I'm not trying to scare you!
April 18, 2010 9:27 AM Subscribe
Scareware comprises several classes of scam software with malicious payloads, or of limited or no benefit, that are marketed to consumers by scaring them. One frequently seen version is rogue security software that deceives users into paying for the fake or simulated removal of malware. The N. Y. Times site inadvertently displayed a scareware message last September.
Ransomware is computer malware which holds a computer system, or the data it contains, hostage against its user by demanding a ransom for its restoration. A recently seen version pretends to be the fake ICPP Foundation. The victim is informed that an "Antipiracy foundation scanner" has found illegal torrents and must pay $400 (via credit card), to avoid jail and huge fines.
(Microsoft genuine advantage, which can display "periodic reminders" has been legally ruled non-spyware.)
Macs are not immune to ransomware.
Ransomware is computer malware which holds a computer system, or the data it contains, hostage against its user by demanding a ransom for its restoration. A recently seen version pretends to be the fake ICPP Foundation. The victim is informed that an "Antipiracy foundation scanner" has found illegal torrents and must pay $400 (via credit card), to avoid jail and huge fines.
(Microsoft genuine advantage, which can display "periodic reminders" has been legally ruled non-spyware.)
Macs are not immune to ransomware.
The NYTimes one got my mom, who is reasonably internet-savvy for her generation. Cost us both a few hours of our time as I tried to work out what had happened over the phone and then had to explain to her that the whole thing was fake. Arrrgghh.
posted by Inspector.Gadget at 9:44 AM on April 18, 2010
posted by Inspector.Gadget at 9:44 AM on April 18, 2010
Sometimes I click on the wrong thing and I get a fake Windows XP warning window. It is kind of comical actually - "huh, that's odd, I don't think I am running Windows... lemme check... nope, still don't have it installed". Even better is when they manage to get my browser to download an exe - iceweasel asks me what to do with it (giving me the option to try running it under wine)... I've never really been tempted to try running one of them though, to be honest.
Of course one of these days someone will come up with a pure javascript root exploit of iceweasel, or sneak some ransomeware into the apt repositories and boy will I look foolish then. But I figure the massive fiddlyness of Linux will save me in the long run, because hey even getting their exploit code to work would probably involve editing too many fucking conf files and searching through forums and dealing with arrogant assholes who tell them to RTFM on IRC.
posted by idiopath at 9:52 AM on April 18, 2010 [20 favorites]
Of course one of these days someone will come up with a pure javascript root exploit of iceweasel, or sneak some ransomeware into the apt repositories and boy will I look foolish then. But I figure the massive fiddlyness of Linux will save me in the long run, because hey even getting their exploit code to work would probably involve editing too many fucking conf files and searching through forums and dealing with arrogant assholes who tell them to RTFM on IRC.
posted by idiopath at 9:52 AM on April 18, 2010 [20 favorites]
Ransomware is particularly insidious, simply because the traditional "scan and clean" model just doesn't work. Once the malicious application has done it's thing, you're screwed unless the author was sloppy with their crypto implementation. The only way to defend against ransomware is to keep it off your machine in the first place, which is becoming increasingly difficult to do as the antivirus vendors chase their tails trying to keep up with writing signatures for a volume of new malware variants that seems to increase exponentially each year.
posted by deadmessenger at 9:53 AM on April 18, 2010
posted by deadmessenger at 9:53 AM on April 18, 2010
Firefox+NoScript. Throw in AdBlock Plus for good measure.
My former business partner hated NoScript (really? how lazy do you have to be? but I digress) until he got hit with a drive-by by clicking on a link in EHOWA (yes, I know, /rolleyes).
He lost an entire week wrestling with the results. Finally just reformatted the HD. We had good backups, but still. Oh, and now he is a believer.
FF+NS won't prevent sheer stupidity or clumsiness, but it is a good first line of defense. I find if I have to enable more than two scripts to run a page, I just say the hell with it and don't go there anymore.
posted by Xoebe at 9:53 AM on April 18, 2010 [3 favorites]
My former business partner hated NoScript (really? how lazy do you have to be? but I digress) until he got hit with a drive-by by clicking on a link in EHOWA (yes, I know, /rolleyes).
He lost an entire week wrestling with the results. Finally just reformatted the HD. We had good backups, but still. Oh, and now he is a believer.
FF+NS won't prevent sheer stupidity or clumsiness, but it is a good first line of defense. I find if I have to enable more than two scripts to run a page, I just say the hell with it and don't go there anymore.
posted by Xoebe at 9:53 AM on April 18, 2010 [3 favorites]
Ugh, these things are a nightmare for getting New People online
I hooked some people up with an ubuntu box and they got frustrated because they couldn't install the scareware.
posted by fuq at 9:56 AM on April 18, 2010 [5 favorites]
I hooked some people up with an ubuntu box and they got frustrated because they couldn't install the scareware.
posted by fuq at 9:56 AM on April 18, 2010 [5 favorites]
Oh, and thank you for including the "macs are not immune" link. I do IT Security for a living, and one of the most common things I hear is "I use a Mac, so I don't have this problem!" This, of course, is completely, utterly and profoundly wrong, for two reasons: First, just because a security hole isn't being widely exploited does NOT mean that it won't eventually, and second, the most common security hole being exploited today is the one between the ears of the person sitting in front of the computer.
