Serious Discussion Question for the MT community

[Practical Response]

Security is as strong as the weakest link. Problem with education is that people always think they are qualified and know everything. Companies can give their employees awareness training and force them to chance passwords and use strong unique passwords. Education might comes first, but it can never be your last resort, because people still write passwords on yellow notes and stick them on the screens. You want some safetynet or defense beneath that. When education would be the silver bullet than the security awareness month would not be nessecary (note that is running for 20 years now).

View attachment 283013

I do believe when users respond many times than not here they do not thoroughly read what they are responding to, and are just in a hurry to silence or berate someone.

It is "without being spoken" understood even though I stated Education must come first, that it does not stop thereafter. Mostly this thread was directed at home users and the community here, but can apply also to Corporate. As stated earlier, corporations have significant security in place, and its weakest link "uninformed people" are generally how they get breached now days. Education is everything. Part of this education is proper handling of sensitive items such as Passwords. For home users, having that net underneath them is as what I already stated with techniques such as credit freezes and offline banking protections established.

Its already been shown that security software will not save users from themselves if they are uninformed and uneducated or simply lacking in the "care" department and just click on or allow things, and especially the " I'm going to disable this and run it anyway" crowd.

Places like this one, where users are willing to share and help educate suffer greatly from the "know-it all crowd" as well, when they derail, and tear up threads to the point where others lose interest or the actual useful information is buried. Many times redirecting attention to out of context statements.

 

[Andy Ful]

It's far more effective to teach home users about security basics then "just install this software", and you are protected.

Maybe ..., but no chance to prove that.

Education should always come first.

Agree.
But, we should note that many people prefer education unrelated to security.

 

[Practical Response]

Maybe ..., but no chance to prove that.

It's a matter of perspective is it not?

You have a forum full of users, all using different software and configurations of, but most of all of them have something in common as well, most have not seen an infection in a long time.

Do you think this because they are in a forum where these things are discussed and have become "informed" or they are just lucky that all these softwares must be 100% accurate?

How about the fact none of them disclosed significant losses or identity theft.

Education works and there is plenty of proof of this, software can fail "especially the careless or uninformed" plenty of proof of this too.

 

[Andy Ful]

Practical Response,

I actually support the activities that could encourage MT members to learn about computer security, safe habits, etc. I also do not think that focusing too much on the AV abilities and protection layers is healthy. But, I cannot blame anyone for doing the opposite if one likes to do so. Furthermore, there is no chance to prove that doing "the opposite" is something wrong.

Edit.
People who like to tweak AVs and security layers are safer than most people in the world. So, one cannot say that they are wrong.
There is no chance to prove that they could be safer with more education if they refuse to educate. The example of other people is insufficient to prove it.

 

[Practical Response]

Practical Response,

I actually support the activities that could encourage MT members to learn about computer security, safe habits, etc. I also do not think that focusing too much on the AV abilities and protection layers is healthy. But, I cannot blame anyone for doing the opposite if one likes to do so. Furthermore, there is no chance to prove that doing "the opposite" is something wrong.

I wonder why so many rush in to shut down threads with education being discussed because it does not rely upon tweaking software or popular views.

Edit.
People who like to tweak AVs and security layers are safer than most people in the world. So, one cannot say that they are wrong.
There is no chance to prove that they could be safer with more education if they refuse to educate. The example of other people is insufficient to prove it.

Most users here have no idea how to properly use the software to tweak it. They rely upon "guides". The damage they can cause from misconfiguration can actually expand their attack surface. They have no idea how to respond to issues because of. How does this make them safer? Why does it seem you are always turning the conversation towards this, are you afraid users will want to stop using your products. Its not the first time I have had to deal with a developer doing such things. In that scenario, you are doing the tweaking for them, although this does not justify stopping intelligent conversations in threads with education in without need for redirection to software. I could hop in every thread you have with your software and state education each time, and you would probably not accept that as being cool let alone educational. Use your standing here to guide users in education instead of these post that derail, you are supposed to be professional from what I understand. There are plenty of users causing issues and derailing from actual real world education, especially for the "guests" that frequent here which daily is 3 times as much as the actual members.

I'm betting if you tell a corporation that layered security as opposed to more education is best, they would probably laugh, as they have layered security and admin to run it, and yet that one employee that is uninformed just caused them a major headache.

 

[Andy Ful]

Practical Response,

You could be more successful by opening threads with educational resources (articles, videos, reports, etc.). If the MT members like the presented information, the arguments will likely be accepted.

 

[Practical Response]

Practical Response,

You could be more successful by opening threads with educational resources (articles, videos, reports, etc.). If the MT members like the presented information, the arguments will likely be accepted.

So I need more pictures and less words, got it.

Seriously though, intelligent conversations seems to be had in other threads without the need to make long winded presentations. How about the next time someone brings up a topic, the clicks do not gang up on the OP and and actually participate with useful knowledge to share instead of derailing the thread. That would be great.

 

[Andy Ful]

It is your thread so let's test your approach (for fun).
I insist that:

1. Some MT members can be safer with Kaspersky on @harlan4096 settings (highly tweaked with blocked executables unknown in KSN).
2. Some MT members can be safer with Kaspersky default settings + safe habits + reasonable caution + some knowledge about attack vectors.

