I have been toying with idea of doing a public service gig at my local public library by offering a free very basic security workshop for non-technical home users.

Topics to cover?

Windows Updates

Windows Firewall

AntiVirus Software (Yes, you do have update the definitions. Yes, you do have to renew subscriptions.)

AdAware

Spybot

Spyware Blaster

Don't visit porn sites, hacker sites, gambling sites, etc.

Any other suggestions?

If you have data that you value at all, back it up regularly.

That should be the first point... ;)

Don't forget email, another avenue for infection...

{QUOTE-> If you have data that you value at all, back it up regularly.

That should be the first point... ;) <-QUOTE}

Excellent point. :thumb:

I'm not sure how to handle this one at the home user level, though. Most people could handle some sort of point and shoot full system back up, but the complexities of selective data back up might be a bit more challenging. And with the P2P stuff that kids install, it is not uncommon to find 30 Gb + user profiles, so with a point and shoot full system back up, there is problem of back up media size. (Edit: I don't see many home users forking out for SCSI cards and SDLT drives and tapes.) There is the irony that if you have the skills to select the files that need backing up, you probably don't need help doing it. :dry:

This topic would probably make a good workshop on its own.

{QUOTE-> Don't forget email, another avenue for infection... <-QUOTE}

Also an excellent point. :thumb:

Most decent AV programs have some basic level of e-mail protection. But they don't usually cover the hazards of SPAM.

I have set up the freebie MailWasher program for some lowtech users and tweaked its RBL settings, but even the lovely simplicity of this nice little app is a tad mind bending for some users.

G-Lock's anti-Spam freebie is better in terms of features but much much worse in terms of user interface -- a very scary looking program for home users.

Don't forget browsers. I would also go through what each of the kinds of threats are, explain the differences between virii, trojans, worms, adware, spyware, and rootkits. You should also go through configuring the system to display file extensions and explain what extensions are what, and especially double extensions. You might print up some material that they can take home with them, so they have a list of what common extensions are. After explaining that, going over backups shouldn't be as difficult, becase at that point they will know the difference between file types. People are also usually well aware of what documents are important and which ones are not. You could include some free backup software that would make things a little easier, XP (and I believe 2k) users also already have the built-in backup program (in the Start menu under Accessories > System Tools) that will walk them through the process and make it a little easier.

What I would do is pick up a copy of "Windows Security Inside Out" and take a browse through it. It covers all of the basics (and expands a little on some points). This would be a good way to see what all needs to be covered, and may give you some of the finer points that are worth addressing.

{QUOTE-> Don't forget browsers. I would also go through what each of the kinds of threats are, explain the differences between virii, trojans, worms, adware, spyware, and rootkits. You should also go through configuring the system to display file extensions and explain what extensions are what, and especially double extensions. You might print up some material that they can take home with them, so they have a list of what common extensions are. After explaining that, going over backups shouldn't be as difficult, becase at that point they will know the difference between file types. People are also usually well aware of what documents are important and which ones are not. You could include some free backup software that would make things a little easier, XP (and I believe 2k) users also already have the built-in backup program (in the Start menu under Accessories > System Tools) that will walk them through the process and make it a little easier.

What I would do is pick up a copy of "Windows Security Inside Out" and take a browse through it. It covers all of the basics (and expands a little on some points). This would be a good way to see what all needs to be covered, and may give you some of the finer points that are worth addressing. <-QUOTE}


A lot of excellent and detailed suggestions. :thumb:

Thanks for your time here.

And an excellent idea, houseisland.. let us know how it goes!

{QUOTE-> Excellent point. :thumb:

I'm not sure how to handle this one at the home user level, though. Most people could handle some sort of point and shoot full system back up, but the complexities of selective data back up might be a bit more challenging. And with the P2P stuff that kids install, it is not uncommon to find 30 Gb + user profiles, so with a point and shoot full system back up, there is problem of back up media size. (Edit: I don't see many home users forking out for SCSI cards and SDLT drives and tapes.) There is the irony that if you have the skills to select the files that need backing up, you probably don't need help doing it. :dry:

This topic would probably make a good workshop on its own. <-QUOTE}
Indeed it would make a good topic on its own, but that's no reason to discount its importance in the great scheme of things.

