It's 2012, why the f is "Security Shield" still a valid trojan/virus?

Ns1

No Lifer
Jun 17, 2001
55,419
1,599
126
Seriously, FUCK Windows.

Goddamn relative's computer is infected, again.
 

VirtualLarry

No Lifer
Aug 25, 2001
56,570
10,200
126
Firefox exploit? There was a recent patch in 10.2, for something that was actively exploitable.
 

SecurityTheatre

Senior member
Aug 14, 2011
672
0
0
It takes a lot of random clicking to get infected. I'm certainly an avid computer user, but I just have free AV and a default configuration of Windows 7 Professional and I've never had a malware infection in 18 years of being online. My roommate (I just asked) said the same.

Stop clicking random shit and saying "yes" to every popup and the problem goes away.
 

gsellis

Diamond Member
Dec 4, 2003
6,061
0
0
This statement does not reflect reality.

Understood. It is hard to train relatives to quite being the models for social engineering subjects. Unfortunately, computers just do what they are told. And Yes or even X can be the wrong answer. And with the default of Owner being admin... well there are just too many malware installers that are great on the social engineering side.

"Hey, the computer told me there was a virus and this would fix it. Isn't that a good thing?" (facepalm)
 

AFurryReptile

Golden Member
Nov 5, 2006
1,998
1
76
This statement does not reflect reality.

It really does, actually.

But it's a lost cause with some people - you spend your holidays cleaning up viruses for a few years, until they finally start listening. Of course at this point, you'll spend your holidays running two years worth of updates because they become scared to run anything. There's no winning in tech support...
 

seepy83

Platinum Member
Nov 12, 2003
2,132
3
71
Patch, patch, patch, patch, patch. Teach them how to make sure that Windows, Java, Flash Player, Acrobat, Virus Definitions, etc. are all up to date. That's really the best prevention for these types of infections. Infections can come from otherwise benign and trustworthy websites because because the attacker is using advertisements to deliver the malicious payload.

It's not easy to get a personal/home computer to automatically patch everything. It needs to be turned on when the updates are supposed to run, then user needs to be good about rebooting it after updates install, etc. If you don't change the user's behavior, you will be far less successful in preventing these infections.
 

dawks

Diamond Member
Oct 9, 1999
5,071
2
81
Patch, patch, patch, patch, patch. Teach them how to make sure that Windows, Java, Flash Player, Acrobat, Virus Definitions, etc. are all up to date. That's really the best prevention for these types of infections. Infections can come from otherwise benign and trustworthy websites because because the attacker is using advertisements to deliver the malicious payload.

It's not easy to get a personal/home computer to automatically patch everything. It needs to be turned on when the updates are supposed to run, then user needs to be good about rebooting it after updates install, etc. If you don't change the user's behavior, you will be far less successful in preventing these infections.

I'd actually highly recommend removing Java at this point. Hardly any websites use it, those that do have stupid crap in it. And its such a HUGE security risk. Probably the biggest attack vector at this point.
I'd also suggest removing Flash from the system and using Chrome wherever possible. Chrome has flash built in, sandboxed, and updated regularly, more often than Adobe itself.
 

seepy83

Platinum Member
Nov 12, 2003
2,132
3
71
I'd actually highly recommend removing Java at this point. Hardly any websites use it, those that do have stupid crap in it. And its such a HUGE security risk. Probably the biggest attack vector at this point.
I'd also suggest removing Flash from the system and using Chrome wherever possible. Chrome has flash built in, sandboxed, and updated regularly, more often than Adobe itself.

Ehhh...I don't know about that. I use a ton of websites that require Java. Yes, it's a huge attack vector, but I'd have to go back to paying almost all of my bills through snail mail/checks if I decided to not use java because my bank, credit cards, mortgage, and utilities websites almost all use java.
 

ultimatebob

Lifer
Jul 1, 2001
25,134
2,449
126
It really does, actually.

But it's a lost cause with some people - you spend your holidays cleaning up viruses for a few years, until they finally start listening. Of course at this point, you'll spend your holidays running two years worth of updates because they become scared to run anything. There's no winning in tech support...

The only winning move is not to play.

Personally, I find it offensive that relatives expect you to fix their computer when you come over to visit just because they know that you work in IT. Would you expect your friend who's a mechanic to change your oil while he's there, or your dentist friend to pull a tooth for you?
 
Last edited:

dawks

Diamond Member
Oct 9, 1999
5,071
2
81
Ehhh...I don't know about that. I use a ton of websites that require Java. Yes, it's a huge attack vector, but I'd have to go back to paying almost all of my bills through snail mail/checks if I decided to not use java because my bank, credit cards, mortgage, and utilities websites almost all use java.

Maybe I'm an odd man out then, I haven't had a legitimate personal use for Java in years.. maybe 5+? The only site I ever use that requires Java is logmein, and even thats odd, because it only needs java 1 out of every 20 times I connect, normally its flash.

I use 3 banking sites that dont use java.. if they did I'd stop using them :)
And I have all my bills set to auto pay, but even so, our local utilities all use standard SSL web forms. No java involved.

Does your bank limit the length of your password.. maybe to like 15 characters or less?
 

N4g4rok

Senior member
Sep 21, 2011
285
0
0
I used to work help desk on campus, and the biggest culprit with letting security shield through seemed to be Flash. After an update, the problem would go away for a couple weeks. But students who didn't update Flash regularly almost always got it at least once before the semester was out.
 

gsellis

Diamond Member
Dec 4, 2003
6,061
0
0
Maybe I'm an odd man out then, I haven't had a legitimate personal use for Java in years.. maybe 5+?
My credit union has a mortage calculator (many non-java version on the web) and twopalms.com uses it. But that is it for me. Running without Java at home.
 

us3rnotfound

Diamond Member
Jun 7, 2003
5,334
3
81
Patch, patch, patch, patch, patch. Teach them how to make sure that Windows, Java, Flash Player, Acrobat, Virus Definitions, etc. are all up to date. That's really the best prevention for these types of infections. Infections can come from otherwise benign and trustworthy websites because because the attacker is using advertisements to deliver the malicious payload.

It's not easy to get a personal/home computer to automatically patch everything. It needs to be turned on when the updates are supposed to run, then user needs to be good about rebooting it after updates install, etc. If you don't change the user's behavior, you will be far less successful in preventing these infections.

Adobe Reader. AKA POS.
 

Dravic

Senior member
May 18, 2000
892
0
76
Seriously, FUCK Windows.

Goddamn relative's computer is infected, again.

Avast (or anything with on access scanning)

noscript is your friend. use it, teach them how to surf with it. The pain of having to approve the sites you vists sucks for the first week or so, but once you get the hang of allowing only the domains you intend to surf to to run javascript you are at least mitigating a lot of it.

Surfing the internet with JavaScript enabled at this point in the game is just waiting for an exploit. Follow any of the hack contest, needing the user to click on an exploit hasn't been a problem for like 10 years...
 

nitrous9200

Senior member
Mar 1, 2007
282
3
76
noscript is your friend. use it, teach them how to surf with it. The pain of having to approve the sites you vists sucks for the first week or so, but once you get the hang of allowing only the domains you intend to surf to to run javascript you are at least mitigating a lot of it.
.

Good idea, but no computer illiterate relative would ever figure out NoScript.