Please try to prove that I am wrong by using logical reasoning + reliable sources.

Edit.
Do not give up after 100 posts (now I must go to bed, but I will continue after 12 hours).

 

[Practical Response]

It is your thread so let's test your approach (for fun).
I insist that:

1. Some MT members can be safer with Kaspersky on @harlan4096 settings (highly tweaked with blocked executables unknown in KSN).
2. Some MT members can be safer with Kaspersky default settings + safe habits + reasonable caution + some knowledge about attack vectors.

Please try to prove that I am wrong by using logical reasoning + reliable sources.

Edit.
Do not give up after 100 posts (now I must go to bed, but I will continue after 12 hours).

Took me like 3 seconds.

Post in thread 'Did I do damage to KTS?' Did I do damage to KTS?

Just in case the post gets removed. Make sure to inform this user education is not a factor, just keep tweaking and making those choices.

P.s. why should I stop responding when you keep doing it, I mean, just who do you think you are?

 

[mlnevese]

The only time I was almost infected with something these last few years was through a PDF document sent by a client. I was expecting that document, I had no reason to be suspicious. It was actually delivered by the client himself in a pen drive. My security software detected the malware in the document and blocked it.

I don't think there is a single serious user in this forum that has not repeated ad nauseam that safe habits are necessary. But this does not imply any lack of necessity for security software. We have paranoid/desperate users that will employ the most desperate and unnecessarily complex solutions out there. Mostly we learned to let them be, no arguments will convince them they are overreacting and there is no reason to antagonize them by telling them they are wrong. Their paranoia will make using Windows a pain but will not seriously harm them, I hope. We also have the fanboys who will defend their chosen products no matter how many times flaws are found or pointed out, so there is no point in antagonizing them. It's like telling a sports fanatic their chosen team sucks. It will just make them angry and will change nothing.

In other words, I think your original question has been answered. Nobody here has suffered any serious damage in years. I believe most of the users know the target for current attacks are corporations who can pay millions in ransom to recover their files. Why lose time targeting users who may not even be able to pay a few hundred dollars? Sometimes we have new users who managed to get hit by some ransomware or fake extensions ask for help in the forum but even those are rare. I haven't seen one for quite some time.

 

[Practical Response]

The only time I was almost infected with something these last few years was through a PDF document sent by a client. I was expecting that document, I had no reason to be suspicious. It was actually delivered by the client himself in a pen drive. My security software detected the malware in the document and blocked it.

I don't think there is a single serious user in this forum that has not repeated ad nauseam that safe habits are necessary. But this does not imply any lack of necessity for security software. We have paranoid/desperate users that will employ the most desperate and unnecessarily complex solutions out there. Mostly we learned to let them be, no arguments will convince them they are overreacting and there is no reason to antagonize them by telling them they are wrong. Their paranoia will make using Windows a pain but will not seriously harm them, I hope. We also have the fanboys who will defend their chosen products no matter how many times flaws are found or pointed out, so there is no point in antagonizing them. It's like telling a sports fanatic their chosen team sucks. It will just make them angry and will change nothing.

In other words, I think your original question has been answered. Nobody here has suffered any serious damage in years. I believe most of the users know the target for current attacks are corporations who can pay millions in ransom to recover their files. Why lose time targeting users who may not even be able to pay a few hundred dollars? Sometimes we have new users who managed to get hit by some ransomware or fake extensions ask for help in the forum but even those are rare. I haven't seen one for quite some time.

It's hard for me to take these words seriously when I'm watching you help a user add sketchy software to his trusted files in a security outfit.

It's exactly the kind of representation that is unbecoming of a supposed security forum. That example btw of the user not knowing how to tweak his settings, following guides to do so not knowing what they do or how the software works, and what to do if there is an issue, and then of course applying those habits of just disabling crap to allow what ever anyway, is exactly why I stated the things I do.

I don't care who's team does what, if they encourage and support this.

Do remember there is more then just members reading this. Today there was well over 1,000 guests with only 34 members online at one time.

 

[mlnevese]

It's hard for me to take these words seriously when I'm watching you help a user add sketchy software to his trusted files in a security outfit.

It's exactly the kind of representation that is unbecoming of a supposed security forum. That example btw of the user not knowing how to tweak his settings, following guides to do so not knowing what they do or how the software works, and what to do if there is an issue, and then of course applying those habits of just disabling crap to allow what ever anyway, is exactly why I stated the things I do.

I don't care who's team does what, if they encourage and support this.

Do remember there is more then just members reading this. Today there was well over 1,000 guests with only 34 members online at

I seriously won't explain why CheatEngine itsel is not sketchy software. It's a legitimate tool that can be used in ana attack, not different from lolbins. It actually has thousands of users and a very active forum as well. The adware is only present in the free version and there is a HUGE warning in the homepage about it as well. And the risks were pointed out to the user. The worst thing he'll catch from that is an adware that can easily be uninstalled using program uninstaller. Anyway I'm out of this discussion.

 

[Digmor Crusher]

I think we all know the best solution is a good security program, good habits and education.
You would almost think that this thread was created and is bait to get a reaction from certain members.
Not that I care, I find it very interesting. Way more compelling than threads that just post articles from other sites for example, they usually generate little discussion. If I want "news" I can find it at other sites.