100
0
1
2
4
76
78
79
81
82
82
82
90
24
22
21
19
18
18
8
10
Yes No
% have internet-enabled home computer/sQ49. Do you have an internet-enabled home computer or laptop?Q50. Which of the following do you do to protect your internet-enabled home computer or laptop from harmful software and viruses?Base: Respondents who have an internet-enabled home computer or laptop (n=1,194)*Excludes the 10 per cent who reported having no protective software.
The survey findings show only minor differences in the use of the various methods to protect internet-enabled computers or laptops across the different age groups (Figure 14). However, it is worth noting that the youngest (18–24) and oldest (65+) age groups were less inclined to report using protective methods compared to the other age groups.
Having protective software to keep an internet-enabled home computer or laptop protected from harmful software was the most common method used across all age groups, while keeping program software up-to-date was the least common across all age groups.
17 | acma
Figure 14 Methods used to protect internet-enabled home computers from harmful software and viruses, by age
Keep program software up-to-date
Keep browsers up-to-date
Do not visit certain websites
Keep operating systems up-to-date
Immediately delete emails from unknown sources
Do not click on email links from unknown senders
Keep protective software up-to-date
Have protective software
0 10 20 30 40 50 60 70 80 90 100
70
71
72
79
80
79
82
89
74
76
81
81
87
81
87
91
78
84
82
85
85
87
85
91
78
81
80
79
78
82
82
88
73
78
76
81
76
75
75
87
18–24 years25–34 years35–49 years50–64 years65+ years
% have internet-enabled home computer/sBase: Respondents who have internet-enabled home computer or laptop (n=1,194)
Focus group participants indicated varying degrees of confidence in using the internet for banking. For security purposes, some participants gave consideration to the type of operating systems they used for online banking and recognised the importance of maintaining these systems and keeping antivirus software up-to-date.
I am also a bit paranoid about Windows, so my machine [is] set up with dual boots and I can put it into Linux and I sort of do my internet banking. I don’t do internet banking in Microsoft (aged 35+).
It pays to have another malware scanner and it’s a continual thing; keep your Microsoft patching up-to-date, you’ve got to keep your computer in good shape. You’ve got to understand what’s happening and if you don’t, you might get caught (aged 35+).
[I do the] updates from Microsoft or use Linux (aged 35+).
I just think Linux is a more secure place, there seems to be less malicious activity taking place in that environment because it has got a more robust level of security (aged 35+).
I don’t trust the [Microsoft] operating system, the engineering of the operating system (aged 35+).
Ninety per cent of people use Microsoft so the villains [hackers] … are targeting Microsoft, and if you’re using an obscure operating system then you’re safer just because you’re not using Microsoft (aged 35+).
Some participants noted the difficulty of protecting computers against new risks because viruses are constantly being developed, and expressed concern about the limitations of antivirus software that does not provide complete protection. Generally, participants agreed that there is an inevitable cost of using and protecting computers from harmful software.
acma | 18
I think the problem is that ... everyone’s getting very clever and the viruses are obviously more clever … the people making them are getting more clever so if we don’t upgrade our virus protection to something that’s more current for now, is it going to protect all these new things coming in because there are new things (aged 35+).
[I used to have antivirus software]. I had a virus and they would say we can’t protect you against everything. I said well, if that’s the case, you can’t charge me. If you can only stop 50 per cent of the viruses, only charge me 50 per cent of the premium and you have these long arguments to get them to actually do something for you so it was not just worth it. So I just use the free one (aged 35+).
Nature of the people interviewedTwo-thirds (66 per cent) of the respondents interviewed in this study who had protective software on their home computer or laptop identified themselves as the person who usually installs or updates that software, as shown in Figure 15.
Almost one in five reported that their spouse or partner usually installs or updates protective software (18 per cent), and one in ten had a computer technician (10 per cent) or a friend or relative (nine per cent) do it for them. Six per cent reported that one of their children usually does this.
Figure 15 Person who usually installs or updates protective software on home-based computer or laptop
You Your spouse or partner
Computer technician
A friend or rela-tive
One of your children
Automatic updates
0
10
20
30
40
50
60
70
80
90
100
66
18
10 96
3
% h
ave
prot
ectiv
e so
ftwar
e on
hom
e co
mpu
ter/s
Q56. Who usually installs or updates the protective software on your home computer or laptop to protect it against harmful software and viruses?Base: Respondents who have internet-enabled home computer or laptop and have protective software (n=1,078)
19 | acma
Reasons for not using protective methods Internet-enabled home computer and/or laptop owners were asked their reasons for:> not having protective software> not keeping protective software up-to-date> not keeping their operating systems up-to-date.
