We discuss semantics...
Reality - The "nanny state" won't work.
No matter what prevention is used, what standard of computer safety education has been gleaned ...
individuals must take responsibility for their actions or lack thereof -
AND bear the consequences of these actions.
This is why 99% of people are besides themselves with mania for AV programs...they have some kind of manic blind belief and love for AV. To them an AV program = no virus ever. AV companies lllllloooooveee this kind of attitude.
But what sites are these people visiting?
I have a core of about 10-15 sites in my favourites that I visit pretty much daily...they are good sites, legitimate sites. They aren't the kind of sites that sport neon flashing promises.
What about when a good site goes bad...can a good site be hacked itself and suddenly start spewing pop ups?
In my experience...that is rare to the point of non-existant. I've never seen one of my legit sites start freaking out and promising me to fix my 'viruses'.
So...where are people going to expose themselves to such false positive virus warnings?
That's like the question of why working at a help desk, you get a ton of password reset calls every 3 months when the reset cycle comes up. It's always the same people with the same issue who never read or learn anything and then they complain why they have to deal with this.
The problem is that users just don't give a damn and since a lot of PCs are corporate IT and the actual end user doesn't have to pay that support for the most part, then they don't care. And what's more, a lot of these people are in very locked down network but yet they manage to get to these hacked sites.
Unfortunately, good sites have been hacked. The list of these includes Fox, The New York Times and several other well known "legitimate" sites. All have been infiltrated by malicious ad banners or a virus. Nowadays, going to a legitimate site does not guarantee safety.
And as JMH says, users do need to take responsibility, if you go looking for illegal downloads and other "shady" items, or peruse questionable sites, then "you takes your chances".
Also, as Darician stated, it doesn't help to stifle the spread of viruses when people think "it's just the company PC, not my own...who cares if it gets infected".
How many times do you still get a FWD E mail from someone that has 300 other E mail addys attached to it. If that E mail lands one one infected computer, all those addys are now potential targets.
Perhaps I am totally missing something here but ...
If Im browsing the web and some scareware like this pops up telling me Im in danger the first thing I do is obviously read what it says.
Second, If the app is NOT Norton, I know right away something is not right and it attempting to trick me into downloading something nasty.
Ill double check my taskbar as well, to see if Norton is reporting anything.
I guess my point is, it doesnt matter what AV you prefer.
If something is telling you theres a security risk and click here to download .. and it is NOT your prefered & installed AV.... somethings wrong.
It just seems to me this would be common sense.
I wouldn't be surprised if AV companies actually put out viruses on the net to help sure up the dependency people have on AV's.
Of course, they probably have no need to do that with all the proliferation of scams online anyway.
What virus can penetrate a smart users defenses? Let's say you know not to click strange promises embedded in neon flashing popups...you know not to install mysterious exe files, you know not to visit dodgy sites with gay abandon, you know....etc...you get the idea...
Are there any viruses that have been written that can bypass software and the best human shields?
This is a great discussion with a lot of excellent points being made!
I have a friend who works in security at Microsoft. He was doing a search for information on a server, clicked on one of the search result sites and *poof* the site was infected. He immediately pulled the plug from the 'net, avoiding serious damage. The obvious point being that his computer was most definitely up to date and secure. He was conducting valid research. It can happen to anyone that way.
Although I have been very fortunate and none of my computers have ever been infected (knock on wood), often times when I am merely catching up on forum posts I am only using the mouse. More than once I have been intent on what I was reading and inadvertently clicked a link.
I agree with the other things you wrote, Borg 386, but it amazes me that this still happens. I cringe when ever I get one of those.
I almost got caught from a legitimate search. I like the Pidgin IM client. I searched for it with Google and clicked the first link. When I clicked the download button I noticed the name was unusual. Then I looked at the URL and noticed this was not the Pidgin IM site. I'm sure if I would have installed that program I would have been infected. It's easy to get fooled if you don't take a close look at the information on your screen.
The site looked just like the real Pidgin site, but it was misspelled. I forgot exactly, but it was a subtle change like Pidgin.im.cz or something. They had the right logo and purple color.
Quote