Guidelines To Prevent Malware Infections For The Public

Discussion in 'other security issues & news' started by RCGuy, Jun 11, 2014.

Thread Status:
Not open for further replies.
  1. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    I remembered to start this thread after reading Ronjor's ISPs should quarantine infected computers, researchers say thread and its short-read article, ISPs should quarantine infected computers, researchers say. But I wanted to ask people what they thought about there being strongly suggested guidelines for the public to learn about internet security.

    And what I mean by that is having an agency such as an ISP, perhaps coupled with the federal government, providing these guidelines to help people to learn how to protect their computers in order to cut down on the huge amount of malware infections that exist on computers today.

    Also, in Ronjor's thread, the emphasis was put on cutting down on the amount of already existing malware that is on computers today. However, the emphasis in this thread is more preventative, or helping people to learn how to protect their computers from getting infected in the first place.

    Also, in the article that I cited above, it discussed a more mandatory push to get people who have infected computers to take action, however, the idea that I am suggesting in this thread would involve an easier, more relaxed, but effective means of getting people to learn simple guidelines to protect their computers from malware.

    Additionally, what gave me the idea of creating this thread was that not too long ago, a friend of mine asked me to look at their infected computer. Well, upon seeing this person's computer, it was so slow and so jammed up and so infected, it was pretty unbelievable. Also, I woudn't be surprised if my friend's computer is(or was...not really sure and it's a long story) a zombie computer or botnet host. However, what I learned from this experience is that unfortunately, people like my friend and probably many, many more people(if not the majority of people) are pretty clueless when it comes to knowing about the threats to internet security, and what they need to do to protect their computers from these threats.

    Any thoughts?
     
    Last edited: Jun 11, 2014
  2. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
  3. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    689
    From time to time a think about how vulnerable people really are with computers and security etc. For some reason I cant get Ronjors link ...probably because Im fiddling with stuff my firewall, but what youve said above about says it all. Prevention is always better than cure, but the rub is to get people to see that.

    Theres no real easy fix as I see it. You can lead a horse to water but you cant make it drink. For example a lot of people I know are not only pretty clueless ( and I dont mean that in a derogatory sense) but have no or little inclination to do anything about it, even after having to spend money when their systems get compromised...or they have no idea why their systems grind to a halt loaded to the eyeballs with trash and junk and temp files then wonder why their HDDs died (prematurely). Again, theres nothing wrong with these people, but just their priorities are elsewhere. Some people I know LOATH computers or at best see them as a source of frustration. The fact is some are just NOT interested in doing stuff online and they have little or no need to. Others sort of 1/2 listen when you try and give them a heads up about the likes of Cryptolocker.

    This brings me to another dilemma, the wide gap between IT people and the ordinary person and I mean its as wide as the east is from the west. This forum has some VERY knowledgeable people here and I would rate myself near the bottom compared to them, but the ordinary people around me I speak to on tech things look at me as if I'm some super geek from planet Z.

    Another real world problem is there are time restraints. Theres only so much spare time busy families have and to even have a practical basic knowledge of security matters would be a tough call for them. We all know here at WILDERS that security is an ever moving target. Its time consuming as it is, to understand the security needs of today, let alone keep up with what tomorrow brings.
     
  4. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    I agree.

    So true. :)

    Good points. Also, I was thinking that with all of our advance(and advancing) technologies in the early part of the 21st century, as a species, we're really not as advanced as we may appear to be from a superficial view, with our smart phones and our smart tvs, and our advanced medical technologies and advanced weaponry, and the continual advancement in technology in general, because it's basically the scientists and engineers who create and understand this technology, however, the public in general are only users and consumers of these technologies. Plus, like you had said, the rift between those who are scientifically literate and those who are just consumers of today's advance technology seems to be getting wider and wider.


    Agreed. And that is why when I was creating this thread, I was playing around with the idea that when someone calls an ISP to start internet service in their home, the telephone rep should briefly explain to the customer how easy it is for one's computer to become infected by malware and viruses, and send them a short and simple(and non-time consuming) email that provides them links to freeware protection programs that they would need to help protect their computers. Also, I believe that most people would welcome these easy and non-time consuming steps, especially if they look at from the viewpoint of protecting their computers, which they have already invested money in.
     
  5. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Also, this situation reminds me of driving a car. With driving a car you need to earn a license before you can legally get out on the road. However, with the internet, anyone is allowed on the internet regardless of their skills or lack of skills and regardless of what type of damage that they can do to themselves(i.e. their computers) or to anyone else(i.e. to anyone else's computers).

    And BTW, Reality, didn't you use a similar analogy about car maintenance before you edited your #3 Reply? :D
     
  6. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    I haven't (yet) read Ronjor's posts, so don't know where he stands on this question. But my own ISP (a large independent regional serving most of southern Ontario and parts of southern Quebec) does explicitly state in their TOS that they reserve the right to disconnect customers who've been discovered to be badly infected and who don't clean up reasonably promptly. Whether they've ever had to actually take action on this I've never heard, but to me it seems like a perfectly reasonable policy.
     
  7. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Thank you for your reply, Mike, but you might want to share that in Ronjor's thread where they already have a conversation about that going on:

    https://www.wilderssecurity.com/thre...ne-infected-computers-researchers-say.364570/
     
  8. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    689
    Its not called the WWWeb for nothing. Likewise its not called the "net" for nothing.

