Professional tips for users to avoid risks on the internet

With the number of information technology security threats constantly on the rise in the war between hackers and the security industry, experts warn that one major loophole often goes unsolved: the user.

But while the security industry is quick to point fingers, they also concede that they have a role to play in educating users about how to protect themselves.

'The Confickr [worm] story tells you that regular security audits and user awareness are crucial despite the millions invested in the hardware and software solutions,' said Kenneth Lo, an executive at Version2, the Hong Kong distributor of ESET Nod32 security software. 'It's easy for the average person to inappropriately operate their computer and expose their system to threats. The fact is that there is no magic bullet for an average person with no security knowledge.'

Instead, they recommend a range of actions that users can take to keep safe. One of the keys to eliminating security risks was reinforcing legitimate behaviour, said Gerald Hong, a director at Lapcom, which distributes Kaspersky security software. 'Using legitimate software is the first step in protecting yourself. If you are using a pirated version, the updates are often disabled and this means vulnerabilities are never patched and the door is left wide open for hackers,' Mr Hong said.

He estimated that about 30 to 40 per cent of all software used by consumers in Hong Kong is pirated - an improvement over previous years.

Peer-to-peer sharing websites are another significant source of viruses and should be avoided. Mr Hong recommended using proactive detection engines and additional measures such as a personal firewalls and antispam software.