posted by deadmessenger at 9:59 AM on April 18, 2010 [1 favorite]
posted by deadmessenger at 9:59 AM on April 18, 2010 [1 favorite]
I don't usually feel this way, but the people behind this should be killed with an ax.
posted by Astro Zombie at 10:14 AM on April 18, 2010 [5 favorites]
posted by Astro Zombie at 10:14 AM on April 18, 2010 [5 favorites]
What do you usually feel people should be killed with?
posted by mazola at 10:18 AM on April 18, 2010 [2 favorites]
posted by mazola at 10:18 AM on April 18, 2010 [2 favorites]
usually it's just the people in front that should be killed with an axe.
posted by spikeleemajortomdickandharryconnickjrmints at 10:19 AM on April 18, 2010 [3 favorites]
posted by spikeleemajortomdickandharryconnickjrmints at 10:19 AM on April 18, 2010 [3 favorites]
I am hardly new, but I just wrestled with XP Antispyware 2010. I got rid of it with a regfix, Spybot and Ad aware. It took several runs to clear it. I was particularly amused by the increasingly urgent warnings that came up during removal. ASSHOLES!
posted by The Mermaid at 10:25 AM on April 18, 2010
posted by The Mermaid at 10:25 AM on April 18, 2010
but the people behind this should be killed with an ax.
It's these kinds of invasive, terrible, seemingly malice-for-malice-sake programs are gonna keep the internet from really reaching out to all populations AND undermine the integrity of the system as a whole. They are Bad News For Everyone.
posted by The Whelk at 10:26 AM on April 18, 2010
It's these kinds of invasive, terrible, seemingly malice-for-malice-sake programs are gonna keep the internet from really reaching out to all populations AND undermine the integrity of the system as a whole. They are Bad News For Everyone.
posted by The Whelk at 10:26 AM on April 18, 2010
What do you usually feel people should be killed with?
Have you seen the movie Astro Zombies? A machete, of course.
posted by Astro Zombie at 10:27 AM on April 18, 2010
Have you seen the movie Astro Zombies? A machete, of course.
posted by Astro Zombie at 10:27 AM on April 18, 2010
he got hit with a drive-by by clicking on a link in EHOWA (yes, I know, /rolleyes)
Would you care to elaborate? For those of us whose eyes did not immediately roll?
posted by IndigoJones at 10:29 AM on April 18, 2010
Would you care to elaborate? For those of us whose eyes did not immediately roll?
posted by IndigoJones at 10:29 AM on April 18, 2010
Does NoScript have an extensive whitelist anywhere? Because it's *really* annoying to try and set that for relatives.
posted by graventy at 10:33 AM on April 18, 2010
posted by graventy at 10:33 AM on April 18, 2010
And then there's
Spareware: all that software you only installed because you needed it that one time, but haven't uninstalled it out of laziness.
Flareware: plugins for Photoshop that make your photos look like shit.
Éclairware - software for choux pastry machines.
posted by le morte de bea arthur at 10:34 AM on April 18, 2010 [9 favorites]
Spareware: all that software you only installed because you needed it that one time, but haven't uninstalled it out of laziness.
Flareware: plugins for Photoshop that make your photos look like shit.
Éclairware - software for choux pastry machines.
posted by le morte de bea arthur at 10:34 AM on April 18, 2010 [9 favorites]
Would you care to elaborate? For those of us whose eyes did not immediately roll?
EHOWA is sort of what has risen to replace eBaumsWorld - a random collection of ostensibly funny photos, etc.
posted by DecemberBoy at 10:34 AM on April 18, 2010
EHOWA is sort of what has risen to replace eBaumsWorld - a random collection of ostensibly funny photos, etc.
posted by DecemberBoy at 10:34 AM on April 18, 2010
I just got done cleaning my daughter's laptop of the insidious Vista Internet Security 2010. Its popups look completely legit to the untrained eye, and I can see how easy it was for her to fall for it. She had followed all of is prompts, until she got to the demand for payment, before she sheepishly brought it home for me to rescue. By that time it had completely overridden her existing antivirus program and had turned off her firewall. It took me about two hours to get it completely cleaned up. GRAR GRAR!
As an aside, I can't recommend Malwarebytes enough. It's wonderful.
posted by amyms at 10:34 AM on April 18, 2010 [1 favorite]
As an aside, I can't recommend Malwarebytes enough. It's wonderful.
posted by amyms at 10:34 AM on April 18, 2010 [1 favorite]
Yeah, this kind of malware is far and away the worst kind possible. It seems like our computers at work are infected with it on a fairly regular basis, despite my efforts to get everyone using Firefox.
On the plus side, I've gotten really good at removing it.
posted by HostBryan at 10:35 AM on April 18, 2010
On the plus side, I've gotten really good at removing it.
posted by HostBryan at 10:35 AM on April 18, 2010
BonziBUDDY, why have you forsaken me?
posted by mazola at 10:41 AM on April 18, 2010 [1 favorite]
posted by mazola at 10:41 AM on April 18, 2010 [1 favorite]
I really don't understand why law enforcement can't take care of this sort of thing. To make money on ransomware, wouldn't there have to be someone with a bank account or something on the other end? And once you involve the transport of money, you involve a big paper/electronic trail that police could follow.
