Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: It's not the SYSTEM but it's the USER whose the problem

12 Oct 2009   #1
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 
It's not the SYSTEM but it's the USER whose the problem

Hi all

I think we've blown system security our of all proportion to the number of times it actually happens in real life.

These days people commit FRAUD big time by not getting in to your system with a Virus etc but by posing as a legitimate supplier / Bank etc etc and obtaining vital information which is supplied quite freely irrespective of HOW much security is on the system.

Even today how many people still send Money up front for the most elementary SCAMS (Canadian Lottery, Nigerian Businessman etc etc). and these scams have been going on for as long as "Pontius was a Pilot".

How many people also give out passwords when they get an email from what appears to be a Bank , Utility company etc etc.


I don't really care if some nerdy sub teen wants to blow my hard disk away -- it only takes me 15 mins to restore anyway but what I DO take more care over is

1) NEVER open ANY email unless I know who it's from - and certainly don't open attachments - especially those on a typical mass corporate circular email system like "jokes" etc unless again you trust 100% the source.

2) NEVER EVER supply a password / bank details to ANY site that requests "We need to update our information" --- if they are BANK for .....'s sake they will WRITE to you if they need to re-set your password etc.

3) Never use an online shopping system that REQUIRES you to register on their site.

4) Be very wary of "Unsolicited" requests from Utility companies - Gas, Water, Electricity etc requesting Online payments where they want all bank details etc. By all means pay them online BUT DON'T GIVE OUT PRIVATE INFO.

5) If you DO make any payment online ensure the Bank has an extra security popup requesting a password etc before the request is processed.

6) Never download Pirated music / other P2P stuff from "Free Torrent" or other P2P file sharing sites. If you really must use these then use something like the 'OID which has a private / restricted membership.

7) Always take an image backup before installing any software from a Site you don't 100% trust.

8) If you are a computer admin BAN ANYBODY plugging in USB devices to a machine on a corporate LAN. These (especially if the computer is running XP) can infect computers big time via the AUTOPLAY feature (finally disabled by default in W7).

9) Use something like a Linux machine or a Linux VM to access links you are unsure of when downloading software - especially Free software.

Most AV software is pretty hopeless anyway and usually causes more problems than it solves. False positive research takes more time to resolve than just taking 15 mins to restore an infected computer back to health anyway and as nearly all AV software show different false positives the work required into researching what is OK and what isn't makes the whole process just a HUGE WASTE OF TIME.

If you use your machine intelligently and regularly perfom backups you should never run into Virus problems.

In over 30 years of using computers I've NEVER had virus problems.

A post in this forum on phishing amply exemplifies its those sort of threats that are the REAL problem.

Just my observations however -- YMMV of course.

Cheers
jimbo


My System SpecsSystem Spec
.
12 Oct 2009   #2
Lunarpancake

Windows 8 Professional
 
 

I agree completely. We have a few terms in the industry that we like to use to refer to these issues.

THe two we use most are:

ID10T Error (idiot error)- Tell customer the issue was an ID Ten T Error
PEBKAC Error - Problem Exists Between Keyboard and Chair
My System SpecsSystem Spec
12 Oct 2009   #3
johngalt

 

Just make them all lusers and be done with it....

Oh, right, we can't, b/c so many of said lusers *love* XP.....

And we wonder why there was a major proliferation of malware for Windows system during the time which XP was in its heyday....
My System SpecsSystem Spec
.

13 Oct 2009   #4
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 

Quote   Quote: Originally Posted by johngalt View Post
Just make them all lusers and be done with it....

Oh, right, we can't, b/c so many of said lusers *love* XP.....

And we wonder why there was a major proliferation of malware for Windows system during the time which XP was in its heyday....

Hi it wasn't just because it was XP -- fashions and ideas change -- in those days it was considered cool / super smart to hack or be a top notch hacker -- these days most non computer people tend to regard these guys as a cross between a pathetic UFO hunter or some poor old loney geek with zero social life idling away in some squalid hideout and peer pressure definitely counts with younger members of society.

