A graphic from the Did You Know? Blog is making its way around atheist and secular pages on Facebook. It claims that “You are 3 times more likely to get a virus from a church website than you are from a pornography website”:
Unfortunately, the Did You Know Blog doesn’t link to any source to substantiate that claim, either on the web page featuring the graphic or on the associated social media sites on which Did You Know? placed the graphic. Something about that claim sounded fishy to me, so I decided to try to find the source. It turns out I wasn’t the only one who thought this claim was too convenient for unbelievers. To their credit, religious skeptics leaving comments at the Global Secular Humanist Movement page’s posting of the graphic asked multiple times what the source for the claim might be. Even better, some of them went looking for that source. David Goldman pegged the source as a Slate article from 2012, although that article is not the primary source. Jason Sumpter nailed the ultimate source down: Symantec’s Internet Security Threat Report for 2011, which reads:
It is interesting to note that Web sites hosting adult/pornographic content are not in the top five, but ranked tenth. The full list can be seen in figure 16.
Moreover, religious and ideological sites were found to have triple the average number of threats per infected site than adult/pornographic sites. We hypothesize that this is because pornographic website owners already make money from the internet and, as a result, have a vested interest in keeping their sites malware-free – it’s not good for repeat business.
Pay attention closely to that paragraph. First of all, Symantec doesn’t refer to church websites; it refers to “religious and ideological sites” lumped together, a large group which includes political, secular and atheist websites. Second, there are two different figures being reported: A) the top 10 most common categories of infected websites, and B) the number of threats on an infected website (how infected an infected website is). According to Symantec’s 2011 report, when “religious and ideological” websites get infected, they get infected with more viruses or pieces of malware. But that’s not the same as the likelihood that you’ll get infected if you visit a church website versus a pornographic website. If you look at Figure 16, you’ll notice that Symantec doesn’t provide any information about the relative rate of infection of religious websites:
Figure 16 is insufficient to support the Did You Know Blog’s claim both because religion is not mentioned in the figure at all and because Figure 16 doesn’t report the rate of infection for certain categories of websites — it only indicates the share of all infected websites that are of a particular category, and more common website types should be expected to exhibit a greater share of infections as a matter of random chance.
Let’s look further into this. Symantec has released a new Internet Security Threat Report reporting on trends for 2012, and while its main report contains no mention of pornographic or religious websites at all, its appendices contain the same kind of information as reported by Symantec above. According to Figure A.13, in 2012 the website category with the largest share of infections is business-based websites; religious and pornographic websites don’t make it into the top ten. In Figure A.14, the category of website with the largest number of infections per website was… yes, pornographic websites. There’s no mention of religious or ideological infection in any of the listed categories in that figure.
In short, there is no evidence in either the original source or in Symantec’s more recent report on the subject to support the claim made by the graphic that a person is 3 times more likely catch a virus from a church site than a porn site. The idea of rampantly infectious church websites may comfort people who feel antipathy toward religion, but the notion should not be embraced by people who rely on observed fact.