Yeah, I know that some of the countries in which these people operate can't be bothered to help (and in some moments of pique I've thought the internet might be better if they were just cut off until they start cooperating a little bit more), but you'd think you could at get the middleman to stop passing payments and thus stop it from being lucrative.
posted by Mitrovarr at 10:42 AM on April 18, 2010 [4 favorites]
Yeah, I know that some of the countries in which these people operate can't be bothered to help (and in some moments of pique I've thought the internet might be better if they were just cut off until they start cooperating a little bit more), but you'd think you could at get the middleman to stop passing payments and thus stop it from being lucrative.
posted by Mitrovarr at 10:42 AM on April 18, 2010 [4 favorites]
Great post, thank you.
I wish someone would follow the money trail for how these crooks are collecting payments. There's significant organized criminal enterprise and it's dangerous to the Internet. The companies collecting the payments should be shut down. And the crooks should be put in jail.
posted by Nelson at 10:58 AM on April 18, 2010 [2 favorites]
I wish someone would follow the money trail for how these crooks are collecting payments. There's significant organized criminal enterprise and it's dangerous to the Internet. The companies collecting the payments should be shut down. And the crooks should be put in jail.
posted by Nelson at 10:58 AM on April 18, 2010 [2 favorites]
This is one of the things that put me on the "Hell no I won't turn off ad block" side of the Ars Technica debates. Until such time as the people responsible for the ads actually do due diligence to ensure that this type of thing doesn't happen, why should I let such a potential attack vector in?
That, and I play World of Warcraft. Half the sites about the game have had ad server hacks at one time or another. One hack going so far as to circumvent the security token you can buy through a real time MITM attack.
posted by zabuni at 11:14 AM on April 18, 2010 [5 favorites]
That, and I play World of Warcraft. Half the sites about the game have had ad server hacks at one time or another. One hack going so far as to circumvent the security token you can buy through a real time MITM attack.
posted by zabuni at 11:14 AM on April 18, 2010 [5 favorites]
No matter how convincingly dressed up or aesthetically similar to an installation or warning window, I've never been in doubt for a split-second about the legitimacy and veracity of pop-ups or internet malware auto-installs. I really just don't understand how you can be fooled - why would an anti-virus program you didn't know you had or maybe even know you didn't have warn you about anything via a browser pop-up? Why would you ever download, nevermind install or run software you were not explicitly looking to download and install? It's the internet equivalent of taking curiously shoddily-wrapped candy from the dodgy looking stranger standing outside the restaurant you were heading for.
posted by Dysk at 11:34 AM on April 18, 2010
posted by Dysk at 11:34 AM on April 18, 2010
Brother Dysk: You are presuming computer literacy beyond that of many users. There are people who use a computer every day, who are not clear on: whose computer a given program is running on, what programs they have installed, what the reletionship is between a web page and their own computer.
This is before you add in the factor that many of the popups come up with no window decorations or chrome, and then put on fake decorations to look like a system pop up and not a web browser window. If they can pop up a window in my iceweasel on debian that makes me wonder for a second how I have a windows XP system message on my screen, then a random semi-computer-literate user stands a pretty good chance of getting tricked.
posted by idiopath at 11:43 AM on April 18, 2010 [5 favorites]
This is before you add in the factor that many of the popups come up with no window decorations or chrome, and then put on fake decorations to look like a system pop up and not a web browser window. If they can pop up a window in my iceweasel on debian that makes me wonder for a second how I have a windows XP system message on my screen, then a random semi-computer-literate user stands a pretty good chance of getting tricked.
posted by idiopath at 11:43 AM on April 18, 2010 [5 favorites]
Apple Fans Are Clueless About Security, Hacker Says
posted by homunculus at 11:49 AM on April 18, 2010
posted by homunculus at 11:49 AM on April 18, 2010
Nelson: re: banking - Reuters recently took a look at Innovative Marketing Ukraine, a huge multimillion dollar scareware outfit, and their article included a nice fat chunk on this very subject:
posted by bhance at 12:00 PM on April 18, 2010 [3 favorites]
Yes, you read that right. People who work for these companies need to be thrown into woodchippers.
One of Innovative Marketing's biggest problems was the high proportion of victims who complained to their credit card companies and obtained refunds on their purchases. That hurt the relationships with its merchant banks that processed those transactions, forcing it to switch from banks in Canada to Bahrain. It created subsidiaries designed to hide its identity.
In 2005, Bank of Bahrain & Kuwait severed its ties with an Innovative Marketing subsidiary that had the highest volume of credit card processing of any entity in Bahrain because of its high chargeback rates, according to D'Souza.
Innovative Marketing then went five months without a credit card processor before finding a bank in Singapore -- DBS Bank -- willing to handle its account. The Singapore bank processed tens of millions of dollars in backlogged credit card payments for the company, D'Souza said.
