Security

Teach users to be wary of unexpected downloads

Even if you load your system up with protective tools, an educated user can be your best protection.

A user visits a trusted site, clicks the handy dandy Download Antispyware now button, and BAM! your client's system is infected with nasties.

Even a savvy user can make this mistake because the bad guys are getting so good at it. (AntivirXP08 is a great example of just how well this subterfuge works.) These "your computer is at risk" tricks seem like the real deal.

If a user opens the door, no tool in the world is going to stop what comes next. You'll just have to clean up the mess later.

Save yourself and your clients a lot of time and stress. Teach users not to click what looks like a legitimate warning, such as Download Antispyware now. In short, legitimate protective software will not prompt to download anything while a user surfs the Internet. That's the message users need to hear. It seems so simple, but some users truly don't know the difference between legitimate downloads and an attempt to download malicious programs.

About

Susan Sales Harkins is an IT consultant, specializing in desktop solutions. Previously, she was editor in chief for The Cobb Group, the world's largest publisher of technical journals.

34 comments
Jacky Howe
Jacky Howe

Everyone wants something for nothing and if it is presented in the right way they will go for it without thinking of the consequences. So many times I have heard that it looked legitimate.......blah..... blah The reality of it is that there are that many naive users out there that need to be educated and not all take lessons or keep up to date with changes. Especially Antivirus. I got to meet quite a few clients who are now educated in the art of when to download as sometimes it may be beneficial.

ssharkins
ssharkins

Thanks for sharing that perspective and that is a nice clue. It's an excellent way to get the point across to a user -- if you didn't ask to download it, don't download it. Thank you!

OldER Mycroft
OldER Mycroft

I've lost count of the number of users over the years that, out to impress the guy at the next desk, the neighbour next door, the folks in the local pub, anyone at all, download the latest beta of whatever they've got in an effort to get 'Ahead of the Joneses' rather than just 'Keep Up with 'em'. There is something embedded in the average dullard user, a mischievous side to their character, that cannot be controlled whenever a pop-up appears announcing that the latest version of XXX is now available. The danger is that if the latest version is now available, there is also a new BETA out there which in their minds is 'Newer' than the new version. Bugs can sometimes be more damaging than viruses.

Tink!
Tink!

I only have reign over 6 computers. Upon one of which a non-savvy user accessed the internet and inadvertently installed "Ultimate Anti-virus". The trick was that their icon/logo looks almost exactly like the Windows Vista Security Center shield. That's the only reason he clicked on the popup. He thought it was from the computer asking to update Anti-Virus. I have since informed him that our anti-virus software is through Kaspersky (can't mistake a big K for a Windows shield), and am considering removing the admin rights so I have to do updates myself. (The bugger is that this would mean I'd have to do weekly updates myself too. And that means finding time...lol.)

CharlieSpencer
CharlieSpencer

Can you set it to use the local system process or a local admin account? If not, I'd find an AV app that doesn't require admin privs to run. Giving a user admin almost negates the value of an AV app.

Tink!
Tink!

Thanks for the tip Palmetto. This is the first incident in almost 2 years. I've been a bit loathe to touch the admin rights details ever since I accidentally locked my CEO out of his computer for a weekend. I will, however, definitely look into this right away.

Tink!
Tink!

Double submit...my first offense - show mercy. :)

CharlieSpencer
CharlieSpencer

It shows you've truly arrived. Usually we slaughter a fatted calf.

Tig2
Tig2

PC World ran an article today regarding Microsoft's position regarding scareware. Hopefully, this will result in more users understanding what it is and how to avoid it. From PC World: Microsoft has teamed with the Washington State Attorney General's Office to crack down on so called "scareware" merchants both believe are threats against PC users. Scareware is a loathsome breed of malware that scares you with pop-up messages such as "virus found on your PC" or "Warning! Your PC is infected." Of course the only way to "fix" the problem is to install the advertiser's software to neutralize the threat. The problem is most often no problem actually exist and the scareware is just, well, trying to scare you into buying something you don't need. And unfortunately many unsuspecting PC users are duped into handing over their money. You can find the entire article here: http://blogs.pcworld.com/staffblog/archives/007839.html

BALTHOR
BALTHOR

Virus scanners abound and you have to pay them money for protection.I think that all of the firmware in the computer is accessed from the BIOS.The chipset is virus free and has a program record set to infinite storage.The chipset records everything that was ever done in the computer.

