N00bs with Windows

[Garda]

I was reading on /. about BlueSecurity. An Israeli anti-spam company that gave up becuse they kept on getting DDOS attacks from botnets.

This brings me to my question. Do you guys feel a little pissed off at the n00bs whose computers are infected and are responsible for these attacks.

Now some would say some people just aren't into technology or computers the way that we are and so wouldn't know what a botnet/phishing/spyware all are, and so they can't be blamed for their ignorance, but take my friend as an example..

He's got a computer, about 2/3 years old with Windows XP. He's telling me the story, "oh! my sister installed this little program on the computer now i keep getting popup adds for gambling when i go on the internet (note use of the word internet when he means web, and internet means IE)."

I explain spyware to him and tell him to reinstall windows, which he doesn't want to do. I then suggest using Firefox (he's still going to be an annoying zombie on the internet but now hopefully spyware isn't going to be able to grab the data he enters into forms on the web), and he says, "but then i can't use the internet, you can't go on the internet without using the internet explored, (i studied linguistics in high school, notice the definite article ie. "the" before internet explorer)"

Again, I personally don't really blame people for not being into the same stuff that i'm into, lets be honest, I spend heaps of time at a computer because i can't find chiks to spend that time with :), (in the case of this friend he has a social life quite less enthralling than mine, I think his excuse is just that he's dumb, :P) but to just be completely ignorant to these things, and to be told what you need to do and to just ignore sound advice does piss me off.

The problem is that if you are dumb about this, you get the popups and the spyware and all of that other stuff and that only affects you. When you're part of a botnet and are part of problems such as these kinds of DDOS against people like BlueSecurity, attacks that cripple small parts of the internet, then it's not just you that's being affected but other people as well. In such a situation i personally don't feel that it's entirely ok to just sit there with a dumb look on your face.

Your thoughts guys?

[Dr Zaius]

I don't have a problem with computer illiterate people who don't have a clue about computer security, but only on the condition that they are willing to learn how to secure their computer. It's really not that hard for the average joe to do. Just that alot of people refuse to learn new things, or they treat their computer/internet access the same as a phone or TV, if it's broken they get a new one or get a "professional" to fix it. Still the biggest problem with computer security is nothing new to this world, human stupidity and ignorance, things we've been plagued with since the start of mankind.

[moonlit]

Well I agree with both angles there, but to use an analogy:

A house gets robbed, they steal the old VRC that is never used and was meant to be thrown out and maybe a vase or two... ok, so not a big deal... they get told they should lock their door, perhaps with a lock and a couple of bolts... great...

But this person ignores the advice... they get robbed again, only this time the thief steals their 2 12-guages and a box of shells they had kept in the kitchen in case of emergency... now this person goes and shoots a bunch of people... totally different situation...

Now you might say this sounds like an extreme example, but it's a fair analogy and people should learn to think this way, not just to say "oh well, it was only a VCR and a vase, I'll live..."

[DLSS]

dumb ppl that dont wanna listen or learn to wot advice ppl like us give just shouldn't have a pc and b on the internet , even worse is that they are now endorsing it over here , now in belgium u can get a pretty decent pc and a 1 year inter net connection verry cheap ans the everyone on the internet package (something thought up by the government) and with it they get some courses ..... guess wot they learn to use ???

friggin IE , outlook , etc

that just aint helping .....

and its all they know cos its all they've been thought ....

[cooper]

The problem is that securing your box is HARD. And those out to get you are trying their best to trick you into believing you're doing the right thing. I really can't blame Joe Schmoe user for getting zombied. Hell, professionals get owned on a daily basis, and these people are both driven and paid for getting this stuff mostly right.

I do feel that ISPs should be more aware of the problem and help their users deal with it. So that if a machine on their network starts sending out CodeRed or whatever requests, the machine gets quaranteed, the only web page they see is one that says "We've detected that your machine has been infected with trojan software. Please use install and run the following programs to try and remove it. [bunch of links to files hosted within quarantine domain]. Once done, click this link. A special program will inspect your machine, and if it's given a clean bill of health, your internet service will be reinstated. If you need any help with this, feel free to contact our helpdesk at [phone number], available mo-fr 9-21 and saturdays between 13 and 18. Thank you."

The inspection program would basically take the output of adaware and possibly some other programs, make sure no 'dangerous' software remains, and if so, send some special command to the ISP to let the machine back on the internet. Shouldn't be all that hard to implement I gather. Tech support might get screamed at a bit though.

[Sparda]

but... if ISPs take responcablity for the security of there customers, doesn't this mean that net nutrality is egnored/broken (i think i need to rephrase this) as once again the ISP is controling what you can and can not access?

[VaKo]

Plus it also opens the doors to demands to ban P2P/VOIP/whatever the next big thing is. Once they prove they can do it, people will find more and more things they legally have to block. The main issue I can see with ISP's right now, is that they know exactly why people have 10mb+ cable connections. Its for P2P. So they know that if they lock out everything but basic internet services, people aren't going to pay for there top level accounts any more.