    Because I believe the internet is a means to an end, and that in the grand scheme of things is the ideal place where security and privacy can be forfeited, I don't see people being forced to comply with keeping their systems up to date, clean and healthy. You might get a bit of small talk about it here and there but to actually see it happen on a broad scale is very doubtful where the individual will manage this for him/herself. Moreover, it would be a logistical nightmare to police who was lagging behind in the necessary knowledge which is a constant moving target, and which Ive already noted, you'd need to have to keep ahead. If someone wanted to control you, they would probably start with the erosion of your privacy. If someone were to want knowledge of everyone everywhere about everything, it would be in their best interests to make that job easier any way they can including taking advantage of those who lack the necessary knowledge. The less you know the more you aid them in their cause, and that's why the internet lends itself to this end in such a spectacular fashion.

    If enforced, the said requirements would mean either, most people will have to go offline or (perish the thought) let the googles apples and M$s do this for us "seamlessly". Its a noble idea to make everyone responsible to keep their systems safe, but in reality, people being people as you've aptly described as what is typical everywhere, are just not going to do much about it.

    There's a lot of misconception out there and I believe this is not by accident but by design ... namely ... people have been conditioned and "taught" to think the internet is just "the thing to do", its "getting with the times", its "relevant"... its "how did we ever live life with out ito_O?" etc etc The fact is only a few short decades ago we did perfectly well without it.

    Back to the problem of people looking after their security. I think a lot of people realized in the past that computers are NOT as user friendly as they were (and still are) purported to be, and they've sort of bumbled along since, forgetting they still pose a security risk even though they've grasped the very basics of using a computer where initially they might have struggled ..... hence, basically a false sense of security. I think a big turn off is "information overload" and so if disaster strikes, people just switch off and adopt the mentality of "factoring it into the expenses of the day" which is seen to be simply "moving with the times". OF course this plays wonderfully into the hands of those providing backdoors for TPTB (the powers that be).

    I know banks (in my country at least) in their TOS have clauses where they wont back you if your system is hacked because its "insecure". By that they mean you must have the latest "reputable" AV etc etc. Some of us would question who is reputable? Just because you pay for AV doesn't mean they haven't been bought off or forced in some way to leave backdoors for certain 3 Lettered Cos.

    Just some more thoughts...
     
  9. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Wow! That's implying a lot.

    Okay, we could easily include the federal government in what you're saying, however, doesn't contributing in this lack of security and lack of knowledge to know how to make one's computer secure, also put people's finances, and the security of some financial and commercial institutions at risk?

    But I don't see where the Googles and Apples and M$s would be doing this for us. But instead, what I had in mind was the ISPs partnering up with internet security software companies such as the creators or owners of Malwarebytes and Emsisoft and even Sandboxie. And of course these companies will benefit financially from this partnership because there are always going to be people who are going to want to buy the paid version.

    Yes, but you can only have people shooting themselves in the foot for so long until it starts to become a threat to associated and connected IT infrastructure.

    True.

    But, Reality, you are jumping into the topic of what Ronjor's thread is about. The above is not what this thread is about. This thread is about preventative security measures, not after disaster strikes.

    I'm curious. And what country is that if you don't mind me asking? Or, send me a private message if you don't mind.

    Well, that once again kind of gets into Ronjor's topic. Also, I have never heard of an AV being bought off or forced in some way to leave backdoors for certain 3 Letter Cos. What exactly are you talking about, Reality?
     
  10. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    689
    My apologies for veering off topic RCGuy. Hopefully others will chime in with worthy ideas as I don't hold a lot of hope that this is achievable, at least without some serious skullduggery from certain camps in particular, and peoples lack of knowledge in general (which is not meant in a bad sense).

    I guess I feel as soon as most peoples computers hit the internet they're presented with an uneven playing field and the cards are stacked heavily against them. Prevention for the most part, is something that doesn't enter peoples minds until after the fact. You would be surprised how blaze people are until disaster strikes. Just human nature.

    Yes it does and yet the fact is, exactly what you describe is happening more and more because for various reasons, they just cant keep up with security issues and generally keeping their computers safe.

    I think you may have missed my point about M$ Google etc. or maybe I'm missing yours, or maybe we just stand differently on who we trust to contribute in securing our computers. Essentially as a foundational thing, I don't trust proprietary software. Because I'm not knowledgeable enough to do things like coding I am at the mercy of those who can. That shortfall on my part is made up for with other preventative actions I take.

    It has long been known and established what the NSA is up to. Irrespective of what we might think about Edward Snowden he has at least filled in some pieces and the so-called reputable giants are part of the huge spy network which compromises our privacy and security. Yes this is a disaster! but you did ask :)
     
  11. WeAreAllHacked

    WeAreAllHacked Registered Member

    Joined:
    May 22, 2014
    Posts:
    28
    There already are a lot of documentation and guidelines (of varying quality..) out there for those wanting it.


    Maybe the documentation is boring usually but I just don't think the majority of people want to read about "computer security" and have that as an interest and that's why its hard to educate people about it.
    Just like I wouldn't want to read documentation about "the importance of eating healthy" just because some people think it would be of great use for everyone if I and everyone else did, they don't want to read about "computers".
     
  12. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Well, it seems like everything else from healthcare to education where there's a lack of will by TPTB to want to change or improve these things, and where it seems like they are actually part of problem and want these failures to exist in our society. However, that's starting to get way off topic.
     
  13. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    True. But it kind of reminds me of learning how to drive a car where you need to earn a license before being able to do so. However, people are not required to learn how to be secure on the interent, and therefore, they don't feel the need to learn how to do so. And in turn, I don't think that they feel that learning about security is part of what they signed up for. And then of course there's that pesky 'time' thing that Reality has already mentioned. Although of course if people feel that something is important, they will find the time to learn how to do it.

    That's a good analogy because learning the importance of eating healthy isn't how most people are raised in Western societies. Plus, the advertising money and the emphasis isn't put on that in Western societies, even though it would be safer and healthier for society if it was.
     
Loading...
Thread Status:
Not open for further replies.