OldER Mycroft
OldER Mycroft

Logic has clouded your judgement of the issue. If you take the words AS WORDS, then the value of those words is absolute and in this instance correct. [i]"Virus scanners abound and you have to pay them money for protection."[/i] [b]OK - this bit might be subject to debate.[/b] [i]"I think that all of the firmware in the computer is accessed from the BIOS."[/i] [b]If you don't first boot the computer, then the firmware is never accessed - is it?[/b] [i]"The chipset is virus free and has a program record set to infinite storage."[/i] [b]Before the system actually boots, before electrical current is applied, the chipset still exists physically and in an uncontaminated condition. The program record could be interpreted as having infinite storage because the record only exists while the system is 'alive' and tends to utilise the benefits of overwriting as the uptime increases.[/b] [i]"The chipset records everything that was ever done in the computer."[/i] [b]The previous conditions also apply here. How many commands are there in the average computer chipset? I'm talking about low-level computer architecture - the electrons that flow around the motherboard. That is all the chipset is ever interested in. Raw machine code, but there's really not that much of it. What the Users think the computer has done is not in contention here.[/b] BALTHOR has just, rather eloquently, summed up the initial script from TRON. [i]I'm away to boot up a game of Lightcycles now...[/i]

Michael Kassner
Michael Kassner

BALTHOR is definitely something special to TR. BoxFiddler told me to look deeper into what is written and there is a great deal there to be sure. Did you know that BALTHOR has 146 resources on TR? Heck, I consider myself fortunate when I get comments on my articles from BALTHOR.

ganyssa
ganyssa

were discussions I have started. Sadly, they were about Sesame Street and why I'm not normal. Par for the course, really.

w2ktechman
w2ktechman

"true blue" techrepublic "old mycroft" techrepublic "jacky howe" techrepublic because when I first did Jacky Howe, I got lots and lots of unrelated hits.

Jacky Howe
Jacky Howe

is the name of the song that us Aussie battlers adhere to and John Williamson is as True Blue as you can get. A dinky di Aussie. ;) He's from the Mallee in case you didn't know. ;)

OldER Mycroft
OldER Mycroft

Also what those numbers represent. If "Old Mycroft" was the name of a pop band maybe my Google entries would also soar like 'yours'. ;)

Jacky Howe
Jacky Howe

I just did a google on True Blue 1 - 100 of about 9,090,000 and TR wasn't in the first 100. :D

w2ktechman
w2ktechman

but 19000 for "True Blue" techrepublic :D

Jacky Howe
Jacky Howe

and number 2 on my google search here in AUS. ;) I notice that my search for Boxfiddler results were slightly different to your search as she was also a number 1 and 2. I was currently logged on to TR when I googled. ;)

OldER Mycroft
OldER Mycroft

Have got none. One Australian bloke in particular appears to have managed to keep out of Google's results completely. I've checked ALL his alter ego's that I know of. :)

boxfiddler
boxfiddler

are posts we have made - er discussions/questions we have started?

boxfiddler
boxfiddler

But what are these? Discussions subscribed to? How does one acquire 'resources'?

boxfiddler
boxfiddler

to you too! What do you mean by [i]Did you know that BALTHOR has 146 resources on TR?[/i], if you will kind sir?

CharlieSpencer
CharlieSpencer

"The chipset is virus free and has a program record set to infinite storage." Why the #@$* am I wasting money on hard drives? "The chipset records everything that was ever done in the computer." This should make the job of computer forensics much easier. I'll be prying out my chipset and retrieving that monthly report I wrote in 1998. Truly a BALTHOR classic.

Sterling chip Camden
Sterling chip Camden

No more backups!

w2ktechman
w2ktechman

that is the beauty of the chipset storage recording device. Cool, now that I know about it, I'll get some really cool screenshots from those games I played (and beat -- barel in some cases). Now, does it play in real time?? Can I fast forward??

---TK---
---TK---

seriousely I can fit all 5 Terabytes on my mother board..... O my thats totally sweet!! I better go by another motherboard, incase I run out of unlimited storage.

Editor's Picks