I guess the thing I usually ram home is that anything the user values is in danger as soon as it's on the PC, since malware, disc failure and so on are always there waiting to pounce and destroy their data forever. Now, whereas the MP3s that the kids download are "of value", in the great scheme of things they are really expendable since they were merely downloaded and can always be downloaded again. The same goes for anything which has been simply transferred to the PC from DVD, CD, internet download and so on - the originals are usually still available and the data can always be reloaded.

The data that is really "priceless" (thanks, Mastercard ;) ) is that which the user has created themselves and which doesn't exist anywhere else, or indeed data that can't be obtained again, ever. Such as the book they are writing, their thesis, their accounts, their emails (although these are usually ephemeral and in any event usually exist on other computers by virtue of their very nature), artwork, digital photos, MP3 that they created of their own band, and so on. This data needs to be backed up ASAP. Most PCs these days have DVD writers and except in extreme cases, backup to DVD-R/RW is feasible, easy and it works. Again, in extreme cases, a decent backup app will span the data over more than one DVD so that 30Gb isn't impossible to backup, but in that case it's a time-consuming chore.

I guess you need to impress on them that a backup will take around 20 minutes to configure initially, then about 1 minute to set off each time and another minute to remove, label and store the media. How long would it take to re-create all of their missing photos or accounts...? It's no contest, bearing in mind that disasters do happen and will happen to them, it's simply a matter of when not if.

Here endeth the lesson. :)

Hi,
Maybe also:
Passwords for default Admin and all power + users.
Disabling Guest account.
How to format and install Windows?
How to handle java and javascript - also Sun Java updates.
Various important plugins that can be a serious system liability, like Flash, QuickTime etc.
Adblocking.
Mrk

{QUOTE-> Here endeth the lesson. :) <-QUOTE}

Preaching to the choir here! ;)

{QUOTE-> Hi, <-QUOTE}

Hi.

Is this for real? I love it!

"Gateway 2000 DX-33, Intel 486DX-II 66MHz, 16Mb EDO RAM, 520Mb HDD, 1.2Mb 5.25" floppy, 1.44Mb 3.5" floppy, 8x IDE CD-ROM, 3Com Etherlink III 10Mb NIC, NE2000 Compatible 10/100Mbit card

MS-DOS 6.0, Windows 3.11 for Workgroups, Norton Commander 7.0"

What are you using for a browser with these systems? How do you lock them down?

Hi,
Sorry to disappoint you, buit it's no longer for real.
I used to have a machine like that - and I wish I still did.
But I guess Lynx might work with a setup like that.
Mrk

{QUOTE-> Hi,
Sorry to disappoint you, buit it's no longer for real.
I used to have a machine like that - and I wish I still did.
But I guess Lynx might work with a setup like that.
Mrk <-QUOTE}

:( Disappointing, yes.

Until very recently I had to work with DOS a lot. Novell and MS clients, mainly industrial plant floor systems.

At home I have a couple of DOS boxes and a 486 laptop with DOS.

The laptop serves as some primitive XBox/Playstation on which my kids play old DOS games. They are greatly amused by the low res graphics. Lemmings is a hot favorite.

Hi,
I wish I had a pair of DOS boxes. It would make for excellent Doom2 LAN parties.
Sorry, parallel cable parties.
Mrk

{QUOTE-> parallel cable <-QUOTE}

Oh, the bandwidth..

