Malware Prevention - How to Convince People

Discussion in 'other security issues & news' started by TheKid7, Jun 19, 2011.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    How do you go about trying to convince people of their need for Malware Prevention/Protection?

    I have tried to explain to many different people that an Antivirus Program is not good enough. I sometimes feel like I am talking to a brick wall.

    I usually give them an overview of what they need:

    1. Imaging Software + Routine Imaging (or at least a base clean Image)
    2. Containment (i.e., Sanboxie, Shadow Defender, Deep Freeze, etc.)
    3. Antivirus Software

    I realize that the above recommendation is too much for most people. So I usually push Sandboxie (Auto delete sandbox, Drop rights) + Antivirus Software. However, most people do not even take my advice on using Sandboxie.

    Thanks in Advance.
     
  2. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    those kind of people should stick to Norton or Kaspersky.

    you'll never convince Joe/Jane Average to use things like Sandboxie.

    and how can you convince people to look into imaging when they don't even bother to do 'regular' backup?
     
  3. FlimFlam

    FlimFlam Registered Member

    Joined:
    May 23, 2011
    Posts:
    42
    Hello TheKid7,

    Who are these people you speak of? Are they co-workers? customers? friends? family?

    Do these people experience malware infections on a continual basis?
     
  4. Mr_Grumpy

    Mr_Grumpy Guest

    Joined:
    Jun 14, 2011
    Posts:
    0
    Hi
    Many people think that they are protected for good, when they have bought a complete solution. I have met a few people stating that they cannot understand why they were hit by malware.
    The Vendor that they bought the software from stated it could keep then safe. And that is one of the problems IMO, Vendors should state that there software is like a ekstra lock on your door , it helps to minimize the risk, that the burglar manage to break in, but cannot guarantee it would not happen.
    Yes I know it maybe naive thinking to think that Vendors will change the advertising strategy.
    But it could help people to understand that they need some sort of extra protection besides their main vendor.

    Kind Regards :)
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I don't ever try to get people to set things up like imaging or sandboxing. I give them MSE and put UAC to max and depending on their browser I'll give them an adblock/some sorta javascript blocking function.

    I have no need to clutter their computer with programs that will likely cause issues for them. I don't need a million calls saying "You broke my computer!"
     
  6. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    People have to find out for themselves. You can't force them into it. When they get slammed with a virus then they will listen. That has been my experience anyway. As someone that has worked on computers I have seen my share of computers with old out of date AV's.
     
  7. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    THIS!! :D
    Just recommend them a good suite.
     
  8. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    All you can do is make good recommendations and hope they follow it. :thumb:
     
  9. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I have been fixing computer for people since the early 90's. At first it was putting in new hardware or just getting something to run. With win95/98 and the availability of the internet, it became getting rid of virii/malware.

    I have run the gamut of products and solutions. Nothing works for those who don't want to learn. Period. Nothing. Whether it be a great 3rd party tool like SBIE or OS provided things such as UAC. I have been slowly refusing work. The only ones I help these days are the ones who listen and learn and can make use of SBIE or UAC etc.

    In the past I had high hopes of helping these people. Now I don't believe it will ever happen. The OS will always be exploited because it is on almost everyones machine. Most people I know don't want to switch to a *nix flavor. Most people just don't care, they have other interests. So I let them keep thier interests and thier problems and help those who give me pleasure in helping, and most of those are online any more.

    Sul.
     
  10. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    It's futile to attempt to convince anyone of anything!

    I never suggest anything to anyone unless asked.

    I've found that if someone wants to be helped, they don't need any convincing, they just listen and follow instructions.


    regards,

    -rich
     
  11. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Why should you try and convince anyone? Not everyone uses their system the same way, so not everyone will be exposed to the same risks. However, if you spend 10 minutes showing someone how to handle files they do want in Sandboxie, and not screw around with forced programs, restricting this and that, you've already brought them very very close to being as secure as it gets without suffering. I'd still keep a good AV, but only to scan files I download.

    If you try to toss something like srp, hips, or some other thing at them, you're not going to get anywhere, and, they'll just end up taking it all off and be completely unsafe again. K.I.S.S
     
  12. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    3 choices...pick anyone you feel comfortable with.

    1. Apply the techniques mentioned here:

    -http://www.wikihow.com/Persuade-People-with-Subconscious-Techniques-

    Whether or not you succeed depends on 3 conditions:

    a) how skilled you are (practice makes perfection they say)
    b) the belief system ("AVs and suites are more than enough dude") and level of skepticism that the target has (the higher it is, the harder it is for you to 'break' them)
    c) whether you have Fortuna on your side

    2. Forget it. "Educating Users" is one of the dumbest ideas in computer security...at least according to Ranum. Do them a favor and set up a set-it-and-forget-it system for these people to use (either through politely asking for permission or through 'force' if you're the Admin/owner of the computer systems)

    3. Again - Forget it. Just let them be, especially if it's not going to earn you any credits and the pain isn't worth the gain. Selfishness can sometimes be a good thing. At the very least, come to think of it - you're letting the bloke a chance (or many) to experience the possible consequences of not having a 'reasonably good' security setup and for all you might know, that might just 'convince' them to do their own work and research one day (hopefully). Heck, didn't some of us learn through it the hard way ourselveso_O
     
  13. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,873
    A waste of time! ...let them learn the hard way.
     
  14. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Agreed and so I did for the past few years, no more helping people who do not want to pay for software or were using cracked copies.
    My last advise to them was: buy anti malware software and steal a new PC every now and then, that is even cheaper.

    Gerard
     
  15. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    I tell people once or twice. Then it's up to them and my (residual) conscience is at peace.
     
  16. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    @Tarnak: Indeed, that's how I learned myself. I don't think it would've sunk in any other way.

    @gerardwil: Cheapest (and definitely more ethical/legal) is keeping the old PC and installing freeware and/or free OS.
     
  17. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    The average Joe isn't (usually) going to use containment programs like Sandboxie. They just want to be able to surf and check emails without added complications. It's when they start doing a lot more than just that when problems may arise.

    However, I have to admit that though I know a bit more about these things than the average Joe because I read forums like this and security blogs, even I don't always use Sandboxie. I have it installed, but, for example, this session on Wilders isn't sandboxed. Does it really need to be I ask myself. I don't think so. There are no other browser tabs or windows open in this browsing session.

    Having said that, there are many of us here, and out there, who don't encounter malware in the manner others appear to be. Obviously, that's no guarantee we never will, but it is pause for thought as to how and why some users aren't prone to such attacks as others, with or without protection layers in place.
     
    Last edited: Jun 22, 2011
  18. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    People hear things like "sandboxing" and think "oh, too complicated." Your best bet is to throw them the best antivirus you can, configure their computer to update everything possible automatically, and configure their browser for security.

    That's really all you can expect them to put up with.
     
  19. FlimFlam

    FlimFlam Registered Member

    Joined:
    May 23, 2011
    Posts:
    42
    Yes, it is a pause for thought. ;)
     
Loading...
Thread Status:
Not open for further replies.