To keep the chargeback rate from climbing even higher, Innovative Marketing invested heavily in call centers. It opened facilities in Ukraine, India and the United States. The rogueware was designed to tell the users that their PCs were working properly once the victim had paid for the software, so when people called up to complain it wasn't working, agents would walk them through whatever steps it took to make those messages come up.
posted by bhance at 12:00 PM on April 18, 2010 [3 favorites]
homunculus: "Apple Fans Are Clueless About Security"
I have no doubt of this at all. I would even say that most Gnu/Linux users are quite lax about security as well. We non-windows-users can afford to be for the moment, because nobody is targeting us. But we are developing bad habits and there will be a pretty severe set of consequences once the Russian malware and exploit kit industry starts targeting our platforms.
All it would take is a post on some reasonably real looking Linux forum "I had a that problem too, but then I added the repos at randommalwarevector.org to my apt sources, and ran 'apt-get-update; apt-get upgrade' and all my problems were fixed!".
posted by idiopath at 12:05 PM on April 18, 2010 [2 favorites]
I have no doubt of this at all. I would even say that most Gnu/Linux users are quite lax about security as well. We non-windows-users can afford to be for the moment, because nobody is targeting us. But we are developing bad habits and there will be a pretty severe set of consequences once the Russian malware and exploit kit industry starts targeting our platforms.
All it would take is a post on some reasonably real looking Linux forum "I had a that problem too, but then I added the repos at randommalwarevector.org to my apt sources, and ran 'apt-get-update; apt-get upgrade' and all my problems were fixed!".
posted by idiopath at 12:05 PM on April 18, 2010 [2 favorites]
People who work for these companies need to be thrown into woodchippers.
You people have no imagination. Sodomizing these miscreants with a 4x4 fencepost wrapped with barbed wire, now that's a starting point.
posted by pjern at 12:09 PM on April 18, 2010
You people have no imagination. Sodomizing these miscreants with a 4x4 fencepost wrapped with barbed wire, now that's a starting point.
posted by pjern at 12:09 PM on April 18, 2010
I sincerely believe people who commit these annoying but fairly frivolous internet-based crimes should be given sentences up to and including heavy fines, probation, and possibly even light jail time for repeat offenders.
Wait did I do it wrong?
posted by drjimmy11 at 12:16 PM on April 18, 2010 [2 favorites]
Wait did I do it wrong?
posted by drjimmy11 at 12:16 PM on April 18, 2010 [2 favorites]
I sincerely believe people who commit these annoying but fairly frivolous internet-based crimes should be given sentences up to and including heavy fines, probation, and possibly even light jail time for repeat offenders.
Apple Fans Are Clueless About Security
posted by mazola at 12:31 PM on April 18, 2010 [1 favorite]
Apple Fans Are Clueless About Security
posted by mazola at 12:31 PM on April 18, 2010 [1 favorite]
We non-windows-users can afford to be for the moment, because nobody is targeting us.
I mean this as a genuine question, not undercover trolling: why not? The reason we're given all the time--most recently from this dude and his haircut--is market share. But how much bigger does the market need to get? According to market researchers Experian Simmons, 21.6% of US adults own or use an Apple product. (And that's only adults, not teenagers.) How big does the market have to get before Russian malware makers decide to give it a look-see?
Think about all the anti-Apple vitriol that's in the air right now. It just seems really hard to believe that a black hat hasn't said "You know what? I'm so sick of those smarmy Apple hipsters with their fixies and their $100 blue jeans all talking about how Macs are so secure. I'll show them!" If nothing else, being the first creep to get a widespread exploit on a Mac is worth bragging points.
Again, I'm not saying that Macs are more secure or that all of us don't need to be more vigilant, I'm just asking if the market share argument still holds water.
posted by Ian A.T. at 12:38 PM on April 18, 2010
I mean this as a genuine question, not undercover trolling: why not? The reason we're given all the time--most recently from this dude and his haircut--is market share. But how much bigger does the market need to get? According to market researchers Experian Simmons, 21.6% of US adults own or use an Apple product. (And that's only adults, not teenagers.) How big does the market have to get before Russian malware makers decide to give it a look-see?
Think about all the anti-Apple vitriol that's in the air right now. It just seems really hard to believe that a black hat hasn't said "You know what? I'm so sick of those smarmy Apple hipsters with their fixies and their $100 blue jeans all talking about how Macs are so secure. I'll show them!" If nothing else, being the first creep to get a widespread exploit on a Mac is worth bragging points.
Again, I'm not saying that Macs are more secure or that all of us don't need to be more vigilant, I'm just asking if the market share argument still holds water.
posted by Ian A.T. at 12:38 PM on April 18, 2010
idiopath, Burhanistan, I'm fully aware that I'm more computer-literate than most. I know that this happens a lot, and people must be fooled. What I said, however, was that I don't understand, and I don't. I cannot possibly see how it is possible to see these pop-ups without seeing the fake. I know that people do, but I have (at best) the same level of intrinsic understanding and ability to empathise that I do with, say, colour-blindness. Well, less so really, thanks to black & white film.
I know that I apparently see stuff some people don't in this context, I just don't understand how it's possible to miss it.
posted by Dysk at 12:43 PM on April 18, 2010
I know that I apparently see stuff some people don't in this context, I just don't understand how it's possible to miss it.
posted by Dysk at 12:43 PM on April 18, 2010
idiopath: "Apple Fans Are Clueless About Security"
I have no doubt of this at all. I would even say that most Gnu/Linux users are quite lax about security as well.