The main reasons given were that their brand of computer does not get malware or viruses (15 per cent), they don’t need protections (12 per cent), and they do not know how to install antivirus protection or how to update their computer software (nine per cent).
Figure 16 Top nine reasons for not having protective software, not keeping protective software up-to-date, or not keeping operating system up-to-date
I don't use the computer often
Couldn't be bothered
Too expensive
Never experienced a problem/ don't see any reason to
Don't have time
Don't know how to do/install/update
Don't need to
Other people take care of that for me*
The brand of computer I have does not get malware/ viruses
0 10 20 30 40 50 60 70 80 90 100
5
6
7
7
8
9
12
12
15
% do not have main protections Base: Respondents who do not have protective software installed, do not keep protective software up-to-date, or do not keep operating systems up-to-date (n=188)3
*This response appears to describe a protective action rather than a reason for not taking action
Malware and mobile devicesOf the people who used their internet-enabled mobile phone or other mobile device for online banking, paying bills, shopping or social networking, just over half believed their mobile device was protected against harmful computer software and viruses (52 per cent). Almost a quarter said their mobile device was not protected (24 per cent) and the same proportion was not sure if it was protected (24 per cent). See Figure 17.
3 Please note that these respondents were recontacted after the main survey and asked this question in a second interview.
acma | 20
Figure 17 Perceptions on whether internet-enabled mobile phones or mobile devices are protected from harmful software and viruses
52%
24%
24%
Yes—I know it's protected
No—I know it's not protected
Don't know
Q52. To the best of your knowledge, is your internet-enabled mobile device protected from harmful computer software and viruses?Base: Respondents who usually use a mobile phones or other mobile devices to do online banking, pay bills, shopping or social networking (n=500)
The main reasons given for believing that their mobile devices are protected from harmful software included an understanding that the device has built-in protections (36 per cent), and because the user had installed the protective software themselves (29 per cent), as shown in Figure 18.
Figure 18 Top six reasons for believing that mobile devices are protected
Cautious which sites I go to/go to secure websites/ cau-tious what I download
I understand that my internet service provider does this
Had no problems/device has not been infected so far
Don't know/not sure
I have installed protective software myself
I understand that the operating system has built-in pro-tections
0 10 20 30 40 50 60 70 80 90 100
4
6
8
10
29
36
% typically use mobile device for online activities
Q53. Why do you say that your mobile device is protected from harmful software and viruses?Base: Respondents who usually use a mobile phone or other mobile device to do online banking, pay bills, shopping or social networking and report the device is protected from harmful software and viruses (n=259)
The findings presented in the previous chapter on the higher use of home computers and laptops for online banking, paying bills and shopping—and social networking to a lesser degree—also suggest that greater consumer confidence is placed on the security of home computers and laptops compared to mobile phones and other mobile devices.
21 | acma
Despite using mobile devices to check emails and for internet banking, very few focus group participants were certain that their mobiles are protected from harmful software. Some assumed their iPhone is protected and others did not regard harmful software as an issue because they had no experience of it on their mobile phones. Also mentioned was the installation of antivirus software by an owner of a tablet with an Android operating system.
iPhones are sort of pre-protected (aged 35+).
I use my mobile phone for banking and the internet all the time. In fact I will sit at home quite often, it is easier than getting on the computer, I will just use the wireless internet so I am not using [my mobile phone internet data plan allowance]. … Maybe I am being complacent but I just assume that the iPhone is reasonably protected (aged 35+).
I put some antivirus software on an Android tablet … (aged 35+).
One participant raised the concern that even though they had virus protection on their computers at home which they used to check emails, they also opened their emails on their phone and were not sure how safe that is.
My worry about the smartphone is that—and it’s the biggest scary thing— … we have our emails at our home and we make sure we have all this virus protection at home … [but] my concern is that I check my emails all the time on my smartphone (aged 35+).
Some participants did not use their mobile phone for online banking.
As a rule [I don’t do internet banking] on a mobile phone because it doesn’t have the protection a computer does (aged 35+).
Who is responsible for protecting users against harmful software?Those who had a home computer or a mobile device were asked who is ‘most responsible’ for protecting their computer and mobile devices against harmful software and viruses. See Figure 19.
Over three-quarters (77 per cent) reported the individual user as being the most responsible. A further one in ten (nine per cent) suggested that their ISP was most responsible, and a small group (eight per cent) identified the computer software provider or supplier. The government was mentioned by three per cent.
Those who were able to identify who they thought was most responsible for protecting their computer or mobile device from harmful software and viruses were then asked who else is responsible. This is also shown in Figure 19 as ‘also responsible’.
While three per cent said that it was firstly the government’s responsibility, a further 19 per cent identified some responsibility for government.
Overall, nine in ten (90 per cent) indicated that the individual user was responsible for protecting their computer and mobile devices against harmful software and viruses, followed by ISPs (57 per cent), computer software providers (45 per cent), and the government (22 per cent).
acma | 22
Figure 19 Views on who is responsible for protecting computers and mobile devices against harmful software and viruses
Other
Government
Computer software provider/supplier
Internet service provider
You (or individual users)
0 10 20 30 40 50 60 70 80 90 100
1
3
8
9
77
2
19
37
48
13
Most responsible Also responsible
% internet users
Q54. In your opinion, who is most responsible for protecting your computer and mobile devices against harmful software and viruses?Q55. Who else, if anyone else, do you think is responsible?Base: Respondents who use the internet for personal purposes (n=1,252)
Most internet users (82 per cent) indicated that responsibility for the protection of computers is shared between two or more players, while 13 per cent mentioned one player as solely responsible (almost all of these people reported that the individual user is solely responsible), and five per cent said they did not know who is responsible. See Figure 20.
Figure 20 Number of entities responsible for the protection of computers from harmful software
13%
57%
24%
5%
One player responsible
Two players
Three or more players
Don't know
Base: Respondents who use the internet for personal purposes (n=1,252)
Age variationInternet users aged 25–34 years were most likely to report individual users as most responsible for protecting their computers and mobile devices (85 per cent). Those aged 65 years or over were least likely to report this (67 per cent).
23 | acma
Total = 90%
Total = 57%
Total = 22%
Total = 45%
Total = 3%
Internet users aged 50 years and over were more likely than the other age groups to report ISPs as being most responsible for protecting computers against harmful software (13 per cent of the 50–64 age group and 15 per cent of 65+ age group).
Figure 21 Views on who is most responsible for protecting computers and mobile devices, by age
18–24 25–34 35–49 50–64 65+0
10
20
30
40
50
60
70
80
90
100
2 2 42 4 410 8
95
107
3
8 13
15
7985
76 7667
3
You (or individual users)Internet service providerComputer software providerGovernment
Age in years
% in
tern
et u
sers
Base: Respondents with a home computer or mobile device (n=1,252); 18–24 (n=148), 25–34 (n=269), 35–49 (n=364), 50–64 (n=299), 65+ (n=172)
During the focus groups, participants were asked about the role of their ISP in protecting them from harmful software. Most were unsure about the role played by ISPs in protecting computers and mobile devices and whether ISPs should be responsible in providing such protection.
I think they manage your email account, because your email is going to Telstra first and I think they go through it to a certain extent, pulling out your spam, but if they miss it they will send it onto you, but I am not aware of them having any other sort of antivirus packages through Telstra or anything like that (aged 35+).
They just give you the service and that is it (aged 18–34).
I don’t think they should be responsible. I don’t think it is them, they’re just providing the service (aged 18–34).
They’re just providing a connection (aged 18–34).
acma | 24
Some other participants, however, agreed that ISPs should provide some sort of protection.
I think [they should provide some sort of protection from viruses] to keep their customers happy, especially if you’re infected … it is in their interest I think. My spam filtering comes from Optus on my Optus account, so that is a good thing (aged 35+).
When asked what their response would be to the possibility of their ISP informing them of a malware compromise on their computing device, most participants supported this proposal. However, the possibility that they were being monitored was a concern to many.
Privacy is always a concern; it is just the world we live in now (aged 35+).
If there is a user who is constantly sending out viruses then they might want to have that information to hand, but there has to be some sort of stop as to where they stop collecting information about people (aged 35+).
They can possibly access other information (aged 18–34).
I think if you rang them saying I have got reliability issues and there was a test they could run then that would be understandable, but not just there in the background lingering around what is going on (aged 18–34).
25 | acma
AppendixesAppendix A—Survey design and methodologyThe main objective of the main quantitative survey phase was to obtain robust estimates of Australian consumers’ experiences with unsolicited telemarketing calls and email and SMS spam.
A total of 1,500 computer-assisted telephone interviews (CATI) were conducted, with Australian residents aged 18 years and older.
The sample was designed as a quota sample to ensure that survey coverage was representative of the Australian population aged 18 years or older in terms of age, gender and geographic characteristics. The sample design also included the increasing proportion of people who do not have a fixed-line phone but do have access to a mobile phone. Mobile phone only users were separately recruited from the Roy Morgan Single Source database.4
The sample comprised two main subsamples:> respondents with a fixed-line home phone connected (n=1,207), sourced through
Random Digit Dialling (RDD)> respondents with mobile phones only—that is, had a mobile phone and no fixed-line
phone connected in the home (n=293), sourced through re-contact of respondents from the Roy Morgan Single Source database.
All interviews were conducted on weekday evenings (5.00 pm to 8.30 pm) or on weekends (11.00 am to 4.00 pm) from 17 to 30 July 2012.
Quotas were set for both samples to ensure that their demographic profile (age, sex and area) were representative of the population of Australians aged 18 years and over. This included both fixed-line phone households and mobile phone only households, as determined by the latest Roy Morgan Single Source and the Australian Bureau of Statistics (ABS) data.
Proportional weights were applied to the data to reflect the true distribution of these users. These were an interlocking weight of area by sex, area by age and area by region (metro/country), and a rim weight for the sample type (respondents with fixed landline and with mobile phones only). The weights used were calculated from the latest Roy Morgan Single Source data.
Final survey results can be generalised to the Australian population aged 18 and older with telecommunications access (home or mobile phone).
Statistical reliability of the quantitative resultsThe estimates derived for this study are based on information obtained from a sample survey and are therefore subject to sampling variability. They may differ from results that would be obtained if all people in Australia were interviewed (a census), or if the survey was repeated with a different sample of respondents.
One measure of the likelihood of any difference is the standard error (SE), which shows the extent to which an estimate might vary by chance because only a sample of people were interviewed. An alternative way of showing this is the relative standard error (RSE), which is the SE as a percentage of the estimate.
4 Every year, Roy Morgan Research conducts over 50,000 face-to-face interviews in Australia. This forms the basis of Single Source. Approximately 40 per cent also return additional self-completion diaries, the Product Poll and Media Diary.
acma | 26
The table below shows the SE for various sample sizes and response levels, and can be used to assess if there are statistically significant differences between results within the study. For example:> If the sample size was 1,500 a response set of 50 per cent has a SE of +/–2.5 per cent at
a 95 per cent confidence level (that is, there are 95 chances in 100 that a repeat survey would produce a response set of between 52.5 and 47.5 per cent).
> If there were 500 respondents to a question and 50 per cent gave a particular response, then the SE for that response is +/–4.4 per cent.
Where the RSE is between 30 and 49 per cent, results should be regarded as moderately reliable. Where the RSE is 50 per cent or higher, results should be regarded as indicative estimates only.
For results based on the total study sample of n=1,500, this sample size constrains the maximum sampling error to +/–2.5 per cent.
Table A1 Estimated sampling error
Total sample and subsetsSurvey size estimate 2,400 2,250 2,000 1,750 1,500 1,250 1,000 750 500 300
Sample variance (+/–) 95% confidence intervals% % % % % % % % % %
10% 1.2 1.2 1.3 1.4 1.5 1.7 1.9 2.1 2.6 3.4
20% 1.6 1.7 1.8 1.9 2.0 2.2 2.5 2.9 3.5 4.5
30% 1.8 1.9 2.0 2.1 2.3 2.5 2.8 3.3 4.0 5.2
40% 1.9 2.0 2.1 2.3 2.5 2.7 3.0 3.5 4.3 5.5
50% 2.0 2.1 2.2 2.3 2.5 2.8 3.1 3.6 4.4 5.6
60% 1.9 2.0 2.1 2.3 2.5 2.7 3.0 3.5 4.3 5.5
70% 1.8 1.9 2.0 2.1 2.3 2.5 2.8 3.3 4.0 5.2
80% 1.6 1.7 1.8 1.9 2.0 2.2 2.5 2.9 3.5 4.5
90% 1.2 1.2 1.3 1.4 1.5 1.7 1.9 2.1 2.6 3.4
27 | acma
Appendix B—Survey questionnaire (malware component)
R07417 ACMA - UNSOLICITED ELECTRONIC COMMUNICATIONS (RDD) July, 2012
All ANSWER Categories[Single]Good [Morning/ Afternoon/ Evening], my name is (say name) from Roy Morgan Research. I'm calling on behalf of the Australian Government. We are conducting an important survey about telecommunications and the Internet.