I feel so intimidated by you high tech guys. My null modem cable is a social embarrassment. :-[

Hi,
Know where to find a decent DX4 133Mhz? Or two?
Mrk

{QUOTE-> Hi,
Know where to find a decent DX4 133Mhz? Or two?
Mrk <-QUOTE}


I have long ago disposed of most of my vast surplus of this stuff. I have one extremely quirkly little Zida Tomato 486 PCI board sitting doing nothing, but I am reluctant to part with it. I do, however, have a spare DX4-100 processor and lots of 72 pin fast page (and some EDO) ram, 4 mb, 8 mb, 16 mb, and 32 mb. You are welcome to the processor and a sampling of the sub-32 mb ram for the cost of postage. I am reluctant to part with the 32 mb sticks.

Hi,
Thanks for the offer.
I meant do you know places that sell retail antiquities like those? A good place to look for?
Mrk

I don't know where you are. If you were in North America, I would suggest charity thrift shops -- Salvation Army, SPCA, etc. Most PC recycling shops don't even want to deal with Slot1 or SlotA systems anymore, never mind 486s.

By the way, I miss my Commodore PC-20, a killer XT with an awesome Western Digital (non-Raptor) 20Mb hard drive. My mother-in-law killed it by moving it while it was powered up - crashed the heads on the hard drive. :gack:

{QUOTE-> Also an excellent point. :thumb:

Most decent AV programs have some basic level of e-mail protection. But they don't usually cover the hazards of SPAM.

I have set up the freebie MailWasher program for some lowtech users and tweaked its RBL settings, but even the lovely simplicity of this nice little app is a tad mind bending for some users.

G-Lock's anti-Spam freebie is better in terms of features but much much worse in terms of user interface -- a very scary looking program for home users. <-QUOTE}
Tell users to IGNORE and DELETE any email from an unknown source IMMEDIATELY without even opening or reading them.

Spam-emails want your money or identity or want to infect your computer with malwares.
Some spam-emails can even infect your computer by just opening them.

An Anti-Spam software is only a tool to make it easier, but doesn't protect you from reading and believing them.
Lottery scam emails cheat people for millions of dollars every year and that is just one type of spam-email.

The problem with the simple advise of deleting mail from "unknown sources" is that it's trival to forge the from header, so that they appear to come from known sources. So you can't avoid opening and reading such mail anyway.


Also, even if it is truly from a "known source", doesn't mean it's trustworthy. We all know about cases where a friend's or a friend's friend computer is infected ......

Also , who makes the determination what is spam? In most cases, you need to train the spam filter , by telling it what is spam and what isn't. That means you need to read the mail first. A strict whitelist only feature might work, but it also means losing out on the occasional , useful first contact scenarios.

I believe reading spam isn't usually a problem (in particular if you read only in txt mode ) , believing the spam and acting on them is the problem.

Users are not as stupid as you think they are, they just need to learn to be skeptical. Telling people to delete immediately all email (not attachments!) that looks suspicious without reading it, leads to an irrational fear of email and spam, as if they were some magical disease, that you can't even risk opening and reading.

Wow, i opened an read an email on viagra.. I'm doomed... lol.

The solution is more user education, so that they are not fooled by cons. It's kind of like building up resistance. And you can't learn, if you delete all emails.

Telling people to delete all emails without looking , is like ostriches burying their heads in the sand in the face of danger.

Someone who hasn't seen a con about "appeal for donations" is more likely to fall for it than one who has seen such tricks.






For those who are truly too dumb to learn, there is no way to protect them anyway.

Hi,
Opening mails on viagra, eh?
Is there something you ain't tellin' us?
Mrk

P.S. Best solution - don't have friends - you won't get any emails you won't mind deleting.

good little thread, given me an idea to do similar (could be dangerous!, blind leading the blind Heh.)

Just a few thoughts....

I arrived here some time ago after a run with CWS and steep learning curve

Had never heard of nor knew about spy/mal ware had foggy idea about virus and e-mails. Not a techie.

Thought out of box Symantec was enough :blink:

All good little teasers and suggestions so far

From recent experience, and the things that have helped me;

People love free stuff!!

People will want to be secure and will love "playing" with their free/donation stuff and feeling in control.

