... why oh why do people download and install all this spyware and adware in the first place?

It's so easy to avoid - just don't do it!

I didn't find it very hard to teach my kids not to do it:

(1) I told them "don't download and install any viruses or spyware"

(2) when they did I disconnected their machine from the net until such time as I could get round to sorting it out

(3) each time it took me about twice as long to "get round to" sorting it up.

We're now up to about a month of downtime next time they do it, which seems to be sufficient incentive for them to take me seriously, as they have refrained from downloading and installing crap for a long time now.

Adults, surely, shouldn't need this training exercise, and should be able to just accept the advice ("don't download and install any viruses or spyware") the first time?

(Although if you read slashdot (http://slashdot.org) you will find that American college kiddies do use such a training method on their grown-up friends and relatives - they charge them $50 for cleaning the machine up the first time, $100 the second time, $200 the third time ... until they get the message: "don't download and install any viruses or spyware"; or run out of money. But actually even that doesn't work, apparently some of these people just throw the computer away and buy a new one when it gets too infected. And then download more crap onto the new one. Why?????)

Hmmmm....................................................... ............................

All very well when you are an "IT Consultant", or like most of us on here, enthusiasts, rather than experts, with a bit of an idea.

I've never actually come across a complete novice who has clicked a link that says:

"VIRUS/SPYWARE - DOWNLOAD NOW.

The fact of the matter is that we all know how such novices end up, unintentionally, with such junk on their computer. Let's not forget that a sizeable portion of the population allegedly can't even get their heads around their video recorder!

Yea, I agree with BST. Its like these folk who deliberately go out and catch flu or throat infections or food poisoning etc. Most inconsiderate.

BST should suggest to the health service that every time people get sick, it will double the length of time it will take to get to see a doctor. That will sort out all those ill people, won't it !!

HughMartin.....

Thanks for support. (I think!)

Just check para. 2; who "should suggest"?!?

Oops!!

Yes I meant to refer to G the W not you. Sorry !!

Unlike catching a cold, you do have a choice when installing software. It really isn't that hard. If the program requires you to install third party software, or a website wants to install some ActiveX plug-in, click no. Then go elsewhere to find what you want. There are options if you take a few extra minutes to look.

Combined with a firewall and anti-virus program, this method would keep your computer quite clean and usable. Far too many people buy a new computer unnecessarily because their old one is so full of cr@p that it is dog slow.

goates

Gertrude the Wombat,

If there is a way, the PDUs will find a way to get it in their comps. It never ceases to amaze me what I find in peoples' comps.

Take Care,

Richard

I consider myself be reasonably responsible about protecting myself against nasties. I have a hardware firewall and a fully paid up subscription to Norton Security. I don't download suspicious software and I have my IE seurity options set at an appropriate level yet I still found myself being infected by something which caused my browsing activities to grind almost to a halt. Adaware eventually sorted me out after some advice from E Liam on another thread. Unfortunately we are paying the price of Microsoft's success with dominating the market place. Is it not the case that those who have moved onto Apples or use Lynux etc are much less likely to suffer from these mass attacks on our computers?

At the moment I think that it is quite possible for an average non-technical Windows user to become infected with malware without taking any action that might be considered unreasonable.

Sure, a lot of people do a lot of really dumb things, and I'd guess that most people with malware-infested PCs have done something dumb. Anybody who can't be bothered to learn the simple basics of security gets no sympathy from me when things go wrong. However, I don't think it's reasonable to criticize a novice or non-technical user for using a browser that shipped with the operating system. Some of the recent IE exploits seem to be able to function, at least in some circumstances, despite reasonable precautions, and that's all you can really expect of the typical user. You can't expect them to have to install Linux or even Firefox to be safe.

However, while users do dumb things, Microsoft also has to take some of the blame. Huge multi-megabyte downloads from Windows Update make it close to unusable if you're on dial-up (which most people still are) and the OS is full of holes. Internet Explorer has too many exploits that take too long to be fixed, and an operating system that requires administrator-level access for a typical user to do typical tasks is just is fundamentally broken from a security point of view. Linux (or OS X) aren't immune from security holes, but the separation between users and administrators is enforced, and it makes it much, much harder for malware to work.

XP/SP2 helps, and makes it far more secure out of the box. Still, at the moment it does seem too little, too late. I have to take the pessimistic view that things are going to get worse before they get better, and maybe in 12 months is't going to be unreasonable for the technical user to get hit from time to time... :(

HughMartin,

Is it not the case that those who have moved onto Apples or use Lynux etc are much less likely to suffer from these mass attacks on our computers?

It comes down to what I would call "Bang for the Buck". Both Linux and MAC have such a small percentage of the total computer market that the Virus and Malware writers do not target them. Now, if you were an introverted 15 to 17 year old with no friends and wanted to make a name for yourself, would you go after the 8% of the computer population or after the 92% of the computer population?

Take Care,

Richard

Both Linux and MAC have such a small percentage of the total computer market that the Virus and Malware writers do not target them.

I don't think this entirely explains the massive number of viruses on Windows. Many of them wouldn't even work on Macs or Linux because they don't have the web browser, and thus ActiveX, so tightly integrated into the system. Earlier versions of Outlook and Outlook Express were almost as bad. How many email programs on Macs or Linux automatically ran script files attached to emails as soon as the email as displayed in the preview pane? Having services running by default that most users don't need (Messenger for example) is another security problem that doesn't happen anywhere near as often on other platforms.