Maybe they should just have a sin-bin akin to the file sharing ones? (BT, another british ISP, put all there heavy downloaders on the same subnet[?] so they'd only effect each other). Get a virus, and get put in a holding area with limited connectivity until its fixed (whitelisted ports, nothing else).

And yup, having worked tech support where I've seen what spyware can do to the ignorant, people are gonna be pissed. But, to be absolutly honest, after listening to a procession of people blame you for the holes in windows, making spyware, sending spyware to there homes, breaking there computer etc... you couldn't care less. People fail to understand that computers, the most complex artifacts we can produce as a species, do not work like toasters.

[cooper]

Dude, there are ALREADY heavy users getting blocked and capped on high capacity lines. There are ALREADY caps being placed on certain ports because the traffic over them was getting silly. Ports on home users machines are already being firewalled by ISPs to prevent you from running your own services (on the grounds that they want you to pay them for doing it).

Your argument is bogus.

[degoba]

I will jump in here. Alot of people want their computer to function much like they interact with their cars. Some people are into cars and some are not. I personally do not know shit about cars but learned how to do certain things like pump gas, change a flat tire, and change my oil if need be. Now in my opinion there are just some things that you should learn when driving a car, i.e. pumping gas, or changing a flat. Computers are no different. In my opinion if you are going to use a computer there are some very basic things that you should learn. These basic things are not hard. Run an antivirus program and scan weekly and do the same with spyware. Dont look at shady sites and all that jazz.

[nate]

I will jump in here. Alot of people want their computer to function much like they interact with their cars. Some people are into cars and some are not. I personally do not know shit about cars but learned how to do certain things like pump gas, change a flat tire, and change my oil if need be. Now in my opinion there are just some things that you should learn when driving a car, i.e. pumping gas, or changing a flat. Computers are no different. In my opinion if you are going to use a computer there are some very basic things that you should learn. These basic things are not hard. Run an antivirus program and scan weekly and do the same with spyware. Dont look at shady sites and all that jazz.

I couldn't have said it better. I have alot of gear heads (car guys) as friends but all of their computers have gone to hell. And I told them about Firefox and virus scanners. They didn't even have virus scanners and they are asking my why their computer is dead while downloading some shady stuff. Which leads to...

Again, I personally don't really blame people for not being into the same stuff that i'm into...but to just be completely ignorant to these things, and to be told what you need to do and to just ignore sound advice does piss me off.

Again I totally agree. If i ran the world I would have these people shot...or maybe just educated...one of the two.

A house gets robbed, they steal the old VRC that is never used and was meant to be thrown out and maybe a vase or two... ok, so not a big deal... they get told they should lock their door, perhaps with a lock and a couple of bolts... great...

But this person ignores the advice... they get robbed again, only this time the thief steals their 2 12-guages and a box of shells they had kept in the kitchen in case of emergency... now this person goes and shoots a bunch of people... totally different situation...

Now you might say this sounds like an extreme example, but it's a fair analogy and people should learn to think this way, not just to say "oh well, it was only a VCR and a vase, I'll live..."

haha I like this analogy, and I feel that this really embodies the problem. We should put that where the public can read it. :D

Now for my opinion, other than killing all of the idiots that refuse to learn or focablely educating them i think that there needs to be a solution.

But I feel that our side of the argument will not become policy as it is not profitable and we all know those who have the power are just money grubbing suits. If someone was to make thier own ISP that had requirements to use it...kinda made for computer people for computer people that person would make alot of $. And it would solve our problem and this arguement would become obsolite.

[cooper]

I will jump in here. Alot of people want their computer to function much like they interact with their cars. Some people are into cars and some are not. I personally do not know shit about cars but learned how to do certain things like pump gas, change a flat tire, and change my oil if need be. Now in my opinion there are just some things that you should learn when driving a car, i.e. pumping gas, or changing a flat. Computers are no different. In my opinion if you are going to use a computer there are some very basic things that you should learn. These basic things are not hard. Run an antivirus program and scan weekly and do the same with spyware. Dont look at shady sites and all that jazz.

The problem is that *ANYBODY* can (and as we all see in daily life, DO) hook up their machine to the internet and do stupid stuff. With cars, you first need to get a license. And if you don't follow the basic rules and apply a little common sense you get pulled over by a traffic cop or spin off the track and crash into a tree or whatever.

With forums there are moderators. With newsgroups there are people deleting TONS of spam messages on a daily basis. Many ISPs have facilities in place to provide a spam filter for your mail box. Most ISPs will provide you with a free commercial virus scanner.

Why would it be so unreasonable to quarantine off a machine that is known to be troublesome? How is it different from a police officer pulling you over to see if you're driving under the influence?

[VaKo]

How do you sell something that is to complicated for the average person to use?

[Hit3k]

Thats why linux is free :) and you sell it by saying things like 'OMFG you need this so bad cause it'll make your computer better than your friends' People are gullible its as easy as that

[cooper]

How do you sell something that is to complicated for the average person to use?

