Non-Technical Users Talk Malware

swirsky writes "The Chicago Sun Times is running an article detailing the experiences of non-technical users after they were infected by spyware, malware, and viruses. We cluck our collective tongue and think that we'd never be so stupid, but this is a major problem that plagues personal computing." From the article: "The study found that spyware has disrupted the computer lives of 43 percent of surfers. That means an estimated 59 million people have spyware or adware on their computers, the study found. Adware is defined as tracking programs that come bundled with other software and that users knowingly download, although they don't necessarily want the adware."

Malware == Moolah

[TripMaster+Monkey]

I love malware. Malware removal acounts for probably 65-70% of the bottom line in my business. I'll tell you something else...the $129 average price tag quoted in the article is right on the money.
Personally, I hope nothing is done about the problem. I only wish I could protect my less-technically-inclined family members and friends more effectively, as I don't charge them for removal. :P

Re:Malware == Moolah

[MarkByers]

every infection brings my family members that much closer to letting me switch them over to Linux...

But don't try to force them to make the switch, it will just lead to frustration when thing don't work out as expected because they can't play this-or-that game.

Just leave them with their malware problems and let them figure it out for themselves. Drop the odd hint about never having received a virus if you feel like it. Perhaps they'll get a Mac or something. It's a step in the right direction at least.

Re:Malware == Moolah

[Doc+Ruby]

Wouldn't you rather be expanding the productivity of your customers, rather than just keeping them at "square 1"? If all the production lost to malware were spent on promoting better communications, you'd have at least as many customers. And more produced in exchange for your work (rather than just saved from destruction), which means more wealth to share.

"War is good for the economy" is a fallacy that is true only for weapon makers. Everyone else pays the price. Fear is a motivator, but it produces less than it destroys. I guess some firefighters "love fire", but most would rather be barbecueing.

I thought I was immune too

[ReformedExCon]

I run a firewall, I have my operating system completely patched, and I never open attachments from people I don't know.

Imagine my surprise when I ran AdAware just today and discovered 7 infections.

The real problem is not that there is a bunch of computer illiterate grannies opening every attachment they receive. While that is a factor, the real vulnerability is in the hubris of "power users" who think they can't get infected because they take all the precautions. But as I learned today, sometimes even that is not enough to be completely protected.

not a big surprise, but it's ominous for future

[yagu]

We cluck our collective tongue and think that we'd never be so stupid, but this is a major problem that plagues personal computing.

One small but not insignificant piece of the problem is just that, the attitude among techies that if only the "lusers" would stop being so stupid, they wouldn't have so many problems.

1. they really aren't as stupid as we accuse them of being
2. most of us techies probably would have to admit to an infection or two ourselves, that with our extensive knowledge and background
3. the world of malware is incredibly aggressive at staying ahead of the defensive curve.

I've predicted this before, I'll stand by the prediction, (unless there are quick, effective, and transparent solutions) people eventually will become so fed up with this they will collectively begin to unplug (not necessarily a bad thing) and move on. I have in the last few years established my uneasy peace with Microsoft Windows on my dual boot machines now that XP has reached reasonable stability, but have gotten to the point where I rarely go there anymore because it has ceased being a "boot into" endeavor and instead is almost always a boot, then reboot, and sometimes yet another update and reboot. So much for transparency. I have programs I like to use in Windows I've actually begun to offset by creating my own similar linux functionality (thank Goodness I can code) just because I can't stand the 15 minute preamble to getting up and running in Windows.

On the other hand, my Dad, whom I've spent countless hours coaxing and helping learn Windows and how to use his computer called the other day and said he had disconnected it, and didn't care to ever use it again. I can't blame him.

It's your own fault

I can understand why non-technical users surf with Internet Explorer.

I can understand why technical users use Internet Explorer for Windows Update and a small selection of trusted websites (e.g. online banking) for compatibility.

But I have no sympathy whatsoever for technical users who should know better that continue to use Internet Explorer to visit websites that are in no way trustworthy.

Re:Claria

[MarkByers]

Some malware replaces adverts of the sites you visit with adverts of the malware author's choice. You say this doesn't affect you.

So you think that it's ok that when you visit your favourite site, all their adverts are replaced by adverts of Microsoft's choice, and your favourite site gets none of the revenue? And when your favourite site ends up having to shut down due to lack of funds, will you still argue that spyware/malware does not affect you?

...not to mention the ones who don't even know

[fhknack]

That's 43% of the folks surveyed who know they've been bitten. I'd guess there are at least half again as many who don't know that their IE keeps taking them to that new "search screen" because of something they downloaded.

Re:It's not just the non-technical users

[MobyDisk]

I don't get this stuff. I hear this story all the time and I don't believe it. I can't download and execute an EXE file in less than 3 clicks, and that's if I've already done it previously and set it as the default and I use an old version of Internet Explorer.

If you were using Mozilla, you would have had 5 clicks and a double click: Click on the page, then click "Save to Disk" then point to a location, then minimized your browser, then double-clicked the EXE. That's a big accident!

Firefox lets you set a default download location, so that's down to 4 clicks.

Maybe you were using Internet Explorer 6 and had the default operation for EXE files to be to open them. You are down to 3 clicks. You could have clicked the web page, clicked OKAY to the prompt to open the EXE. Then maybe you accidentally clicked OK to the prompt about installing an application from the web that shows in a big warning box telling you about signed and unsigned applications.

Or maybe you were using an old version of Internet Explorer (IE 4? 5?) which doesn't prompt for anything if you have that set as the default. That seems highly unlikely for someone smart enough to know COM and the registry.

Okay, sorry if I am sounding like a jerk. I really just want to know how this can happen!

Re:Just buy a Mac :-)

[Aerog]

Okay, I'm going to bite, because this has been irking me a bit this week.

Macs are not immune to viruses, we just haven't seen a virus or spyware author take the time to exploit it, yet. Why? Because it isn't profitable RIGHT NOW.

1. Lots of users (likely the ones who would initially be succeptible to a virus) are running windows. This makes it easy to spread.
   
2. Most computers run windows. You don't see a lot of human viruses that only attack people with anemia; it's just more profitable to attack the majority (or everything, if you can get it).
   
3. Spyware makes its money on user numbers. The more users you can get, the more you want to develop a product. Why spend the time to write for the small % running macs when you can take some already-proven techniques and go for the big money (i.e. the lots of users) on Windows machines.
   
4. Programmers are lazy. If there isn't a really good reason to do it (i.e. not enough profit potential in their eyes) they generally won't do it unless they're really keen on it. Mostly, these people are not making spyware/viruses.
   

When you see the Mac userbase hit a decent number (and I don't pretend to know what that is) then you'll see spyware and viruses for it. Fact. Until then, stop being a mactard and just deal with the situation at hand: there is a lot of spyware out there and something needs to be done now. That something is not ignoring the problem until it swims up and bites you in the ass.

The strange thing about this article

[Sloppy]

What's funny about this article, is that it does not contain the words "Windows" or "Microsoft".

How can someone "report" (I use that word loosely) on this problem and tiptoe around the huge elephant in the room? In spite of the overall fraction of users that are having problems, spyware is not normal. It is almost entirely contained within one single very specific homogenous portion of the population. To say that computer users suffer from spyware is like saying that Sol 3 lifeforms suffer from tobacco mosaic virus. Yes, it's technically true if you want to get pedantic, but it's hard to believe that a "reporter" (*cough*) could so egregiously overly-generalize unless they intended to mislead.