IF GOVERNMENT AGENCY QUERIED, SAY: The study is being conducted for the Australian Communications and Media Authority - the ACMA - the Commonwealth Government agency responsible for regulating telecommunications in Australia.
May I please speak to the youngest male at home who is aged 18 or over?
IF NO MALES AVAILABLE ASK: May I please speak to the youngest female at home who is aged 18 or over?
IF NECESSARY REPEAT INTRODUCTION
IF RESPONDENT ASKS HOW LONG THE SURVEY WILL TAKE, SAY: It will take about 20 minutes.
IF NECESSARY SAY: The information you provide will only be used for research purposes and will remain strictly confidential. You will not be identified in any way in the results.
IF NECESSARY SAY: If you would like any more information on this research you can call our hotline on 1800 337 332.
IF QUERIED ABOUT HOW NAME/NUMBER WAS SOURCED (e.g. UNLISTED NUMBER): We are contacting people from all over Australia. A computer has randomly generated numbers for us to phone.
IF NECESSARY ADD: To ensure a representative sample of Australian households it is very important to include households like yours in the survey.
IF THEY SAY THEY ARE ON THE DO NOT CALL REGISTER, READ: The Do Not Call Register is a Government initiative that allows people to opt out of receiving telemarketing calls. Research organisations can still make calls to numbers on the Register because we are not trying to sell you anything. Participation in the survey is voluntary.
IF NECESSARY, SAY: Is now a good time or would it be more convenient if I made an appointment to speak to you at another time?
IF NECESSARY, MAKE AN APPOINTMENT.1 YES - CONTINUE2 NO
IF REFUSES (CODE 2 ON QINTRO)
acma | 28
ENDIF[Single]QI1. This call may be monitored by a supervisor for training purposes. Supervisors are bound by the same confidentiality requirements as interviewers. Do you agree to this call being monitored?1 YES2 NO
IF NO (CODE 2 ON QI1), SAY:
INTERVIEWER: ALERT SUPERVISOR TO EXCLUDE FROM MONITORING - CONTINUE
ENDIF[Quantity] {Min: 800, Max: 99999, Default Value:9998Refusal Code:9999}SCR1. Can you please tell me your postcode?[Single]SCR2. RECORD SEX OF RESPONDENT1 MALE2 FEMALE[Single]SCR3. Could you please tell me your age?1 14-172 18-193 20-244 25-295 30-346 35-397 40-448 45-499 50-5410 55-5911 60-6412 65-6913 70-7414 75-7915 80+99 REFUSEDIF UNDER 18 OR REFUSED (CODE 1 OR 99 ON SCR3), SAY:
Thank you for your time, but we can only speak to people in certain age groups.
ENDIF[Single] {Removed}AREA1 SYDNEY2 OTHER NEW SOUTH WALES/ACT3 MELBOURNE4 OTHER VICTORIA5 BRISBANE6 OTHER QUEENSLAND7 ADELAIDE
29 | acma
8 OTHER SOUTH AUSTRALIA/NT9 PERTH10 OTHER WESTERN AUSTRALIA11 TASMANIA
IF RDD SAMPLE COMPUTE ANSWER AS CODE 1, OTHERWISE FOR MOBILE SAMPLE, ASK:
[Single]Q1. Do you have a fixed-line phone at home?1 YES2 NO99 REFUSED
ENDIF
IF MOBILE SAMPLE RECORD ANSWER AS CODE 1, OTHERWISE FOR RDD SAMPLE, ASK:
[Single]Q2. Do you have a mobile phone for personal use?1 YES2 NO99 REFUSED
acma | 30
ENDIF[Single]Q3. Do you use the Internet for personal purposes?1 Yes2 No99 Refused[Single]Q3A. Do you have an email address that you use for personal emails?1 Yes2 No99 Refused
NOTE: A large part of this questionnaire has been deleted because it is not relevant to this report on malware and harmful software.
