Regarding fake antivirus software : The idea itself is not that innovative. Fake medicines have been part fo the crooks's easy-money-toolbox for ages. This just applies the "you look tired and sick. buy our snake oil to cure your ills" approach to computer users.
The tendency to pay up for dubious remedies of uncertain value is nothing new. Some ways of proposing expensive fake solutions to nonexistant problems are even legal.
Monster-brand HDMI cables? Maybe this doesn't qualify because you "need" a cable -- it's just that the functional difference between the $10 cable and the $150 monster cable is essentially nil.
The real problem are operating systems with long known problems in their fundamental security architecture. The result is that any script kiddie can click himself a botnet together in half an hour.
If Windows had repositories ("markets" how there are called nowadays), the problem would be much less severe. And if IE would have put less emphasis in creating own "MS-versions" of HTML and JS with every new release, and more emphasis on creating a solid product, the problem would be much less severe too. But they didn't so it isn't. Lucky scammers.
A lot of the problem is users' reluctance to upgrade off of XP to Win7 (or even Vista). Certainly Microsoft deserves blame for XP having been as insecure as it was when released, but newer versions of Windows are incredibly more secure against these sorts of attacks, especially when they are running Microsoft Security Essentials.
I'm not sure what you're talking about in terms of "MS-Versions" of HTML and JS, at least in the sense of them being a security risk. That's just anti-MS bullcrap, really. IE is actually inherently quite secure in lots of ways Firefox still isn't, and the primary vector for these types of attacks are Adobe plugins (Flash, Reader) and have nothing to do with browser-specific code.
Ach, when will people learn that windows bashing no longer makes you cool.
The reason they are the primary attack vectors is because of their market penetration, not some crap programming by a windows dev. There's not an OS out there in wide usage without a lot of 0-day exploits.
If Linux was dominating, we'd only ever hear about linux problems.
That is no Windows bashing. But whining about "Windows bashing" does not help to make the product better. Its the same as Linux trolls replying every critique with "but its free". It does not help!
What is the "market penetration" of Android + iOS? How many botnets run on those devices? Exactly. Got it?
Dealing with this crap on people's computers is so infuriating that I've often wished the government would just green light CIA hits on the perpetrators in Russia. But realistically, it's VISA and Mastercard's fault.
Does anyone here have any useful advice as to how to deal with (and get people to avoid) these types of things? I usually avoid tech support, but sometimes (parents, gf, close friends, etc.) it's unavoidable, and I've been seeing a lot of stuff like this lately.
Obviously the usual advice applies (let those damn system updates run, update AV, NoScript+Adblock+non-IE browser, when strange looking .exe files try to run don't let them, etc.), but I'm seeing this stuff come up on systems where people are doing these things right, and actually seem to know what they're doing. I don't use Windows a lot myself, so I don't know if these things are really tough to avoid, it's always possible that people have done some stupid things, I'm not sure...
It seems that more and more often, too, I'm ending up having to resort to digging through HijackThis logs and cleaning things up by hand, which is not something an average end-user can really be expected to do.
Am I missing some better advice to give people (better AV software, maybe? Some of the big ones are missing infections that I know are several weeks or months old, which I would think is enough time to get the signatures in there...), or is this really just something that the average PC user will be doomed to turn to their nerd friends and paid support people for help for the foreseeable future?
I had a drive by anti-virus thing install itself once, luckily it wasn't that hard to remove since it was just a couple of registry entries and an executable. My suspicion is that I caught it through some advertising on a site, hence I now run adblock on risky/unknown sites.
21 comments
[ 2.7 ms ] story [ 32.2 ms ] threadThe tendency to pay up for dubious remedies of uncertain value is nothing new. Some ways of proposing expensive fake solutions to nonexistant problems are even legal.
Could you give some examples?
Pretty fair question to answer before making the claim that it's "not entirely true" -- how true or not true depends on the number.
If Windows had repositories ("markets" how there are called nowadays), the problem would be much less severe. And if IE would have put less emphasis in creating own "MS-versions" of HTML and JS with every new release, and more emphasis on creating a solid product, the problem would be much less severe too. But they didn't so it isn't. Lucky scammers.
I'm not sure what you're talking about in terms of "MS-Versions" of HTML and JS, at least in the sense of them being a security risk. That's just anti-MS bullcrap, really. IE is actually inherently quite secure in lots of ways Firefox still isn't, and the primary vector for these types of attacks are Adobe plugins (Flash, Reader) and have nothing to do with browser-specific code.
Yes, that's old news and the reason Andrioid and iOS have "marketplaces" that update automatically and reliably. Windows still doesn't.
>>I'm not sure what you're talking about in terms of "MS-Versions" of HTML and JS
Then you haven't been a Web developer in the past 15 years, I guess.
The reason they are the primary attack vectors is because of their market penetration, not some crap programming by a windows dev. There's not an OS out there in wide usage without a lot of 0-day exploits.
If Linux was dominating, we'd only ever hear about linux problems.
http://www.google.co.uk/search?q=firefox+exploit http://www.google.co.uk/search?q=osx+exploit http://www.google.co.uk/search?q=linux+exploit
What is the "market penetration" of Android + iOS? How many botnets run on those devices? Exactly. Got it?
Obviously the usual advice applies (let those damn system updates run, update AV, NoScript+Adblock+non-IE browser, when strange looking .exe files try to run don't let them, etc.), but I'm seeing this stuff come up on systems where people are doing these things right, and actually seem to know what they're doing. I don't use Windows a lot myself, so I don't know if these things are really tough to avoid, it's always possible that people have done some stupid things, I'm not sure...
It seems that more and more often, too, I'm ending up having to resort to digging through HijackThis logs and cleaning things up by hand, which is not something an average end-user can really be expected to do.
Am I missing some better advice to give people (better AV software, maybe? Some of the big ones are missing infections that I know are several weeks or months old, which I would think is enough time to get the signatures in there...), or is this really just something that the average PC user will be doomed to turn to their nerd friends and paid support people for help for the foreseeable future?