Slashdot Mirror
Malware Threat Reports Are "Apples and Oranges"
Ant writes "The December malware threat reports are trickling in from vendors — and they all appear to be different. Fortinet, Sunbelt Software, and Kaspersky all published their lists of the most prevalent malware strains for the last month of 2009, but they didn't match up, leading to an admission that users will inevitably be confused by the results. Not only do the various security companies use different names for the threats they identify; they don't even identify the same threats."
At all?
Help stamp out iliturcy.
No they haven't.
That's why.
Most definitely not. Windows users have no idea about 'threat tables' or what the hell's going on, except that their antivirus program is blinking red and making noises and they have to keep clicking "yes" or "OK" to make it better.
The inconsistency stems from the fact that these so-called "antivirus software research labs" are just Windows terminals with neckbeards in each. Symantec's neckbeard prefers browsing porn sites with ActiveX. Fortinet's neckbeard gets his latest and greatest malware from careless P2P downloads. Kapersky's neckbeard gets his viruses from phishing and gambling sites.
Hence the inconsistent naming conventions and detection profiles across vendors. +5 informative.
You can see each story 10-20 minutes before it goes "live." (Assuming we posted it that far in advance, which usually we do.)
Straight from the Subscription FAQ. Fail troll is fail.
Totally pressed the submit button on accident, now I am the failing one.
There can only be one way out.
SEPPUKU.
Sure you can. How do you think I managed to get first post? But my comment was not visible for 10 minutes. It was visible for 8 seconds between the time I posted it and the time I read his reply. Not long enough. This fine article, as of the time I clicked reply, still doesn't have a second thread under it. He's a script.
Help stamp out iliturcy.
28 years of computing on networks, zero instances of malware. I feel special.
Everyone's always touting the benefits of competition, but here's a clear example of competition serving to confuse the market. There are a number of problems:
1) Antivirus solutions do not co-exist - and not just the resident portion. I'd love to run a second or 3rd scanner like I can for spyware but Antivirus vendors have created a market that is use to the worst kind of lock in. Why can't I run 3 different products side by side and decide which one's resident scanner I want switched on? I'm sure there are technical issue but I'm also sure they're not insurmountable.
2) Antivirus vendors are now trying to police what you can and can't do. Look at the numerous reports of false positives for programs that are legally grey (or black) but aren't viruses. I've personally had network tools come up as false positives and it's a pain to unquarantine and exclude them so they don't quarantine themselves again.
3) The main form of collusion between vendors seems to be fitting into Microsoft frameworks so they show up as antivirus software in the appropriate control panel and so you don't get warnings about invalid or out of date antivirus. But this in itself makes them more vulnerable to attack
4) The products are often so badly written that they cause as many problems as they solve. A bad update here or there can (and has in the past) caused irrevocable system damage that has required a reinstall or restore from backup for users. What's the point of an antivirus that does this. Worse I've seen much subtler performance problems from minor antivirus updates - in one case it brought a company I worked for's client's machines to their knees and initially they blamed us. Turns out a change in the engine meant very big files were being opened and re-scanned for every write. Needless to say it wasn't out fault.
5) Every vendor seems to have their own names for a virus. For pity sake can we have some kind of standard naming mechanism?
Isn't competition suppose to improve such things and open up the market? In this case it just hasn't happened. There has been implicit collusion but not of the right sort to improve or provide a diverse range of products. There's not one product that will protect you well.
These posts express my own personal views, not those of my employer
September 29, 2009 11:51 AM PDT
Malware worldwide grows 15 percent in September
A rise in malware has caused the number of infected PCs worldwide to increase 15 percent just from August to September, says a report released Tuesday
http://news.cnet.com/8301-1009_3-10363373-83.html
Phew, I'm glad they're so much smarter - imagine how much more clickfraud and spam the botnets would be perpetrating if they hadn't wised up.