That's just it: It's not too complicated!

You just need to apply some common sense and be aware of the basic rules. The internet is a dangerous place, and you should be aware of that.

Just like driving. Operating a vehicle isn't too hard, but if you want to take it on the open road you need to adhere to certain rules, and some of those rules can be quite complex. The open road is a dangerous place, with tons of steel and plastic hurling themselves in a certain direction at frightening speeds.

The complexity of traffic rules and the danger of other cars moving quickly all around you hasn't stopped car sales. Why would it be any different for the internet? If it brings a worthwhile service, people will be willing to pay for it.

[ShinmaRyuu]

How do you sell something that is to complicated for the average person to use?

i think it's called a profit margin.

I never have had problems myself with a windows box because i lock it down with software to keep nastyness out but nothing is full proof. This is why i like Macs and Linux so much. Sure something could happen but by default they are more secure. Most of my family has made the switch to mac thanks in part to me but also they just got sick of running 700 progs just to keep there stuff clean and safe.

My aunt is the best example i have of a unknowing user of computers. Her only goal is to use ebay and e-mail. Her former windows box had 49 trojan horses and enough spyway to fund a small country! i was very surprised not to find things like My Doom and Sasser because she was running right from the cable internet into her PC with 0 firewall and zero antivirus. The only firewall enabled was the windows one. I sold the machine on ebay for her and bought her a used mac mini. She has had zero problems since.

I live in a small town with a lot of my family members in the same town so i am the default computer guy. Everyone i have switched to a mac love it and find zero issues finding the software they need also thanks to me but hey it works for them. There is one big windows machine in the family though that i built for my cousin as his game rig. I locked it down and taught him how to run everything he needs and so far he has been ok but that rig is my big tech support target since i get the most calls from him needing help.

To me and this is my opinion if your not playing games than you should be using a Mac or Linux box.

[programertobe]

I personally am a linux geek, but when a pindows person asks me a security question, i will answer and probably help them because of their willingness to learn. WHen some retard gets on a computer and starts doing things that more than likely could get them viruses, then they should be slapped. Teach the willing and kill all others

[VaKo]

I can think of one good reason not to run a mac. I can't afford one.

I can think of one good reason not to run linux. No Adobe CS2.

Windows XP SP2 +all updates, AVG, Zone Alarm and a router work fine, its just the users. Quite frankly, todays consoles are getting to complex for some people, let alone dealing with patch tuesday or service packs...

Mac doesn't get spyware because there market share is relativly tiny compared to the MS market share. I wonder what it would be like if ubuntu had 90% of the worlds computer market? Or Apple, what would they be like as a monopoly?

[programertobe]

if apple was the monopoly then everything would have a cool brushed metal look :)

[VaKo]

And everything would cost 2 times as much, nothing new would work right for 6 months and the rebel geeks would be starting WUG in the dark corners of your local campus. Mean while the Linux users would be feeling smug about windows, but still ranting about open source code to the apple fans.

My view, windows is cheap, highly tweakable if you know what your doing and works on a massive range of hardware with no problem. It has good software support and does what i need it to. I can keep it sercure so why bother switching. Linux for servers? Sure but as a desktop it sucks for my work. Mac when i can afford to pay for luxurys like that. Until then, Dells work just fine.

[rFayjW98ciLoNQLDZmFRKD]

When ever I set up somebody elses computer, I always make them use firefox, avg, and Gaim. Plus I delete any shortcuts for IE. My little way to help eliminate 1 zombie from being created.

[Sparda]

When ever I set up somebody elses computer, I always make them use firefox, avg, and Gaim. Plus I delete any shortcuts for IE. My little way to help eliminate 1 zombie from being created.

aye

[TheZ]

I keep telling my family to use Firefox.....i guess it will come down to pyutting firefox as main browser and dumping all favoirtes to Firefox and stuff to get them to change :?

[murderousmidget]

i really dont see how people have such a hard time keeping their computers clean i recently formated my xp sp2 box and didnt get around to installing avg/adaware etc until about a month later and i do go to shady sites for cracks/keygens and when i did a scan i had almost no addware and no viruses i mean really the only way i could have made it worse was to go out of my way to find addware and viruses how do people manage to get their computers as messed up as they do

[programertobe]

infected pr0n and pure neglegence :D

[moonlit]

i really dont see how people have such a hard time keeping their computers clean i recently formated my xp sp2 box and didnt get around to installing avg/adaware etc until about a month later and i do go to shady sites for cracks/keygens and when i did a scan i had almost no addware and no viruses i mean really the only way i could have made it worse was to go out of my way to find addware and viruses how do people manage to get their computers as messed up as they do

If you do go to shady sites and don't appear to catch anything, I would also advise running Rootkit Revealer (SysInternals.com) or something similar just in case... I'm not sure of the current distrobution/infection rate of rootkits, but you never know what those sites might have, especially if it is in the form of a rootkit or powered/concealed by one...