Firewalls, SpywareBlaster, Lavsoft, Spybot, Firefox (push that a bit :) )

Windows updates, patches

AVG, Bitdefender, UnhackMe, KAV onlinescans, Ewido, A2 etc

Give your listeners a sense of some control over their boxes

E-mail: TEXT ONLY, anybody who sends anything else is generally NOT your friend

The dangers of Outlook and O.Express

so many great paid for stuffs with great support;
spy sweeper, Ewido, A2, boclean, NOD/Eset, OnLine Armor

Privacy control, Browser setups, clean your tracks, Passwords, Credit Cards

Eraser etc

Internet is the ultimate "caveat emptor"

Resources: HERE, Castlecops etc

Microsoft is not the be all and does not always have consumer interests at heart ??!!

?Get a MAC?

More RAM

USB drives for back-up

A little knowledge can be dangerous but if I can stay clean for over 2 years, (AFAIK LOL) i'm sure almost anybody else can and can actually have fun!!

Obviously this is not meant to be a comprehensive list, just some personal observations and experiences.

Anticipate sudden surge of new registrants here ;D

This might be a good starter www.securitypipeline.com/177100475

Regards.

I have a black/white attitude towards emails. If I don't know the sender, it's crap.
If I answer them, I get even more spam-emails.
If I unsubscribe, I get even more spam-emails.
Name me ONE good reason why I should read these emails, except curiosity, which I don't have.
I don't want anything from the sender, but the sender always wants something from me, usually my money.
I'm not interested in their obscure products/services and even when I would miss a good opportunity, I wouldn't care. I can live without these emails. If it's spam, it's scam.

That's my way of fighting against SCAMMERS/spammers : IGNORE and DELETE.
Everybody who doesn't, keeps them alive on the internet.

I agree that making a big deal out of the idea of "just delete, don't even look at it" is probably going to do more harm than good. Viewing email in plain text is definitley the way to go, because you never know.. sometimes virii come from trusted sources as well. It is wise to tell them not to respond to any spam, though, and don't click those unsubscribe links either - sometimes those unsubscribe sites load you up with malware, but at the very least they just sell your email address off to other spammers. If they feel the need to do something about those SPAM messages, it's better to use something like SpamCop to report them.

An alternative to reading email in plain text is to spend a little money and get a mail client like PocoMail or email filter like Firetrust Benign, which will "sanitize" the emails so that any harmful scripts or images that load from the spammers site (lets the spammer know they have a live email address) are removed from the email. So yes, there are options no matter what way the user wants to go, but viewing in plain text is definitely the cheapest and probably the easiest.

{QUOTE-> Hi,
Opening mails on viagra, eh?
Is there something you ain't tellin' us?
<-QUOTE}

Heh, strictly for technical reasons. Other times it's accidental. In any case, it's not the end of the world :)


{QUOTE->
P.S. Best solution - don't have friends - you won't get any emails you won't mind deleting. <-QUOTE}

Indeed. But in reality things aren't as black and white as Erikalbert thinks they are that it's apparant that some mail is spam, and the rest isn't. Even the average person would have situations where they get email from long lost friends ,college buddies trying to re-establish contact, people who run websites , write software , can get emails from other people around the world
asking for support, giving ideas etc

Obviously, if possible there is no reason (there is some actually but let's assume there isnt) to open an email if the subject shows it's likely to be junk, but you never can tell just from the subject lines, there will always be some that look like they might be legimate. Go ahead, open them, the act of opening in txt mode and reading them won't kill you.

I suppose to a person who doesn't understand what he is doing, he thinks such an act is dangerous, but i presume the people here are interested in learning , not being scared of his own shadow.