Close to 60% of all US Windows computers are hosting malware already, and that's not likely to change any time soon. The anti-malware industry is making a fortune from Windows flaws, but overwhelming evidence suggests it's not money well spent. If computer users DID wise up, they'd be moving away from expensive and fragile platforms, not adding to the coffers of modern day snake-oil merchants.
"I've got more toys than Teruhisa Kitahara."
This is why I have to run 6 different scanners: because there isn't one that detects all the threats. I currently run 2 antivirus programs along with SpyBot, SuperAntiSpyware, Windows Defender, and Malwarebyte's Anti-Malware.
Yeah but wouldn't it be nice if we could bomb/shoot/waterboard virus writers?
Violence is like duct tape. If it doesn't solve the problem, you didn't use enough.
News agencies know better, for years now they offer us the 1000 reporters, one main story approach. As they know that customers discredit uncertainty.
He's a script.
Or he is you.
http://michaelsmith.id.au
Or he is you.
Either you have been drinking too much Ethanol or I have not been taking enough Tegretol.
http://michaelsmith.id.au
That's not nearly enough. I get good results with twelve usually, but for porn surfing 16 is not near enough! So I use a Mac or Linux instead. They've got some magical anti-malware internals - probably thirty or forty heuristic engines in there I suspect, but man are they fast! They don't slow the machine down at all.
Help stamp out iliturcy.
one of my favorite papers ever: Apples and Oranges: A Comparison
Beware the Jubjub bird, and shun the frumious Bandersnatch.
The writer could conceivably seen the story in the firehose, thought this one will make the front page, copied and pasted story into a text editor and composed their message, then had it ready to post. When the article with your reply came live, they posted within 8 seconds, with a more cogent response than your initial first post as they had time to work on a first reply. This is also suggested by the post referencing the story but not your post.
Alternatively they might have actually read the article, and thought This will make slashdot one day, then followed a similar plan, but Mr. Ocham might want a word over an explanation that involves that much forward planning and OCD monitoring of the front page.
There are now at least 20 million linux users. That's a large enough market that if somebody could do it he would have - if just to prove he could.
Help stamp out iliturcy.
5) Every vendor seems to have their own names for a virus. For pity sake can we have some kind of standard naming mechanism?
How about a (latin/greek) Biological-like naming system. After all, it works for biology and many (computer)viruses are derived from earlier versions of those viruses, so we could have actual hierarchies.
So you could have a name such as: "userus.dumbus.clicktus.pornolinkus.diabolicus"
Of course after the latin name we could come up with a "common" name - based on the name of the unfortunate tech who had the displeasure to remove it first.
They're all the same anyway: "Big Scary Virus, so buy my overpriced antivirus software"
I'll see your hokum and raise you a boondoggle.
It stops attacks all the time. It's very good.
It can't, usually. But it can infect a machine running from a live CD. No problem.
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
Believing all that say those reports, and doing quick and wrong choices.
And how much of that is caused by the bad practices of places like Worst Buy? As a PC repairman I get a lot of Best Buy and Staples machines across my desk, and the default settings these bunches use is just terrible. They ALL have Automatic Updates for Windows turned off, most haven't had so much as a single patch since they came from the factory, the only "protection" they have is a shitty 30 day crapware AV install, and some even have the firewall DISABLED by default! WTF?
I have to wonder with so many setting up such obviously shitty fucked up default policies if they aren't sabotaging these machines on purpose to make more money on repairs and pushing extended warranties. There is no excuse in this age of zero day attacks to be selling horribly out of date unpatched machines, yet I see them come across my desk all the time. The average user doesn't know their machine has been set to screw them from the word go, to them it is new and should be ready for use, but its not even close. Joe and Sally average don't know about changing settings for Windows updates, or how to see if their firewall is running or not.
