My customers keep getting infected?

Discussion in 'Computer Security' started by Paul H, Feb 10, 2005.

  1. Paul H

    Paul H Guest

    I am self employed. Part of my work is fixing home PCs. 90% of the domestic
    work I do involves removing several instances of Spyware, Trojans,
    diallers..etc.. from Home PCs. I frequently get calls from the same people
    to come back and clean their PC time after time.

    I constantly say don't use Kazaa or other P2P stuff, don't download anything
    unless it's from a high profile site, never click popups, don't open suspect
    emails, make sure your patched etc...

    Sure, they could have one of the mainstream bloatware packages running to
    reduce the risks, but invariably any PC I come across that has a security
    suite on it, I still find infections on. This is due to confusing warning
    messages, overcomplicated installation and update methods. Or it slows the
    PC to a crawl.

    All I have is AVG on my PC, I admit I trawl around some of the murkier
    places on the web but have never been infected with anything.

    The response I get to questions I put to my customers is always the same:

    1. "Oh I never open emails with attachments" (preview pane off)

    2. "I always click the "X" on popups"

    3. "We uninstalled Kazaa after what you said last time"


    So, someone PLEEEEASE tell me...How are these people continually getting
    infected?

    Paul
     
    Paul H, Feb 10, 2005
    #1
    1. Advertisements

  2. Lack of computer knowledge and the inability to practice Safe Hex.

    It is the purpose of malware creators to take advantage of the computer users naivety they
    expect it and they get it.

    People want freebies. Nothing is free. There are many hidden costs and spyware and adware
    are very common. Users want, want, want but they don't realize that what they do, what
    sites they visit and their personal computing habits have a direct effect on the platform's
    stability.

    --
    Dave




    | I am self employed. Part of my work is fixing home PCs. 90% of the domestic
    | work I do involves removing several instances of Spyware, Trojans,
    | diallers..etc.. from Home PCs. I frequently get calls from the same people
    | to come back and clean their PC time after time.
    |
    | I constantly say don't use Kazaa or other P2P stuff, don't download anything
    | unless it's from a high profile site, never click popups, don't open suspect
    | emails, make sure your patched etc...
    |
    | Sure, they could have one of the mainstream bloatware packages running to
    | reduce the risks, but invariably any PC I come across that has a security
    | suite on it, I still find infections on. This is due to confusing warning
    | messages, overcomplicated installation and update methods. Or it slows the
    | PC to a crawl.
    |
    | All I have is AVG on my PC, I admit I trawl around some of the murkier
    | places on the web but have never been infected with anything.
    |
    | The response I get to questions I put to my customers is always the same:
    |
    | 1. "Oh I never open emails with attachments" (preview pane off)
    |
    | 2. "I always click the "X" on popups"
    |
    | 3. "We uninstalled Kazaa after what you said last time"
    |
    |
    | So, someone PLEEEEASE tell me...How are these people continually getting
    | infected?
    |
    | Paul
    |
    |
     
    David H. Lipman, Feb 10, 2005
    #2
    1. Advertisements

  3. Because they're lying? If you ask a user what he did that caused $FOO,
    he'll ALWAYS tell you that he didn't do anything.

    Juergen Nieveler
     
    Juergen Nieveler, Feb 10, 2005
    #3
  4. Paul H

    Leythos Guest

    Not having properly secured machines - simple.

    If you secure their machines, show them how to use the secured machine,
    and it's not connected directly to the internet then it's simple to keep
    them from being compromised.
     
    Leythos, Feb 10, 2005
    #4
  5. Paul H

    Jim Watt Guest

    Charge them appropriatly for removing it and profit by their
    stupidity.
     
    Jim Watt, Feb 10, 2005
    #5
  6. Paul H

    JD Guest

    That's very practical information but the one of the biggest culprits
    for malware is the ActiveX control's built into Internet Explorer you
    should install FireFox / Mozilla / opera etc. and get them to use it!!
    ... make it the default browser. That with AVG free and a Free firewall
    such as ZoneAlarm or tiny firewall should make a huge difference to the
    situation having said that keeping virus definition's up to date is a
    different story and as for the users browsing habits the temptation for
    free software / music is usualy to good to resist and they most likely
    install programs without reading into them or hastily click the yes box
    that pops up in front of them.

