Compromised Computers Host an Average of 3 Malware Families

Thanks Ron. Know several people that have been infected recently. Most think just an AV and a firewall is all they need.

 

Interesting how far the trust in AV's and Firewalls has slipped on this forum.

 

Trusting in software implies personification. You should use the tools that do the right job, whatever they are. It's just code, after all.

As to using AV + firewall for security, well you can, but it means nothing either way. You can get happily without or you can use them and still get into trouble. The user is the weakest link.

Mrk

 

The problem with trusting or not trusting security software is that the focus is on the software as the solution, rather than software complementing policies and procedures. This is evident if you've talked with many first-time buyers of a computer from a retail outlet, where they've walked out the door having been sold an Anti-virus product recommended by the sales person, but have no idea what all of this malware stuff is about.

Many people get along fine with an AV and firewall. Others with just a firewall and properly configured browser. Their success is due to having learned something about safe computing and how malware exploits work. They are not likely to become a part of the growing club of victims of rogue security products scams, a recent one being:

Fake anti-virus
http://isc.sans.org/diary.html?storyid=7066

Earlier this year I visited a local custom computer shop where I know a couple of the tech people. In asking what types of problems they were seeing, their response: "90% user error."

The solution is obvious, just not easy to implement on a wide scale.



-rich

 

You're speaking in a very technical point of view - which is obviously correct.

But you belong in the category that isn't likely to get ripped off paying for scamware and so on. I think the average user has no concept, or very little, of the socially engineered scamwares and software fallibility that you are aware of. Also, I think the average user definitely has no idea how bad the current situation is, with regards to vendors not being able to stay ontop of the daily fakeware creations.

The old cliche of an anti virus and a firewall being the mainstay of your internet protection needs to move on, so yeah, I agree - smart computer advisory comes ahead of those two dinosaurs.

-------------------------------------------------​

Rmus.

About a week ago I was explaining to some guy the problem with fakeware and non legit download locations advertised on google, yahoo, etc. He was absolutely astonished at the complexity of the problem. He got the socially engineered aspect, but when I explained he would still be at risk as many vendors cannot keep up with the quantity of fakeware being produced, it made him, and me, realise the problem at hand - Whether or not people fall for the scam, paying someone else to remove the fakeware is a scenario for many.

 

Yes, it is a complex problem, but part of the solution is to also explain to people to check reviews of a particular product. Nortel and Windows Police Pro are two recent fakes. If someone found these on a download site, a quick search on the internet would reveal that they are rogues. These were at the top of their search list:

Remove Nortel Antivirus, removal instructions
www.2-spyware.com/remove-nortel-antivirus.html

How to remove Windows Police Pro Virus
http://www.softsailor.com/how-to/67...o-virus-windows-police-pro-virus-removal.html

I tell people that if they can't find numerous positive reviews of a product, to avoid it.

As far as legitimate programs on non-ligit sites, the old advice to purchase/download from the vendor itself is still sound.

----
rich

 

Not sure if they are unlucky or if they visit dangerous websites. If someone asks me I tell them AV and firewall a must and make sure all there software (browser, MS office, adobe reader, etc.) fully patched and to check our some sort of HIPS/sandbox software. I think many people know to allow MS updates, but how many think to make sure all their Internet facing software is up to date. Also, answered you pm. Sorry it took so long, but don't check pm's very often.