So while i'm sure the comments here at /. will be filled with insults at clueless Windows users, I say a lot of the blame needs to be leveled at places like Worst Buy. To use a /. car analogy, nobody expects to have to take their brand new car straight from the dealership to a mechanic so he can get the brakes to work and the doors to lock, do they? So why should the users need to be IT guys just to get a functional PC at retail?
ACs don't waste your time replying, your posts are never seen by me.
Might as well preinstall botnet clients at the factory.
No, that would be HP.
I'm going to reply to your comments in "".
"I use Linux. Its true that there are some viruses for Linux, its just that I haven't ever had one."
Do you understand the difference between a Virus, and Spyware, Malware, Worms, and Root Kits? This idea you have is a mirage. Linux boxes have multiple serious security flaws, as all our systems do today, The idea peddled by some is that one side is immune, while the other is an open door way. I'd really rather people talked sensibly with a realisation that our current systems and how they are built remains fundamentally flawed.
"When I was in college, the monkey virus (long ago) was the baddie. When I was unfortunate enough to manage windows systems, code red, nimda, I love you and a few others were all the rage. I got real disappointed when they started listing viruses in the ten thousands, then fifty thousands."
Windows has fundamental flaws, and since win95, its architechture and design had some serious problems. In XP, users by default are created as Admins, and the bulk of the Windows world, developers, suppliers and ISVs continued with a lot of flawed security. This 'ease' of use operation, leaves security mired in a serious hole. And its one that Anti Virus companies and Anti Spyware and Malware companies and organisations are still chasing down today, as well as Microsoft. However, for a very very long time now, Microsoft, and others have stated quite clearly one of the steps that should be taken, and often, even today, is still not taken, and that is _do_not_run_as _admin.
"For Linux, its been in the teens. Mostly root exploits, proof-of-concept stuff, and virii that you have to allow in and set to execute yourself (change permissions, etc)."
http://www.pcworld.com/article/113636/linux_groups_servers_hacked.html
The arrogance of your point is noted. However, its badly placed. Linux systems that are actually placed in the real world, live, facing data ports. One of the large advantages this does exist, is the majority of users are created as users, not as the admin account. This alone is a primary basis for its better record. The point however, is that its not immune, and people should be very careful in assuming that it is.
"Its possible, but not probable to kill your system with these viruses. Perhaps it is good fortune, but I've never been infected (under linux). I'm not trying to troll, its just that the virus writers don't ever get tired trying to be destructive (mind you, kids come and kids go), and the anti-virus folk always seem to have some kind of real specific remedy, which keeps people buying. Its a bit like homeland security. In order to have a budget, there has to be a threat level. In order to sell anti-virus software, there have to be viruses. Shutting an airport for 6 hours because a man kissed his wife sounds like an over reaction. Its stupid. Its non-sensical. Its someone sounding the klaxon too loud so that the danger-danger-danger mentality and the budget both are accepted. No terror, no budget (or sales). Its a game. I refuse to play. If there are viruses on some system, I use the other. Terrorists always target planes, I use car, or bus or something else. The virus researchers never seem to offer anything all encompassing. Its always piecemeal, just like the homeland security rules. The terrorists always always target at the last hour, so we worry about just the last hour (very piecemeal). A stupid approach if you are trying to solve a problem like terror or security, but a real boon if you are trying to sell software or get a budget passed. Milk it baby! Milk it hard. But please, count me out. It just looks like a pile of crap to me (both). Thanks."
When I last spent time with a team from Mcafee, they spoke about how their labs a few years ago, were getting 60,000 unique samples of virii and malware code, and how only a couple of years later they were being bombarded with 255,000 a month. No security co
We`re all equal
This is why education is so important and the idea that a computer is simple is bad. People buy devices that are as powerful as supercomputers were 15 years ago and expect them to be as simple as a toaster. So they end up giving vast amounts of computing power and network bandwidth to criminals.