IF USES THE INTERNET (CODE 1 ON Q3), ASK:
Q45. Do you do the following on the Internet? READ OUT[Single]Banking1 YES2 NO3 (DO NOT READ) DON'T KNOW/CAN'T SAY4 (DO NOT READ) REFUSED[Single]Pay bills1 YES2 NO3 (DO NOT READ) DON'T KNOW/CAN'T SAY4 (DO NOT READ) REFUSED[Single]Shopping for any products or services1 YES2 NO3 (DO NOT READ) DON'T KNOW/CAN'T SAY4 (DO NOT READ) REFUSED[Single]Social networking such as Facebook1 YES2 NO3 (DO NOT READ) DON'T KNOW/CAN'T SAY4 (DO NOT READ) REFUSED
IF UNRECORDED ON Q45A - Q45D, SAY
YOU HAVE LEFT A QUESTION UNANSWERED, YOU WILL NOW BE TAKEN BACK TO Q45. PLEASE MAKE SURE AN ANSWER IS SELECTED ON EACH QUESTION
ENDIF
31 | acma
IF YES (CODE 1) ON Q45A, B OR C, ASK:[Multiple] {Spread:20 }Q46. What computer or device do you usually use to do online banking, shopping or paying bills? Do you use... READ OUT1 Home computer or laptop2 Personal mobile device (i.e. phone, tablet, notebook)3 Work computer or mobile device97 Something else (Specify)98 (DO NOT READ OUT) DON'T KNOW/CAN'T SAY99 (DO NOT READ OUT) REFUSED
ENDIF
IF YES (CODE 1) ON Q45D, ASK:[Multiple] {Spread:20 }Q47. What computer or device do you usually use for social networking? Do you use... READ OUT.1 Home computer or laptop2 Personal mobile device (i.e. phone, tablet, notebook)3 Work computer or mobile device97 Something else (Specify)98 (DO NOT READ OUT) DON'T KNOW/CAN'T SAY99 (DO NOT READ OUT) REFUSED
ENDIF
ENDIF
IF HAS THE INTERNET (CODE 1 ON Q3), ASK:
When people use the internet there can be risks from harmful software or malware. Thinking about your use of the Internet, on a scale of #/1 to 5 where 1 is 'not likely' and 5 is 'highly likely'/5 to 1 where 5 is 'highly likely' and 1 is 'not likely'/, in your opinion how likely are the following types of software to be a risk to your computer? READ OUT[Single]Q48A. Software that allows others to steal your personal or financial information. READ OUT: Would that be...1 1 - Highly unlikely2 2 - Unlikely3 3 - Moderately likely4 4 - Likely5 5 - Highly likely98 (DO NOT READ OUT) DON'T KNOW/CAN'T SAY99 (DO NOT READ OUT) REFUSED[Single]Q48B. Software that affects the way your computer operates (e.g. slows it downs, causes it to crash or erases information READ OUT IF NECESSARY.1 1 - Highly unlikely2 2 - Unlikely3 3 - Moderately likely4 4 - Likely5 5 - Highly likely98 (DO NOT READ OUT) DON'T KNOW/CAN'T SAY
acma | 32
99 (DO NOT READ OUT) REFUSED[Single]Q48C. Software that allows others to use your computer to send out spam or redirect you to fake websites READ OUT IF NECESSARY.1 1 - Highly unlikely2 2 - Unlikely3 3 - Moderately likely4 4 - Likely5 5 - Highly likely98 (DO NOT READ OUT) DON'T KNOW/CAN'T SAY99 (DO NOT READ OUT) REFUSED
33 | acma
[Single]Q48D. Software that allows others to identify the websites you have visited and access your emails READ OUT IF NECESSARY.1 1 - Highly unlikely2 2 - Unlikely3 3 - Moderately likely4 4 - Likely5 5 - Highly likely98 (DO NOT READ OUT) DON'T KNOW/CAN'T SAY99 (DO NOT READ OUT) REFUSED[Single]Q49. Do you have an internet-enabled home computer or laptop?1 YES2 NO98 DON'T KNOW/NOT SURE99 REFUSED
IF HAS INTERNET ENABLED HOME COMPUTER OR LAPTOP (CODE 1 ON Q49), ASK:[Multiple] {Spread:20 }Q50. Which of the following do you do to protect your internet-enabled home computer or laptop from harmful software and viruses? READ OUT. PROBE: Anything else?1 Have protective software (e.g. antivirus, anti-spyware, anti-malware)2 Keep protective software up-to-date
3 Keep operating systems up-to-date (e.g. Microsoft Windows, Mac OSx, Android)
4 Keep program software up-to-date (e.g. word processing, photo editing, mobile apps)
5 Keep browsers up-to-date (e.g. Internet Explorer, Firefox, Safari, Chrome)
6 Immediately delete emails from unknown sources (without opening them)
7 Do not click on email links from unknown senders8 Do not visit certain websites95 Openend (DO NOT READ OUT) OTHER (Specify)96 Single (DO NOT READ OUT) ALL OF THE ABOVE97 Single (DO NOT READ OUT) NONE OF THE ABOVE98 Single (DO NOT READ OUT) DON'T KNOW/CAN'T SAY99 Single (DO NOT READ OUT) REFUSED