Lax, certainly, but not clueless (in the majority of instances.)
posted by Dysk at 12:48 PM on April 18, 2010
I have no doubt of this at all. I would even say that most Gnu/Linux users are quite lax about security as well.
Lax, certainly, but not clueless (in the majority of instances.)
posted by Dysk at 12:48 PM on April 18, 2010
You're seeing people through your own lens of computer savvy. As a systems admin, I can say I've come across no shortage of people (young and old) who have a very two dimensional and fear based interaction with computers. They allow themselves only enough knowledge to be able to limp around the GUI to be able to perform tasks, but have little clue about how anything interacts with anything else. They don't want to know, and for some odd reason think it is beneath them.
It's always been a bit of a challenge for me to have patience with people who can't use basic logic to figure out computer issues. There's a fairly broad line to me between being able to simply use the interfaces properly and requiring specialized training or back-end knowledge.
This is a major issue - I am not programming savvy nor app/os/hoo haa savvy enough in todays world. Otoh, I consider myself an educated user primarily due to sheer experience - having begun on DOS 1.0 in 1982. One of the things that has always helped me figure out stuff as it evolved in leaps and bounds over the decades was simply the grounding in first principles that my introduction to computers gave me - GIGO anyone? and the syntax and structure of the BASIC and filing systems from Win 3.1 that help me figure my way through the overly helpful paperclip crap on the screen these days.
My point is that somewhere along the line, "user friendly" became "dumbth down" and "opaque" leading to the challenges that your average current day user faces, as articulated in the snippet above.
I don't care how far we've come if we've forgotten that an occasional animated demo introducing you to your box wouldn't go amiss. Until then, to paraphrase the "dumb user" observation made somewhere upthread, its the ignorance that's being exploited and this ignorance is AS MUCH a function of the industry and the makers of this stuff as it is the user. You can't blame the poor user if Vista (gags) is what they see...
So, I'd suggest that if those concerned really want to address this issue then perhaps its not only a matter of chasing down and attacking the malware/ransomware/eclairware/whereware guys but finding and developing ways to EDUCATE and INFORM "your average user". No point sneering down at them if Apple and Microsoft are streamlining and paring their way to the lowest common denominator OS.
and get off my lawn, grar grar while you're at it
/end rant
posted by infini at 12:56 PM on April 18, 2010 [1 favorite]
Brother Dysk: "No matter how convincingly dressed up or aesthetically similar to an installation or warning window, I've never been in doubt for a split-second about the legitimacy and veracity of pop-ups or internet malware auto-installs. I really just don't understand how you can be fooled - why would an anti-virus program you didn't know you had or maybe even know you didn't have warn you about anything via a browser pop-up? Why would you ever download, nevermind install or run software you were not explicitly looking to download and install?"
Honestly? I've seen the virus a few times, and generally assumed it was from some malicious website. I've never actually installed '(windows version) Virus Scan (year)'. In my experience, it first infects, then pounds you with installation demands. popups, background changes, etc. It's insidious and awful.
posted by graventy at 1:26 PM on April 18, 2010
Honestly? I've seen the virus a few times, and generally assumed it was from some malicious website. I've never actually installed '(windows version) Virus Scan (year)'. In my experience, it first infects, then pounds you with installation demands. popups, background changes, etc. It's insidious and awful.
posted by graventy at 1:26 PM on April 18, 2010
Macs are not immune to ransomware.
Kids aren't immune to smallpox either, but we don't bother vaccinating them because there isn't any in the wild. That article is the same oh-my-God-here-comes-the-Mac-malware wishful FUD we've been reading for 20 years. Someone compiled a demo trojan that puts the Mac in kiosk mode?! Oh no! Let me know when it has an infection vector other than pirated warez on BitTorrent, and I'll consider subscribing to your newsletter. (How much is that subscription again?)
posted by nicwolff at 1:43 PM on April 18, 2010 [2 favorites]
Kids aren't immune to smallpox either, but we don't bother vaccinating them because there isn't any in the wild. That article is the same oh-my-God-here-comes-the-Mac-malware wishful FUD we've been reading for 20 years. Someone compiled a demo trojan that puts the Mac in kiosk mode?! Oh no! Let me know when it has an infection vector other than pirated warez on BitTorrent, and I'll consider subscribing to your newsletter. (How much is that subscription again?)
posted by nicwolff at 1:43 PM on April 18, 2010 [2 favorites]
graventry, you're doing something different to me. Granted, I use adblock and non-IE browsers on my Vista box, but I have neither firewall nor anti-virus of any kind. I take no particular precautions of a technical nature - my only defence is a little restraint with the left mouse button. I regularly pirate both music and software, and visit some of the least savoury parts of the internet (from a technical, rather than necessarily X-rated nature) and yet have not had any issues*.
*I install and run an monthly anti-virus/anti-spyware scan which finds the odd cookie, but no more. I monitor network traffic at router (still no firewall or shaping, mind) in order to be sure I'm not part of some botnet.
posted by Dysk at 2:00 PM on April 18, 2010
*I install and run an monthly anti-virus/anti-spyware scan which finds the odd cookie, but no more. I monitor network traffic at router (still no firewall or shaping, mind) in order to be sure I'm not part of some botnet.
posted by Dysk at 2:00 PM on April 18, 2010
I am hardly new, but I just wrestled with XP Antispyware 2010. I got rid of it with a regfix, Spybot and Ad aware.