As for Best Buy -- just an example of how easy are a fool and his money parted. I recall reading an article about how many people just buy a new cheap PC after theirs is infected. Of course, current security practices of Best Buy are unacceptable, but it appears that they can get away with it (they provide a working configuration after all). So it is up to users to develop some intelligence...
Doesn't make sense to me. I mean, if Schemester Antivirus wants to identify a threat that is "not the same" as the one Flybynight Computer Security wants to identify, wouldn't one expect them to use different names?
That's like saying Ford calls its car Fiesta, while Toyota calls its car Tazz, but they are not the same car. (To include the obligatory car analogy.)
Free, as in your money being freed from the confines of your account.
Linux has a significantly higher proportion of the server market however, and is dominant in the supercomputer market... The areas where Linux is strong are generally more useful to a hacker, as the systems are more likely to be running 24/7 and have access to far more bandwidth. So yes, Linux is very much a target and has plenty of people working to find ways onto Linux machines.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
As an extension to the above, the windows mentality of downloading and executing binary installers from websites lends itself to malware
It's not just the Windows mentality. Mac OS X has the same mentality of downloading a disk image from a site and dragging the .app bundle to the Applications folder. Likewise, if Linux ever gets widespread, it will likely have the mentality of adding a software publisher's repository to a machine's software sources and installing software that way.
If you don't engage in risky behavior you don't have to worry so much. For example, paying for all your software should be enough
Whom should I pay for Firefox and GNU Image Manipulation Program? But seriously, my aunt got drive-by-downloaded twice, both times by fake antivirus software, and she spends most of her time in Facebook. I didn't know Facebook had mandatory fees. The first time it happened ("System Security"), I was able to boot into safe mode and run MalwareBytes Anti-Malware, but this time ("Advanced Virus Remover", apparently a newer version of the same threat), safe mode just causes the computer to restart during boot. She's using an Ubuntu live CD until she saves up the money to have the (anti)virus taken off by experts. I'd switch her to Ubuntu permanently, but she needs Windows to get pictures off her Pantech phone running Windows Mobile, and if anything, she needs a working copy of Windows to fix her unclean-shut-down NTFS so that she can even install Ubuntu without blowing away all her files.
I didn't work at Best Buy specifically, but if it's anything like most other electronics/office stores, it isn't a matter of practices at the store at all. I never touched a PC that was a sold to a customer, they come in boxes from the manufacturer. I'm guessing no one at Best Buy is "setting them up," or "sabotaging" anything in any sense of the word. If the Manufacturer's Windows image is somehow FUBAR and has defaults set differently that you don't like (I somehow doubt this), then wipe it with a clean install of Windows, using the license that almost all computers come with now.
That said, I'm pretty sure that installing and leaving Windows alone is all most PC manufacturer's do as well, before they pile on their crapware, anyway.
The people with the most computing power on the planet right now are Russian hackers (some of the botnets are estimated to total 4+ million machines)
Supercomputers are yesterdays news. These botnets put them to shame on nearly every metric. The idea that you mentioned them as an important target in laughable, because even if hackers got in.. they would get noticed rather quickly even if nobody is watching for it when that 7 hour job instead takes 14.
The key to the success of botnets is that very few ever do anything about it even when they know something is wrong. The masses are the target, not supercomputers.. this isnt the movie Hackers.. that ficticious gibson, even if it existed, wouldn't be worth an organized effort on the level that we see today.
"His name was James Damore."
The areas where Linux is strong are generally more useful to a hacker
Yes, but also more likely to be controlled by someone competent, who won't open unexpected attachments, download cursors, or fall for the "Your computer has N threats, click here to remove them" scams, and knows about updating software. There are plenty of Windows servers out there too, and I doubt they're infected very often. Malware writers target desktops because there's a decent chance of getting onto them.
Just wanted to make a comment regarding anti-virus/malware vendors and how they co-operate with each other. Recently I took on some Sophos training for work - Sophos makes security software which includes (among other things) anti-virus.