    You cold always let them continue the way it is after all it is 90% of
    your business and therefore 90% of your profit (for very little work)

    oh I just thought of something I bought awhile ago out of curiosity. It
    was a small pci card (very small, less than half the size) basically you
    plug it into a PCI slot and set it to "protect" a hard drive or
    partition you can use the hard drive as normal save, install even format
    the hard drive when you power off the pc and start it up again the hard
    drive was AS YOU LEFT IT when you "protected" the hard drive .. I know
    what your thinking this is getting a little long winded .. bear with me
    ... so if you were to install one on a clients computer give them a
    partition to save there data not "protected" and "protect" the main OS
    partition they could use it all they want and never worry about viruses.
    Small downside tho you would have to show them how to unprotect the
    drive so they could install software. the card I am talking about I
    purchased for £4 ($6) from Hong Kong (I think its a clone of a card I
    saw retailing for £35)
     
    JD, Feb 10, 2005
    #6
  7. Paul H

    Dazz Guest

    Bwahahaha - very well said. :)

    Dazz
     
    Dazz, Feb 11, 2005
    #7
  8. Paul H

    donnie Guest

    ######################
    I'm sure that most of them are using IE so block all active scripting,
    javascript and activeX under the custom settings securtiy tab of
    internet options. Also tell them that the only time you click on an
    attachment is if they had a pre-arranged agreement that someone was
    sending it to them.
    donnie.
     
    donnie, Feb 11, 2005
    #8
  9. Paul H

    Netuser 58 Guest

    It can also be the *refusal* to learn about safe hex, even after a
    person has been told about internet dangers and the ways to protect
    oneself. I know of a few such cases where the person has gone on the
    internet with no firewall! The person who warned them was shocked
    that they would ignore his warning - and this during the time of
    all these major outbreaks.

    Some people are not tecnically oriented, but still they need to learn
    certain basic protective measures.
     
    Netuser 58, Feb 11, 2005
    #9
  10. Can't agree more.

    --
    Dave




    |
    |
    | David H. Lipman wrote:
    | > Lack of computer knowledge and the inability to practice Safe Hex.
    |
    | It can also be the *refusal* to learn about safe hex, even after a
    | person has been told about internet dangers and the ways to protect
    | oneself. I know of a few such cases where the person has gone on the
    | internet with no firewall! The person who warned them was shocked
    | that they would ignore his warning - and this during the time of
    | all these major outbreaks.
    |
    | Some people are not tecnically oriented, but still they need to learn
    | certain basic protective measures.
    |
    |
     
    David H. Lipman, Feb 11, 2005
    #10
  11. Paul H

    Netuser 58 Guest


    Porn Sites??? I know of one person who is also continually getting
    infected and each time it it some message or word implying sex.
    I don't question his or his wife's surfing habits, but I do warn them
    that those sites are LOADED with malware.

    You should give your customers some sites to help them learn about
    computers and the internet.

    1.http://www.claymania.com/safe-hex.html

    2. http://www.staysafeonline.info/

    3.http://bshagnasty.home.att.net/browsersettings.htm#hosts

    4. http://www.stopspam.org/email/headers.html
     
    Netuser 58, Feb 11, 2005
    #11
  12. Paul H

    Jim Watt Guest

    IMHO the problem is not the users, but that the system does not
    insulate them sufficiently from the problems.

    The real issue is that in order to keep costs of hardware down
    these days offices are using what is designed and built to be
    home playthings.

    Educating the users although difficult has value, in the same
    way that children are taught not to take sweets from strangers
    but if they were properly engineered the option would not exist.
     
    Jim Watt, Feb 11, 2005
    #12
  13. Paul H

    Paul H Guest

    OK, I'm interested. Can you expand on that?
    Not directly connected to the internet? What do you mean? Single home users
    should be behind hardware firewalls or NAT routers?

    Paul
     
    Paul H, Feb 11, 2005
    #13
  14. Paul H

    Leythos Guest

    Sure, there are a lot of things that you can do to secure Windows systems
    that make it much harder for the typical home user to compromise their own
    systems. Take the browser, IE, as an example, MS has provided everyone
    with a set of instructions to secure IE so that it's much safer, and they
    provided detailed instructions of how to set it for high-security mode.

    Even better, install FireFox - sure, it's not perfect either, but it's a
    LOT safer than IE in any mode.

    Take email as another example: Patching Outlook Express is not enough,
    installing a third party email program is often enough to fix that problem.

    Installing an antivirus client that check both inbound and outbound email
    is another great method.

    How about securing the machine itself - disable file/printer sharing on
    single computer systems. Disabling services that are unnecessary for the
    user.

    How about using the Program Access Defaults to set FireFox and ThunderBird
    as the default browser/email clients - leave IE accessible in case they
    need to use IE, but make sure IE is setup for high-security.

    How about ensuring that the user is not running as an Administrator
    level user account.

    There's more, but you get the idea - these are all just the basics of any
    good setup.
    Absolutely! Everyone that isn't a security type with a full understanding
    of their systems should be behind a NAT device of some time. If not a NAT
    device then a firewall device. At the very least they should have some
    form of personal firewall installed on their computer - and if they use a
    PFW while running as a User level account it's a lot safer.
     
    Leythos, Feb 11, 2005
    #14
  15. Paul H

    joncosby Guest

    I'd be interested to know where you found this device at that price.

    Jon Cosby
     
    joncosby, Feb 11, 2005
    #15
  16. Paul H

    joncosby Guest

    %#$#^*(^& Google! I was going to close this email account anyway, but
    this is ridiculous.

    Jon
     
    joncosby, Feb 12, 2005
    #16
  17. Paul H

    Leythos Guest

    It would help if you didn't treat Usenet like email and quoted the part
    you are replying to - others may be able to help you.
     
