Paranoid = $$$

The thing you have to remember with pure behavior blockers is that the malware writers do everything they can to make it so that when you look at the process list in your task manager, you see their malware as something benign and/or necessary, even to advanced users.

HIPS seem great until you find out how well they really actually work in the real world. The stats show overall figures consistant with guesswork, blocking goods as much as allowing bads, and in some cases some worms were allowed by up to 70% of users. Behavior blockers have been around for a lot longer than some might like you to belive, unfortunately it's going to take some real innovation alongside a new way of approaching programming software in general to really curb the problem. Fortunately that's not all that far away. Until then, getting yourself well informed can do a world of good... which brings me to the original subject...

Sure, some companies are going to pump out the FUD. Taking the vendor out of the equation and just looking at alarmists of all sorts, it's kind of a double edged sword. Unfortunately there are still a lot of people out there that simply refuse to consider security at all. They can't be bothered with the subject because they've already done the bare minimum that was required when they first learned about it 5-10 years ago. I know a company that refuses to consider the subject of adware/spyware because they use Spybot to scan when the computer starts (silently).. sometimes. How do you get those people to understand that they need to do more without pushing the idea that what was fine then is not now? It's unfortunate, but some people may need to have a level that would scare the bejezus out of others just to get to the point of saying "Well, ok.. maybe I'll look into something.. when I have some time.." As far as facts go, most of the people with the actual decision making power aren't going to be interested in the technical facts. The truth is that it's probably better to leave that stuff out unless the person seeks it out.

Honestly I don't see this as a purely commercial phenomenon, there are plenty of others doing the same. Commercial entities will always do what they can to convince you of the need for their product, and some will use exaggeration. There are also plenty of "independant experts" that are really paid front-men, and that goes for all industries. That's no excuse for the fear mongers, and there are some pretty slimey ones of those out there; did you know that WinFixer was among the top sellers last year? The question is, though, where do you draw the line when the pure facts are pretty scarry even without the spin? How do you present those facts to those that don't respond to pure facts, even if you're not trying to sell anything?

 

I noticed this fact several times especially with so-called antispyware programs. Free to try, they were only scaning but not deleting. Of course they were finding everytime (even if my computer was installed 1 day ago) several spywares.
Than if I was trying to scan my PC with SpySweeper, Ad-Aware and SpyBot my computer was clean.... Of course now I don't see them anymore. At that time I had no pop-up blocker, and no knowledge about security.

 

Free scanners are ussually set to max heuristic, so they can report false alerts, but they will also find almost every malware, like MWAV. But once you know, where it is, you can upload "infected file" to online AV scanners or to use any free soft to check it up, if it is really infected and if it is, you can just clean it you manually. Of course, it can confuse new users (to buy it).

 

Indeed. Before that hype is going to work in the real world , the mind of the person has to be primed somehow.

But here in Wilders, we have a large group of such people who are primed and ready to buy into hype, typically because they got nailed in the past when their Norton failed for example or they are scared by reading stories in this forum about undetectable rootkits or whatever new hyped threat. Herbalist's story of Norton failing him is fairly typical for example of people who for some reason or other become 'interested in security'.

As such, I think the Original Poster of this thread is wise indeed to bring up this issue. It won't affect the mainstream people in the real world who don't care, but many people in this forum particularly the less experienced ones will indeed be affected by this hype.

Another reason why Wilders is a good place to promote new security software.

Given that you are now an official rep of a product, i guess this issue suddenly becomes very interesting?

Philosophically speaking, there is no way to present facts in totally netural language, every statement has to be interpreted somehow. Every statement made for example means choosing what information to omitt and what to include and you can easily make a 'bald fact' more alarming or not just by doing that.

Personally I think there is little point in trying to scare people into security, if they don't care, you can hype the threats all you want and they won't respond.

However care should be taken when dealing with people who are primed and ready to learn about security. At this stage of the game, they are ready to believe anything you say, so you should be very careful about what you say.
Do it wrong, and they become freaking paranoids who run 3 overlapping HIPS and still worry about security (I'm not kidding, there are quite a few such people here).

As an indidivual whenever I'm approached by someone who needs advise on security, I try to be careful not to prescribe him a full plate of security products that appear in my favourites list as tempting as it may seem.

It's hard to resist given that those products are those you know best, but I would never recommend SSM/Processguard etc for example (as much as I like it), to someone who is just looking for basic security tips worrying about firewall ,antivirus, antispyware issues. Probably much more useful to simple tips like how to secure browsers, to keep updated etc. Until that is done, I wouldn't worry about HIPS and whatnot.

What is suitable for me, is probably not suitable for him and vice versa and people have different security needs . I think the biggest mistake you can do is to assume that because you use product X and it works for you, everyone else must also use product X to be secure.

 

Outside of the forum users, I can't think of anyone whose PC I maintain that I would advise to install SSM. None of them could handle that program. Installing Kerio 2.1.5 on their systems was bad enough. Ever try to explain to an average user how to edit a firewall rule over the phone? There's only one persons PC I would consider installing SSM on as is, and I'd have to spend the day there setting it all up. Her daughters boyfriend thinks he's a computer geek and has undone much of what I've tried to do with that PC. I'm seriously considering putting SSM on it just for its powerful user control ability, and put an end to his games. He'll appreciate a steady stream of "access denied" messages from an app he can't kill or bypass.
HIPS software could be used in its present form if combined with remote administration. Might be the best way to do it with the more average users. The way things are going, it could easily be preferable to removing some of the nastier malware they often end up with. Better service with less service calls.
Rick

 

Too much emphasis on technology here IMO. The user is the most important vulnerability wrt security. Granted that OS, app and sig updates require user involvment whether the process is manual or automatic. However, practicing good computer hygeine and having an understanding of the tactics that the bad guys use is equally, if not more, important than using the lastest and greatest security software and hardware. If a user throws caution to the wind and practices poor computer hygeine and is totally unaware of these tactics, technology will not likely make much of a difference.

Must agree here. In my short time here at Wilders, I have observed certain posters (very much the minority thank goodness) who believe that others MUST use (1) the SAME SOFTWARE that they use and (2) MUST use the same software EXACTLY THE SAME WAY that they use it. And if not, you are accused of not using the gray matter between your ears, for example.

bktII