Because of the work I've done for several people in my county, I've been asked to speak to the local computer club on several topics. Of these, the one I feel least comfortable talking about is malware.

Don't get me wrong - I know exactly what I'm talking about, but the stigma of recommending a product or even recommending they pick one from a wide selection leaves me kind of queasy. Worst of all, I am most nervous about talking about social engineering popups and emails with a mostly older crowd that is sensitive about the fact that many of them have fallen for those things. And let's not even begin to think about the "I hate Product X! Product X is scum!" lambasting I could run into with some people.

I want these guys to have a good experience and go home less afraid of the internet and their computers than they were before they heard me speak. I want them to not be overloaded with trivial knowledge and geekspeak/techspeak, but still get the point of what I have to say. Are there any recommendations out there on how to accomplish this?

Speak of common sense.

Use real world examples of what is NOT real in the malware world of spam, bogus links, and really weird emails. :isay:

Tell them if they have not entered the XYZ Lottery, then they probably have not won it. So, don't answer those messages. Tie it back to the seniors generation of how they handle unwanted door-to-door salesman. Trust, but verify. Be smart. Don't be fooled.

That really is the best advice we can give anyone.

You may want to peruse a talk given by Eugene Kaspersky.
http://blogs.zdnet.com/security/?p=728

Hi, I think it's cool that you've been invited to speak. I'm not one of the big experts here, but I have a suggestion. It would be good to point out that it is necessary to keep Windows, security programs and other internet facing programs (IM's, media players, etc.) up to date. Most malware targets exploits in existing programs that are not updated/vunerable. The bad guys go after the easy, vulnerable targets or 'the low hanging fruit'. Tell them if they can't afford to keep there 'preferred' security softwares up to date, there are good free one's available. Maybe a simple handout with some links and simple rules like 1 AV, 1 firewall and 1 AS/AM.

It may be a little much, but you may stress scanning everything they download with all there scanners before installing the download. Perhaps suggest a few on-demand scanners and let them pick 2 for this job and to update them before scanning the download. In My Documents, I have a folder named downloads that everything gets downloaded to.

Then, tell them to get a sandbox program and virtualization and imaging programs... :wacko: Nah... I'm just kiddin'. Just be yourself and you'll be fine. They chose you for a reason to speak. You must be doing something right :thumb: .

{QUOTE-> It would be good to point out that it is necessary to keep Windows, security programs and other internet facing programs (IM's, media players, etc.) up to date. Most malware targets exploits in existing programs that are not updated/vunerable. <-QUOTE}A good example would be exploits on MySpace. From one analysis,

http://isc.sans.org/diary.html?storyid=3060
The decoded result of /routine.php is an attempt to exploit vulnerable IE client browsers using the Internet Explorer (MDAC) Remote Code Execution Exploit (MS06-014) for which Microsoft released a patch in May 2006.


----
rich

{QUOTE-> You may want to peruse a talk given by Eugene Kaspersky <-QUOTE}


What if they dont understand Russian :blink: