girl with laptop

Kids and the Internet: Why parental controls aren’t enough

Ask a parent of an underage child if they are concerned about their child being exposed to inappropriate Internet content, and most parents will, predictably, say yes. Then ask if they use some type of parental control software to protect their kids online, and the majority of parents will say no. Surprised? I was.

family with laptop

In our global survey of 15 countries, 78% of parents reported being concerned about their kids being exposed to content like porn, violence, racism and drugs online. But only 40% said they actually use software tools that ensure safe Internet use on computers their children use.

As the parent of a toddler, I don’t yet have to worry about such questions, but if my kid were school-age, I certainly would. Software with Internet filters and time controls is an easy way to make sure kids aren’t getting into trouble online. So why the disconnect?

Looking for answers

To get a better understanding of the thinking behind the statistics, I thought I’d ask some parents about their use or nonuse of parental control software. Living in Finland, the country with the lowest number of parents who use parental controls on computers their kids use (only 24%) and being from the US, with the highest number (59%), it made for some interesting conversations. I asked mainly Finns and Americans, but people from a few other countries as well.

What I found was that yes, parents do care about their kids accessing inappropriate content. But approaches for dealing with it range widely. I would loosely categorize my interview subjects into three camps.

First camp: Parental controls a must

One mother of an eight-year-old said she plans to use parental controls on her son’s new laptop, and doesn’t allow Internet access on his mobile phone. A mother of four children under ten uses an Internet filter in addition to accompanying her kids while they’re online. And another mom said in addition to using parental control software, she drove her teenage daughters (now grown) crazy with frequent lectures about the dangers of the Internet.

Second camp: Parental control, but not with software

One parent pointed out that parental control software isn’t the only way to protect kids online. For example, placing the computer in a high-traffic area of the home is a good way to make sure kids aren’t getting into trouble. Similarly, a parent of a five-year-old said she doesn’t use parental control software, but her child isn’t allowed to access the Internet without a parent by his side.

Third camp: The liberal approach

Some parents took a more liberal approach. A father of teenagers said he no longer uses parental controls, instead relying on a trust relationship with his children. A mother of a 14-year-old forgoes parental controls also, since her son doesn’t seem to show interest yet in anything aside from a few online games.

A common thread between these parents was that even if they restrict access at home, their kids could still access bad content away from home. And that restricting access might make forbidden fruit all the more tempting. One father stressed that he is always available to talk to his children should they see something distressing online.

Which approach is best?

Parents’ answer to that question depends on, among other factors, cultural attitudes and the age of their children. My personal conclusion? When it’s time I need to think about it, I’ll err on the stricter side by restricting access time, monitoring usage and just to be extra-safe, use some form of content filter for my child.

To me, there’s way too much bad stuff out there that’s way too easily accessible. A lot of it’s not fit for anyone, let alone kids – case in point, Facebook’s recent controversy over videos of extreme violence. Even if you trust your kids, they may stumble onto harmful content without meaning to. Or they may let curiosity get the best of them and see things their young minds just shouldn’t have to think about.

Communication is key

But even the strictest parental controls aren’t enough. In talking to different parents, whatever their stance, the theme that kept recurring for me was communication. Open, realistic age-appropriate communication between parent and child. About what kind of websites are and aren’t okay. About what kind of behavior online is and is not okay.

So even when the child is away from home, he or she will have a basis for making the best choices. And if a child does happen to see something harmful, you can hopefully find out about it and discuss it.

Plus, not every risky thing your kids do online can be caught by parental control software. The lecturing mom who aggravated her daughters? They are now grateful for the talks because they haven’t made the embarrassing mistakes their friends have made, posting compromising selfies and the like.

Family protection for computers and mobile devices

So talk to your kids. And if you’re looking for parental control software, allow me to recommend F-Secure Internet Security.

F-Secure Internet Security allows parents to filter out websites based on what sort of content they want to protect their kids from:

content-blocker

And it lets parents set browsing time limits:

time-limits

F-Secure Internet Security also protects computers from viruses and other digital threats and safeguards while banking and shopping.

There’s also protection for kids’ mobile devices. F-Secure Mobile Security, in addition to protecting from digital threats and in case of loss or theft, offers parental controls, with the added feature of shielding kids from inappropriate apps.

And for under one euro per year, parents can install F-Secure Child Safe to iPads and iPhones. Child Safe is a browser that keeps kids safe from harmful content when browsing the web.

What about you – do you use parental control software? If not, how do you make sure your kids are safe online? Let us know in the comments!

.

