homepage Welcome to WebmasterWorld Guest from 54.161.175.231
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

This 54 message thread spans 2 pages: < < 54 ( 1 [2]     
Malware Attacks
How do non-techie people cope?
Jane_Doe




msg:3436839
 5:28 pm on Aug 30, 2007 (gmt 0)

Our neighbors computer got infected with malware. They had weird cookies being set, their wall paper changed and popups all over the place. They had tons of security alerts popping up - half of them real and half from the malware. The malware even substituted their own DNS server so it had control over their Internet access.

Norton, Spybot, Adaware and the rest were ineffective. I found a program fix on a tech forum, but it required downloading a program and running the computer in safe mode to execute it. It took me a couple of hours and one of my teenagers help for another hour to get everything back to normal.

Lots of people have computers, however I don't think most of them hang out at tech forums or know how to run their computers in safe mode. Many of the people I know don't even know about Adaware.

For people like my neighbors it was really hard to even figure out which security messages were bogus and which were real, which is of course what the malware writers want to have happen.

So what do people who don't work with computers for a living, or have friends who work with computers, do when stuff like this happens? Just curious. I don't see a lot of advertising for malware removal services but it seems like there has to be a big need for that kind of service.

 

GoogleGuy




msg:3438361
 3:11 am on Sep 1, 2007 (gmt 0)

I enjoy discussing the "X is not as secure as Microsoft; it's just that X doesn't have the market share that Microsoft does, so it's not attacked as much" theory, where X = Mac/Linux/Firefox.

But in practical terms, running a Mac or Linux (or anything off the beaten path) makes you so much smaller of a target. It's like the people who add one extra field in their forms and say "Now type the word 'orange' to prove you're a human." It's only off the beaten path by a tiny amount, but it still prevents a lot of simple spam. And if you can get that protection (whether it's for the short-term or longer), that's not half bad. :)

Clark




msg:3438390
 4:18 am on Sep 1, 2007 (gmt 0)

Apple is more secure period. MS has always tried to make it sound like firefox / apple / linux etc just haven't had the exposure, but it's marketing. Plain and simple.

They are designed for more security. And windows update is a joke. It won't cover most computers. I've fixed dozens of friends machines and every one I look at has spyware whether they keep windows update or not.

I even got some spyware recently and I have a program that blocks 62,500 websites in my hosts file, in addition to spybot's hosts block and spyware blaster and several other features to block bad sites. I don't think you can surf much more carefully than I do...but a rogue site installed something that installed a bunch of other stuff... Took hours to get rid of. And I was using firefox!

I don't even use IE except for some internal sites that I wrote from top to bottom because I know there are too many holes in IE to surf safely on the web...

tim222




msg:3438493
 7:41 am on Sep 1, 2007 (gmt 0)

Mac, Windows, *nix, whatever... I still say nothing beats a Commodore C64.

stef25




msg:3438569
 11:58 am on Sep 1, 2007 (gmt 0)

yep ive heard of people buying new computers cause of spyware. if you have a legal win xp disc, reformatting really is the easiest option. HD's nowadays are large enough to create a backup partition (D: or whatever)

still im stumped as to how people get this stuff on their pc's. installing screensavers? clicking on dodgy banners? toolbars?

i have xp with the xp firewall and avg, and have never ever had a piece of spyware on my pc. i guess it comes down to being educated about computer security: dont download crap!

Samizdata




msg:3438674
 3:09 pm on Sep 1, 2007 (gmt 0)

still im stumped as to how people get this stuff on their pc's

The number one reason seems to be an interest in online pornography.

Second place goes to well-intentioned attempts to improve security. I would guess that Jane Doe's neighbours were trying to protect themselves and unwittingly installed "rogue anti-spyware", which can look very convincing.

Much of the rest seems to come from P2P downloads, stupid toolbars, smiley packs (a favourite with children, who also click links in instant messages), and then there is the kind of person who clicks OK to anything that pops up. Others are just unlucky.

And people still ask me "what is Windows Update" regularly.

i guess it comes down to being educated about computer security

When people spend money on a computer they expect it to work out of the box.

Normal people find nerdy geeky stuff extremely boring...

wyweb




msg:3438683
 3:26 pm on Sep 1, 2007 (gmt 0)

Normal people find nerdy geeky stuff extremely boring...

And intimidating.

Jane_Doe




msg:3438740
 5:15 pm on Sep 1, 2007 (gmt 0)

I would guess that Jane Doe's neighbours were trying to protect themselves and unwittingly installed "rogue anti-spyware", which can look very convincing

Multiple people in the family use their computer, so it is unclear who downloaded the malware. But the Malware had messages similar to other scurity messages, like those from Spybot S & D.