    Leythos, Feb 12, 2005
    #17
  18. Paul H

    Guest Guest

    This was my first post on Google. I was referring to JD's PCI card.

    Jon
     
    Guest, Feb 12, 2005
    #18
  19. Paul H

    Leythos Guest

    It's cool, it was just that this is a global forum and many people see
    replies, without a snippet of the relevant parts it's hard to follow.
     
    Leythos, Feb 12, 2005
    #19
  20. Paul H

    johns Guest

    You are not getting the dropper (packer, etc). What
    has happened is someone in the house was browsing
    less than wonderful sites .. along with getting a lot of
    scumbag email .. etc, and they did not have AV, firewall,
    and email filtering ... so they pulled down a world of
    packers that hide all over the PC, and slowly unload
    their final product. You can go in and remove the final
    product .. GAIN, gator, dialer, on and on, but then
    the packer is still there, and it will just unload all of that
    poop again. If you install AV, you will stop viruses
    coming in to the PC, but you won't usually detect viruses
    on the PC .. or at least they will be difficult to remove
    if they have made it into system files or email archives.
    You can dl spybot1.3 and Adaware6, but they will only
    remove the active spyware, and again they cannot remove
    the packers that will simply reinstall all that crap.
    Listen carefully: I read other replies here, and clearly
    I'm the only pro replying to you !!!!

    First, tell your customers to let you do a complete
    reinstall of their PC from scratch.
    If agreed, tell them to go and purchase the ENTIRE
    McAffee security suite. It is about $70 to $100 ??
    Backup their Documents, Favorites, Email ( good luck),
    possibly any photo album programs that store photos
    in their own subdirectories.
    Under Email, make sure you export and backup their
    address book to a txt or wab file.
    Backup any old DOS programs like Brothers Keeper,
    or anything that keeps its own data. Ask them !!!
    Burn this data to cdr .. if they don't have a cdr. Get one.
    Then tell them they need WinXP Home or Pro, and to
    go buy it .. also to buy the accompanying Office Suit.
    Finally have them buy a disk imaging app like Norton
    Ghost 8 .. or PowerQuest2001 *** I like.
    Get together all their ISP poop and setup.

    I realize all of this is going into a bit of money, but that
    is just the way it is .. expect about $200 to $400.

    They need at least a 120 gig drive. Partition it c-drive
    40gig, d-drive 60gig and install the OS , mobo drivers,
    and SP2. Install the video drivers and create accounts
    for everyone using the box. Go in and make the accounts
    look good. Nice desktop, 1024 x 768, 75 vert. I like
    to center the background picture and leave a border
    that helps show up the icons. Install the ISP access,
    and check it, and log out. Install McAffee. Turn OFF
    automatic updates .. always do that manually. Turn OFF
    the windows firewall .. use the McAffee firewall.
    Install all apps.
    Now, load the backup cdr, and scan the crap out of it.
    Restore Mydocs, favorites, email and check it for
    addr book, boxes, etc. IF THE USER SQUAWKS
    ..... about something is missing, tell them you did the
    best that you could to recover their poop. If you were
    afraid of this, THEN FOR SURE, before you start,
    have them buy a new hard drive, and slave their old
    one to it and recover data from the slaved drive.
    NOTE: don't attach the slaved drive until after you
    have completely installed the new drive and partitioned
    it as I said. McAffee will watch the recovery from the
    slave drive. Once you are done and they quit yelling,
    put that slave drive away in a padded box and store it.
    Something will be missing for sure, and you need to
    keep that thing intact.
    NOW: defrag the entire c-drive.
    Run your drive image program, and create an image of
    the c-drive on the d-drive. Also, give them a list of
    several folders that they need to copy to the d-drive
    about once a week .. Favorites, Mydocs, email, etc ..
    and demonstrate how to do that, plus give them a piece
    of paper telling them how to do that.
    Install Adaware6 and Spybot1.3 ... set them up and
    run a scan, and then leave icons on the desktop for the
    user to run once a week.
    Have the user contact their ISP and ask if the ISP
    provides email filtering ( spam and virus ). Hopefully
    it is Postini. Subscribe to it, and include that in their
    annual fee. Run any programs that need network access
    ... IE, email, and approve them through the firewall.
    Show them how to access Windows Updates, and tell
    them to only dl the critical security updates. Nothing
    else .. Windoze is pushing video drivers :)

    NOW you have a good starting point for security.
    Pull Mommy and Daddy aside, and warn them about
    little Bobbies online habits ... mp3s, lawyers, nudies.
    Also ask them if they would like for you to restrict
    certain access on the PC .. like no changing the desktops,
    no changing the video settings to unviewable resolutions
    etc .... read up on how to set up IE with a dummy
    proxie and allow list ... also read up on how to use
    gpedit.msc to restrict hardware and desktop access.
    Slam little Bobbies world shut. I can tell you how to
    do all of that .. just unravel my email address and I will
    teach you.

    johns
     
    johns, Feb 13, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.