FTC Kills Scareware Scam That Duped Over 1M Users

coondoggie writes "The Federal Trade Commission today got a court to at least temporarily halt a massive 'scareware' scheme, which falsely claimed that scans had detected viruses, spyware, and pornography on consumers' computers. According to the FTC, the scheme has tricked more than one million consumers into buying computer security products such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. The court also froze the assets of Innovative Marketing, Inc. and ByteHosting Internet Services, LLC to preserve the possibility of providing consumers with monetary redress, the FTC stated."

I hope this helps this problem

[vwpau227]

At the computer store where I work in Waterloo, Ontario, Canada, we see at least 3-4 computers each week with these rogue anti-virus and anti-spyware applications. These programs are a real pain to deal with, both for our customers and for our computer store as well, since the programs are often difficult to remove and take up a lot of time that would otherwise be used to help our customers find solutions that make them more productive.

However, given the fact that new versions of these programs are being developed on a regular basis (for example, as of late we are seeing a new rogue program called Trusted AntiVirus), and the fact that the organizations behind them are often located offshore and in multiple jurisdictions, I wonder how much a dent this judgement will make into the scammers' operations. Hopefully, at least, this will be a start.

Part of the problem, of course, is user education. We have users that receive warning messages that tell them that this program is possibly a virus, and ask them if they would like to run the program anyway. Many users that do not know any better will run the program even though the warning is telling them this may not be a good idea. Helping the user understand what the legitimate warnings are on the system tends to reduce the problem.

It's easy to stop ...

[tomhudson]

Turn off the $$$ - the credit card companies know that payments to certain entities are for scam crap just from the number of complaints, but they still do nothing because, let's face it, a million sales @ $30 a pop == $30,000,000. 3.5% of that is over a million bucks. It's not in their immediate financial interest to turn off the tap.

Re:It's easy to stop ...

[omeomi]

It's not in their immediate financial interest to turn off the tap.

Nor is it their responsibility to make sure their customers spend their money wisely. And they can't just indiscriminately stop processing payments made to certain companies...they'd get sued.

Re:It's easy to stop ...

[myxiplx]

Yeah, just like they did when they stopped taking payments to AllofMP3.com.

oh, wait...

Re:

[tomhudson]

Paypal and iTunes - now that's a marriage made in hell.

I can't wait until the day when everyone can accept email payments [interac.ca].

Re:

[Kent Recal]

Not gonna happen.
Why would a bank provide flatrate b2b/c2b money transfers when they can take a rake from each transaction?

Re:

[FLEB]

So, it's like Paypal meets Western Union. Fraudulicious!

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[flerchin]

You seem to have some intelligent points to make. However, I can't decipher them. I'm not trying to be a pedant, but can you take a second and try to rework your post to make it more clear? In particular, can you elaborate on your point about ebay not encrypting passwords?

Re:

[aliquis]

Why don't they contact their banks instead? Not unlikely that they have messed up themself though.

Re:I hope this helps this problem

[lalena]

I agree that going after these scareware companies is too difficult, which is why we should go after the advertising networks that help them post their ads instead.
According to the article "The defendants used an elaborate ruse that duped Internet advertising networks and popular Web sites into carrying their advertisements."
Even if you are duped, once you see the scareware ad you should revoke the ad account for that company.
Most sites have a way of clicking that a blog post, wiki article, ... should be reviewed or removed because it is inappropriate, but you never see something like this for an ad.

Re:I hope this helps this problem

[Pharmboy]

Well of course you don't see something like that for an ad. The advertisers are PAYING real money. The only reason you see a "click here if this is inappropriate" on any website is so they can cover their own ass and prevent getting sued. It is "good faith" effort to remove stuff that is liable or DMCA. Many of these sites are so 3rd tier, they don't give a damn what bad ads are on their website, as long as they get paid.

Silly me, I still think that part of the cause is that Windows is entirely too easy to pwn.

There is enough blame to go around, but the one thing that is universal is money. The crappy forum/blog/wiki websites want the ad money regardless of content, the scammers want your dollars, MS wants to overcharge and underdeliver, many people are too lazy to learn about their computer and would rather pay the extortion (which doesn't end the problem) than keep their systems up to date, no matter how easy you were to make it.

Hoard your clicks

[Nefarious Wheel]

...The only reason you see a "click here if this is inappropriate" on any website is so they can cover their own ass and prevent getting sued...