Girl with laptop image courtesy of Clare Bloomfield / FreeDigitalPhotos.net

Parents with kids image courtesy of photostock / FreeDigitalPhotos.net

More posts from this topic

wifi_exp_cropped

The Dangers of Public WiFi – And Crazy Things People Do To Use It

Would you give up your firstborn child or favorite pet to use free WiFi? Of course not. Sounds crazy, right? But in an independent investigation conducted on behalf of F-Secure, several people agreed to do just that – just to be able to instantly, freely connect to the Internet while on the go. For the experiment, we asked Finn Steglich of the German penetration testing company, SySS, to build a WiFi hotspot, take it out on the streets of London, and set it up and wait for folks to connect. The purpose? To find out how readily people would connect to an unknown WiFi hotspot. (You can view our complete report, see the video and listen to the podcast below.) Thing is, public hotspots are insecure. Public WiFi simply wasn’t built with 21st century security demands in mind. When you use public WiFi without any added security measures, you leak data about yourself from your device. We know it, but we wanted to find out in general how well people out on the street know, whether or not they take precautions, and what kind of data they would actually leak. We also enlisted the help of freelance journalist Peter Warren of the UK’s Cyber Security Research Institute, who came along to document it all. Accompanying the two was Sean Sullivan, F-Secure’s Security Advisor. [protected-iframe id="4904e81e9615a16d107096f242273fee-10874323-40632396" info="//www.youtube-nocookie.com/embed/OXzDyL3gaZo" width="640" height="360" frameborder="0" allowfullscreen=""] Leaking personal information What we found was that people readily and happily connected, unaware their Internet activity was being spied on by the team. In just a half-hour period, 250 devices connected to the hotspot. Most of these were probably automatic connections, without their owner even realizing it. 33 people actively sent Internet traffic, doing web searches, sending email, etc. The team collected 32 MB of traffic – which was promptly destroyed in the interest of consumer privacy. The researchers were a bit surprised when they found that they could actually read the text of emails sent over a POP3 network, along with the addresses of the sender and recipient, and even the password of the sender. Encryption, anyone? If you aren’t already using it, you should be! The Herod clause For part of the experiment, the guys enabled a terms and conditions (T&C) page that people needed to agree to before being able to use the hotspot. One of the terms stipulated that the user must give up their firstborn child or most beloved pet in exchange for WiFi use. In the short time the T&C page was active, six people agreed to the outlandish clause. Of course, this simply illustrates the lack of attention people pay to such pages. Terms and conditions are usually longer than most people want to take time to read, and often they’re difficult to understand. We, of course, won’t enforce the clause and make people follow through with surrendering their loved ones – but this should give us all pause: What are we really signing up for when we check the “agree” box at the end of a long list of T&C’s we don’t read? There's a need for more clarity and transparency about what's actually being collected or required of the user. The problem So what’s really the issue here? What’s going to happen to your data, anyway? The problem is there are plenty of criminals who love to get their hands on WiFi traffic to collect usernames, passwords, etc. It’s easy and cheap enough for them to set up their own hotspot somewhere (the whole hotspot setup only cost SySS about 200 euros), give it a credible-looking name, and just let the data flow in. And even if a hotspot is provided by a legitimate business or organization, criminals can still use “sniffing” tools to spy on others’ Internet traffic. So be warned: Public WiFi is NOT secure or safe. But we’re not saying don’t use it, we’re saying don’t use it without proper security. A good VPN will provide encryption so even if someone tries, they can’t tap into your data. The Solution F-Secure Freedome is our super cool, super simple wi-fi security product, or VPN. Freedome creates a secure, encrypted connection from your device and protects you from snoops and spies, wherever you go and whatever WiFi you use. (Bonus: It also includes tracking protection from Internet marketers, browsing protection to block malicious sites and apps, and lets you choose your own virtual location so you can view your favorite web content even when you’re abroad.) Still don’t believe that public WiFi poses risks? Take a closer look next time you’re faced with a terms and conditions page for public WiFi hotspot. “A good number of open wi-fi providers take the time to tell you in their T&C that there are inherent risks with wireless communications and suggest using a VPN,” Sullivan says. “So if you don't take it from me, take it from them.”   Check out the full report here (PDF): Tainted Love - How Wi-Fi Betrays Us   Listen to the podcast, featuring interviews with Victor Hayes, the "Father of WiFi," our Sean Sullivan and others: [audio mp3="http://fsecureconsumer.files.wordpress.com/2014/09/wifi_experiment_podcast.mp3"][/audio]   Disclaimer: During the course of this experiment, no user was compromised at any point nor user data exposed in a way that it could have been subject to misuse. We have not logged any user information, and during the experiment a lawyer supervised all our activities to avoid breaching any laws.   Video by Magneto Films    

