Linked by Alcibiades on Wed 4th Jan 2006 18:04 UTC
Windows Like a lot of people who have worked in the business, I find myself in conversations about computer security with people who are having problems or know people who have problems. I wrote this to save me from explaining the same thing over and over again to different people, and to save them the trouble of having to make notes as we talked. It was meant to be something you could give to a 'naive user' and have them be able to read and follow it more or less unaided, and while not being a complete guide, at least be something that made them more secure than before they got it.
Thread beginning with comment 81730
To read all comments associated with this story, please click here.
A somewhat paranoid view of security
by Robert Escue on Wed 4th Jan 2006 19:51 UTC
Robert Escue
Member since:

Most of the information is common sense stuff for those of us who work in the IT field or have an above average interest in computers.

Alcibiades' description of the effects of malware assumes the user goes to every warez/porn/malware/social engineering/phishing site on earth. Usually to get trojaned by a porn dialer means you went to a porn site that supports the malware! Normal surfing in the US you would get the typical amount of spyware, and not much more. My 15 year old daughter goes to a number of sites that her friends send links to that I sometimes think are questionable, but she has not been hit. And I check her system weekly using Symantec AntiVirus, AdAware, Spybot Search and Destory.

I don't necessarily agree with replacing Windows XP's SP2 firewall with ZoneAlarm, while ZoneAlarm will definitely protect a machine better than Microsoft's product, it is also harder to configure, which brings me to the second issue I have with this article. Much of this assumes a level of experience that the "typical" user doesn't have, and the reason why most users don't do this is because they either don't know how, they see it as too hard, or that it severely limits the functionality of the system.

For this guide to be really useful, it would have to be written in layman's terms and use lots of screen shots.

Reply Score: 2

alcibiades Member since:

"Alcibiades' description of the effects of malware assumes the user goes to every warez/porn/malware/social engineering/phishing site on earth"

Well not really. At least not around here. I have seen a pro shop down the street in the process of taking several hundred items off a family machine, and another family paying for a disinfection of similar scale - and the comment was, you don't understand what normal use is these days, its ring tones and music downloads, and instant messaging, and that's what does it.

Then I know of two machines in another family made essentially unusable by a family visit of a (girl) teenager. They didn't know what she had done. But I doubt very much it was porn. It was probably just instant messaging. I know for sure of one case in which ringtones were to blame, because the mobile in question was charged with them. Then another local case in which the guy for sure had not been to any porn site or even warez, and he had quite a few pieces. All he ever does is probably read the papers and shop.

The really eye opening experience for me has been how innocently you can be infected. The cases I've seen, you really don't have to have done anything deliberately 'out of line' or risky, just get a little careless. Scary.

Reply Parent Score: 1

Robert Escue Member since:

Which is where user education comes into play, my wife and daughter know better because I take the time to educate them. With my daughter it is standard procedure, if she is not sure she asks me. Music downloads (and we all download music in our house) is limited to samples through approved web sites (CD Baby, Amazon, etc.). She also uses IM (both AOL and MSN), no downloads are allowed at all. The end result is few if any security issues.

Most of the users you reference fall into what I call the "clueless" category, either by accident or design. And unfortunately for many it is by design, they prefer not to know because it is "too hard to understand" or "too much to learn". With children it is also a lack of parental control, or the parents being "too busy" to see or learn what Johnny is doing (thus the situation where the kids know more about computing than their parents). When I did phone support for Canon I took a call where the parents handed the phone over to their son because he knew more about the problem than they did!

It is too easy for many people to skate by and expect their more knowledgeable friends/neighbors/workmates to bail them out when they get into trouble (I know, I get the frantic calls from my wife's friends). And until these people decide it is their responsibility to maintain their computer hardware and software, no amount of guides will help them out.

Reply Parent Score: 1