[edited by: Jane_Doe at 6:01 pm (utc) on Sep. 1, 2007]

rocknbil




msg:3438746
 5:20 pm on Sep 1, 2007 (gmt 0)

As long as people refuse to "do the work" there will always be problems like this.

I'm not sure that is being fair to expect people with non-technical backgrounds to be able to get rid of really sophisticated malware.

But it is completely fair, and reasonable. One of the "great things about the Internet" is there are tons of resources out there. Everything you need to know, to protect or correct can be found - all you need to do is read. Saying "well, I'm not a geek like you" or "I'm not technical" is the same things as saying "I failed history because it was boring." :-)

Jane_Doe




msg:3438789
 6:49 pm on Sep 1, 2007 (gmt 0)

Saying "well, I'm not a geek like you" or "I'm not technical"

I think you are underestimating the body of knowledge and expertise people who have programming degrees and backgrounds accumulate over the years. We have cleaned up computers of people I consider very bright and some with masters degrees. They just have expertise in fields other than computers.

kapow




msg:3439194
 12:56 pm on Sep 2, 2007 (gmt 0)

FIRST: Safety
Anyone wishing to safely use the web these days must:
- Have a good firewall (e.g. zonealarm).
- Have good anti-virus (e.g. AVG).
- Have good malware removal (e.g. spybot).
- And most importantly: Learn what not to click/download (I know its not easy, but there is no alternative).

SECOND: Backup
The above will save you from 99% of problems. For the other 1% you need a backup solution:
- All valuable data on an external drive (or DVD).
- Regular backups (depends how much you use the computer).
- Some kind of ghost solution (I'm not sure whats best here, would appreciate advice on my questions below).

I am about to help my neighbor setup his new laptop and broadband. My biggest task will be education. He is new to computers and the internet (he thinks a mouse mat is where a mouse sleeps). I used to use Ghost with a backup partition. This got me out of trouble a couple of times, but when I had to reformat the drive I decided the only safe solution must involve an external drive. I didn't bother setting up the partition after the reformat.
Now I need to know:
1.) Can Ghost restore from an external USB drive?
2.) Are there any good alternatives to Ghost? (that will restore from a usb drive).

gibbergibber




msg:3439791
 8:24 am on Sep 3, 2007 (gmt 0)

--As long as people refuse to "do the work" there will always be problems like this. --

But that's the problem though, people shouldn't have to "do the work" on a consumer appliance. How much effort would you put into fixing your fridge if it kept defrosting and you could replace it with a new one for 500 dollars? Would you learn how to fix your microwave if it kept breaking down? Most people just don't want to know.

PCs were designed as elaborate expensive machines for professionals and enthusiasts, but they're now being sold very cheaply to ordinary consumers who just want to check their email or write a letter. Even supermarkets sell PCs now, alongside toasters and blenders.

Most people I know with PCs nowadays are technophobes who never install their own software, they just use whatever came pre-installed (which is part of the reason Norton is so popular). Many users I know don't even multitask, they think they have to switch off one program so that another can work properly.

For its average user, the PC itself is now over-complicated and bloated, full of ways for criminals to insert some kind of malware and hijack the machine for their own purposes. I'm not just talking about Windows here, the whole idea of buying a 1 Ghz computer with 512MB of RAM and a 3D graphics card to do stuff that's mainly text-based is absolutely ridiculous.

There should be some kind of new computing device for people who only use their PC for a limited number of relatively undemanding tasks. It would have popular pre-installed apps (open source browser, office suite etc) built into the firmware, and be designed as an inflexible consumer appliance which requires minimum maintenance, because that's exactly how it would be used. Malware would be much harder to smuggle in because the OS and apps would be far more tightly locked down. Third party app installation would be far more difficult, but the device's target market wouldn't be installing third party apps anyway.

Wlauzon




msg:3439866
 10:36 am on Sep 3, 2007 (gmt 0)

still im stumped as to how people get this stuff on their pc's. installing screensavers? clicking on dodgy banners? toolbars?

See [en.wikipedia.org...]

[edited by: Wlauzon at 10:37 am (utc) on Sep. 3, 2007]

Leonard0




msg:3440002
 2:56 pm on Sep 3, 2007 (gmt 0)

Are there any good alternatives to Ghost? (that will restore from a usb drive).

Not sure about USB but see Disk Cloning for alternatives to Ghost [en.wikipedia.org...]

