W

Wave

Well then, my reply is this: You get what you get, and can't complain or bemoan the fact that your PC got infected, your bank account wiped-out, and actually expected any security soft to save you.

People have to learn language and basic mathematics right ? Most have no interest in those either. The solution is to start teaching the topic early. If you wait until university, it's too little, too late. By that point the person has probably picked-up all the bad habits that they need.
yeah no don't worry i agree with you, i just know that realistically a lot of people won't bother learning even though they are capable if they invested the time.. then they rely on av only and get themselves infected :(
 
5

509322

yeah no don't worry i agree with you, i just know that realistically a lot of people won't bother learning even though they are capable if they invested the time.. then they rely on av only and get themselves infected :(
I mean, at least teach people to have a separate bank accounts at different banks. One for online purchases, the other for savings, another for personal checking - like paying bills. Put only the amount needed into the online purchase account. Make the accounts not capable of transferring funds between each other. This isn't 100 %, but at the same time makes things more difficult to lose everything all at once.

People can't learn such things - if they're taught ?
 
5

509322

yeah no don't worry i agree with you, i just know that realistically a lot of people won't bother learning even though they are capable if they invested the time.. then they rely on av only and get themselves infected :(
You can't rely upon people learning it on their own. Society needs to start somewhere, take ownership of it - and that is with children in primary and secondary schools. Over time, the level of personal IT security will improve - it will certainly be better than it is today.
 

shmu26

Level 84
Verified
Trusted
Content Creator
I mean, at least teach people to have a separate bank accounts at different banks. One for online purchases, the other for savings, another for personal checking - like paying bills. Put only the amount needed into the online purchase account. Make the accounts not capable of transferring funds between each other. This isn't 100 %, but at the same time makes things more difficult to lose everything all at once.

People can't learn such things - if they're taught ?
a significant percentage of the population will not do what is best for their own good unless there is a cop standing over them like a nanny. How many people will speed when there are no cops, or change lanes without signaling?
 
5

509322

I have sat and watched, while a user kept going after a malware disabled the AV. He didn't even know it happened. It was a ZeusBot that targeted and disabled COMODO's Defense+ module. My purpose in revealing this is not to bash COMODO, but to illustrate the point that a typical user is clueless and completely defenseless and reliant upon AV. And this guy was an engineering college student, in his 3rd year, at a respectable university.
 
5

509322

a significant percentage of the population will not do what is best for their own good unless there is a cop standing over them like a nanny. How many people will speed when there are no cops, or change lanes without signaling?
Well, then,... nobody can blame the security soft industry. Not our fault.

Ai and all the hopes of nex-gen this-or-that, quantum computing this-or-that, is never going to compensate for this sort of stuff.
 
W

Wave

I have sat and watched, while a user kept going after a malware disabled the AV. He didn't even know it happened. It was a ZeusBot that targeted and disabled COMODO's Defense+ module. My purpose in revealing this is not to bash COMODO, but to illustrate the point that a typical user is clueless and completely defenseless and reliant upon AV. And this guy was an engineering college student, in his 3rd year, at a respectable university.
yeah i remember when i was like 9 my system was heavily infected and i just kept using it regardless... didnt even bother cleaning. i did a scan and there was like 90 threats but i didnt even care back then. ads, slowdown, everything. just kept going lol

until the system didnt able to find the os (so was an mbr overwrite) and then i assumed it was "broken" as in the actual system (lol)

... -_-
 

shmu26

Level 84
Verified
Trusted
Content Creator
Well, then,... nobody can blame the security soft industry. Not our fault.
no blaming, just talking out the issue. The problem is only multiplied when a bored secretary making minimum wage has no reason to even want to protect the company computer from infection, and she really couldn't care less. If it looks interesting, she will click.
 
5

509322

no blaming, just talking out the issue. The problem is only multiplied when a bored secretary making minimum wage has no reason to even want to protect the company computer from infection, and she really couldn't care less. If it looks interesting, she will click.
I'm not saying you are pointing the finger at the industry. At the same time there is a proliferation of "bypass" videos that demonstrate failures of all types. And the general reaction to such videos is "This soft suxx ! - why can't they protect against this ? Why can't the industry protect against every possible malicious attack." There are ways to get very close to that ideal, but they are very unpopular amongst typical users.

People have a right to ruin their own lives, but not others' systems. Clickers will be clickers. For employers there are ways to stop that sort of behavior.
 
5

509322

It's not going to change any time soon. This will remain the wide-spread protection model for a long time: "Which AV is best ? Which one has best behavior monitoring ? I am a user and I want to use stuff. I want to surf the web, install softs without restriction. I don't need to know anything. I am completely helpless and dependent upon antivirus. So I need a security soft to tell me what to do or better yet make all decisions for me. I expect an antivirus to protect me 100 % - against everything and anything."

For someone that adheres to this protection model, I have to ask: "Are you on drugs ?"

:D
 

Rolo

Level 18
Verified
Well then, my reply is this: You get what you get, and can't complain or bemoan the fact that your PC got infected, your bank account wiped-out, and actually expected any security soft to save you.
It's that kind of fear that sells AV software more than viruses.