I remember the days of the old "Phone Phreaks" - the pre-cursor to hacking --nobody does this stuff on mobile phones --although they could of course quite easily - remember not so long ago when a private conversation by Prince Charles got out "into the wild".

Smarter options these days are "Identity Fraud and phishing". For criminals its more profitable too.

It's not just because systems have better in built security -- whilst I'm sure MS is quite a reasonable employer ANY organisation (especially large one's) will have its share of misgruntled employees so whatever security you build in the OS some of the internals will ALWAYS leak out into the public domain. Same with the Telcos -- a few friends in "Low places" will yield results. The CIA and Mossad (and others) do this stuff routinely every day and I'm sure they don't go into a public court and ask permission first.

Incidentally adding to the list of caveats in my previous post

BE VERY CAREFUL if you use private or anonymous proxies - these are increasingly popular to get round a lot of geographical limits on listening / viewing audio / video streams which are restricted geographically. Unless you know and trust the proxy take care.

Cheers
jimbo
My System SpecsSystem Spec
13 Oct 2009   #5
TheSchaft

Windows 7 x64 HP, Windows 7 HP, Windows 7 Ult
 
 

I agree that social engineering is a larger problem than most viruses, but it is a bit of a chicken and egg problem also.

If I click over to a scammer site, I run the real risk of getting a trojan/virus/rootkit that then sends, in my name, an e-mail to my contacts, who would trust something coming from me, continuing the cycle of identity theft or establishing a botnet by getting them to click on a link.

I now routinely Google almost everything, even links, to get a reading on the site from WoT and to see if there are any negative reviews.
My System SpecsSystem Spec
13 Oct 2009   #6
Antman

 

I do not receive much crap email or spam. Beginning years ago, and having to last repeat it about a 18 months ago, whenever I receive one of those massive CC emails - jokes or "you gotta see this" - I post a nuclear flame specifically designed to enrage each and every person on the CC list. Five to seven paragraph essay type dissection. I get visceral.

Ask the lady that sent me an Obama bash using her Catholic school email account replete with school letterhead and signature. St. Peter is likely waiting for my hard *ss with a gleam in his eye.

I do not f'ng care how any of them feel or respond. Period.

My email is for my use.
My System SpecsSystem Spec
14 Oct 2009   #7
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 

Quote   Quote: Originally Posted by TheSchaft View Post
I agree that social engineering is a larger problem than most viruses, but it is a bit of a chicken and egg problem also.

If I click over to a scammer site,.
That says it all -- and these guys are always way way ahead of the AV software development cycle.

It's really obvious when you think about it -- how much "Quality control" checking and development planning goes into "Scams" / or virus development.

Companies who have a product to get out have to go through all sorts of development cycles / QA checks, meetings etc etc before the product gets released - the bigger the company the longer this will normally take except in real emergency like MS with conficker -- even here it took them a few days to sort it out.

The virus writer just does his stuff and it really doesn't matter if it works 100% or 60%. Even 1% can do damage.

However if you stick to sensible guidelines you shouldn't have computer problems of this sort.

Actually most hackers these days seem to be relishing the next challenge which is to cause massive Dos (Denial of Service) to large providers causing real chaos and disruption rather than wiping some remote users hard disk.

A real Dos attack against a large provider would probably be accompanied by an "extortion threat" -- pay me xxxx Roubles / dollars etc or your system will STOP.

Btw I like the expression "Social Engineering" --waht on earth are we teaching in schools these days.

Cheers
jimbo
My System SpecsSystem Spec
14 Oct 2009   #8
TheSchaft

Windows 7 x64 HP, Windows 7 HP, Windows 7 Ult
 
 

Clicking over to a scammer's site - like a bank, or the now popular IRS "response to your underreported tax" site will get you in trouble. Most of these are easy to see and avoid. Just take the excellent advice above and DO NOT DO IT.

E-mail attachments are a bit more dicey. From someone you don't know? Trash it. From someone you do know? Save it, unopened, and scan it (If your scanner doesn't kick in automatically when you save it.)