Actually, there's another reason. If you click on anything at all, they can record your address in their web journals and tick a box labeled "This person is a potential mark". It's one of the reasons why I close these bogus displays by going around and closing them from the operating system. I do not trust any button or other clickable control presented to me from any window that I didn't specifically ask to see. Even the little X in the top right corner, they can emulate those controls with controls of their own, and can record the fact that you've paid them a bit of attention. And for such people, the less attention you pay them the better.

Re:

[Ihmhi]

I know a good bit about computers, but I had never heard about anything like this. Would this actually be possible - emulating the entire thing? I'm sure the X boxes and whatnot would be easy, but what about the right-click context menus?

Furthermore, why isn't Adblock stopping these things in the first place?

Re:Hoard your clicks

[pxlmusic]

because, as the previous poster mentioned, coupling it with NoScript (along with a good AdBlock list) can ensure that you see little to none of that crap.

i've been doing it quite a while and it has saved me from so much potential bullshit on my computer.

i get a few calls a week (cable hsi support) from people with these scareware programs on their machines. usually, i recommend they get a professional to clean their computer or will even go so far as to recommend a full system wipe.

it may take an hour or so to reload Windows, the drivers, system tweaks, etc. and only a few minutes for them to go right back to the same sites that got them there in the first place.

not only that, but getting your average user to use Firefox, let alone NoScript...forget about it.

Re:Hoard your clicks

[Whiteox]

Furthermore, why isn't Adblock stopping these things in the first place?

Because they are not ads.
That's the dumb thing about the whole 'protect your pc' scam which IMHO is bigger than most people think.

In the late 90's The big 3 US antiviral companies only scanned for viruses and left the door open for other US companies to provide software firewalls like Zone Alarm.
The European antivirals however went a step further by not distinguishing virus from worms or trojans and started to include spyware in their scan databases.
As time went on, pretty much everyone is offering 2 or 3 tiered scanning systems that incorporate firewalls, phishing, popups, malware, spyware, rogueware, trojans, worms and viruses.
In 2008/9 there are a few more 'threats' like rootkits and the very latest are 'botscans' like http://mtc.sri.com/ [sri.com]
Trend Micro have their own too.... http://www.trendsecure.com/portal/en-US/tools/security_tools/rubotted [trendsecure.com] ... It's the flavor of the month!

Now MS is getting its act together and are doing what they should have in the first place, is to block holes and to provide a level of free security scans for their products.

The question that interests me the most is what is pressuring MS to do this?
Are they growing a conscience? Or do they realise that their precious OS is the main cause of most of the internet abuse in the world?

In other news, Symantec/Norton have rewrote their internet suite (due to complaints I bet) and are offering 3 months for free (maybe Australia only?)! http://www.asecondchance.com.au/ [asecondchance.com.au] I didn't know if I should laugh or feel sympathetic.

The abuse that internet aware MS systems are exposed to is massive and a lot of people from both sides are making lots of money. Money to be made 'protecting the pc' and money to be made by attacking it and money to be made by 'cleaning it'.
I deal with this sort of stuff every day and there is not one single product - professional or free, that can identify, delete and repair all the threats out there.

And yes, while the ball is rolling and money is to be made, then the game goes on.

Re:

[Nefarious Wheel]

I'm more concerned about the amount of life I'd lose if I didn't.

Re:

[jellomizer]

I would go one step further by getting the Web Site that hosts the marketing firms who then posts these adds to them. I not saying they couldn't in turn sue their marketing company that they do business with but for all the Malware out there you need to target the easiest to hit for the consumer then you can go further down. So for example Slashdot should be responsible for this "I'm Rich. You're Not." add. (which seems questionable to me). If you I were to be stupid enough to click that link and buy a pr

Re:

[pxlmusic]

that Messenger service was turned off by default in SP2

Re:I hope this helps this problem

[whoever57]

Part of the problem, of course, is user education

Part of the problem is that these users have administrator privileges. I have seen many posts here on /. and elsewhere that claim it is quite possible to run as a non-administrator under Windows. In a corporate environment it should be possible to remove admin privileges (unless those who posted such claims were lying).

Personally, I was amused by this scamware, seeing it scan my PC and find various infected DLLs -- the only problem being that my Linux PC doesn't have any DLLs (except for a few in my WINE installation).

