The 10 most dangerous things users do!

1. Clicking on email attachments from unknown senders: Email attachments are still the most likely means of contracting viruses, worms, Trojan horses, and other infections. Even when knowing the sending you still need to be cautious. Attachments can contain many types of executable files (.com, .bat, .exe .ocx, vbs, etc) which, if bad, can cause havoc on your computer. Some surveys show that most users know the risks of opening an attachment but click on the links anyway.

2. Installing unauthorized applications: Instant Messaging (IM), peer-to-peer applications like AIM and MSN, has become a favorite communication tool despite the number of IM exploits and warnings that are written nearly every day. Other peer-to-peer application like Bearshare, Limewire, KaZaa, and Morpheus are popular favorites to download. Most of these free file-sharing utilities allow users to share documents, software, music and just about any other type of file to include malware files. With all peer-to-peer applications you still have to contend with the possibility of downloading malicious files from unknown sources and infecting your system. P2P networks have infected files on them and a number of them have malware that is included with their software. The best defense is to ensure users have limited rights (user vice admin privileges) on their computers and to never install any program unless knowing exactly what it is and where it came from.

3. Turning off or disabling automated security tools: Why even install security measures if you are going to disable them? But it happens because users get frustrated by slow performance as the result of these programs utilizing so many system resources. This includes anti-virus, anti-malware tools and firewalls. The disabling of carefully-evaluated, state-of-the-art security technology might be the most dangerous thing that users regularly do, according to the Enderle Group's Enderle.

4. Opening HTML or plain-text messages from unknown senders: Many users are not aware of the threats that can be posed by everyday text or HTML messages that contain no enclosure. These are usually the folks who think that only email attachments contain malware. HTML files may contain Java Scripts, ActiveX controls, or macros that can allow an attacker to gain control of a computer and transform it into botnet zombie. Many experts believe that HTML mail now pose a significant threat that may surpass traditional email attachments.

5. Surfing gambling, porn, or other legally-risky sites: A favorite of both the young and old alike, downloading porn and online gambling activity has seen an increase despite the repeated warnings of infection via drive-by downloads and zero-day exploits. In a recent investigation the U.S. Office of the Inspector General (OIG) discovered over one million log entries in which 7,763 DOI computer users spent more than 2,004 hours accessing game and auction sites during a single week.

6. Giving out passwords, tokens, or smart cards: This has been a problem for a long time and no one has been able to come up with a workable solution. Despite, years of warnings, one in three users still write down passwords and keep them near their computers. Attempts to tighten security by regularly changing and increasing the complexity of passwords are having little impact

7. Random surfing of unknown, untrusted Websites: This is a very bad habit for any user. Browser-based vulnerabilities are of particular concern and they have become a popular target of Internet attackers. Microsoft is constantly having to issue monthly patches for new vulnerabilities that seem to arise overnight and other browser vendors like Firefox and Opera continually update their software to keep pace. Bottom line, don't surf randomly or use untrusted sites.

8. Attaching to an unknown, untrustworthy WiFi network: WiFi users are very much at risk when using an unknown WiFi network. They are even more at risk if their wireless card uses the Wireless Access Protocol (known as WAP) which is relatively easy to hack. Savvy attackers can access your computer and obtain your user name, passwords, and other personal information. With random WiFi connections, there is no fool proof way of ensuring the networks they are connecting to, are not run by someone with malicious intent. Some experts say that the only way to ensure you don't get hacked is to disable your wireless card while working from public places.

9. Filling out Web scripts, forms, or registration pages: With keyloggers in abundance, users should only be using SSL secured sites which protect the data in transit when entering any kind of information online. If not, your identity is at risk. Further, users are more likely to get hacked if they use the same user name and password for frequently visited sites. If hacked on one site, attackers can have a field day at other sites. However, even a trusted site can contain an XSS exploit so always use caution.

10. Participating in chat rooms or social networking sites: This activity is very risky for the young and of great concern to parents. Child predators are frequent participants in chatting areas and always looking for a new victim. Kids provide too much personal information which these predators use to stalk, track down or entice the young into doing something they would not ordinarily do. In addition to the social engineering threat, using popular sites like MySpace can expose users to all sorts of malware infections.