The ones I see that are more worrysome are the links to what should be "safe" sites - some appearing on web pages as part of the site's ad package. I ran into that on a site where the ad automatically kicked off if you moused over it. WoT blocked it, but still it was an unexpected diversion.

While you can't stay ahead of the bad guys, you can use caution - Use something like WoT to at least tell you which are acceptable sites, ones not compromised (probably).

BTW - I think Kevin Mitnick first used the term "Social Engineering", even before he wrote his book - [ame="http://www.amazon.com/Art-Deception-Controlling-Element-Security/dp/0471237124"]Amazon.com: The Art of Deception: Controlling the Human Element of Security (0723812237128): Kevin D. Mitnick, William L. Simon, Steve Wozniak: Books[/ame]


Whoa! That pops a big ad!
My System SpecsSystem Spec
14 Oct 2009   #9
TheSchaft

Windows 7 x64 HP, Windows 7 HP, Windows 7 Ult
 
 

Quote   Quote: Originally Posted by Antman View Post
I do not receive much crap email or spam. Beginning years ago, and having to last repeat it about a 18 months ago, whenever I receive one of those massive CC emails - jokes or "you gotta see this" - I post a nuclear flame specifically designed to enrage each and every person on the CC list. Five to seven paragraph essay type dissection. I get visceral.

Ask the lady that sent me an Obama bash using her Catholic school email account replete with school letterhead and signature. St. Peter is likely waiting for my hard *ss with a gleam in his eye.

I do not f'ng care how any of them feel or respond. Period.

My email is for my use.
I'd love to see one of your epistles, Antman

I've always liked the following:

"If anything I've said here bothers you, please feel free to ignore this, If you don't know how to ignore an e-mail, please send me a reply, and I'll be glad to show you".
My System SpecsSystem Spec
14 Oct 2009   #10
Antman

 

Quote   Quote: Originally Posted by TheSchaft View Post
I'd love to see one of your epistles, Antman.
No problem. Just send me a stupid email with a long list of CCs.

I will not hold my breath, though. Your keyboard probably has a stupid email prevention filter.
My System SpecsSystem Spec
Reply

 It's not the SYSTEM but it's the USER whose the problem




Thread Tools




Similar help and support threads
Thread Forum
SYSTEM user account
when i type for example~ runas /user:system "cmd /k" outputstream says: "please enter the password for the system." how can i figure out what the built in user account passwords are? i havent tried bulletview yet but i know that in the services.msc properties where i add the user to run...
System Security
Hide user by registry stange problem: User still appears in C folder
Hi! I did an new install of windows 7 (home first then upgraded to pro) I want to hide a user by doing this on the registry: HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon \SpecialAccounts\ UserList ..then add dword32 by my username value to 0 I did this on my old...
General Discussion
Unaccesible shortcuts created by the system in user & system folders
Hello All: Browsing the folders on my hard drive I have found a series of shortcuts (to default users, application data, "archivos de programas" (program files in English language) that I didn't create and that I can neither access nor delete. I have two administrator accounts in the...
General Discussion
How do I ONLY allow read-only 4 EVERY User (Me, system etc) ?
Okay I am having troubles with security permissions. I was told to set the files as read-only so my wmc can't delete them. However, my xbox still can So what I need to do is set it up so my videos folder is read-only for EVERY user including myself. I want to deny deletion rights for everyone...
General Discussion
SYSTEM User, can you log in as that user?
Hi, I was trying to access folders in windows 7 but i was reading there not real folders, why it's beyond me! But anyways along the way I can access explorer.exe as the system account i won't say how incase ye don't allow stuff like that. But anyways i just want to know can you make that an...
General Discussion
Why Backup user and system files fails to create system images to optical disc?
1. Open center 2. Set backup settings and Select a optical disc as the location to save backup 3. An informaion pops up, says "System images cannot be saved on this device" Click for help, and can find "you can't save a system images on a CD or DVD" So, my question is why we can't do it,...
Backup and Restore


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 16:28.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App