Malware Prevention - How to Convince People

How do you go about trying to convince people of their need for Malware Prevention/Protection?

I have tried to explain to many different people that an Antivirus Program is not good enough. I sometimes feel like I am talking to a brick wall.

I usually give them an overview of what they need:

1. Imaging Software + Routine Imaging (or at least a base clean Image)
2. Containment (i.e., Sanboxie, Shadow Defender, Deep Freeze, etc.)
3. Antivirus Software

I realize that the above recommendation is too much for most people. So I usually push Sandboxie (Auto delete sandbox, Drop rights) + Antivirus Software. However, most people do not even take my advice on using Sandboxie.

Thanks in Advance.

 

those kind of people should stick to Norton or Kaspersky.

you'll never convince Joe/Jane Average to use things like Sandboxie.

and how can you convince people to look into imaging when they don't even bother to do 'regular' backup?

 

Hello TheKid7,

Who are these people you speak of? Are they co-workers? customers? friends? family?

Do these people experience malware infections on a continual basis?

 

Hi
Many people think that they are protected for good, when they have bought a complete solution. I have met a few people stating that they cannot understand why they were hit by malware.
The Vendor that they bought the software from stated it could keep then safe. And that is one of the problems IMO, Vendors should state that there software is like a ekstra lock on your door , it helps to minimize the risk, that the burglar manage to break in, but cannot guarantee it would not happen.
Yes I know it maybe naive thinking to think that Vendors will change the advertising strategy.
But it could help people to understand that they need some sort of extra protection besides their main vendor.

Kind Regards

 

I don't ever try to get people to set things up like imaging or sandboxing. I give them MSE and put UAC to max and depending on their browser I'll give them an adblock/some sorta javascript blocking function.

I have no need to clutter their computer with programs that will likely cause issues for them. I don't need a million calls saying "You broke my computer!"

 

People have to find out for themselves. You can't force them into it. When they get slammed with a virus then they will listen. That has been my experience anyway. As someone that has worked on computers I have seen my share of computers with old out of date AV's.

 

THIS!!
Just recommend them a good suite.

 

All you can do is make good recommendations and hope they follow it.

 

I have been fixing computer for people since the early 90's. At first it was putting in new hardware or just getting something to run. With win95/98 and the availability of the internet, it became getting rid of virii/malware.

I have run the gamut of products and solutions. Nothing works for those who don't want to learn. Period. Nothing. Whether it be a great 3rd party tool like SBIE or OS provided things such as UAC. I have been slowly refusing work. The only ones I help these days are the ones who listen and learn and can make use of SBIE or UAC etc.

In the past I had high hopes of helping these people. Now I don't believe it will ever happen. The OS will always be exploited because it is on almost everyones machine. Most people I know don't want to switch to a *nix flavor. Most people just don't care, they have other interests. So I let them keep thier interests and thier problems and help those who give me pleasure in helping, and most of those are online any more.

Sul.

 

It's futile to attempt to convince anyone of anything!

I never suggest anything to anyone unless asked.

I've found that if someone wants to be helped, they don't need any convincing, they just listen and follow instructions.


regards,

-rich

 

Why should you try and convince anyone? Not everyone uses their system the same way, so not everyone will be exposed to the same risks. However, if you spend 10 minutes showing someone how to handle files they do want in Sandboxie, and not screw around with forced programs, restricting this and that, you've already brought them very very close to being as secure as it gets without suffering. I'd still keep a good AV, but only to scan files I download.

If you try to toss something like srp, hips, or some other thing at them, you're not going to get anywhere, and, they'll just end up taking it all off and be completely unsafe again. K.I.S.S

 

3 choices...pick anyone you feel comfortable with.

1. Apply the techniques mentioned here:

-http://www.wikihow.com/Persuade-People-with-Subconscious-Techniques-

Whether or not you succeed depends on 3 conditions:

a) how skilled you are (practice makes perfection they say)
b) the belief system ("AVs and suites are more than enough dude") and level of skepticism that the target has (the higher it is, the harder it is for you to 'break' them)
c) whether you have Fortuna on your side

2. Forget it. "Educating Users" is one of the dumbest ideas in computer security...at least according to Ranum. Do them a favor and set up a set-it-and-forget-it system for these people to use (either through politely asking for permission or through 'force' if you're the Admin/owner of the computer systems)

3. Again - Forget it. Just let them be, especially if it's not going to earn you any credits and the pain isn't worth the gain. Selfishness can sometimes be a good thing. At the very least, come to think of it - you're letting the bloke a chance (or many) to experience the possible consequences of not having a 'reasonably good' security setup and for all you might know, that might just 'convince' them to do their own work and research one day (hopefully). Heck, didn't some of us learn through it the hard way ourselves

 

A waste of time! ...let them learn the hard way.

 

Agreed and so I did for the past few years, no more helping people who do not want to pay for software or were using cracked copies.
My last advise to them was: buy anti malware software and steal a new PC every now and then, that is even cheaper.

Gerard

 

I tell people once or twice. Then it's up to them and my (residual) conscience is at peace.

 

@Tarnak: Indeed, that's how I learned myself. I don't think it would've sunk in any other way.

@gerardwil: Cheapest (and definitely more ethical/legal) is keeping the old PC and installing freeware and/or free OS.

 

The average Joe isn't (usually) going to use containment programs like Sandboxie. They just want to be able to surf and check emails without added complications. It's when they start doing a lot more than just that when problems may arise.

However, I have to admit that though I know a bit more about these things than the average Joe because I read forums like this and security blogs, even I don't always use Sandboxie. I have it installed, but, for example, this session on Wilders isn't sandboxed. Does it really need to be I ask myself. I don't think so. There are no other browser tabs or windows open in this browsing session.

Having said that, there are many of us here, and out there, who don't encounter malware in the manner others appear to be. Obviously, that's no guarantee we never will, but it is pause for thought as to how and why some users aren't prone to such attacks as others, with or without protection layers in place.

 

People hear things like "sandboxing" and think "oh, too complicated." Your best bet is to throw them the best antivirus you can, configure their computer to update everything possible automatically, and configure their browser for security.

That's really all you can expect them to put up with.

 

Yes, it is a pause for thought.