It's not the SYSTEM but it's the USER whose the problem

Hi all

I think we've blown system security our of all proportion to the number of times it actually happens in real life.

These days people commit FRAUD big time by not getting in to your system with a Virus etc but by posing as a legitimate supplier / Bank etc etc and obtaining vital information which is supplied quite freely irrespective of HOW much security is on the system.

Even today how many people still send Money up front for the most elementary SCAMS (Canadian Lottery, Nigerian Businessman etc etc). and these scams have been going on for as long as "Pontius was a Pilot".

How many people also give out passwords when they get an email from what appears to be a Bank , Utility company etc etc.


I don't really care if some nerdy sub teen wants to blow my hard disk away -- it only takes me 15 mins to restore anyway but what I DO take more care over is

1) NEVER open ANY email unless I know who it's from - and certainly don't open attachments - especially those on a typical mass corporate circular email system like "jokes" etc unless again you trust 100% the source.

2) NEVER EVER supply a password / bank details to ANY site that requests "We need to update our information" --- if they are BANK for .....'s sake they will WRITE to you if they need to re-set your password etc.

3) Never use an online shopping system that REQUIRES you to register on their site.

4) Be very wary of "Unsolicited" requests from Utility companies - Gas, Water, Electricity etc requesting Online payments where they want all bank details etc. By all means pay them online BUT DON'T GIVE OUT PRIVATE INFO.

5) If you DO make any payment online ensure the Bank has an extra security popup requesting a password etc before the request is processed.

6) Never download Pirated music / other P2P stuff from "Free Torrent" or other P2P file sharing sites. If you really must use these then use something like the 'OID which has a private / restricted membership.

7) Always take an image backup before installing any software from a Site you don't 100% trust.

8) If you are a computer admin BAN ANYBODY plugging in USB devices to a machine on a corporate LAN. These (especially if the computer is running XP) can infect computers big time via the AUTOPLAY feature (finally disabled by default in W7).

9) Use something like a Linux machine or a Linux VM to access links you are unsure of when downloading software - especially Free software.

Most AV software is pretty hopeless anyway and usually causes more problems than it solves. False positive research takes more time to resolve than just taking 15 mins to restore an infected computer back to health anyway and as nearly all AV software show different false positives the work required into researching what is OK and what isn't makes the whole process just a HUGE WASTE OF TIME.

If you use your machine intelligently and regularly perfom backups you should never run into Virus problems.

In over 30 years of using computers I've NEVER had virus problems.

A post in this forum on phishing amply exemplifies its those sort of threats that are the REAL problem.

Just my observations however -- YMMV of course.

Cheers
jimbo

I agree completely. We have a few terms in the industry that we like to use to refer to these issues.

THe two we use most are:

ID10T Error (idiot error)- Tell customer the issue was an ID Ten T Error
PEBKAC Error - Problem Exists Between Keyboard and Chair

johngalt said:

Just make them all lusers and be done with it....

Oh, right, we can't, b/c so many of said lusers *love* XP.....

And we wonder why there was a major proliferation of malware for Windows system during the time which XP was in its heyday....

Hi it wasn't just because it was XP -- fashions and ideas change -- in those days it was considered cool / super smart to hack or be a top notch hacker -- these days most non computer people tend to regard these guys as a cross between a pathetic UFO hunter or some poor old loney geek with zero social life idling away in some squalid hideout and peer pressure definitely counts with younger members of society.

I remember the days of the old "Phone Phreaks" - the pre-cursor to hacking --nobody does this stuff on mobile phones --although they could of course quite easily - remember not so long ago when a private conversation by Prince Charles got out "into the wild".

Smarter options these days are "Identity Fraud and phishing". For criminals its more profitable too.

It's not just because systems have better in built security -- whilst I'm sure MS is quite a reasonable employer ANY organisation (especially large one's) will have its share of misgruntled employees so whatever security you build in the OS some of the internals will ALWAYS leak out into the public domain. Same with the Telcos -- a few friends in "Low places" will yield results. The CIA and Mossad (and others) do this stuff routinely every day and I'm sure they don't go into a public court and ask permission first.

Incidentally adding to the list of caveats in my previous post

BE VERY CAREFUL if you use private or anonymous proxies - these are increasingly popular to get round a lot of geographical limits on listening / viewing audio / video streams which are restricted geographically. Unless you know and trust the proxy take care.

Cheers
jimbo

I do not receive much crap email or spam. Beginning years ago, and having to last repeat it about a 18 months ago, whenever I receive one of those massive CC emails - jokes or "you gotta see this" - I post a nuclear flame specifically designed to enrage each and every person on the CC list. Five to seven paragraph essay type dissection. I get visceral.

Ask the lady that sent me an Obama bash using her Catholic school email account replete with school letterhead and signature. St. Peter is likely waiting for my hard *ss with a gleam in his eye.

I do not f'ng care how any of them feel or respond. Period.

My email is for my use.

TheSchaft said:

I agree that social engineering is a larger problem than most viruses, but it is a bit of a chicken and egg problem also.

If I click over to a scammer site,.

That says it all -- and these guys are always way way ahead of the AV software development cycle.

It's really obvious when you think about it -- how much "Quality control" checking and development planning goes into "Scams" / or virus development.

Companies who have a product to get out have to go through all sorts of development cycles / QA checks, meetings etc etc before the product gets released - the bigger the company the longer this will normally take except in real emergency like MS with conficker -- even here it took them a few days to sort it out.

The virus writer just does his stuff and it really doesn't matter if it works 100% or 60%. Even 1% can do damage.

However if you stick to sensible guidelines you shouldn't have computer problems of this sort.

Actually most hackers these days seem to be relishing the next challenge which is to cause massive Dos (Denial of Service) to large providers causing real chaos and disruption rather than wiping some remote users hard disk.

A real Dos attack against a large provider would probably be accompanied by an "extortion threat" -- pay me xxxx Roubles / dollars etc or your system will STOP.

Btw I like the expression "Social Engineering" --waht on earth are we teaching in schools these days.

Cheers
jimbo

TheSchaft said:

I'd love to see one of your epistles, Antman.

No problem. Just send me a stupid email with a long list of CCs.

I will not hold my breath, though. Your keyboard probably has a stupid email prevention filter.