People have to learn language and basic mathematics right ? Most have no interest in those either. The solution is to start teaching the topic early. If you wait until university, it's too little, too late. By that point the person has probably picked-up all the bad habits that they need.
You can't rely upon people learning it on their own. Society needs to start somewhere, take ownership of it - and that is with children in primary and secondary schools. Over time, the level of personal IT security will improve - it will certainly be better than it is today.
Basic awareness is all that is needed to keep those who wish to act wise, wise. Acting contrary to that wisdom (and people will; we've *all* done it) is what invites trouble.

It's not like awareness of VD/STD/whatever-it's-called-now prevents the spread of it.
It's not like understanding the "birds and the bees" prevents unplanned pregnancy.
Such is the same with malicious logic; that's why it works.

I've never come across a compromised system that didn't begin with "Well, I clicked on..."
 
5

509322

It's that kind of fear that sells AV software more than viruses.
They're gonna get infected with antivirus installed. It happens non-stop. An informed user comes to identify the bogus claims or other hyperbole present in security soft marketing materials. More importantly, an informed user understands what security softs can and cannot do. They're just tools. Nothing else.
 

Andy Ful

Level 52
Verified
Trusted
Content Creator
I think that case of computer security is more complicated than road safety. I read somewhere that 1 million people per year, die in traffic accidents. This is shockingly alarming, but drivers still do not follow the highway code when they can avoid responsibility. Computer users know, that they can lose money and personal data, as drivers know that they can be injured in the accident. And that has a little or no influence on their daily behavior.

Education problem is not fully clear. People in the USA have more guns than in Europe, but counterintuitively, also more crime victims per citizen. You can only say that people in Europe that have guns, are safer than average. So, it is true that Malwaretips forum members are safer than average. But, there is no evidence that educating all people, will result in less internet victims (on the long term).

We can only try to educate people by internet forums, educate friends and family. But predators will still feed on its prey, and I cannot see how this could be changed in our world (Marks and Engels probably did not agree with me).
 

Rolo

Level 18
Verified
They're gonna get infected with antivirus installed. It happens non-stop. An informed user comes to identify the bogus claims or other hyperbole present in security soft marketing materials. More importantly, an informed user understands what security softs can and cannot do. They're just tools. Nothing else.
How many viruses will a person get if they only stick with known good, reputable files?
In this situation, all an AV will do is confirm what the user already knows.

I agree: AVs are tools to deal with the unknowns. If I'm concerned enough to check, then I am going to check...with multiple on-demand scanners, cloud scanners, and run, monitored, in a virtual machine first. This is not something a typical computer user we're talking about does--the prudent user won't touch anything other than known, verified, reputable files.

The awareness I'm talking about here is: If you aren't certain, don't click it. If it's unsolicited, don't click it. Period.

An adblocker will prevent any unintended clicks by blocking ruses in the first place.
 

Andy Ful

Level 52
Verified
Trusted
Content Creator
It's not going to change any time soon. This will remain the wide-spread protection model for a long time: "Which AV is best ? Which one has best behavior monitoring ? I am a user and I want to use stuff. I want to surf the web, install softs without restriction. I don't need to know anything. I am completely helpless and dependent upon antivirus. So I need a security soft to tell me what to do or better yet make all decisions for me. I expect an antivirus to protect me 100 % - against everything and anything."

For someone that adheres to this protection model, I have to ask: "Are you on drugs ?"

:D
That is the spot-on estimate of average user expectations.:D
 

shmu26

Level 84
Verified
Trusted
Content Creator
if the user would feel stupid and embarrassed if he got infected, instead of feeling victimized and indignant, then he would be more careful. It needs to become like smoking in public. You just feel too stupid and embarrassed to allow yourself to do it.
 
5

509322

if the user would feel stupid and embarrassed if he got infected, instead of feeling victimized and indignant, then he would be more careful. It needs to become like smoking in public. You just feel too stupid and embarrassed to allow yourself to do it.
There is no shame in getting infected. Professionals do it everyday to themselves - mostly by inattention to what they are doing.
 

shmu26

Level 84
Verified
Trusted
Content Creator
There is no shame in getting infected. Professionals do it everyday to themselves - mostly by inattention to what they are doing.
that's because you guys are handling live samples.
the average user should feel ashamed if he was so impulsive and thoughtless that he infected his own computer, even though he knows better than that. Human beings are programmed to feel shame when their behavior falls short of expected standards -- it's one of the main things that keeps us out of trouble.
 

Andy Ful

Level 52
Verified
Trusted
Content Creator
that's because you guys are handling live samples.
the average user should feel ashamed if he was so impulsive and thoughtless that he infected his own computer, even though he knows better than that. Human beings are programmed to feel shame when their behavior falls short of expected standards -- it's one of the main things that keeps us out of trouble.
The shame depends heavily of cultural context. So, it could work in Japanese enterprises 50 years ago. But, now people are not shameful, especially in the private sphere.