Re:

[lord_sarpedon]

Are you...running malware in WINE for fun?

You _do_ realize that this grants write access to all your priceless documents in ~
The UNIX security model (as with Windows) doesn't give a shit about protecting _users_, just the system. A terribly dated and broken concept.

Re:I hope this helps this problem

[whoever57]

Are you...running malware in WINE for fun?

No. Perhaps you don't understand. The "scan" is totally bogus -- it "ran" in my SeaMonkey browser under Linux and "detected" various infected DLLs. Since I don't have any DLLs on my system, the "scan" is obviously a scam.

Now, I just wanted to qualify the "I don't have any DLLs" by making a throaway remark that there are actually some on my system as part of WINE. This does not mean I ran the malware under WINE.

Re:I hope this helps this problem

[Anonymous Coward]

Now, I just wanted to qualify the "I don't have any DLLs" by making a throaway remark that there are actually some on my system as part of WINE. This does not mean I ran the malware under WINE.

Never give more information than is necessary, it will confuse some people.

Re:

[Macrat]

Never give more information than is necessary, it will confuse some people.

Especially front line phone support.

Re:

[dragonturtle69]

I saw that once too, on Firefox 3.0/Suse 11. A popup appeared from where the SysTray would be, if running XP with the default theme. If it had been on XP, and unwary user would have easily believed it to be a legitimate XP security warning. Another user that I recently converted to Linux saw this on Ubuntu 8.1/Unknown browser, and took it for a good thing that Linux prevented an intrusion. The sad part is that they would have provided sudo if prompted.

Claimed my Linux box had viruses in the registry

[Rick17JJ]

On several occasions have run across aggressive annoying advertisements which popped-up claiming to have detected viruses and spyware on my computer. On each occasion, I was using Linux and browsing the Internet with Firefox. I normally do not get pop-ups when using Firefox, but some scareware advertisers do still know how to make pop-ups appear.

Earlier this year, I had just installed a brand new copy of Kubuntu Linux on a brand new hard disk in my computer. It did not (and still does not) have Windows

Re:

[mpe]

The "scan" is totally bogus -- it "ran" in my SeaMonkey browser under Linux and "detected" various infected DLLs. Since I don't have any DLLs on my system, the "scan" is obviously a scam.

As would be the case if it offered to "scan your registry". No doubt even on a Windows system such sites could list DLLs or registry keys which don't actually exist on the system in question.
This is like phishing emails where you may not even have an account with the bank in question and even if you do you never told them

Re:

[MaskedSlacker]

Even though users can have their files easily restored in minutes from a backup? And since the malware can't infect at the system level it is then a simple matter for an administrator to nix the offending files?

Re:

[Timothy Brownawell]

Even though users can have their files easily restored in minutes from a backup?

What backup? [slashdot.org]

And since the malware can't infect at the system level it is then a simple matter for an administrator to nix the offending files?

Is "administrator" a fancy term for "geeky neighbor kid"?

The only files that matter are the user's files, everything else can be fixed with apt-get and a livecd. If those files are messed up, it does not matter that the stock OS files are still intact. The *nix security model is good for protecting users from eachother, while malware protection requires protecting users from themselves. Probably the only ways to get the latter are some unmaintainable SELinux config or a highly inconvenient bro

Re:

[MaskedSlacker]

Administrator is a fancy term for the guy who logs in as root and can kill any misbehaving processes launched by the user.

Again, backups. I just lost 6 months of work to a hard drive crash two days ago that will cost me $1200 to recover. Mechanical failures are wonderful things. Now I have backups in my apartment and remote backups setup. Backups are trivially cheap, there is no reason not to use them other than your own stupidity. Yes, I was stupid not to have one two days ago.

An infected backup

[tepples]

Even though users can have their files easily restored in minutes from a backup?

And what keeps the files from getting infected before the backup?

Re:

[lord_sarpedon]

Yeah. That's right. Who gives a flying fuck if files get deleted? Because everyone backups nightly to tape and properly labels them before permanent storage. Or not.

You can argue that there's significant overlap between the people with malware and the people that lose stuff to hard drive failure. But when's the last time that a widespread virus _deleted everything_ for the hell of it? It's a business now! The last intentionally destructive one I heard of held documents _for ransom_ instead. The goal is to h

UNIX has sandboxes. They're called separate users.