Even Erikalbert shows some of this. He states that he knows that junk emails is all crap, trying to sell stuff he doesn't want, etc etc. But how would he know this, if he didnt actually read some of them before? :)

{QUOTE->
Even Erikalbert shows some of this. He states that he knows that junk emails is all crap, trying to sell stuff he doesn't want, etc etc. But how would he know this, if he didnt actually read some of them before? :) <-QUOTE}
In my newbie time I did read my emails of course, but I did some extensive research on the internet to learn the real truth behind these spam-emails.
The last three years I ignore/delete all of them.
Reading the sender and the subject is enough for me to recognize them as junk-email.
The emails without a subject prove only to me that the sender isn't even able to write a decent email.
Why would I waste any time on all these emails ?
I'm glad Thunderbird takes care of them in a few seconds and that's what they deserve.

In another forum, I meet these users, who actually read their spam-emails and each time I have to save them from being scammed.
Sometimes they don't even believe me and I have to prove it with examples of similar emails, published on the internet.
I spend more time on reading posted spam-emails with questions, than on my own spam-emails.
That's what happens when users read their spam-emails.

All of my emails forward to gmail, which strips the "crap" and let's you turn ON the html if you want to. It's been awhile since I configured it so I can't remember if that's the default or not. I seem to think it is.

You guys are killing me. You mean I'm not going to get half of Princess Mnokobotta's $300,000,000,000.00 USD which has been smuggled to a safe box with a security company in London? Say it ain't so.

{QUOTE-> You guys are killing me. You mean I'm not going to get half of Princess Mnokobotta's $300,000,000,000.00 USD which has been smuggled to a safe box with a security company in London? Say it ain't so. <-QUOTE}

Was she killed on the road like many, or in an airplane crash like the rest;D

{QUOTE-> Was she killed on the road like many, or in an airplane crash like the rest;D <-QUOTE}

No. I'm supposed to marry her next month. I've already signed over my house and given her all my banking and credit card information. Should I be worried? Is she going to die? Do you know something I don't? :shifty:

{QUOTE-> In my newbie time I did read my emails of course, but I did some extensive research on the internet to learn the real truth behind these spam-emails.
<-QUOTE}

And the experience didn't kill you right? What makes you *so* special that you can read spam without dying a million deaths, but other people can't? :)

Seriously though, did you really need to do 'extensive research' ? How many hours of research did you have to do really? You make it sound like it's so hard... Takes me zero hours of 'research' to know that appeals for donation for tsaunmi victims is almost certainly fake.

{QUOTE->
In another forum, I meet these users, who actually read their spam-emails and each time I have to save them from being scammed.
Sometimes they don't even believe me and I have to prove it with examples of similar emails, published on the internet.
That's what happens when users read their spam-emails. <-QUOTE}

Wow, i agree, only people like Erikalbert should be allowed to read spam, other mere *users* should delete them straight away, because they are so dangerous.. LOL

{QUOTE-> You mean I'm not going to get half of Princess Mnokobotta's $300,000,000,000.00 USD which has been smuggled to a safe box with a security company in London? Say it ain't so. <-QUOTE}

Shame on you, Houseisland! Didn't you do "extensive research on the internet to learn the real truth behind these spam-emails" ?

deviladvocate,

No need for sarcasm - please refrain from that.

regards,

paul

{QUOTE-> Don't visit porn sites, hacker sites, gambling sites, etc.
<-QUOTE}

{QUOTE-> Wow, i agree, only people like Erikalbert should be allowed to read spam, other mere *users* should delete them straight away, because they are so dangerous.. LOL
<-QUOTE}


There is a valid point though isn't there ?

I mean you can start with the focus on censorship or defining how other people should choose to use the .net. It won't mean that someone else in the household won't elect to surf in ways that heighten risks - even if the primary user doesn't.

Alternatively you can quite rightly explain the added risks of some .net activities and explain how with a few basic steps some of these can be mitigated.

I guess it's about which mindset you're going in with.

Either way it's a difficult task to encapsulate and I wish you well.

{QUOTE->

Alternatively you can quite rightly explain the added risks of some .net activities and explain how with a few basic steps some of these can be mitigated.
<-QUOTE}

Given that this thread is entitled Home User EDUCATION, I would think this be the prefered option.