[edited by: Leonard0 at 2:58 pm (utc) on Sep. 3, 2007]

night707




msg:3440492
 6:35 am on Sep 4, 2007 (gmt 0)

Any proper system should have more than only one partition and all user data should be stored on drive:d or whereever, but not on drive:c

Most software including brosers and mail programs offer options to store individual data elswehere than on c:

Once all individual settings and software are running fine, it is vital to store an image copy of the c: drive and drive:d or elsewhere in addition to a dvd backup.

With that image copy users are pretty much on the safe side because it only takes a few minutes to replace a corrupted or infected installation.

Personaly, i would not trust windows internal backup software and there are several good products on the market.

microcars




msg:3440773
 2:28 pm on Sep 4, 2007 (gmt 0)

Get the non-techie neighbors to stop using "the Blue E" and start using something like FIREFOX.
A web browser that is not tied into the OS is a good start.

interesting that the "EZ" solution (switch to a Mac) is dismissed by some here because although no malware exists for it at the moment, there "might" be some in the future.

?

That is like buying a FORD, having it break down all the time and then junking it and buying another FORD over and over again but you don't want to buy a CHEVY or TOYOTA because they "might" break down too!

So its better to keep re-installing Windows over and over again?
or better yet: PAY someone to do it for you?
Buy every version of every AntiVirus program and keep them running constantly?
Or just "buy a new computer" but make sure you buy the same one that gave you the problems before?

People that do not use Macs think they are the same except you just pay more money.

Macs are not perfect and there are problems at times, but the problems are nowhere near as widespread and severe as those afflicting the neighbors with their cheap Windows boxes from Best Buy.
And anytime someone manages to find an attack vector in a closed environment it seems to make "news" yet it never makes it out into the wild. But those "news" reports are then used as "evidence" that using a Mac is just as bad as using Windows.
Thanks for all the FUD.

Non-Techie people cope by paying someone to wipe their computer and start over.

or they dump the computer after 2 years and then buy another new one.

or "someone" gets them to stop using "the Blue E" and gets them to use FIREFOX or something.

or they go buy a Mac. For most people its email and web browsing.
That's all they do.

The definition of insanity is doing the same thing over and over again and expecting different results.

Jane_Doe




msg:3440911
 4:18 pm on Sep 4, 2007 (gmt 0)

Get the non-techie neighbors to stop using "the Blue E" and start using something like FIREFOX

I think they were using Firefox. We told them to use that the last time we had clean malware off their computer. :)

I found out that part of the problem was that their Norton Live update program stopped updating months ago due to some weird error that seems to be a common problem with Norton.

When I tried to get their virus updates current after we cleaned off the malware, I kept trying to turn Live update on and the program would turn itself off. A lot of people in the tech forums seem to have had similar issues so this also wasn't a problem a nontechnical person could easily figure out. The Norton messages on her PC were that she had another firewall running and conflicting with the Norton firewall (she didn't) and implied there was a problem with the Internet connection (there wasn't). The solution suggested in their PC messages was to reinstall Live update. However in searching through the Norton site for more information, I found a Norton program to run that fixed everything without doing any uninstalls.

So for now Norton is up and running and there are at least no obvious signs of any malware anymore.

rocknbil




msg:3441273
 9:13 pm on Sep 4, 2007 (gmt 0)

But that's the problem though, people shouldn't have to "do the work" on a consumer appliance.

But a computer is not a fridge, it's not a phone, it's a complex piece of machinery like a car which requires education and a license to operate.

We'll just have to agree to disagree. Education is the only real solution here, and like you say, people don't want to know.

So for now Norton is up and running and there are at least no obvious signs of any malware anymore.

Jane_Doe I'm sure you're done with this issue but the fact that live update kept shutting itself off could indicate something might still be at work - there are nasty bugs that do exactly this.

Secondly, Norton requires a paid subscription for updates, this adds yet another layer of complication for unaware computer users. It's also misleading as "the best AV software out there" when IME is an overbloated intrusive AV system, often the root of many problems.

If you really want to simplify life for them, and you are competent and able to take on the task, I suggest you REMOVE All Things Symantec and install the FREE home edition of Grisoft AVG. It will update automatically FREE and is non-intrusive and maintenance-free. Just leave the computer on.

[free.grisoft.com...]

You may question how good it is, but you don't need to - been using it for years, it has email scanning, and I've had to live-test it for customers whose sites have been hacked, it works very well and I've trapped a great many nasties. I am one of the many who've thought it good enough to buy, but used the free edition for years.