acma | 34
IF CODE 97 OR NOT CODE 1, 2, OR 3 ON Q50, ASK:[Multiple] {Spread:20 }Q51. And can you please tell me why you don't #/have any protective software installed on your computer, // #/keep operating systems up to date, //#/do anything //to keep your internet-enabled home computer or laptop from harmful software and viruses ? DO NOT READ OUT.1 Too expensive2 My computer operates well now3 Don't know how to do/ install/ update4 Don't need to5 Don't have time6 Couldn't be bothered7 Never experienced a problem/ Don't see any reason to97 Openend OTHER (Specify)98 Single DON'T KNOW/CAN'T SAY99 Single REFUSED
ENDIF
ENDIF
IF HAS MOBILE DEVICE (CODE 1 ON Q2 OR CODE 2 ON Q46 OR Q47), ASK:[Single]Q52. To the best of your knowledge, is your internet-enabled mobile device protected from harmful computer software and viruses? READ OUT1 Yes - I know it's protected2 No - I know it's NOT protected3 (DO NOT READ) DON'T KNOW/NOT SURE
IF YES ABOVE (CODE 1 ON Q52), ASK:[Multiple] {Spread:20 }Q53. Why do you say that your mobile device is protected from harmful software and viruses? DO NOT READ OUT.1 I have installed protective software myself
2 I understand that the operating system (e.g. Apple, Android, Windows) has built-in protections
3 I understand that my internet service provider does this97 Openend OTHER (Specify)98 Single DON'T KNOW/NOT SURE99 Single REFUSED
ENDIF
ENDIF
IF HAS HOME COMPUTER OR MOBILE DEVICE (CODE 1 ON Q49 OR CODE 1 ON Q2 OR CODE 2 ON Q46 OR Q47 ), ASK:
[Single] {Random}Q54. In your opinion who is most responsible for protecting your computer and mobile devices against harmful software and viruses? READ OUT.1 You (or individual users)2 Government3 Internet Service Provider
35 | acma
4 Computer software provider/ supplier5 Fixed (DO NOT READ) OTHER98 Fixed (DO NOT READ OUT) DON'T KNOW/CAN'T SAY99 Fixed (DO NOT READ OUT) REFUSED
IF CODE 1 TO 4 ON Q54, ASK:[Multiple] {Spread:20 }Q55. Who else, if anyone else, do you think is responsible? READ OUT.1 You (or individual users)2 Government3 Internet Service Provider4 Computer software provider/ supplier5 No one else97 Openend OTHER (Specify)98 Single (DO NOT READ OUT) DON'T KNOW/CAN'T SAY99 Single (DO NOT READ OUT) REFUSED
ENDIF
ENDIF
IF HAS HOME COMPUTER OR LAPTOP AND HAS PROTECTIVE SOFTWARE (CODE 1 ON Q49 AND CODE 1 OR 2 ON Q50), ASK:
[Multiple] {Spread:20 }Q56. Who usually installs or updates the protective software on your home computer or laptop to protect it against harmful software and viruses? DO NOT READ OUT1 YOU2 YOUR SPOUSE OR PARTNER3 ONE OF YOUR CHILDREN4 A FRIEND OR RELATIVE5 COMPUTER TECHNICIAN97 Openend OTHER (Specify)98 Single DON'T KNOW/CAN'T SAY99 Single REFUSED
ENDIF
The following questions will be asked for research purposes only, and will not be used in any way that could identify you.[Single]Z1. How many people aged 18 years or over live in your household, including yourself? DO NOT READ1 12 23 34 45 56 6+98 DON'T KNOW99 REFUSED[Multiple] {Spread:20 }Z2. Could you please tell me the highest level of primary or secondary school you personally
acma | 36
have completed? Was it ...? READ OUT1 Year 9 or below2 Year 103 Or, year 11 or 124 Openend (DO NOT READ) OTHER (Specify)98 Single DON'T KNOW99 Single REFUSED[Single]Z3. What is the highest educational qualification you have completed? INTERVIEWER: ONLY READ OUT IF RESPONDENT QUERIES HOW MUCH DETAIL IS NEEDED1 SOME, FINISHED PRIMARY SCHOOL2 SOME SECONDARY SCHOOL3 SOME TECHNICAL OR COMMERCIAL4 4TH FORM/ INTERMEDIATE/ YEAR 105 5TH FORM/ LEAVING/ YEAR 116 FINISHED TECHNICAL OR COMMERCIAL/ TAFE7 FINISHED OR NOW STUDYING FOR MATRIC/ H.S.C./ V.C.E./ YEAR 128 SOME UNIVERSITY/ C.A.E. TRAINING9 NOW AT UNIVERSITY10 TERTIARY DIPLOMA, NOT UNIVERSITY11 UNDERGRADUATE DEGREE12 POSTGRADUATE DEGREE98 (DO NOT READ) DON'T KNOW99 (DO NOT READ) REFUSED[Single]Z4. Are you now in paid employment?