[tepples]

Are you...running malware in WINE for fun?

You _do_ realize that this grants write access to all your priceless documents in ~

Which is why people who test malware in WINE make a separate user for this.

Re:

[Anpheus]

Hey, stop right there. In Windows you can protect user accounts but it doesn't work when you choose to make all the other accounts administrators!

(Yes, that's an OPT-IN, not an OPT-OUT when making new accounts.)

Re:

[Anonymous Coward]

the problem is that lots of software (e.g. World of Warcraft and anything that includes Punk Buster) assumes that you have more than normal user privileges. So while you can do it, it makes everyday tasks a pain.

Re:

[Al Dimond]

Ha, well in that case it's even easier. Surely it wouldn't be hard to find a bunch of players willing to cancel WoW subscriptions until a blatant programming error is fixed!

I'm not all that familiar with any of this software specifically since I'm not a gamer, but earlier today I thought the same thing you did about Punk Buster: it could be a daemon running as root, a setuid binary (I'm sure Windows has an equivalent but I don't know what it's called), or a kernel module without requiring other programs to

Re:I hope this helps this problem

[xlsior]

You can't lock out the primary user of a home computer from installing programs. No matter how many hoops you have to jump through (excplicitely authorize, enter password, etc.) there are still a ton of people that will jump through all the hoops and still end up with the garbage installed.

After all, keep in mind that there were a million people that were esentially tricked into pulling out their creditcard and paying money to these people. Removing admin rights and having to enter a sudo password before they can install the malware in question still doesn't change the fact that they honestly thought they 'needed' to install the program in question in the first place.

You can only do so much to protect people from themselves, and in cases like there there isn't much you can do other than prosecute / sue the snot out of the companies doing the malicious advertising and unfounded scaremongering.

Re:

[xlsior]

What about the hoop of "developer must be a company with office space, not an individual" and the hoop of "in order to get your app signed, you have to pay the platform owner four figures to test it thoroughly"?

Enforcing that would absolutely massacre the PC platform, since you also prohibit the hundreds of thousands of people who program useful utilities, tools, applications and games for fun and spread them for free. Just because someone writes a game in his bedroom at night and releases it for free do

Re:

[Miseph]

"The operating systems in video game consoles, digital video recorders, and some mobile phones do exactly this. And when these gain web browsers, they begin to blur the line between "appliance" and "computer"."

And people will jump through ridiculous hoops to break that so they can run what they want on the things they own.

"What about the hoop of "developer must be a company with office space, not an individual" and the hoop of "in order to get your app signed, you have to pay the platform owner four figures

Re:

[Drakin020]

If everyone knew how to properly use a computer, you and I would be out of a job.

Re:I hope this helps this problem

[FLEB]

McAfee was installed; this software bypassed and disabled McAfee.

Probably a relief. It takes some sophisticated software to get McAfee to stop begging for money. Where could one obtain this miracle malware?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Your computer is broadcasting an IP address!

[corsec67]

Sure, it is 127.1.

Have fun with it.

Re:

[Anonymous Coward]

What's with all the gay porn on there? Are you some kind of homo?

Oh, shit...

Re:

[iamhassi]

My IP is 192.168.0.1

my login is admin. my password is admin

Please fix my computer broadcasting!

Re:Your computer is broadcasting an IP address!

[Kent Recal]

This was (deservedly) modded funny but this scam really exists [hotbrick.com]! (WARNING link points to the scam site, click at your own risk, you may broadcast your ip address to them...)

Re:

[FLEB]

The family-portrait photo, of the child riding a dog, on the imaginary software box, that's a clear indication of quality. I could see how someone could be taken in.

Re:Your computer is broadcasting an IP address!

[Vegeta99]

hahahahahaha they're SOOOOOOO wrong it says my IP address is 64.8.85.43 and its really 192.168.1.101!!!! go to hell h4x0rz!

[/n00b]

Get a rope!

[Nimey]

My university has seen so many students (and even staff!) with variants of this. I'll volunteer for the firing squad.

I'll one up that.

[RulerOf]

My university has seen so many students (and even staff!) with variants of this.

One of my users managed to get it on a fully patched XP machine that I somehow forgot to install Symantec on (yeah, stupid), with basic User privileges.

Of course, I've seen it a million other times too, but those people were all running with admin privileges.

Re:

[gad_zuki!]