From what I was told, they DO work with other AV vendors in one particular situation: samples. If a new virus/trojan/nasty is detected by any vendor in a partnership of vendors, they will provide a sample to others, but won't tell them their detection algorithms. That way the separate vendors are free to determine what to do with it, while at the same time ensuring one vendor doesn't hog all the info.
Apparently it's a mutually beneficial arrangement for everyone, possibly because there's no point hogging the samples because actual infected binaries will appear anyway. At least that's how I remember it. If anyone can add or correct this, feel free.
It's to keep the big wheel turning and give you job security, without it, there would be no need for you, or the AV vendors. Didn't you know...
No, this is why the current monopoly general-purpose OS is such a bad idea.
If formats, protocols, APIs etc are open, then simple computers can be used for simple tasks. The hardware industry is trending in that direction with products that are cheap, functional and simple, like the Freescale Tablet.
A device like that could be made safe, reliable and uncomplicated given the right software selection. People who don't want or need complexity should have that choice without sacrificing compatibility. Sadly, we'll never have that while Microsoft holds the reins of the software industry and demands 85% profit margins for its complex and demanding OS.
"I've got more toys than Teruhisa Kitahara."
Yet again, the Internet proves itself to be humor's kryptonite.
Violence is like duct tape. If it doesn't solve the problem, you didn't use enough.
grab a USB >PATA|SATA cable
For personal reasons that I would prefer not to disclose on Slashdot, she wants to pinch every penny from this fix; otherwise, she would have already taken the computer into a local repair shop. At this minute, without access to ask her, I'll assume that she'll tell me that she can't afford to buy a USB enclosure for this fix.
4 scan her drive on "NSA Paranoid" level (you may of course want to do a scandisk on it first)
My primary computer is a laptop that runs Ubuntu 9.10; her computer runs Windows XP Professional. Ubuntu won't mount an uncleanly unmounted NTFS without a special flag; even then, I haven't been able to get it to mount an uncleanly unmounted NTFS with write privileges. So how can I scan a Windows hard drive on NSA Paranoid level using Ubuntu?
Windows. The sample of reports listed had W32, Win32, or a virus targeting Windows (e.g., Conficker).
I think the results and the solution is pretty clear, and it's the same that it has been for more than 25 years.
I pay $24.95 a month in antivirus updates for my $449.98 netbook. I do a deep scan one day a month just to be on the safe side and I manage to keep infections down in the double digits. But what else can I do? Macs are too expensive and Linux just requires too much time.
Can you be Even More Awesome?!
Well, when Worst Buy, as you call it, bought Geek Squad they took an service of flamboyant (VW bugs and nerdy uniforms) technicians and over time replaced educated technicians with sales monkeys shown how to run canned programs and charge about half the value of the computer to fix the simplest problems. They have a bunch of the sales monkey at the counter and possibly a real technician working in the background on machines not fixed (or made worse) by the sales monkeys.
We don't have a Best Buy in my town but I have visited a good computer shop in a town that does. Their rates are much more reasonable than Geek Squad and they shared a few stories of computers brought to them after being taken to Best Buy.
I provide home and small business computer support (mostly Windows, occasionally Mac, and experimenting with Linux for some customers). I find that most malware will disable most anti-virus programs (Norton and McAfee for sure). Why pay a yearly cost for software that slows down your computer worse than the malware and gives you less protection than a free competitor? I used to like AVG Free but have been using the MS Security Essentials instead since people get annoyed with AVG changing versions and requiring a manual upgrade.
My philosophy anymore is to have some type of firewall enabled (Windows Firewall or another free one), an active anti-virus (MS Security Essentials or another free one), and preferably Firefox with ABP instead of IE. Most malware not prevented by these is something obtained by a socially engineered attack (e-mail attachments, web browser ads, etc.) and usually lead to a fake anti-virus program that asks for money to fix the problem it created and will block most methods that can remove it. I find that most can usually be cleaned up with Malwarebytes Anti-Malware running in Safe Mode.
