Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Not even my immediate family is safe from malware….

November 23rd 2007 in Uncategorized

There’s my Dad, searching the net for an update to a particular specialist programme on his system; he finds what he wants, he downloads, he starts to install (we don’t know if he closed his Web browser first – I’m bettting not), he’s prompted to update *DirectX* and whammo, he’s hit with spyware.cyberlog-x.


  1. he doesn’t remember what the URL was that he downloaded the software from;

  2. he’s not sure in what order various events occurred; and

  3. IE’s history, just for today, has been deleted (an interesting symptom in and of itself) – IE’s history record for previous days is intact. 

The affected system is an XPSP2 system and my Dad fell victim to a standard combination of circumstance; a nice dose of social engineering, being confronted by a dialogue box that mentioned a name that was familiar enough to not be too scary, and not paying close enough attention to what he was downloading, and just as importantly, where from.

My father’s experience today, and our difficulties when trying to clarify exactly what happened and how it happened, combined with other interactions I have seen between IT and computer users, reminds me that the average user really doesn’t “get it” when it comes to working with IT staff.  They are sometimes their own worst enemies; not paying attention, and not recording what is, for us, essential information and not interacting well with their IT support.  The user mis-steps that I see happening most often are:

  1. The average user will not read the error message on the screen.

    There was the time a very grumpy person complained that somebody had changed his password, because he was sure he was putting it in correctly, but it kept failing.  It turned out that the true situation was that he was trying to unlock a locked screen and didn’t read the dialogue box that appeared after he entered his username and password which said (paraphrased) that “this computer is locked, if you proceed the other logged on user’s programs will be shut down and they may lose data”.  Instead, he assumed it was an incorrect password dialog, hit enter (which triggered ‘cancel’), pressed ctrl/alt/del, tried again, didn’t read the message again, hit enter again, rinse/wash/repeat.  After 4 or so tries he came to me to complain, and a lot of frustration could have been saved if he had read the dialogue box and acknowledged the warning by clicking ok instead of cancel….

    And this guy had an admin account – don’t let him near a server… please…

  2. Practice patience. 

    If the hourglass is spinning, it won’t do you any good at all to keep clicking; in fact, with some of the line of business applications that I support it will guarantee a crash.  Go and get yourself a tea, coffee, fruit juice or whatever and if the problem is still there when you get back, call IT and ask for advice.

  3. If the cursor turns into a hand, *single* click, don’t double click… again, I support some line of business applications that *will* crash if you double click instead of single click.

  4. If it doesn’t work the first time that you click, it won’t work if you click 2, 3, 5, 10 or 20 times. 

  5. Swearing at the computer won’t help – it can’t hear you.

  6. Swearing and being angry when talking to IT support won’t help either. Stress is bad for both of you.

  7. Sometimes a simple reboot is all that is needed to stabilise your system, especially if you leave it running 24 hours a day.

  8. It is not a good idea to delay rebooting after installing security updates if prompted to do so – to avoid weird problems and errors, please restart your computer when prompted, even if you’re really really really busy – it doesn’t take that long.

  9. “It’s been crashing for about a week, but I really need this report right now”.  

    Please call IT support before it becomes an emergency.  We don’t have crystal balls… we don’t discover that you are having problems via some sort of mysterious osmosis, and if you’ve left things for a week before calling us we have somewhere between “nil and buckleys” chance of working out what went wrong and why.  Also, it is difficult for us to minimise the frustration you’re feeling if you only call us after you’ve been “putting up with it” for a week, and you’re now seriously pissed off and ready to throw your computer (and your IT support professional) out the nearest window.

  10. “There was a weird message then it crashed”…

    “Ok, what was the message?” … <<silence except for the sound of crickets chirping in the darkness>> … “I dunno.  I clicked on ok, and now nothing works”. 

    If you experience a crash, stop what you are doing, read it and write it down, then call me.

  11. “I didn’t do anything!” …. sometimes, my friend, yes you jolly well did.

  12. If your thoughts immediately before clicking are anything like “maybe if I try this…” or if you feel a desire to close your eyes and cross your fingers as you click, then don’t click.

  13. “It has never worked!!” …. Ok, we’re dealing with the crystal ball thing again, aren’t we…

  14. Please, don’t try to fix it yourself.  You may “know a bit about computers” but if your efforts change a simple fix into a complicated procedure or an “easier to reformat” situation, you won’t win any friends, especially if you call IT and say “It’s been crashing for about a week, but I really need this report right now”.


Comments are closed.

Check out this URL:http://www.itnews.com.au/News/NewsStory.aspx?story=65660
See this quote towards the very end:
“In Australia earlier this month, a majority of Sensis websites including Whitepages, Telstra Bigpond and Yellowpages had to remove advertising on their site after a local security professional and Microsoft MVP discovered malicious malware embedded in the ads.”
For whatever reason, IT NEWS decided to omit my […]

Previous Entry

Posted to Shark Bait not long ago [:)]http://sharkbait.computerworld.com/?q=node/1902

Next Entry