I'm against the idea that only a few elites can safety open spam email and read, without getting tricked and everyone else not on this forum are fools, 'ignorant', 'less knowledgable', 'not diligent', or whatever description used by some to describe other people who are supposedly not as skilled as them.

Getting fooled by cons in spam, is more a result of greed, lack of skepticsm then sheer technical ability, or hours spent researching anyway. Of course, there are always real fools, but in such cases, it's a lost case no matter what you advise.

As always the advise that "DELETE AND IGNORE" all email from unknown sources is way too simple and in the long run it's counterproductive anyway.
Such a user would fall for bank phishing mail that spoofs the from header so it appears to come from their bank for example. Or a friend could forward him some email , and because it's from a friend and hence trusted source, he would believe it?

Be skeptical of everything you read on the net! I'm sure by long, most people know this.

I find it funny that the people most likely to underestimate people, are usually themselves just a tiny step above noob and perhaps I might speculate it makes them feel better to think that they are smarter more capable then the masses , so surely what they can do is beyond everyone else.

"Sure I can open and read spam mail without problem, but i'm exceptional..... the masses are not as smart as me, they won't do the research, they will surely fall for such scams hook,line,sinker. I know this guy who...." :P

I'm sorry to break this to you, i have friends, family, who have never seen the inside of a security forum or aren't computer weenies and they aren't falling for such cons even without any prompting from me.

Some might be lazy about updating antivirus, ignorant about security updates, some might not know about webbugs, or might not realise unsubcribing to spam is not a good idea etc but i have yet to see someone I know dumb enough to fall for the "Send me your money first, then i will send you MORE money later" scam.

I have read about them in the newspapers, but i guess that's why it's newsworthy. :)

I have to agree.. new computer users are already intimidated enough by computers, the internet, and all the bad guys out there.. pressing the idea of "Whatever you do, DON'T OPEN THOSE EMAILS!!" is only going to make things worse. Give them the outlook they need (heh, but not Outlook), teach them how to turn off HTML mail, and teach them how to deal with these things.. it's much better that they go in thinking: "Hey, just take a few basic precautions and you'll be ok. It may seem like a lot at first, but once you're set up, it won't take very much."

I haven't done a lot on this project, yet, other than to think about it in very general terms.

What I would eventually like to do is to develop some sort of “open source” curriculum that could be posted somewhere and then be used, enhanced, modified by anyone anywhere.

A good starting point would be an examination of the question of ethics and responsibility. What are the social responsibilities of computer ownership and participation in the Internet? There are consequences of irresponsible computer use both for the home user him or herself and for the Internet community at large. Irresponsible computer use can be defined as action (doing dangerous and/or anti-social things) and inaction (failing to maintain operating systems, security applications, and hardware such as wireless routers – inaction is highly anti-social). Both aspects of irresponsible use need to be discussed, and the consequences of irresponsible use need to be examined and explained.

The next issue is home user fear: fear of the unknown, fear of looking foolish, etc. Fear is an enormous barrier to learning. Fear prompts inaction. This brings us to trickyricky's point about backup. With backup, there a very few problems from which one cannot make a relatively graceful recovery. There is no need for fear. “Don't worry! Be happy!”

Fear segues into the need for a major LARTing of many members of the techie world. If “we” take the attitude towards users that “the problem is between the keyboard and the back of the chair,” we find that we are only looking into a mirror, one that does not reflect us in a very flattering manner. We, sitting between the keyboard and the back of the chair, are become part of the problem rather than part of the solution as we should be. A user, who is treated with contempt and who is humiliated, is a fearful user. Fear prompts inaction, the worst form of which is not asking for help because there is the expectation of pain, humiliation, embarrassment, etc., etc. When a user works up the courage to ask for help, there is that golden and elusive “teachable moment!” Users need to be treated with respect. Tech support needs to be non-judgmental (and dare I say “supportive”) if user competence is to be advanced.