Microsoft doesn't get much sympathy from me for all of their security problems. If they had put even half of the effort into security as they did into adding new "features", it wouldn't be such a mess. One MS VP admitted it wouldn't be until around 2011 that they had fully secured the system.

User education will help, but it is getting somewhat ridiculous that we have to ask people to install anti-virus, firewall, Spybot, Ad-Aware and other security related problems.

Linux and Mac are not immune, but being based on Unix designs which included security from the start, they are far less susceptible to virus attacks. This is part of the reason why I will push people to at least look Macs if they don't absolutely require some Windows only program.

goates

I bought and set up a PC for a friend last February, insisted she kept Norton Antivirus up to date, etc, etc. It worked fine for a few months and then literally seized up. I knew it had something on it, but it was eating up the connection so I couldn't update the Norton or download something else to kill it, and it wouldn't allow reading of .EXE files off CDs so I couldn't load something up to kill it - stalemate, and my friend looking at me with labrador eyes, swearing she hadn't downloaded anything stupid. I had to wipe the hard drive and start again.

My point is that the nasty crap floating around out there in the ether has moved on enormously in the last year or so and is far more dangerous now, and the likes of me who used to have a good idea of what to do to prevent any problems are well out of date in a short period of time. Antivirus is no good now on its own - no matter how well it works, the nasties come in the back door, no need to download anything or press the wrong button. XP is full of holes and all you have to do is to be online, a firewall is the only thing that helps in this regard. One of the buddies who works in IT said he has fixed up dozens of PCs for people in the last 9 months that were just as crippled, as soon as he wiped the hard drive and reloaded everything with antivirus, SP2 and a proper firewall, within 30 minutes of going online there had been multiple unauthorised attacks through the backdoor that the firewall dealt with. I realise this is baby stuff to most of the people on this forum, but the average Joe has been hard hit for the past while, so much so that here in Ireland the government have launched an information campaign, distributed leaflets and started a website - www.makeITsecure.ie. All good sensible stuff, and given carpetbombing Microsoft isn't an option, other countries should do the same.

goates,

I do not think any software which is freely available for purchase to the general public is not safe. As I see it, if you can buy it, so can the hackers. Once they have the software you have, they can hack and exploit it.

Since Windows has most of the market, they are the largest target.

Take Care,

Richard

Richard,

While hackers can get every program available to you or I, this doesn't mean they are all just as insecure. I also agree that more popular programs/operating systems are also more tempting targets as well. These shouldn't be excuses though for allowing the many types of exploits that Microsoft has.

Older versions of Outlook and Outlook Express are perfect examples of this. They are the only email programs that allowed a hacker to take over your system without any user intervention beyond viewing an email. The newest versions of Outlook are far better finally (I actually do like using Outlook 2003). I can't recall any other email programs allowing anything close to this though. The hackers would have to get creative and use social engineering tricks to get people to run attachments if they want to exploit any other email programs.

The combination of IE, ActiveX and system wide integration is another example of something that is totally unnecessary. Both Linux and Macs can surf the net just fine without system integration of the web browser. Firefox on Windows does quite well too.

To me Microsoft hasn't paid nearly enough attention to security as it should have. Being the largest target just amplifies this. They are waking up to this (finally), but it will be a huge undertaking to change their habits, and those of every Windows software developer who has taken full advantage of this lack of security in Windows.

I am not trying to say that Macs, Linux or *BSD are 100% virus/malware/hacker proof, only that they actually make an effort to minimize these threats as far as possible. This is where I see Linux getting a foothold on user desktops and the Mac market growing, as people will get fed up with having to worry about so many different viruses, malware, hacker attacks and the associated tools to prevent and clean them up.

It's not like we allow Ford or GM to build cars that blow up or fall apart when some kid throws a pebble at one. Boeing and Airbus make best efforts to build aircraft that will survive hitting birds. Yes, there are limits to the size of rock that a car will withstand and the size and numbers of birds an airplane will withstand, but they reduce the risk to an acceptable level. So why should we let Microsoft get away with anything less? It may not directly affect people's lives in the same way, but our economy is becoming far too reliant on an unsecure system. I'm almost a little surprised that someone hasn't tried to use this to attack the West yet.

goates

Quote:
why oh why do people download and install all this spyware and adware in the first place?

Because I dont know how not to!

A good point, willby. I was a little surprised at the tone of Gertrude's original question, dripping with condescension as it was for unskilled computer users. My main point would be that in the rush to sell a computer to every human being, there is the implicit suggestion that any fool can use one. And indeed they can with a bit of education, but protecting said computer against the myriad of nasties is considerably more challenging.

As I explained in my WebRebates thread on this forum, I have an anti-virus system which updates automatically every day, a firewall correctly installed and configured, I run Spybot and AdAware at least once a week each, and I never EVER run a download from a doubtful source. I am by no stretch of the imagination an expert, but after 13 years of computer use I am at least a few rungs up the ladder from a complete novice, yet I have somehow attracted one of these blighters.

Gertrude, your simplistic "Just Say No" approach is rather unfair I think. As BlueSkyThinker said in the first reply to your post, most of this stuff doesn't come labelled SPYWARE!!!!!!! DOWNLOAD NOW!!!!

I don't want to be accused of being a conspiracy theorist, but it doesn't surprise me that somebody from Windows says it will be another seven years before they secure their operating system completely. There's time for at least two new all new releases in that time frame, and where would Mr Gates get his next dollar if he released an OS with no problems? I suspect the seven years time frame may prove to be a little conservative!