October 23rd, 2004, 04:28 AM
The Very Best Free Antivirus
The Very Best Free Antivirus
Evaluate it yourself, The Very Best Free Antivirus can be found Here:
Only you will know for sure if you actually clicked on “Here” before reading the rest of this and by design the hyperlink was never established. This was an exercise to see if you could be persuaded to blindly click on it before checking it out. Yep I played on a trust relationship to get you to do it. If you didn’t fall for it, please enlighten the rest of us as to why. However if it did work, it was pretty ornery actually. You were expecting a link to some dynamic program full of promises of virus eradication. After all, who wouldn’t want something that good? Sound familiar? Unfortunately this little con is very similar to how so many people are draw in and become infected with all the nasties out there.
I have also come to believe that some folks have developed an attitude that their systems are invincible since they have an AV, Firewall, Malware killers, and so forth. As a result they will click on almost anything before thinking. Sorry to say, but we may have contributed to that ‘tude to some degree. Although it is the right thing to do, we continually attempt to provide information relative to programs that can be used as preventative measures. Additionally we spend an inordinate amount of time describing what people need to do to rid themselves of malware, hijacks, etc. If the person heeded the advice and was successful, then these noble contributions could in fact create some of that over-confidence.
Additionally, regardless of all the great threads, posts, and efforts, I believe there is one more thing we might do to help keep folks from the deviant wares of the dark side. We need to somehow stop them from clicking on that attachment, downloading that pseudo plug-in, etc., before they know for sure what the ramifications of that action will be.
Short of disabling their index fingers, mouse buttons, or providing an attitude adjustment upside the brain housing group; I guess we’re pretty much limited to trying to educate them not to click first! Rather, to do a little investigation before hand. With that premise in mind, I found and took inserts from the following article. It describes some good ideas to pass on to users and may be helpful in the education endeavor.
Don't download the browser code:
You're browsing the Web via Microsoft's Internet Explorer when suddenly an official-looking dialog box pops up, asking if you want to download a browser plug-in. Why not? You do the same thing all the time when using Microsoft's Windows Update Web site…But if you want to avoid a flurry of pop-ups, undesirable toolbars, a home-page hijacking, or worse, don't do it.
Don't believe the link, either:
A link in an e-mail message that claims to point to a Citibank Web site may not really go there.
Don't believe the message:
To persuade you to launch a virus-laden mail attachment or provide your personal information, virus authors must earn your trust.
Don't believe the return address:
Though an e-mail message may claim it's from your bank, your ISP, or even your boss, that doesn't mean it is.
Don't click e-mail attachments:
Most viruses and worms arrive on your PC in the form of e-mail attachments.
From the August 2004 issue of PC World magazine
Since some of you probably did click on the “Here:” earlier, I guess this little dance wouldn’t be complete without providing at least a few ways in which to help curtail Social Engineering (SE). By no means is this an all-inclusive list and I’m quite confident you could add to it a hundred fold and please do. Also listed below my comments is a link (it does work and can be used safely!) to the AO Tutorials that deal specifically with SE.
Once again first and foremost is education. Users need to be aware of at least some of the many methods the deviants will employ to gain information. A classic example would be someone posing as a Tech, or a Bank Employee, etc., contacting Mr. or Mrs. User. Armed with only a little bit of knowledge about the company and/or the person, the wily back orifice could persuade a member of the User family to give up the “Keys to the Kingdom”. The medium in which he would employ SE and his success would only be limited by his imagination.
If you have multiple users, publish your support procedures and a means in which the user can verify the names of the Support Staff during a conversation. Fix-it Tickets can eliminate many Charmin Moments caused by the effects of Social Engineering.
As a User, be suspicious of anyone asking about login, passwords, etc. Remember, your Support Staff doesn’t need them! In fact, be very wary of someone inquiring about any account or personal information.
Be just as concerned about what goes out of your computer as you are about what comes in. Make sure that firewall is patched and properly configured. Especially when you are dealing with file shares
Shake the dust off the tired old adage, “ If it sounds to good to be true, then it’s probably is”, and understand it’s message.
And the bottom line: Keep your secrets secret.
Social Engineering Tutorials
Since I did promise you the Very Best Free Antivirus out there, I will deliver. It’s called: Don’t Click First ! IMHO the very best free antivirus on the market today is already in your hands. Resist that temptation to click that mouse until you absolutely know what will happen if you do.
Connection refused, try again later.
October 23rd, 2004, 05:57 AM
Re: The Very Best Free Antivirus
I may look dumb, but it's just a disguise....
Originally posted here by Relyt
If you didn’t fall for it, please enlighten the rest of us as to why.
It isn't paranoia when you KNOW they're out to get you...
October 23rd, 2004, 06:21 AM
Re: The Very Best Free Antivirus
Well for one, it's not a hyperlink, which is readily evident in my browser at least. Two, I generally read posts before clicking on links, but that's a personal habit.
Interesting read, but I disagree on a couple of points:
- If a person is educated enough about what to use software wise, I personally would also be encouraging them to only download plugins from trusted sources. e.g: download macromedia's flash player ONLY from macromedia, and so on. I'm not sure if this applies to many others here (I would think it might be 50/50 as to who does, who doesn't), but I felt it was worth mentioning.
