Slashdot Mirror
Ask Slashdot: What To Tell Non-Tech Savvy Family About Malware?
First time accepted submitter veganboyjosh writes "I got an instant message from an uncle the other day, asking me what was in the link I sent him. I hadn't sent him a link so I figured that his account had been hacked and he'd received a malicious link from some bot address with my name in the 'From' box. This was confirmed when he told me the address the link had come from. When I tried explaining what the link was, that his account had been hacked, and that he should change the password to his @aol.com email account, his response was 'No, I think your account was hacked, since the email came from you.' I went over it again, with a real-life analog of someone calling him on the phone and pretending to be me, but I'm not sure if that sunk in or not. This uncle is far from tech savvy. He's in his 60s, and uses Facebook several times a week. He knows I'm online much more and kind of know my way around. After his initial response, I didn't have it in me to get into the whole 'Never click a link from an unfamiliar email address' bit; to him, this wasn't an unfamiliar email address, it was mine. How do I explain this to him, and what else should I feel responsible for telling him?"
Log into AOL's SMTP server with telnet and make an email that looks like it's coming from your uncle. Show him how easy it is to fake, and that the "to" field is actually incredibly untrustworthy.
A person can ask for advice. They can act on it as they see fit. If your adult uncle ignores your advice, you are off the hook. Maybe you know what's best for him, but if he's asked you and doesn't believe you, there's nothing you can do. I know you wish you could help, but you can't. We sell computers to people who aren't IT admins with the implication that they don't need to be one in order to operate them. Sadly this isn't true, but it's beyond your duties as a nephew to try to disabuse him of this notion.
This answer is probably less than satisfactory, but the world is an imperfect place and our ability to change that is very limited.
Perhaps other Slashdotters have some Jedi mind tricks for you to try, but I'm not optimistic, based on personal experience.
I am not a crackpot.
Just tell him email is very easy to forge. That's it.
You don't have to explain the technical details of exactly how it is forged, what headers are, how SMTP works, how malware mines personal data, or any of that. If he cared about the technical details, he'd read up on them, and then he wouldn't need you.
Keep it simple: "email is very easy to forge."
Cut that out, or I will ship you to Norilsk in a box.
This used to be good advice, because Macs were such a small share of the market that the malware authors didn't bother with them. This isn't quite so true any more.
It is true that Macs are not (relatively) free from threats anymore, but damn, they sure have a lot fewer to deal with. No?
Not anymore. Remember that story posted not so long ago?
http://thenextweb.com/microsoft/2012/11/02/microsofts-security-team-is-killing-it-not-one-product-on-kasperskys-top-10-vulnerabilities-list/
Apple is on that list twice (QuickTime and iTunes). Adobe is there a lot. No Microsoft products.
Feel free to bring the conspiracy/fraudulent research theories but really it's time people move on with old stuff.
lucm, indeed.
This was my first thought.
Specifically, harvested from a third party who has both the poster and his uncle's email address.
In other words, the poster, veganboyjosh, should be looking into his other relatives. His aunt, his nan & pop, his mum & dad, etc. First to see if they are receiving spam from each others' addresses, and to try to narrow down who has been compromised. Start with the oldest relative and work your way down.
Science is all about firing a drunk pig out of a cannon just to see what happens.
Even when you explain it to them, most of them are too dumb to understand it.
If you are a programmer, you are part of the problem. The user isn't dumb, s/he just has better things to do than become a Software Engineer just to use what has become an everyday appliance. The problem here is bad design, period. Accept that and maybe we can move on.
People don't usually care what "application" a window belongs to; the fact that you care on the Mac is a holdover from the Mac's single tasking heritage (where the entire menu bar paradigm originated). What people do care about is that the menu entry they select operates on the document they are working on, and people get confused about that relationship on the Mac.
SSH isn't a good option because OSX command line administration is extremely obscure. iChat is mac specific.That points out another problem with switching to Mac: if you switch your parents, you really have to buy another Mac for yourself and set up Apple-related accounts and infrastructure everywhere. You can't maintain a Mac if you don't use one yourself, it is just too different.
I went down that road; bought a Mac for my parents and a MacBook and desktop for myself. It was a lot of work. In the end, the small benefits of OS X over Windows just didn't justify the big expense and work. A couple of machine generations later, my parents are on Linux, I'm back on Windows and Linux, and we're all a lot happier.