Comments on: Windows patch, iPod exploited in e-mail scams

Fake patches, rogue invoices make the rounds as spammers keep trying to fool people into installing Trojans on their PCs.

[wookielookin]

Scams

You know, it seems to me that after so many years of these scams that there are a lot of dumb people out there that keep falling for them.

Also, when the government catches some of these scammers etc, perhaps a public execution or two will solve the problem.

[groink_hi]

Education down the tubes

I remember waaaaaaay back (in Internet years; it was actually 10 years ago) when computer user groups served as training resources for many newbies. In our PC user group in Hawaii, much of our 500 or so members were very computer savvy. This is because we held many Internet education workshops and fixit clinics. Much of the focus on Internet education was basically to develop "defensive surfing" skills, so that in case you ran into a situation you weren't taught previously, you could somehow use your instincts to pick the right solution.

You don't see this anymore. People are buying computers at dirt cheap prices, and treat these "appliances" as if they were a radio or a VCR. I think maybe when computers were $2000 or more, these people made a point to learn how to effective use the computer. But today, people who buy computers haven't received any formal computer and Internet training. As a matter of fact, my user group shut down about a year ago because we had no new members signing up.

That's basically why, even though the population of people on the Internet increases, the savviness of these users are actually next to nothing. Now you add in these e-mail exploits. Because these users don't have the sense to detect BS when they read it, these exploits become more effective. To me, this is totally backwards; you'd think that as computers become more and more a part of everyday life, the population in general are getting smarter. But they're not getting smarter.

Just look at your average college student's laptop. It's a total mess! I re-built several laptops as favors for some of the military officers at my command - all of them owned by their kids. And none of them could be repaired without re-formatting the hard drive. These are teenagers now. They're supposed to know more about computers than their parents. I thought these kids were required to receive computer education before graduating (at least at my HS it was required). But based on several non-scientific surveys I've thrown out there at various forums on the 'net, NO ONE has ever taken a course in computers.

In summary, it's just going to get worse. As FUD becomes more and more of a common thing, these exploits will become even more effective.

[Macsaresafer]

Sure, blame the user!

There's no doubt that these scams rely on user ignorance, but if
the computer they were using had some basic amount of
security, they couldn't succeed.

I suppose it's the user's fault that they're using Windows, but if
we're honestly looking for the source of the problem, we have to
blame computer consultants and IT people. These are the ones
pushing ignorant users to buy Windows, so they can claim the
pot of gold Windows problem leaves for them in the form of
billable consulting hours.

It's a perfect vicious circle. Computer techs make money from
computer problems. Windows creates problems, making it easy
for them to make money, so they're not about to recommend
anything else. Average computer users listen to their
consultants, so they buy Windows and we're back where we
started.

[Ipod Apple]

PC user group in Hawaii

http://www.analogstereo.com/apple_ipod_commercial.htm

[ml_ess]

Who's the sender?

Ideally, we simply wouldn't open any email from unknown senders... but that isn't always possible, especially in a business setting when we're forced to communicate with unknown entities on a daily basis.
What it will come down to is user education (http://essentialsecurity.com/Documents/article7.htm) and appropriate security software. So those are two points every business and individual should hit... At the very least, no attachment should ever be opened unless you know who sent it!

[Jelly Baby]

You can lead a horse to water...

All the advice and education in the world is not going to help because most people simply ignore it or forget it. Social engineering scams will always have a reasonable percentage hit rate.
I'm not anti Windows - It's the "little learning" problem which makes users think they know what they are doing. Windows doesnt break Windows - Windows users break Windows. If the world used linux then those same users would break linux as well.
You just have to look at the number of iPod wearers out there to realise that consumer spending is not based on value or quality - just fashion!

[wbenton]

Patch Authentication

If Microsoft CANNOT authenticate their own patches... they deserve to be ram-rodded by rogue patches!

Proper Authentication is the key to many security problems.

Walt