Next would be tutoring in how to be pro-active rather than inactive – a topic which is being discussed in this thread. For many home users, being proactive may end up being establishing an on going relationship with competent technical support. Some may choose to learn the skills necessary to be independently proactive.

Last would be a reiteration of the hazards and consequences of irresponsible actions – a topic also under discussion. There is a need for self control/discipline/censorship.

Nuff for now.

{QUOTE-> deviladvocate,

No need for sarcasm - please refrain from that.

regards,

paul <-QUOTE}

I have to say this is one of the most pleasant and courteous forums I have ever participated in. Thank you.

Here's some videos that Peter2150 linked to previously, there are some good points that might be good to cover.. plus they're just fun to watch :)

http://www.microsoft.com/australia/events/teched2005/mediacast.aspx

These 20,000 users have read their spam-emails and learned it the hard way.
http://www.webuser.co.uk/news/66365.html
I hope they did get their money back ::)

Need another example or is one enough ?

houseisland,
Refer to this link and users will learn about the dangers of spam-emails :
http://www.fraudwatchinternational.com/fraud/index.shtml
If each email-software had a striking banner with this link, maybe there would be lesser victims in the world. :)

Hi Guys,

I may have missed it, sorry. Very good idea is MVP's HOSTS file, & how to update & lock the hosts file! Houseisland how wonderful, good for you, altruistic behavior is nice to see!

{QUOTE-> These 20,000 users have read their spam-emails and learned it the hard way.
http://www.webuser.co.uk/news/66365.html
I hope they did get their money back ::)

Need another example or is one enough ? <-QUOTE}

Far more people read their email without problems, ocasionally opening mail that looks suspicious. Anyway 20,000 fools around the world isn't a lot considering the size of the computer using population.

Far more people get infected with viruses, worms then a mere 20,000, do you then recommend these people turn off their computers and stop surfing, stop receiving any email because of the risk of getting infected?

Besides I wonder how many of the 20k could have be saved if someone told them that such emails were cons and warned them about it and other common tricks, instead of merely yelling on forums such as this to DELETE AND IGNORE without saying why. What happens to such users if email slips through their filters? Or if they accidently open one? Is it game over for them then?

In my book, letting people know why they are doing something is much better than giving orders without explaining.

You know how less knowledge/ignorant/whatyoucallit users are like, you tell them not to do something, they will go ahead and do it, unless they know why .... The more you make out email to be like some kind of forbidden the secret the more curious they are.

{QUOTE->
The next issue is home user fear: fear of the unknown, fear of looking foolish, etc. Fear is an enormous barrier to learning. <-QUOTE}

I have to agree with this full heartedly.

{QUOTE->
Fear segues into the need for a major LARTing of many members of the techie world. If “we” take the attitude towards users that “the problem is between the keyboard and the back of the chair,” we find that we are only looking into a mirror, one that does reflect us in a very flattering manner.
<-QUOTE}

I think it is vital for the technies to believe that users can take responsibility for themselves if they are properly trained. We should not sell them short!

When it comes down to it, you cannot protect the user from himself anyway, a fool will always figure out a way to beat any foolproof system. Much better is to educate users to ensure that there are no fools using your systems :)

This is not to say however that you should expect miracles, but I find there are certain people who like to underestimate the masses. They keep hoping to find some perfect security software that can protect users from themselves and provide 100% protection without any user responsibility involved.


{QUOTE-> An Anti-Spam software is only a tool to make it easier, but doesn't protect you from reading and believing them. <-QUOTE}

Exactly, there is no software that can consistently protect you from believing and acting stupidly. The only cure for that is learning more. This holds whether you are using AVs, HIPS, SU or whatever.

{QUOTE-> Refer to this link and users will learn about the dangers of spam-emails :
http://www.fraudwatchinternational.c...ud/index.shtml
If each email-software had a striking banner with this link, maybe there would be lesser victims in the world. <-QUOTE}

Yes. much better Erikalbert... :)

If each IGNORANT (lol) email user read all this , or at least a shorter summary (I see no need for any user to be an expert on the details of each and every type of scam, once you seen one, you seen them all), they would be much better prepared

From the FTC website

{QUOTE-> How Can I Avoid Spam Scams?