Sep 29, 2014
bash

Shellshock only concerns server admins – WRONG

Yet another high-profile vulnerability in the headlines, Shellshock. This one could be a big issue. The crap could really hit the fan big time if someone creates a worm that infects servers, and that is possible. But the situation seems to be brighter for us ordinary users. The affected component is the Unix/Linux command shell Bash, which is only used by nerdy admins. It is present in Macs as well, but they seem to be unaffected. Linux-based Android does not use Bash and Windows is a totally different world. So we ordinary users can relax and forget about this one. We are not affected. Right? WRONG! Where is your cloud content stored? What kind of software is used to protect your login and password, credit card number, your mail correspondence, your social media updates and all other personal info you store in web-based systems? Exactly. A significant part of that may be on systems that are vulnerable to Shellshock, and that makes you vulnerable. The best protection against vulnerabilities on your own devices is to make sure the automatic update services are enabled and working. That is like outsourcing the worries to professionals, they will create and distribute fixes when vulnerabilities are found. But what about the servers? You have no way to affect how they are managed, and you don’t even know if the services you use are affected. Is there anything you can do? Yes, but only indirectly. This issue is an excellent reminder of some very basic security principles. We have repeated them over and over, but they deserve to be repeated once again now. You can’t control how your web service providers manage their servers, but you can choose which providers you trust. Prefer services that are managed professionally. Remember that you always can, and should, demand more from services you pay for. Never reuse your password on different services. This will not prevent intrusions, but it will limit the damage when someone breaks into the system. You may still be hurt by a Shellshock-based intrusion even if you do this, but the risk should be small and the damage limited. Anyway, you know you have done your part, and its bad luck if an incident hurts you despite that. Safe surfing, Micke   PS. The best way to evaluate a service provider’s security practices is to see how they deal with security incidents. It tells a lot about their attitude, which is crucial in all security work. An incident is bad, but a swift, accurate and open response is very good.   Addition on September 30th. Contrary to what's stated above, Mac computers seem to be affected and Apple has released a patch. It's of course important to keep your device patched, but this does not really affect the main point of this article. Your cloud content is valuable and part of that may be on vulnerable servers.  

Sep 26, 2014
BY Micke
Screen Shot 2014-09-20 at 9.12.30 AM

GameOver ZeuS: The Kind of Game You Don’t Want On Your Computer

Unlike Team Fortress 2 or Doom, two of the most popular PC games of all time, GameOver ZeuS is not a game you can buy online or would willingly download on to your computer. What is GameOver ZeuS? While we’ve talked about banking Trojans before, none have been as detrimental to users as the GameOver ZeuS or GOZ Trojan, which initially began infecting users in 2012. Gameover ZeuS is designed to capture banking credentials from infected computers, and make wire transfers to criminal accounts overseas. It was allegedly authored by Russian hacker Evgeniy Bogachev, who then implanted it on computers all around the world; building a network of infected machines - or bots - that his crime syndicate could control from anywhere. It’s predominately spread through spam e-mail or phishing messages. So far, it’s been estimated to scam people out of hundreds of millions of dollars and it’s only getting worse. It doesn’t stop there; Gameover ZeuS can also be modified by hackers to load different kinds of Trojans on to it. One such Trojan is a ransomware called CryptoLocker, which is a devastating malware that locks a user’s most precious files by encrypting all the files until he or she pays the hacker a ransom. In June 2014, the FBI, Europol, and the UK’s National Crime Agency announced they had been working closely with various security firms and academic researchers around the world and took action under a program dubbed “Operation Trovar.” This initiative temporarily disrupted the system that was spreading the Trojan and infecting computers, allowing a temporary pause in additional computers from being infected. However, computers that were already infected remained at risk, as they were still compromised. What’s next? The disruption of the GameOver ZeuS botnet was a great success in many ways, but it’s not over. Our security advisor, Sean Sullivan, worries that this temporary disruption was actually more dangerous than completely taking it down. “Without arresting Bogachev, Gameover ZeuS is still a huge threat and likely to evolve to become more dangerous. The hackers can just as easily program a future version of the Trojan to initiate a “self-destruct” order (like destroy every file on a computer) if the ransom isn’t paid, or if authorities try to intervene.” What can we do to protect our digital freedom? Beware of malicious spam and phishing attempts — don’t open any attachments within emails unless you are specifically expecting something. Check email attachments carefully, and make sure you don’t open any files that automatically launch, which frequently end in .exe Have an Internet security solution in place and keep it up to date Keep your Windows operating system and your Internet browser plugins updated Back up all of your personal files regularly Also, check your machines to be sure you do not carry the Gameover ZeuS Trojan. For more information on how this powerful Trojan works and how it is spread, check out this this video. [protected-iframe id="888198d18fd45eae52e6400a39fb4437-10874323-9129869" info="//www.youtube-nocookie.com/v/JhiPDbTIsqw?hl=en_US&version=3&rel=0" width="640" height="360"] Have more questions? Ask us here on the blog.  

Sep 20, 2014