I recommend ComboFix. These things are effective because they're rootkits, not technically the same as a virus and can be much more difficult to remove. I do this for a living.
BTW, that's the only link you should ever use to get to the download link. There are a ton of scam sites that come up in a Google search.
posted by krinklyfig at 3:36 PM on April 18, 2010 [2 favorites]
I recommend ComboFix. These things are effective because they're rootkits, not technically the same as a virus and can be much more difficult to remove. I do this for a living.
BTW, that's the only link you should ever use to get to the download link. There are a ton of scam sites that come up in a Google search.
posted by krinklyfig at 3:36 PM on April 18, 2010 [2 favorites]
but finding and developing ways to EDUCATE and INFORM "your average user"
Ha!
I work for an ISP doing tech and network support. Good luck with that "educating the newbies" thing. I remember when we were saying that back in 1993 when AOL joined Usenet. You know China is starting to make a presence online ...
No, what we need are computers and software which are intuitive, useful and secure. It's not the user's job to learn tech support, and besides they won't. The failure to identify this problem was the albatross of MS for far too long. Apple gets it. I know when a device is well designed when I barely hear any tech support questions or complaints about it. Time Capsule/Time Machine is a great example.
posted by krinklyfig at 3:44 PM on April 18, 2010 [5 favorites]
Ha!
I work for an ISP doing tech and network support. Good luck with that "educating the newbies" thing. I remember when we were saying that back in 1993 when AOL joined Usenet. You know China is starting to make a presence online ...
No, what we need are computers and software which are intuitive, useful and secure. It's not the user's job to learn tech support, and besides they won't. The failure to identify this problem was the albatross of MS for far too long. Apple gets it. I know when a device is well designed when I barely hear any tech support questions or complaints about it. Time Capsule/Time Machine is a great example.
posted by krinklyfig at 3:44 PM on April 18, 2010 [5 favorites]
granted, krinklyfig, granted 100%
my PoV has been from being only a PC user since I could never get the hang of that single button interface since teh Apple ][e
posted by infini at 4:01 PM on April 18, 2010
my PoV has been from being only a PC user since I could never get the hang of that single button interface since teh Apple ][e
posted by infini at 4:01 PM on April 18, 2010
I am hardly new, but I just wrestled with XP Antispyware 2010. I got rid of it with a regfix, Spybot and Ad aware. It took several runs to clear it. I was particularly amused by the increasingly urgent warnings that came up during removal. ASSHOLES!
What makes this particularly annoying is that Norton is also quite dire when you try to remove it.
posted by JHarris at 6:52 PM on April 18, 2010
What makes this particularly annoying is that Norton is also quite dire when you try to remove it.
posted by JHarris at 6:52 PM on April 18, 2010
I run an IT shop and I truly believe three things very deeply:
1. It's 2010. Computers have been in the hands of consumers for nearly twenty years. Not knowing how to (a) back up your files) (b) intelligently determine what is safe to click and what is not; and (c) how to perform basic tasks like right-clicking a mouse, managing software (installing and removing it) is inexcusable.
2. There needs to be a method for me to issue tickets to the type of people that send me "OMG koobface" emails that have been forwarded from Bill Gates and sixty other recipients. Tickets should lead to points which lead to suspensions and/or revocation of the privilege of connecting to the Internet. Because those are not safe operators.
3. If you have less savvy about buying a computer than you do about buying a car, you deserve the computer you get.
posted by disclaimer at 7:42 PM on April 18, 2010
1. It's 2010. Computers have been in the hands of consumers for nearly twenty years. Not knowing how to (a) back up your files) (b) intelligently determine what is safe to click and what is not; and (c) how to perform basic tasks like right-clicking a mouse, managing software (installing and removing it) is inexcusable.
2. There needs to be a method for me to issue tickets to the type of people that send me "OMG koobface" emails that have been forwarded from Bill Gates and sixty other recipients. Tickets should lead to points which lead to suspensions and/or revocation of the privilege of connecting to the Internet. Because those are not safe operators.
3. If you have less savvy about buying a computer than you do about buying a car, you deserve the computer you get.
posted by disclaimer at 7:42 PM on April 18, 2010
To my above "Never Click Anything" rule, add: "Never Install Norton Anything".
posted by turgid dahlia at 8:24 PM on April 18, 2010 [2 favorites]
posted by turgid dahlia at 8:24 PM on April 18, 2010 [2 favorites]
Apple Fans Are Clueless About Security
Nice broad brush you're painting with.
But I did get my first possible bit of Apple targeted phishing SPAM today. In my spam folder I see an email from Apple AppStore with "83.05592 Apple AppStore Notify" as the subject.
It was a weak version of a notification from Apple on an online order (munging the App Store with a product order). The trap was to click on the Order Information link which no clueless Apple Fan would notice when hovering over the link goes to "globalheatthailand.com" (weird that Apple would not use an apple.com domain for its order information system!). At least all the words are spelled correctly unlike phishing spam purportedly from Citi that managed to spell the word "bank" wrong.