The vendors and the manufacturers are both guilty of selling products and services that are not secure but give the customers a false feeling of being safe from everything. This leads to reckless behavior that those who understand security would avoid doing even with a secure system.
Computer security software is no match for the behavior of ignorant users that will disable or circumvent security provide by others. Computer education related to security doesn't hit home until these people have to pay someone to clean up the malware mess.
I Cater to the Needs of Stupid People. - from a coffee mug Christmas gift
No, they don't.
Hairyfeet is a Microsoft apologist. He's always on hand to invent excuses for Microsoft's failings.
As any shopper will tell you, your computer comes from the reseller in a box from the manufacturer, and generally has a standard pre-install image ready to run. I've never seen any modification of settings, just the usual crapware installed.
Nope, this isn't a reseller problem - that's just blameshifting.
"I've got more toys than Teruhisa Kitahara."
They all want you to be afraid of the maleware THEY sponsored the develpoment of so they KNOW they can cure your ills easily.
errr....umm...*whooosh* *whoosh* Is this thing on ?
Oh give me a fucking break! Lord save us from paranoid Linux users!! For your info I have said on here about a bazillion times that Steve Ballmer is probably the shittiest fortune 500 company CEO ever, and have been more than happy to list their many failings (RRoD, Zune, no DX10/11 for XP, Vista) but quit trying to be paranoid and blame everything on 'teh evils M$!" okay?
And no shit they come with a default image, so do all the off lease office equipment I sell. You know what? I take a whole 2 minutes to run a script that sets autoupdates to true and run the latest autopatcher preconfigured off the network. And I'm just a little guy in a little shop. There is NO REASON why Best Buy can't run a little script or have a button set up on their little "geek squad CD" (you do know their "repairs" are nothing but a CD with a GUI, right?) that would set autoupdates to true and run a WSUS server to feed them the latest patches.
So scream "Microsoft apologist!" all you damned well please, but EVERY place gets pre-imaged machines but while the smaller places actually give a flying fuck about their customers and take a whole two minutes to add the right settings it is Worst buy and Staples that just don't give a fuck. And how is pointing out shitty retail service making MSFT look good?
ACs don't waste your time replying, your posts are never seen by me.
No, this is why the current monopoly general-purpose OS is such a bad idea.
Yeah, because Best Buy would harden Linux if they sold it in any numbers.
I don't know if you are the same guy, but I've seen the call for open OS a crapload in the comments on this article. Yet, I've seen nothing that indicates this wouldn't happen as bad (or worse) with Linux or some other currently existing OS that is "open". The only saving them now is the fact that the number one OS is such an easy target. Whether it's easy because of its large install base of uneducated users, or the OS in inherently weaker because it's closed is something we won't know until the year of Linux on the desktop comes.
Learn to love Alaska
Oh believe me pal, I can share some Worst Buy horror stories. The last shop I worked for (Now I do mostly SOHO and SMBs and the only home users are brought to me by word of mouth) was the "go to" place for those poor souls that went to Worst Buy.
Here are just a few that I can remember off the top of my head: One guy went in with a nearly $500 graphics card, came out with a $50 one, which of course when I told him and he went screaming to Worst Buy said "You can't prove you had a decent card in there". Folks opening their "new" PC and finding other folks stuff (and often porn) in it (that one happened A LOT). Folks going in with X amount of RAM and coming back with Y (also popular, some even had the RAM ripped out breaking the retention clips right off the mobo), that one BTW also happened to my current GF when she took her PC to rent a ripoff before she met me, so apparently that is a common FU. Parts put in upside down or even backwards (one had the floppy drive installed vis hammer) hell I could go on all damned day.