IF YES, ASK: Is that FULL-TIME for 35 hours or more a week, or PART-TIME?1 YES, FULL-TIME2 YES, PART-TIME3 NO
IF NOT EMPLOYED (CODE 3 ON Z4), ASK:[Single]Z5. Are you now looking for a paid job?
IF NOT LOOKING, ASK: Are you retired, a student, a non-worker or home duties?1 LOOKING FOR A PAID JOB2 RETIRED3 STUDENT4 NON-WORKER5 HOME DUTIES6 REFUSED/ CAN'T SAY
ENDIF[Single]Z6. Roughly speaking, into which of the following ranges would your annual household income fall?1 Under $15,0002 $15,000 to $19,9993 $20,000 to $24,9994 $25,000 to $29,999
37 | acma
5 $30,000 to $39,9996 $40,000 to $49,9997 $50,000 to $59,9998 $60,000 to $69,9999 $70,000 to $79,99910 $80,000 to $99,99911 $100,000 to $129,99912 $130,000 or more98 CAN'T SAY99 REFUSED
IF CAN'T SAY/ REFUSED TO GIVE HOUSEHOLD INCOME (CODE 98 OR 99 ON Z6), ASK:
[Single]Z7. Well could you tell me whether your HOUSEHOLD INCOME would be over $50,000 or under $50,000 per year?1 UNDER $50,000 PER ANNUM2 OVER $50,000 PER ANNUM98 CAN'T SAY99 REFUSED
ENDIF[Single]Z8. Roughly speaking, into which of the following ranges does your personal annual income before tax fall?1 Under $15,0002 $15,000 to $19,9993 $20,000 to $24,9994 $25,000 to $29,9995 $30,000 to $39,9996 $40,000 to $49,9997 $50,000 to $59,9998 $60,000 to $69,9999 $70,000 to $79,99910 $80,000 to $99,99911 $100,000 to $129,99912 $130,000 or more98 CAN'T SAY99 REFUSED
IF CAN'T SAY/ REFUSED TO GIVE PERSONAL INCOME (CODE 98 OR 99 ON Z8), ASK:[Single]Z9. Well could you tell me whether your PERSONAL INCOME would be over $50,000 or under $50,000 per year?1 UNDER $50,000 PER ANNUM2 OVER $50,000 PER ANNUM98 CAN'T SAY99 REFUSED
ENDIF
acma | 38
[Single]Z10. Do you speak a language other than English at home?1 YES2 NO
IF YES (CODE 1) ON Z10, ASK:[Single]Z11. Which language other than English do you speak at home?1 Chinese (Mandarin, Cantonese, etc.)2 Vietnamese3 Arabic (inc. Lebanese)4 Greek5 Italian6 Persian (Farsi)7 Spanish8 Turkish9 Macedonian10 Serbian11 German12 Hindi98 Other
ENDIF[Single]Z12. Do you consider yourself to be an Indigenous Australian - Aboriginal or Torres Strait Islander?1 YES - ABORIGINAL2 YES - TORRES STRAIT ISLANDER3 YES - BOTH ABORIGINAL AND TORRES STRAIT ISLANDER4 NO99 REFUSED
Thank you for your time and assistance. This market research is carried out in compliance with the Privacy Act and Telecommunications and Research Calls Industry Standard, and the information you provided will be used only for research purposes.
We are conducting this research on behalf of the Australian Communications & Media Authority.
If you would like any more information about this project or Roy Morgan Research, you can phone us on 1800 337 332
END-OF-QUESTIONNAIRE
39 | acma