I'm totally curious to see if there's Mac specific malware at that address but don't want to click on it as well, I've gone 25 years on Macs and PCs without a single infection of any badware and don't want to break that streak. (Googling the site says it may harm my computer)
posted by birdherder at 8:36 PM on April 18, 2010
Nice broad brush you're painting with.
But I did get my first possible bit of Apple targeted phishing SPAM today. In my spam folder I see an email from Apple AppStore with "83.05592 Apple AppStore Notify" as the subject.
It was a weak version of a notification from Apple on an online order (munging the App Store with a product order). The trap was to click on the Order Information link which no clueless Apple Fan would notice when hovering over the link goes to "globalheatthailand.com" (weird that Apple would not use an apple.com domain for its order information system!). At least all the words are spelled correctly unlike phishing spam purportedly from Citi that managed to spell the word "bank" wrong.
I'm totally curious to see if there's Mac specific malware at that address but don't want to click on it as well, I've gone 25 years on Macs and PCs without a single infection of any badware and don't want to break that streak. (Googling the site says it may harm my computer)
posted by birdherder at 8:36 PM on April 18, 2010
My son fell for one of those on his PC. We were able to eradicate it but he actually paid $99 for the privilege of getting invaded by malware. Expensive lesson for a college student.
posted by Doohickie at 9:04 PM on April 18, 2010
posted by Doohickie at 9:04 PM on April 18, 2010
I'm sorry, light jail sentences won't do it.
The potential rewards are huge; but the amount that these scum cost society is even larger.
It's no exaggeration to say that these evil bastards have cost literally billions of dollars and have cost millions of people days of their lives. A whole lifetime is only about 30,000 days! And worse, the people who get caught by this are the people who could disproportionately benefit from the internet, and instead are scared off and can't use it - the poor, the old, the stupid, the handicapped.
This won't stop until there are some serious jail sentences handed out.
posted by lupus_yonderboy at 9:24 PM on April 18, 2010 [2 favorites]
The potential rewards are huge; but the amount that these scum cost society is even larger.
It's no exaggeration to say that these evil bastards have cost literally billions of dollars and have cost millions of people days of their lives. A whole lifetime is only about 30,000 days! And worse, the people who get caught by this are the people who could disproportionately benefit from the internet, and instead are scared off and can't use it - the poor, the old, the stupid, the handicapped.
This won't stop until there are some serious jail sentences handed out.
posted by lupus_yonderboy at 9:24 PM on April 18, 2010 [2 favorites]
lupus_yonderboy: I agree with you. I in no way want to mock you or the position you advocate.
But the siren call of the snark, it is much to strong, and I am too weak to resist it.
Won't someone please think of the stupid?
posted by idiopath at 9:39 PM on April 18, 2010
But the siren call of the snark, it is much to strong, and I am too weak to resist it.
the people who get caught by this are the people who could disproportionately benefit from the internet, and instead are scared off and can't use it - the poor, the old, the stupid, the handicapped
Won't someone please think of the stupid?
posted by idiopath at 9:39 PM on April 18, 2010
>> We non-windows-users can afford to be for the moment, because nobody is targeting us.
> I mean this as a genuine question, not undercover trolling: why not? The reason we're given all the time--most recently from this dude and his haircut--is market share. But how much bigger does the market need to get?
[...]
Again, I'm not saying that Macs are more secure or that all of us don't need to be more vigilant, I'm just asking if the market share argument still holds water.
The argument (it's just market share) never held water, and it's exhausting to see it regurgitated by everyone from self-proclaimed "hackers" to Apple salespeople themselves.
I'm not saying market share's totally irrelevant, or that there are no security issues with OS X; there are. But to claim that the absence of a single viable, self-propogating OS X virus is purely because OS X isn't high-profile enough for malware producers to even bother with is delusional. We're talking about an OS with an ever-increasingly fast-growing install base and a reputation for having well-off, technologically ignorant users, running no antivirus software. That's not a juicy enough payout for anyone to bother targeting? Consider that Mac OS 9 had a fraction of the market share that Mac OS X does, and OS 9 had thousands of viruses.
posted by churl at 10:23 PM on April 18, 2010
> I mean this as a genuine question, not undercover trolling: why not? The reason we're given all the time--most recently from this dude and his haircut--is market share. But how much bigger does the market need to get?
[...]
Again, I'm not saying that Macs are more secure or that all of us don't need to be more vigilant, I'm just asking if the market share argument still holds water.
The argument (it's just market share) never held water, and it's exhausting to see it regurgitated by everyone from self-proclaimed "hackers" to Apple salespeople themselves.
I'm not saying market share's totally irrelevant, or that there are no security issues with OS X; there are. But to claim that the absence of a single viable, self-propogating OS X virus is purely because OS X isn't high-profile enough for malware producers to even bother with is delusional. We're talking about an OS with an ever-increasingly fast-growing install base and a reputation for having well-off, technologically ignorant users, running no antivirus software. That's not a juicy enough payout for anyone to bother targeting? Consider that Mac OS 9 had a fraction of the market share that Mac OS X does, and OS 9 had thousands of viruses.
posted by churl at 10:23 PM on April 18, 2010
PS: Not arguing against anyone in this thread, just against a popular misconception elsewhere, one that Ian pointed out above.
posted by churl at 10:27 PM on April 18, 2010
posted by churl at 10:27 PM on April 18, 2010
pjern: "People who work for these companies need to be thrown into woodchippers.
