Ask Slashdot: What To Tell Non-Tech Savvy Family About Malware? 340
First time accepted submitter veganboyjosh writes "I got an instant message from an uncle the other day, asking me what was in the link I sent him. I hadn't sent him a link so I figured that his account had been hacked and he'd received a malicious link from some bot address with my name in the 'From' box. This was confirmed when he told me the address the link had come from. When I tried explaining what the link was, that his account had been hacked, and that he should change the password to his @aol.com email account, his response was 'No, I think your account was hacked, since the email came from you.' I went over it again, with a real-life analog of someone calling him on the phone and pretending to be me, but I'm not sure if that sunk in or not. This uncle is far from tech savvy. He's in his 60s, and uses Facebook several times a week. He knows I'm online much more and kind of know my way around. After his initial response, I didn't have it in me to get into the whole 'Never click a link from an unfamiliar email address' bit; to him, this wasn't an unfamiliar email address, it was mine. How do I explain this to him, and what else should I feel responsible for telling him?"
Re:i think your uncle is right (Score:4, Informative)
Re:Nothing (Score:5, Informative)
This used to be good advice, because Macs were such a small share of the market that the malware authors didn't bother with them. This isn't quite so true any more.
If you want to get them a platform that won't be targeted by malware authors for quite some time, install Linux Mint on their PC. As a bonus, it won't cost anything extra (unless they have some shitty printer that has no Linux support, but a new Linux-compatible printer is much cheaper than a new Mac). As an extra bonus, you can install the KDE version of Linux Mint and assuming they're coming from XP or Win7, they won't even have to learn a whole new GUI paradigm.
Re:Nothing (Score:5, Informative)
Most 'exploits' that get people these days are emails, etc, with fake notifications that get people to enter their login details for FaceBook, Gmail, etc. A Mac will not help for the majority of what gets people these days.
Re:Nothing (Score:5, Informative)
What he's getting at is that any OS on any computer is vulnerable to this sort of attack. Any OS at all that has a web browser: Windows, OSX, Linux, Android, iOS, *BSD, Solaris, whatever.
Once you click that link and enter your credentials, you are hacked. No resident virus required that has to hook your system via known attack vectors. Of course once you are hacked, it is much easier to get to that next step, if that's important to the attacker. But usually it's not, they're perfectly happy with your accounts.
Re:Your uncle's right (Score:5, Informative)
Have you ever heard of backscatter spam?
Spammers use bots to browse the internet and scoop up email addresses. Then they send messages with one of those addresses in the "From" header and one in the "To" header. If the messages go through, one person receives spam. If they don't go through, the other person receives spam. Either way, someone gets spam.
None of this requires much technical knowledge. I can make backscatter spam by filling in a registration form on any website. I just put your address in the "email address" field, and the site sends you a confirmation email, typically from a no-reply@whatever.com email address. So it's basically impossible to stop.
Backscatter spam works because it looks like it came from someone it didn't. It's why web sites shouldn't provide alerts for messages that weren't delivered and why "out of office" messages or messages to confirm addresses are bad. Because any bot (or any person, too) can fill in a form and turn your website into a backscatter machine.
Re:Nothing (Score:5, Informative)
Browser hijacks and browser vulnerabilities are exactly that, and have little to do with which operating systems they are being run on. Phishing attempts work on any operating system. My own operating system has been one flavor or another of Linux for many years now, and I have to be cautious. Mac, Windows, Unix, Solaris, Linux, DRDOS, MSDOS 6.22, - it doesn't matter which you are using if the exploit is aimed at the browser.
Re:Nothing (Score:5, Informative)
And where, exactly, do you get paid money to buy a Chromebook?
MacBook Air starts at $999 [apple.com] for the 11" version, so in order to save 1200 bucks, you'd have to be given $201 when getting the Chromebook.
Sounds like a really bad deal for the manufacturer to be honest.
Hi there, you must be very pedantic and love to point out how utterly moronic everybody else is compared to you.
Welcome to Slashdot!
You will fit in quite nicely here.
Facebook Spam (Score:5, Informative)
I'm surprised that no one's brought it up yet, but -- One of the most common spam email profiles that I get these days has the name of a Facebook friend in "From", my name in "Subject", and the body being just a single hyperlink. Pretty clearly, something is scooping up names of friends from Facebook (and recall email address is required there), so there's no need for any personal computer involved to be hacked. And I'm getting these things with the names of some friends I've never had any contact with except through Facebook, so it's easy to deduce that's the source. I would think.
Comment removed (Score:5, Informative)
Re:Nothing (Score:4, Informative)
I would have said the reverse. The menu bar being at the top creates modality that makes it easy to discover which windows belonging to a given application. In the Windows/X11 world, trying to figure out which application a particular window came from can be a usability nightmare... except for apps that are designed so that all of your windows are subwindows of one big window, which makes your second monitor useless.
Or SSH or iChat/Messages screen sharing. The latter makes more sense for home use, IMO.
Unless it is ancient hardware with a PS/2 mouse and keyboard, you can usually just plug their existing hardware into a Mac and use it. People aren't used to the box on their desk; they're used to the peripherals and the OS, and you're changing the OS either way.
Comment removed (Score:2, Informative)