- While it's noble to point out the shortcomings of the community here in recent history, consider that people are generally slightly behind the times when it comes to the best ideas to put forward to end users. I remember for a long time it was accepted by so many tech people that you could tell users "don't open emails from people you don't know". How rapidly that changed after things like Melissa crippled infrastructures across the globe is probably immeasurable, however it did take a prolific virus like Melissa to damage so many systems in order for the attitudes to change. Even as viruses like Blaster, Nimda, and so forth were spreading, I still had people ask me "I can open emails, and be safe as long as they're from friends, right?".
- Social Engineering is hard to harden people against. User Education can do a good part of it, but you can't teach raw decision-making intelligence. As long as there are people involved in processes, there will be ways to break them -- often without the process itself being at fault.
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
October 23rd, 2004, 06:49 AM
Re: Re: The Very Best Free Antivirus
Heh heh heh, like chsh, I read the whole post and all the related posts in the thread before clicking on a link. I want to know what every one else thinks of a product before I go to look at it.
Originally posted here by chsh
Two, I generally read posts before clicking on links, but that's a personal habit.
- If a person is educated enough about what to use software wise, I personally would also be encouraging them to only download plugins from trusted sources. e.g: download macromedia's flash player ONLY from macromedia, and so on.
And I agree completely that everybody should be encouraged to only download from a trusted source.........and to completely read the user agreement so you are knowledgable about just what you are downloading.
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
October 23rd, 2004, 06:50 AM
for some reason i didnt click on it
first wanted to read little bit more about it.
maybe because was text which followed.
if it was just first sentence probably i would even tho i dont need and most of us here have updated antivirus.
but then my question is who do you trust?
which site to visit or no?
sound like selling pc and going on holidays on most remote area on earth.
probably would be safe from pc viruses but not to the others........
October 23rd, 2004, 07:18 AM
I did click on it, but only because it was from a source who I know to have been a productive and useful (and therefore "trusted") member. People might differ in their definition of who is a trusted source, but my intuition has never let me down before . I have been Spyware, malware and virus free for the last 6 years at least (obviously, this only applies to detectable baddies), so I think my intuition is pretty good. However, it was a lesson to me to be more careful in the future. Nice way to make a point, and a good read .
EDIT: At least in my browser (Firefox on XP), the colour is the same as a clicked link. I should have noticed that, since I obviously hadn't clicked it before. *Slaps self*
October 23rd, 2004, 08:49 AM
1. Firewalls and AV are not products that you just download and evaluate if you already have one running I would have needed to prepare a test environment.
If you didn’t fall for it, please enlighten the rest of us as to why
2. Like chsh, my browser showed that it wasn't a hyperlink.
3. I wanted to read what you had to say about it first. You posted too much text
October 23rd, 2004, 03:07 PM
Well, this will sound fairly pathetic but the only reason I didn't click on that link was pure laziness. I read that first line in your post with the link...and all of a sudden I had a flurry of thoughts go through my head:
-How much better could it be than what I already have?
-It's probably some new company whom I don't trust.
-I don't want to find out it's better than what I have because then I'll have to download it, install it, configure it to work with my firewall..bah.
-There's nothing wrong with what I have anyways.
-Crap, did I let the dog out?
-Hmm, Relyt wrote a whole bunch of stuff, maybe I should read it and see what's the real deal with this super AV before I get all click-happy.
And that about sums it up. Not to mention it's Saturday (where I am) and my brain officially goes into off-mode around 4pm Friday afternoon and there's no activity until Monday, around 1pm (usually a nice Whopper and a cup of mud gets the pistons firing again ). Anyways, excellent post Relyt.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
October 23rd, 2004, 04:23 PM
I clicked on it as well because Ty here is a trusted friend So much for my trust and respect, eh? Anyways, nice tutorial although like previously stated most people can be or can not be properly trained against social engineering depending on a number of things.
October 23rd, 2004, 06:33 PM
Good Day All,
Thanks for all of your comments and insight. Originally the “Here:” was a link without an address and obviously as such, if clicked you'd get the popup, "The URL is not valid and cannot be loaded", or if I removed =http:// it might send you to ??? Thought that might be too distracting. (I guess I could have made it a counter to see how many really clicked... )
Anyway I thought some folks would probably associate the color purple and the word “Here” with a link and click on it and that was the desired action. Additionally exposing the color was also an attempt to keep them focused on “Here” initially and not the text below it.
It was fun, but obviously the purpose was not for (too much) devious enjoyment at your expense. Rather, I was reflecting on how we might influence people to stop clicking on those pseudo official-looking dialog boxes that pop up strongly recommending that you download this plug-in or that file; and how to avoid the recent phishing scams posing as your Bank or Paypal.
There were many great points reiterated and they are appreciated.
- check it out first: Old Fart, chsh, Macht Nicht Aus, nihil,
- use only “trusted sources”: chsh, Macht Nicht Aus, unvi$ible, the Herpetologist, ShagDevil, the Arachnid
- Social Engineering is hard to harden people against. User Education can do a good part of it, but you can't teach raw decision-making intelligence. As long as there are people involved in processes, there will be ways to break them -- often without the process itself being at fault. chsh
I’m sure others will add and thanks in advance for your input!
So don’t click on “Here:” without first checking Here:
Connection refused, try again later.