Really? If it lived soley in user space then it would be trivial to remove and couldnt do all the tricks that it does, namely installing services, registering dlls, and over-writing system files.

  One of my users tried to install it and it failed. Something tells me your limited user config isnt standard. There's no shortage of shops that give write access to the c: drive and large parts of the registry because theyre too lazy to find the specific file or key they really need.

Re:

[RulerOf]

That shop was a small shop, and the users need a little more slack with their machines since I only talk to them about once a week. I don't have backdoors like the task scheduler locked up, so if you *really* wanted it, you could have admin on these boxes, and a couple apps (I hate quickbooks) require it, so there's a few RunAs scripts and so on that could port you into adminship.

Nonetheless, I was still impressed.

Re:Get a rope!

[Trepidity]

I'll volunteer for the firing squad.

Finally! We usually have to get someone sentenced on trumped-up charges to get our weekly execution, because nobody ever responds to the call for volunteers.

Re:

[Nimey]

Well played, sir, well played.

Great

[ArchieBunker]

Too bad they didn't do this 6 fucking months ago when idiots started opening fake UPS/USPS/FEDEX emails to print their .exe "invoice" inside a zip file.

Hey you!

[RulerOf]

You've got a virus!

Pay me or I won't tell you what it is!

The sad thing is that people fall for it.

I've actually had the following conversation:

"What antivirus program was that?"
"Oh let me see here... [Horrible Trendy Name]"
"When did you install it?"
"I don't know."

I told him to call his credit card issuer.

Though, as if that's not enough, my neighbor recently couldn't understand how a dialog that, after analyzing basically indicated his computer was "too secure" wasn't a bad thing.

I have them beat

[LurkingOnSlashdot]

Sure these might just be "scamware"... but I beat them at their own game by installing all 5 of the mentioned programs. The combined power is sure to be effective even if one alone is not!

I have WinXp Viruses on my Mac!

[JimMcc]

According to these guys, my Mac is infected with Windows XP viruses. Ok, now I'm not that gullible, but the sad part is that there are plenty of people that are and believe whatever they read. Of course these are the same people that send birthday cards to little whats-his-name who wants to be in the Guinness's Book of World Records.
 
At one level I'm sympathetic, but at another I think that people need to learn to be more than a little skeptical on the internet. So instead of getting money returned to the people that purchased this junk, how about using it to fund advertising programs that politely ask "How can you be so stupid?" (Obviously not saying it like that.) Education is the only thing that will change this in the long run. Otherwise they'll just fall for whatever the next trick is that comes along.

Re:

[ljw1004]

In Australia several years ago there was a major government advertising campaign with the slogan "If you drink and drive, you're a bloody idiot."

Your proposal "You can you be so stupid?" sounds okay bit a bit too mild...

Re:

[Moridin42]

Yeah.. but JimMcc is probably speaking about America. The country where everything must be politically correct or else. One of the schools a few hours away made the news recently because the old Rudolph the Red Nosed Reindeer stop motion movie uses the word "christmas" and is thus unsuitable for viewing in the classroom.

So.. while harsh honesty about the ignorance of computer users may be educational, it won't be tolerated. Not here, anyway.

Re:

[Nefarious Wheel]

In Australia several years ago there was a major government advertising campaign with the slogan "If you drink and drive, you're a bloody idiot."

This was accompanied by "Don't fool yourself, speed kills". Once I saw a car where someone had taken a razor to the two bumper stickers and displayed "Don't fool yourself, you're a bloody idiot". I had to pull over for a few minutes.

Better late than never

[erroneus]

The FTC is supposed stop and punish fraudsters. This is their job. I can't understand why it has taken this long.

Re:Better late than never

[Narcocide]

The answer to why is probably simpler than you think - they don't "get" this internet thing either.

Re:

[DerekLyons]

It's much likely that they do get this 'internet' thing - but that building a case and following due process takes time.

Re:

[Mashiki]

My guess is it took awhile to actually find someone traceable here in North America to go after. There's been some heavy dissection of this on DSLR over the last few months, by and far most of this is redirected to a money dump in russia.

Helllooo.... FCC ... um, Stopsign.com ?

[Lost Penguin]

If I go to stopsign.com it will detect all sorts of Windows nastyware on my Linux box.
They have ads on Direct TV.....