As for a good AV/firewall combo, may I recommend Comodo Internet Security? It is feature rich, without the user having to know squat, low resource, doesn't slow the machine to a crawl, and so far I haven't had a single malware infection come across my desk from a box loaded with Comodo, which considering some of the business owners I deal with is saying a lot. Pretty much your users will have to ignore every warning and continue installing to get a bug around Comodo, and of course in that case there is really nothing that will stop an ID10T error.
And for computer problems I would suggest downloading a copy of this, the Computer-Repair-Utility-Kit-V2. It has more than 50 tools that fix the most common problems (great for field work), it is butt simple to add your own tools like Malwarebytes Antimal to it (which I also use), fits just fine on a cheapo 1Gb flash stick, and has just about everything you'd need to find and fix common problems. The ClamAV it comes with is out of date of course, but that is easy to fix. Slap it on a thumbstick, update it once a week, and you are good to go.
But I have to agree, you can only do so much before the problems become PEBKAC. But I have found like you that a few sane policies (FF over IE, autoupdates on, fully patched Windows, decent AV/firewall) goes a LONG way to cutting down rates of infection. I have customer's PCs that have been running for years without a single bug thanks to a little sane policy setting on my part.
ACs don't waste your time replying, your posts are never seen by me.
I am glad that we don't have a Worst Buy in this town. The closest I have to get to their messes is extended service plans people buy for some of the devices like printers. Don't get me started on my experiences doing Dell hardware warranty work.
Most of my customers are referral so I keep busy now that I have been doing this business for 3 years. I have no problem with being honest with my customers since I can fix a problem and tell them how to prevent it instead of trying to drain them of their cash by fixing the same problem over and over again. There are always other upgrades and repairs that I would most likely be considered for later and happy customers give referrals. Operations like Worst Buy prey upon consumer ignorance and try to get as much as they can before the customer can get wise.
Thanks for software and tool suggestions. I am always on the lookout for other tools that make my job easier and more efficient.
I Cater to the Needs of Stupid People. - from a coffee mug Christmas gift
With that many processing cycles available, why can't they be?
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Hey no problem, we PC repair guys need to stick together. Sadly we honest PC repair guys are a dying breed, with many places being taken over by Worst Buy, or as I call it "The Walmart of PC repair". Have you ever SEEN how they "repair" a PC? Look up "Best Buy repair CD". I swear to God they have a little GUI based CD handed down from corporate that is pretty much "and the monkey pushes the button" as far as repair goes. No basic knowledge on how to troubleshoot, no working through the steps of starting at the basics and working your way up, it is just "push the button" and if that don't work format and reinstall.
And the worst part, I had a buddy work there that let me in on the "inside dope" before he quit. You ever wonder why so many pervs get busted for child porn by geek squad calling the cops? Want to know HOW they find it? The office pervs have USB drives and scripts that run looking for *.avi, *.jpg, *.mpg, *.mp3, etc looking for free tunes, GF pics, porn, anything they can snatch. I wonder how many girls took their PC into Worst Buy and is now on some "see my GF" type website thanks to the geek pervs at Worst Buy. I always tell my clients "Don't tell me to back stuff up if you don't want me to see it" and go out of my way not to look in other folk's stuff. To me it is like a plumber going through someone's underwear drawers when he was asked to fix the sink. That kind of crap just makes me sick.
But since you are a fellow PC repair guy, I'll throw you a link to another tool you may not have heard of but that can really save your ass, especially when you run into those weird "programs dies for no reason or refuses to launch" problems. Say hello to my little friend Dependency Walker. It is only a couple of hundred Kb, no installation, works off a flash,works on 32 and 64bit, integrates easily with the repair toolkit, and most importantly you point it at any .exe and it will highlight and name any missing dependencies. You'd be surprised how many Windows problems can be traced back to a missing or mis-registered dll. This little baby will point out any missing .dlls, which you can easily replace and voila! The users think you're a god. So enjoy, and be glad you don't have a Worst Buy. They are...well the worst.
ACs don't waste your time replying, your posts are never seen by me.