You people have no imagination. Sodomizing these miscreants with a 4x4 fencepost wrapped with barbed wire, now that's a starting point."
Please delete:
At least we'd agree on something for once.
posted by double block and bleed at 11:07 PM on April 18, 2010
You people have no imagination. Sodomizing these miscreants with a 4x4 fencepost wrapped with barbed wire, now that's a starting point."
Please delete:
- barbed wire
- red-hot razor wire
- well-drilling rig
- chuck adapter for 4 x 4 fencepost
- 5 gallons of Dave's Insanity Sauce
- fire ants
At least we'd agree on something for once.
posted by double block and bleed at 11:07 PM on April 18, 2010
birdherder, opening that website in Google Chrome on Linux doesn't give any indication that it's trying to do anything untoward (no notifications about blocked pop-ups or downloads wanting to initialise themselves). I was also somewhat bemused to see that the site seems to be for a company offering heat treatment equipment and furnaces (and the use of these). I had images turned off from the get-go due to the nature of the URL, but turning them on just reveals some of the grainiest, most compression-artefact-filled photos of furnaces I've ever seen (and having done some engineering at university, that's not an empty statement)...
posted by Dysk at 11:53 PM on April 18, 2010
posted by Dysk at 11:53 PM on April 18, 2010
There was a time when I didn't use anti-virus software because I thought I was smart. I didn't use IE, I never ran programs from sources I didn't trust, and I was observant enough to know when something fishy was going on.
Thank goodness that time is behind me now. Malware these days is friggin' nasty.
posted by The Lurkers Support Me in Email at 8:13 AM on April 19, 2010
Thank goodness that time is behind me now. Malware these days is friggin' nasty.
posted by The Lurkers Support Me in Email at 8:13 AM on April 19, 2010
where can one get good advice on managing malware, then?
posted by infini at 11:55 AM on April 19, 2010
posted by infini at 11:55 AM on April 19, 2010
where can one get good advice on managing malware, then?
There is no one good source. The only way to get good at cleaning infected machines is to do it a lot, but you do need anti-virus and anti-malware. I use Avira for a/v and Spybot as anti-malware on Windows machines, also AdAware and Malwarebytes, and tools like HijackThis and ComboFix, among others. Kaspersky is good but complex, better suited for enterprise. There's a ton of info online in forums and so forth, but most of that is only really useful if you are in the midst of something and need a tip. A lot of the more serious infections require cleaning with rootkit removers like ComboFix, and there's a significant risk of causing problems for your system with a tool that severe. I still have to remove infections manually a lot of the time if it's something new or morphed, which just takes a lot of patience, and the more time you spend at it the better you get at figuring it out. You need to be comfortable working in the registry and in system folders, and it helps if you know where things are generally speaking
posted by krinklyfig at 2:15 PM on April 19, 2010 [1 favorite]
There is no one good source. The only way to get good at cleaning infected machines is to do it a lot, but you do need anti-virus and anti-malware. I use Avira for a/v and Spybot as anti-malware on Windows machines, also AdAware and Malwarebytes, and tools like HijackThis and ComboFix, among others. Kaspersky is good but complex, better suited for enterprise. There's a ton of info online in forums and so forth, but most of that is only really useful if you are in the midst of something and need a tip. A lot of the more serious infections require cleaning with rootkit removers like ComboFix, and there's a significant risk of causing problems for your system with a tool that severe. I still have to remove infections manually a lot of the time if it's something new or morphed, which just takes a lot of patience, and the more time you spend at it the better you get at figuring it out. You need to be comfortable working in the registry and in system folders, and it helps if you know where things are generally speaking
posted by krinklyfig at 2:15 PM on April 19, 2010 [1 favorite]
yes, but it seems as though I will need an expert to explain it to me first. I leapfrogged from 3.1 to 95 adn the registrary was made out to be a scary thing by the only GUI expert I knew. I should have double checked rather than avoided learning. I feel as crippled as though I was still using Multimate.
posted by infini at 2:52 PM on April 19, 2010
posted by infini at 2:52 PM on April 19, 2010
where can one get good advice on managing malware, then?
I haven't been afflicted in years, and I'm not a security/Registry expert by any means. When I did have a problem, it was always solved by either standard antimalware software (then: Spybot, Ad-Aware; now: Malwarebytes), or by a combination of HijackThis and BleepingComputer or one of the other forums. BC's Combofix is supposed to be good, but I haven't had a need (knock on wood) to try it.
posted by mrgrimm at 1:01 PM on April 22, 2010
I haven't been afflicted in years, and I'm not a security/Registry expert by any means. When I did have a problem, it was always solved by either standard antimalware software (then: Spybot, Ad-Aware; now: Malwarebytes), or by a combination of HijackThis and BleepingComputer or one of the other forums. BC's Combofix is supposed to be good, but I haven't had a need (knock on wood) to try it.
posted by mrgrimm at 1:01 PM on April 22, 2010
« Older Spare the rod and spoil the child? | California Schemin' Newer »
This thread has been archived and is closed to new comments
posted by The Whelk at 9:39 AM on April 18, 2010 [5 favorites]