Alternate title: FTC Identifies Over 1M Morons

[Spatial]

In an unrelated story, the FTC has invested in some extremely large ovens in an effort to reduce the nation's dependence on foreign energy sources. They claim the new fuel is actually self-perpetuating and that "There is an unlimited supply here at home."

How many years did this take?

[terraformer]

At this rate they will nail the Extenze scam by 2015 and Head On by 2020. If they can't shut these things down fast enough, the amount of money they make is still vastly larger than any fine, so the fine and shutdown is just a cost of doing business. They need to be more proactive.

Sign me up!

[whizzleteats]

You mean there's anti-virus software that will find pornography on my computer? Will it show it to me as well? :D

Particularly nasty

[RockMFR]

The most interesting part of this operation was that they apparently impersonated legitimate businesses, created advertisements for these businesses, and then had them placed on high-profile websites. The buyers of these ads typically had no idea anything was wrong because the ad code was both obfuscated and would only redirect the user to the bad website a small percentage of the time.

Is it the same Sam Jain

[the_other_one]

I wonder if the Sam Jain referenced in the article is the same Sam Jain behind efront [wikipedia.org]. There was plenty of good reading on fuckedcompany.com way back then when the ICQ logs were released on the net.

They can't do that!

[bensafrickingenius]

How am I supposed to put food on my table if people don't have the opportunity to destroy their systems with a single click anymore? My computer repair business is doomed. Doomed, I say!

It's ridiculous.

[Anonymous Coward]

I'm amazed that it's taken this long for something to be done about this. I'm also amazed at the magical protective perception field around them. They're not just scams, they're viruses. If they were written by some 14 year old in their parents basement, heavily armed goons would sweep in and drag them off to jail to face felony charges for unauthorized access to a computer, distributing a virus, etc. The protection racket they're running using their viruses is icing on the cake.

The fact is, these are viruses and they're not just spread by people voluntarily downloading programs they believe to be anti-virus software due to scary pop-ups. These things use exploits in windows and web browsers to infect peoples system whether or not they choose to install them, then they generate messages that can truthfully claim that the computer is infected with a virus. Having endured hell working in tech support I've seen plenty of infections by this crap.

So, on the one hand, it's good that someone is finally doing something. On the other hand, where the hell are the criminal charges? Why is it the FTC doing something and not the FBI? Because the criminal scum behind this throw on the trappings of a business they become sacrosanct and get civil actions where the rest of us mere mortals would be put away for life. What the freaking hell!

Blaming the User

[Detritus]

If this is the same scam that I've seen lately, have a little sympathy for the end user. The ad generates a nasty dialog box that can only be killed by forcing the browser to quit. The alternative is to "agree" to let them scan your PC. I'm paranoid enough about browser security bugs that there is no way in Hell that I would agree to that. The fact that their ad can create such a dialog box seems like a browser bug to me. Have you stopped beating your wife [Y/N]?

Re:

[tomhudson]

It's called Norton/McAfee anti-virus

Really? That's the new name for Vista?

I think there's a bug in their web site - it told me I had 427 viruses on C:, but I can't find C: anywhere. I looked in /home, /usr, /var, /srv, /etc, /root, /lib, /sys, /mnt, /opt, /proc, /other, /sbin, /bin, /boot, /dev, /media ... I can't find any C: ...

Seriously, with 8 gig usb keys going for $30, and the ease of installing linux on one, 500 gig hard drives going for $70, or booting off a dvd if you're REALLY cheap, there's

Re:Old news

[Jamie's Nightmare]

...and if all you want to do is surf the web, sure, Linux or even an old WebTV box is just dandy. Problem is, people are used to doing more with their computer. That's where Linux leaves most people with the feeling of holding a wet fish.

you KNOW no amount of protection is going to be enough - you're gonna catch SOMETHING.

I know your trolling, but it's worth pointing out this is dead wrong. I'm using Windows with no anti-virus/spyware programs and the firewall built into my DSL Router. The one and only time I've personally had a virus was in 1997, when my then idiot girlfriend downloaded and executed an IRC script. The best defence is knowledge. Period. There is no OS in the world that is secure with ignorance behind the keyboard. Sure, Linux offers a huge huge security advantage because of it's obscurity, but that's a double edged sword that points back to my first point. People want more out of their PC, and I can't blame them. You want protection? Start with you. Those who rely on others first are usually the ones to get screwed first.