OrlandoTodd




msg:3441352
 10:30 pm on Sep 4, 2007 (gmt 0)

Man... I got hit yesterday for the 1st time ever. It threw up a biohazard red image on my desktop, then kept hitting me with security alerts to buy some antivirus software. Sneaky, but who would whip out a credit card once they knew their computer was compromised?

Adaware removed it... or so I thought. Today they popped back up. Maybe from the system restore... Going through the adaware and will run spybot to try to zap it all.

Frustrating and wastes your time.

Lilliabeth




msg:3441401
 11:32 pm on Sep 4, 2007 (gmt 0)

For the last 7 years, we use Microsoft products, currently Server 2003, ISA Server 2006, SQL Server 2005, Exchange Server 2003. People use Remote Desktop from home. We also take advantage of MS Virtual Server which is very cool.

The 36 client nodes run Windows, MS Office, IE7, most have Visual Studio 2005. Very little is “locked down”. Our antivirus is Computer Associates. No sites are blocked, but we do ask people to avoid some types of sites. Not one security problem in 7 years. Not a single incident. Never a virus, never spyware.

The spam, though, that’s a problem. And paper jams – I hate those.

Jane_Doe




msg:3441456
 12:38 am on Sep 5, 2007 (gmt 0)

Man... I got hit yesterday for the 1st time ever. It threw up a biohazard red image on my desktop, then kept hitting me with security alerts to buy some antivirus software. Sneaky, but who would whip out a credit card once they knew their computer was compromised?
Adaware removed it... or so I thought. Today they popped back up. Maybe from the system restore... Going through the adaware and will run spybot to try to zap it all.

Frustrating and wastes your time.
.

That is exactly what was on my neighbors computer! Neither Adaware or Spybot could fix it for them. Spybot and Winpatrol gave some alerts about the problem but neither one really fixed or protected anything.

I spent a couple of hours at their house running all of the regular spyware removal programs and nothing helped. So I went home to make dinner but I went through some of the techie forums first looking for solutions. So then I sent one of my kids back to their house armed with the Wikipedia entry on Smitfraud and the instructions on how to run Smitfraudfix. He was able to get rid of it for them using that info.

Clark




msg:3441470
 12:56 am on Sep 5, 2007 (gmt 0)

Lilliabeth,

Have you ever run spybot on any of these machines?

Jane_Doe




msg:3441471
 1:00 am on Sep 5, 2007 (gmt 0)

Jane_Doe I'm sure you're done with this issue but the fact that live update kept shutting itself off could indicate something might still be at work - there are nasty bugs that do exactly this.

Yes, we had a malware attack on our kids PC that turned off Norton so I know that can happen. I will check her computer again soon to make sure the updates keep running.

I do think from what I read that this particular problem was a Norton bug that caused the virus updates to stop and not from the malware, but who knows what came first at this point in time. She did ask about putting on a different antivirus program. I have not been thrilled with Norton myself but have been too lazy to research anything else. I have a free trial going on Windows Live OneCare on one of our PCs but am open to trying other options, so thanks for the suggestion.

Lilliabeth




msg:3441601
 4:18 am on Sep 5, 2007 (gmt 0)

Sorry, Clark, I'm not comfortable requesting that the MCSE at work run spybot on perfectly performing machines because someone on a forum suggested it. I'm sure you understand.

There's nothing wrong with the machines though; they're great, we can probably thank ISA Server, WSUS and the MCSE for that.

Clark




msg:3441684
 7:15 am on Sep 5, 2007 (gmt 0)

Sorry, Clark, I'm not comfortable requesting that the MCSE at work run spybot on perfectly performing machines because someone on a forum suggested it. I'm sure you understand.

I didn't & don't suggest you run Spybot. You people do whatever you please...

I was simply asking if spybot (any respected anti-spyware sw will do) had ever been run so I can evaluate the credibility of your bold statement:

Not one security problem in 7 years. Not a single incident. Never a virus, never spyware.

Clearly the answer is no...

From your statements, it sounds like you came to the conclusion that your company's computers NEVER had spyware because there are no reported incidents. That is not a valid methodology.

Even if you run an antispyware and it doesn't show any spyware, you might still have some. If you never checked for it, your statement holds no value at all...

Therefore, until you provide some backup, I'll take with a grain of salt the statement of some person on a forum that 36 machines run by regular users... w/ IE on them, little lockdown & no sites blocked, have no spyware after 7 years of accessing the net.

I'm sure you understand ;)

This 54 message thread spans 2 pages: < < 54 ( 1 [2]
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved