Ask Slashdot: What To Tell Non-Tech Savvy Family About Malware? 340
First time accepted submitter veganboyjosh writes "I got an instant message from an uncle the other day, asking me what was in the link I sent him. I hadn't sent him a link so I figured that his account had been hacked and he'd received a malicious link from some bot address with my name in the 'From' box. This was confirmed when he told me the address the link had come from. When I tried explaining what the link was, that his account had been hacked, and that he should change the password to his @aol.com email account, his response was 'No, I think your account was hacked, since the email came from you.' I went over it again, with a real-life analog of someone calling him on the phone and pretending to be me, but I'm not sure if that sunk in or not. This uncle is far from tech savvy. He's in his 60s, and uses Facebook several times a week. He knows I'm online much more and kind of know my way around. After his initial response, I didn't have it in me to get into the whole 'Never click a link from an unfamiliar email address' bit; to him, this wasn't an unfamiliar email address, it was mine. How do I explain this to him, and what else should I feel responsible for telling him?"
i think your uncle is right (Score:5, Funny)
you've been compromised, and now you're spamming /.
Re:i think your uncle is right (Score:4, Informative)
Re:i think your uncle is right (Score:5, Funny)
He couldn't be.
He is middle aged and knows better. He doesn't click on shit or go to weird sites. He also doesn't use IE. THerefore a AV scanner is not needed especially if you have a firewall. AV software is for wusses according to these folks and I am sure his 3 year old version of flash and 5 year old unpatched Java on his machine are no match to the mighty security of running firefox!
Don't believe me? Just ask any slashdotter who has not used Windows in 12 years. They know what they are talking about when it comes to Windows security as they post this all the time.
Re: (Score:3, Interesting)
Yeah, he's spot on.
Uncle hacked hypothesis:
- malware resides in uncle's PC
- malware looks through uncle's address book
- malware sends email not to the people from the address book (otherwise the summary would've told us), but to the owner of the machine it already infected pretending to be someone he knows... what for?
veganboyjosh hacked hypothesis:
- malware resides in veganboyjosh's PC
- malware looks through veganboyjosh's address book
- malware, with the objective to infect more machines, emails veganboyjo
Re:i think your uncle is right (Score:5, Funny)
If that is the level of reasoning among "tech savvy" people, then we're screwed.
veganboyjosh's computer wasn't hacked, and his uncle's computer wasn't hacked until the link in the email was clicked. Someone else, who had both of them in the address book, was hacked and, after grabbing the address information from that third person's computer, a Facebook account, an uploaded Android contacts list, etc., the botnet sent the malicious email "from" someone in the address book to someone else in the address book, because that's how you make fake emails look legit and apparently it's also how you dumbfound enough geeks.
Re: (Score:3)
Just here to point out something...
Malware has generally moved to sending mail to one contact appearing like mail from another contact in the same address book. Been seeing this for years. It's very possible veganboyjosh's computer is not infected at all. It could be anyone who has both veganboyjosh and his uncle in their contacts, which could limit it to another family member that isn't even aware they've been infected.
Re: (Score:3)
It used veganboy's email address. You can send an email from any address, there is no need to get access to any account for this.
The only way to guarantee that someone sending an email is really who he claims to be is digital signing, and for some reason no one uses it.
Fake one yourself. (Score:5, Insightful)
Log into AOL's SMTP server with telnet and make an email that looks like it's coming from your uncle. Show him how easy it is to fake, and that the "to" field is actually incredibly untrustworthy.
Re:Fake one yourself. (Score:5, Insightful)
Re:Fake one yourself. (Score:5, Interesting)
I did this once to prove the point to my wife. I made up some ridiculous email and then called her and asked her if she got it. She had. When I told her it was from ME, she finally got the point. The email was telling her she was a winner of free tickets to a concert for an artist that hasn't performed in a VERY long time. And I didn't have to telnet into a server to do it. I just set up my mail program.
Re: (Score:3)
Actually, jackass, she is a very intelligent woman, and in many ways smarter than I am. The point is that abstract concepts often need demonstration before they are well understood.
Re: (Score:2)
If the mail server is set up well, yes. But many aren't, and not everyone is on gmail or the like. When I did it, I was the mail server admin so I could do whatever I wanted, to be honest. This is why spammers go after breaking into legit accounts.
Think up a meatspace analogy (Score:5, Interesting)
In this case, let's say your uncle mails his letters by leaving them in his mailbox (I think some places let you do this) for the mailman to pick up. Now let's say a shady guy comes along and copies the names of people your uncle is mailing letters to, including yours, then sends him a letter purportedly from you asking him to loan you money by wiring it to a specific bank account or whatever.
Your NAME was involved but you had nothing to do with it, and the scammer found out your name from him.
Re: (Score:3)
Comment removed (Score:5, Interesting)
Uhm... No, it's just spam. (Score:4, Funny)
I don't see why you think his account has been hacked.
Someone simply sent him email with your address as the "From" address. Doing that is trivial, and spammers do it all the time.
Post your uncle's email address and your email address, and thousands of us here will send you email with your uncle's email address as the origin.
Go ahead, post both addresses. You can trust me. I'm "Anonymous Coward", and you've seen millions of articles from me which show my wide variety of expertise.
Re: (Score:2, Insightful)
Re: (Score:3)
Tagged as funny, but makes a point. (Score:5, Interesting)
Re:Tagged as funny, but makes a point. (Score:5, Insightful)
This was my first thought.
Specifically, harvested from a third party who has both the poster and his uncle's email address.
In other words, the poster, veganboyjosh, should be looking into his other relatives. His aunt, his nan & pop, his mum & dad, etc. First to see if they are receiving spam from each others' addresses, and to try to narrow down who has been compromised. Start with the oldest relative and work your way down.
Re: (Score:2, Funny)
No you aren't, you liar! You hacked my account! How dare you!
Re:Uhm... No, it's just spam. (Score:5, Insightful)
When the from and to names are people who genuinely know each other, it generally means that one or the other of them's address book has been stolen. Less frequenty, it may mean that a third party (that they both know) had their address book stolen. Subby doesn't think his address book has been stolen, so that leaves the relative as the most likely victim.
Who we think the most likely victim is maybe be another story, but his logic seems fairly sound to me, if we accept the initial assumptions...
Re: (Score:3)
Re: (Score:2)
That doesn't explain how the spambots knew to send an email purpotedly from him to his uncle.
It's possible one or both of their Facebook privacy settings are overly lax, allowing anyone to see their email addresses and friendship.
Re:Uhm... No, it's just spam. (Score:5, Funny)
I think you have accidentally hacked your own account.
are you sure (Score:2)
MOD PARENT UP (Score:2)
You can never be too sure, especially since the submitter thinks his uncle has been compromised.
Re: (Score:2)
kumanopuusan, I think PieceOfShitAndroid has hacked your slashdot account and is using it to ask people to mod his posts up.
Re: (Score:2)
How can you be sure it was PieceOfShitAndroid posting in the first place?
Re: (Score:2)
There is no spoon.
Just make shit up (Score:5, Interesting)
Seriously. Show him a segment in the e-mail header and say that's proof his shit was hacked. He won't know the difference anyway.
Create a non-admin account for them (Score:2)
Creating a non-administrator/root account for them should prevent the installation of most malware. DON'T give them the password.
And tell them that the Internet is like Mos Eisley: "It is a wretched hive of scum and villainy. We must be cautious."
Keep an up-to-date firewall and virus scanner like Norton. Turn on automatic updating for the operating system. And for the security software.
Hope for the best.
Re: (Score:2)
Norton? LOL.
From the fact that he's completely illiterate about computers automatically implies he already has Norton installed. That AND the fact he's on AOL.
It seems OP is pretty savvy, why not register a domain name for him and set up an SMTP account you can remotely administer. It doesn't mean he'll never have his email hacked, but he'd be less of a target.
Re: (Score:2)
Re: (Score:2)
Ditto, and OP would have to support them which is a pain in the butt. :(
never talk to strangers (Score:3)
Then simply explain the whole "never talk to strangers" bit and make comparisons to tech where possible.
Re: (Score:2)
If he asks and doesn't take your advice (Score:5, Insightful)
A person can ask for advice. They can act on it as they see fit. If your adult uncle ignores your advice, you are off the hook. Maybe you know what's best for him, but if he's asked you and doesn't believe you, there's nothing you can do. I know you wish you could help, but you can't. We sell computers to people who aren't IT admins with the implication that they don't need to be one in order to operate them. Sadly this isn't true, but it's beyond your duties as a nephew to try to disabuse him of this notion.
This answer is probably less than satisfactory, but the world is an imperfect place and our ability to change that is very limited.
Perhaps other Slashdotters have some Jedi mind tricks for you to try, but I'm not optimistic, based on personal experience.
Re: (Score:2)
The problem is that usually, in such a scenario, the relative/friend then screws up and asks you to fix it. Not wanting to fix it, after you've shown that you are well capable of it, will end up causing issues for you with said person.
If you could wash your hands of the whole matter, it wouldn't be an issue, but I've just about never seen a situation where this is the case.
"From" is like the upper left of an envelope. (Score:5, Insightful)
Tell him that the "from" that shows up in emails is like the upper left corner of an envelope.
I could write a letter, address it, and in the upper left corner write
And you could mail the letter. And the letter might even be delivered. But that doesn't mean that the President really sent that letter. It just means that whoever sent it claimed to be someone else when they were sending it.
Re: (Score:2)
Keep it simple. (Score:5, Insightful)
You don't have to explain the technical details of exactly how it is forged, what headers are, how SMTP works, how malware mines personal data, or any of that. If he cared about the technical details, he'd read up on them, and then he wouldn't need you.
Keep it simple: "email is very easy to forge."
Re: Keep it simple. (Score:3)
You don't want to give any technical details or use any terms like "smtp" or "headers". You don't want to try to fet them to understand the technical reasons, just the concept of how the sender address is just whatever is configured in the email client and no more a guarantee then what's written as sender on a traditional email.
I found the fastest way to get somebody to understand was by walking through configuring their email to send from a bogus address, it opens up their eyes faster then an expl
You're done. (Score:4, Insightful)
You are done.
It is not just non-tech savvy people that have this problem. My brother is, or so I thought, knowledgeable in the area of malware. One day I get a spam message sent from him, actually from his previous email address. I recognized that the message was also sent to quite a few people in his address book. After receiving a few more, I did a reply all to one of the messages, copied to his current email address and included a message that I hope you are not doing any banking or on-line shopping with that computer. His response was to send out a message to his entire address book asking people to set up their spam filters to ignore any messages from his old address.
I tried, I'm done.
The good news is that I now know of some juicy stocks that are going to really run up in price and three or four places where I can order some V1agra. Also, I was able to do all of my holiday shopping an a really great Russian sex toy shop. They even gift wrap! Everyone is going to be so surprised this year!
Again, you are done, move on.
Forget it (Score:4, Insightful)
You can tell a kid a hundred times that the stove is hot, he won't believe you until he burned his hand.
Tell him, if he chooses to ignore you, don't press on. You offered help, he declined, everything's fine. Sorry, but if ignorant people choose to reject the information they get from people who know more than them about the matter, you have to let the kid burn his hand.
Re: (Score:2)
Tell him, if he chooses to ignore you, don't press on. You offered help, he declined, everything's fine.
On the same line, you can tell him stories on the bees and flowers and crane birds and whatnot. There'll be a time when he'll learn the truth.
AOLOL (Score:2)
Really, you could have just said, "my uncle uses AOL," and that would have explained everything.
Joking aside, why did you use the telephone analogy? It's email, a postal mail analogy would have been perfect: it's as if someone sent him a nasty letter and printed your address in the top-left corner of the envelope.
As for what to do with his PC ... well, if he's just the typical "Facebook and email" user, install Debian or something and rename the desktop icons ("Internet", "Email", etc.). I put Ubuntu on m
Re:AOLOL (Score:4, Insightful)
Now imagine the software swears at you, too. (Score:2)
"What's malware?"
"You know how government officials tell you sweet things they'll do for you, so you vote for them, and suddenly you see your walled draining rapidly and all kinds of shit clogging up everything you do, and even after installing their 'fix', things keep running slower and slower and slower? Same thing but just on your computer."
This isn't "Malware". This isn't "Hacking". (Score:2)
This isn't "Malware". This isn't "Hacking". It's just Phishing.
Read this: http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201112_en.pdf [securingthehuman.org]
Explain that email was invented in the mid-70s and hasn't really changed that much. Security wasn't a factor back then, and its easy to write an email that appears to come from anyone.
Letters (Score:2)
My analogy is a letter with my name and address written in the return-address space. Does that guarantee that the letter's from me? Of course not, anybody could write that in if they knew my address, and all it takes to find my address is to look me up in the phone book.
You can't save em all Hasselhoff... (Score:2)
Advice (Score:5, Insightful)
I think the first thing to tell your uncle is that he should get his tech advice from a more tech savvy relative who doesn't automatically assume that a forged email is done by hacking someone's account.
What to tell your non-tech family about malware (Score:3)
It's bad, m'kay.
Get Rid of Windows and Install Linux (Score:5, Interesting)
My dad got infected by some malware a while back. He had WinXP Pro. My brothers tried to help him to no avail. He doesn't do well with keeping his antivrus and malware stuff updated. The old guy also does stuff I've told him not to do too. So he got this malware infection that told him that the FBI had locked his computer and to send $200 to a site to unlock it. He freaked out. So I installed Linux Mint 13 KDE 32-bit on his computer. He hasn't had to worry since. He likes it because its also faster. My family thinks I'm free tech support and I was getting real tired of fixing their installations. Now my brothers and uncle have installed Mint also. Life is much simpler for me now. :-)
I recently didn't get a job at a job interview (Score:2)
I said,"That's a great way to find business. Spam the world with phishing emails, and people who fall for it, you tell them they need your product.". He laughed and said,"That's like if we did mechanic work and went out and wrecked into people's cars and told them.we could fix it". I think it is different. I think it is more like finding people susceptible to an illness and
malware's bad ok? (Score:2)
Mom, pop, don't do malware. It's the opposite of goodware. So just say no.
I'm SO tired of this age crap (Score:2)
My buddy's dad is in his late 80's. Because the computer gave him tools he wanted to use (communication with a family out west, moving a whole lifetime of photographs, slides, 8mm and Super-8 movies going back over a hundred years into digital format, finding in mere seconds information that would have involved a trip to the library when he was a kid), my friend's dad learned how to operate a computer. And because he's the kind of man who does things properly, he took the trouble to learn how to stay sa
It's a psych problem actually... (Score:5, Insightful)
It has nothing to do with being tech savvy, smart, or old. This is the sort of news that people do NOT like hearing. You tell them their computer is infected and they get defensive because they don't want to hear they did something wrong. Even though we know it's very easy to get infected if you aren't paying attention and there are a lot of traps out there to get you, but most people do not know that.
And when you tell someone something they don't want to hear, what do they usually do? Yes, lash out at you in anger. Not unlike what the article person did, tried to turn it around and blame their friend.
Back in the early 90's, there was this local person that I did a bit a computer business with, so we knew each other decently. This one time I got a disk from him, and it was infected with the Stoned virus https://en.wikipedia.org/wiki/Stoned_(computer_virus) [wikipedia.org]. Well, it took me a bit to figure out what was going on, and that i infected a few other of my boot disks in the process (it was my first virus, how we never forget out first!). When i figured it all out and told him that I got a virus from him, he wigged out and swore that he never gave me a virus and blah blah blah. I was just warning him so he could check his disks, i wasn't blaming him for anything, yet his first reaction is to deny it happened.
You find this happens for most everything when there is a chance someone did something wrong.
Your Uncle Could Be Correct (Score:5, Insightful)
Your logic seems a bit off here.
The usual scenario for hacked account spamming is as follows: Spammer takes control of account (either via phishing, malware, or more rarely social engineering) then sends spam message out to everyone on the account's contact list. It's a great way to spam since a) the people you are sending to are usually real people and b) they will be more likely to click through since the message is coming from someone they know.
What I have not seen before is a spammer gaining control an account, getting its contact list, then sending a *single* message to that very same account from someone on that contact list. What could possibly be the point when you can do the usual trick above? Spam is a numbers game for the most part, and what you're proposing has happened seems to be one of the worst possible ways to reach as many people as possible.
I'm not saying you're wrong, but just that it doesn't quite add up.
Re: (Score:2)
What I've seen done is a spammer gets an address book from one compromised account, and then proceeds to spam people in that address list forging the names of other people in the list on the assumption that if they know the holder of the compromised account they likely know each other too. The idea is to minimize the number of malicious e-mails appearing to come from any given source, so as to avoid getting noticed. And if you've received a malicious e-mail and clicked on a link in it, you have to assume yo
Regarding email and the need to update (Score:2)
The no longer call me and complain. (Score:2)
I told them my hourly rate and when they complained I sent them to http://www.geekinpink.com/ [geekinpink.com]
The women adore them and if it all works out the uncle will go to jail.
Facebook Spam (Score:5, Informative)
I'm surprised that no one's brought it up yet, but -- One of the most common spam email profiles that I get these days has the name of a Facebook friend in "From", my name in "Subject", and the body being just a single hyperlink. Pretty clearly, something is scooping up names of friends from Facebook (and recall email address is required there), so there's no need for any personal computer involved to be hacked. And I'm getting these things with the names of some friends I've never had any contact with except through Facebook, so it's easy to deduce that's the source. I would think.
Nothing (Score:4, Interesting)
what else should I feel responsible for telling him?
Nothing.
Tech enthusiasts often get satisfaction from helping others in this way. But you should always understand that you are not responsible for doing so, and they should understand that too. If they are difficult or unappreciative, well it's not your problem. If they don't follow your advice, it's not your problem. Your goal in doing it is because it's a nice and helpful i.e. good thing to do; when it stops feeling like that then you're not achieving the goal, it's not really nice and helpful no matter what your intentions, how right you may be or how much safer they might be for following it.
If your uncle knew a lot about cars and you were going to buy one, would you consider that he was obliged to find you a good runner and teach you how to drive? Would he even go into lots of detail or just give a handful of key general points? Would you definitely follow his advice to the letter or would you take it on board and do what you want to do?
The best advice I've given is that if there's any kind of account then you do not use links in emails, go to the site normally. Seeing as he went about asking you what the link was, perhaps that might already have sunk in.
FYI an email with your address in the "from" and his in the "to" field doesn't offer any clue which has been compromised, or if anyone has. One possibility would be if anyone has sent one of those stupid "forward 1000 times and Bill Gates donates $1b to charity" with both of your email addresses.
Explain but don't start a blame-game (Score:3)
Give him a new mail account. And tell him not to trust anything, even if you sent it. And tell him that mails are basically electronic postcards that can be easyly searched, scanned and manipulated, even the sender and the reciever. If he's still with you, tell him a bit about mailheaders and look at them with him. ... Although I personally wouldn't bother going to much into the details of email, they are insane anyway, in my opinion. (The Type A email security incident you describe pretty much proves my point).
Clean his system, give him a fresh thunderbird install with a new account and - if he fell like doing this - set up an encrypted mail communication between you and him. Explain which part of that makes it a sufficiently secure means of communication and which part can still be compromised (his, your's or anybody elses system).
If he's a person who's usage patterns are covered by Ubuntu, offer to move his system to that. ... I got my daughter an ubuntu netbook for her birthday. The amount of hassle-freeness is refreshing. It does suck that sound and mic are causing trouble on Ubuntu 12LTS, but that's a minor tradeoff for the lack of headaches I've gotten in return.
Good luck.
Re:