Re:

[tomhudson]

As I point out elsewhere, most people think that their computer is useless if they can't view wmf files, or yutube videos. For the former, there's "install all windows codecs" which uses the dackman.de repository; for the latter, if they want the latest flash player, they have to include the non-oss repositories for their distro.

Then they can get rickrolled to their hearts' content, play those flash games, etc.

Re:Old news

[TheLink]

Windows isn't really the problem[1].

If these millions of people were running Ubuntu they'd still be infected by malware.

Why? Because these people thought the malware was _good_ software. They would do whatever seems reasonable to them to install it. If it means downloading and executing something, or even entering an admin password, they would do it.

There have been windows viruses that spread via password protected zip files - victims would have to enter the password in the email to unzip the zipfile, then launch it. Many did.

The authorities should just be more active in prosecuting such cases of fraud. Because that's what the scareware scam is - mass fraud. Such scammers cause far more harm than that silly Brit who hacked into US military computers to look for evidence of UFOs.

Once you start jailing scammers the amount of spam we get will be less - because there's a fair bit of scam spam too.

[1] Linux isn't much more secure than Windows XP SP3. Fact is Windows XP SP3 provides better sandboxing than many Linux distros. When you launch some new unsigned program, Windows often prompts you to say that the program is trying to make outbound network connections. Ubuntu, Suse don't do that by default. They have apparmor and SELinux but if the average sysadmin finds them a pain to deal with, they're not suitable for even the more knowledgeable users.

I have made suggestions to Ubuntu and Suse to try to make sandboxing better (better than windows and anything out there that I'm aware of), but I don't see very much progress happening.

Re:

[arkhan_jg]

Out of interest, since you're running no AV/spyware scanners - how do you KNOW you're not and haven't been infected? I've seen all sorts of nasties that install and run silently. Including ones that don't require social engineering to install.

Firewalls protect against direct attacks, but they don't stop iffy attachments such as the latest .wri exploit, or exploits in the browser (and firefox isn't entirely immune either, though it's a lot safer than IE)

Linux offers a huge security advantage because it's bet

Re:

[wasted]

...Seriously, with 8 gig usb keys going for $30, and the ease of installing linux on one, 500 gig hard drives going for $70, or booting off a dvd if you're REALLY cheap, there's no excuse to surf the web using Windows. It's like having sex with a million strangers - you KNOW no amount of protection is going to be enough - you're gonna catch SOMETHING.

But think of the fun you'd have, especially compared with using Vista

Wait --- those strangers are all attractive females, right? Otherwise, it would be very s

Re:

[tepples]

Seriously, with 8 gig usb keys going for $30, and the ease of installing linux on one, 500 gig hard drives going for $70, or booting off a dvd if you're REALLY cheap, there's no excuse to surf the web using Windows.

I run Ubuntu on my Eee PC. But I run Windows XP on my other PC, and I can think of two excuses not to buy an 8 GB USB memory card or 500 GB external hard drive and switch to Ubuntu as my primary OS:

• My PC has on-board USB 1.1. I bought a PCI card with four USB 2 ports, but it died after about a year. For obvious reasons, I do not want to be limited to 1 MB per second throughput to /usr and /home.
• Two words: Broad Com. I don't want to have to replace loads of components just so that Linux can see all the har

Re:Old news

[techno-vampire]

I find that interesting. My laptop is almost 10 years old, with a PII 233 Mhz chip and maxed out at 96Meg of RAM, but I have Linux running on it. And, I've never had the slightest difficulty connecting it to the Internet or surfing the web. Either you have some very weird hardware or you haven't tried very hard.

Re:

[Hemogoblin]

Well you may not have problems with your hardware, but that doesn't mean others don't. Since we're giving personal anecdotes, I'll give you mine.

To give you an idea of my computer skills, I've installed Linux on three of my computers over the last 5 years, though I never really used it too much. I'm "fluent" with Windows. I have some experience with C++, so using the shell and so forth doesn't bother me too much. I'm not a developer or anytihng like that though. In other words, I'm pretty much the "best-cas

Re:

[techno-vampire]

Anyway, my point is that even though Linux is mostly awesome and everything mostly "just works", there are still some stuff that doesn't.

How well I know! I'm a regular on my distro's support forum, and I've seen lots of cases where Linux Just Didn't Work. However, I also know that I never see anything from all the people who install it and never have to ask. That's why I mentioned the possibility of "weird hardware." There will always be NICs, video cards, hard drives or whatever that are either so ne

Re:

[techno-vampire]

My point was that if Linux could get such an old machine on-line without any messing around (It Just Worked) it should be able to get a more recent machine going without any trouble, unless there's something weird about the hardware. (Quite possible, and that's why I mentioned it.)

Re:

[evilviper]

My point was that if Linux could get such an old machine on-line without any messing around (It Just Worked) it should be able to get a more recent machine going without any trouble,

It works exactly the opposite, actually. The older your machine, the more likely that your hardware has been fully fleshed out, and open source drivers are available and working reliably.

Do you really think that, somehow, the hardware in a laptop deteriorates and gets less reliable with age?

Re:

[techno-vampire]

Considering the (by current standards) small amount of RAM, I need a rather compact distro, and ended up with Puppy. It recognizes my PCMCIA NIC with no trouble, and the PCMCIA USB hub only needed a little tweaking to get working better than it ever had with Windows. That's my point, really, that unless you're using bleeding edge equipment, Linux almost certainly can handle it, especially when it comes to networking.

INCOMING CAR ANALOGY IN 3... 2...

[spazdor]

Do you really think that, somehow, the hardware in a laptop deteriorates and gets less reliable with age?

Not to be condescending or anything, but... yeah. You may notice the same thing happens with cars.

Re:

[techno-vampire]

Have you checked Puppy Linux? [puppylinux.org] You can have it create a special boot floppy that will find Puppy on the CD and start it. Don't know, though, if it can run on a 486, but it's worth a try...

Re:Old news

[the_bard17]

That's because the Linux community has collectively decided that *you* don't deserve to run it, so we put in special code to keep you off the 'net. It's better for everybody this way.

;oD :op

Re:

[tomhudson]

Nah, it's because "I've tried several distros and trying to use the internet is unusable on any of them." means that he didn't know where to clock get the flash player to get rckrolled.

And they didn't select "install all Windows media codecs from packman.de", so they can't watch streaming video ...

For many people, if they can't get youtube and can't play those wmf files their friends send them via email, it's game over ...

Re:

[dword]

How the heck can this be modded as Troll? Really, people, for most users, computers are simply tools, like VCRs and we expect everything to run out of the box (like it is when you just go to a store and pay and you get a computer which you can use for games and movies and internets - surprise, it's probably running Windows XP/Vista). Some people really don't have the time to tweak their operating system just to watch some movies or use their webcam on Yahoo! Messenger, etc. I have paid for two distros and -

Re:

[tomhudson]

Condoms and weekly STD tests...

Condoms aren't going to do squat about herpes simplex cold sores. Also, testing after the fact doesn't prevent STDs. Even prior testing doesn't - there's an incubation period.

It's like the trojan in the article that claims "You have nnn viruses" - once you see that, even if you inow it's a scam, you also know that your computer has been compromised. You can never be 100% sure, short of a wipe and fresh install, that there's not something else "ticking away under the hoo

Re:A fool and his money...

[Keramos]

I believe this is called Windows Live OneCare, right?

Re:

[networkBoy]

mmmm troll fishing...

I'll never run OSX 'cause I'm a cheap bastard who won't buy a Mac and doesn't pirate software. (which happens to be why I have only one Windows PC...)

Re:2 solutions

[Fnord666]

Now I will agree, the majority of people, regardless of age, is below average.

Here he demonstrates those math skills he was talking about.

Re:

[justinlee37]

It's tenacious grip on my XP install forced me to look for an alternative.

I don't see why you needed an alternative. Just backup your essential files, format your harddrive, re-install Windows, and bam! You're done.

Re:

[Frosty Piss]

I don't see why you needed an alternative. Just backup your essential files, format your harddrive, re-install Windows, and bam! You're done.

And spend a few hours reinstalling all the other applications you had installed?

Re:

[justinlee37]

Yeah, that's true. But sometimes there's only one way to kill malware. It helps if you keep all of your driver/basic application install utilities in a separate folder in your "essential files" group (which should be on a different drive than the operating system). Also, luckily I only have to do it once in a blue moon because, unlike the OP, I don't have any computer-illiterates mucking about with my stuff. Might change if I get married.

Re:

[Anpheus]

Is the FTC going to crack down on politicians now too? This is fantastic!