The FTC suggests that you treat commercial email solicitations the same way you would treat an unsolicited telemarketing sales call. Don't believe promises from strangers. Greet money making opportunities that arrive at your in box with skepticism. Most of the time, these are old fashioned scams delivered via the newest technology.

<-QUOTE}

Practically speaking this paragraph alone is sufficient. Be skeptical! You don't need to research every spam mail for hours really.

This is the social aspect, then there is the technical aspect

http://www.grc.com/x/news.exe?cmd=article&group=grc.news.feedback&item=34197

For those who are unware look at point 6.

Other email tips

http://www.spywarewarrior.com/uiuc/howto2.htm

{QUOTE-> Far more people read their email without problems, ocasionally opening mail that looks suspicious. Anyway 20,000 fools around the world isn't a lot considering the size of the computer using population. <-QUOTE}
This is just one example. These gangsters operate everywhere and there are alot more victims, than just 20,000.
Catching scammers doesn't end the scam problem, just like drugs and these scam-emails are still around,
which means they still make a profit of it.
In this case they were trapped by the police, so there is more info about the victims.
In many cases these organized gangsters disappear, when the law is too close and go to another country. Money isn't a problem for them, they are all millionaires.
So 20,000 is just the top of the iceberg.
This website is created for complaints of victims, but that's not the only one.
http://www.badbusinessbureau.com/

The largest existing spam-database, I ever heard of, contained 250,000,000 email-addresses.
If only 0.005% replies to a scam of $500 to collect a fake lottery winning (= 12,500 replies),
these gangsters collect $6,250,000 for just ONE email and once the victim paid $500, they will ask the victim for a second fee, a third fee, ... until the victim gets suspicious of course. That's how these lottery scams work.

I sense a social and cultural divide. My guess is Devil is in the USA. We Americans are generally far more suspicious of attempts to work ourselves up because a relative minority seemingly can't figure out up from down. Common sense can't be taught.

Personally I think, all you can do is to help them learn how to protect themselves, but you can't save everybody.

In the long run, teaching people to be skeptical and careful of frauds is all you can do. Don't tell them to do some arbitary thing without telling them why. It just adds to the problem of people fearing technology.The problem is replying and believing email ,not reading them.

Dear Erik, that is how spam works. They are targetted at the dumbest and most naive of us. The incremantal cost of spending each mail is almost zero, that is why they don't need a very high response rate. There have being proposals to change that, to shift the cost of sending emails to the senders.

In any case That is why user education is more important than any simplistic advice like DELETE AND IGNORE. This doesn't address the root problem, that is the naivety of some miniority user.

I don't believe that only elites can read spam email without problems, while the masses are too stupid. There will always be a few rare ones that believe whatever they read, but I submit there will be precious few, particularly when warned of them

As for the rest who simply can't be educated, to think that simply telling them to DELETE and IGNORE is going to protect them is being foolish.

That's my way of fighting against SCAMMERS/spammers : REPORT them and EDUCATE users.

Everybody who doesn't, keeps them alive on the internet.

{QUOTE-> .... all you can do is to help them learn how to protect themselves, but you can't save everybody. <-QUOTE}

Exactly. People who would come to a user education workshop are motivated. There is hope for these people.

Unless there are licensing requirements, involving testing, for obtaining an IP address (no IP without MCSE :o ) followed by legislation for punishing negligence, bite my tongue, there is little that can be done to force the population of home users at large to clean up and lock down their systems. Still, an inverse class action suit by a corporate entity against the holders of all the IP addresses involved in a DOS attack, charging them with criminal negligence, might make an interesting court case :o (LOL)

The only realistic approach is patience and persistence. Work with the ones who are willing to seek help. There was the Sainsbury advertising motto: "Every little helps."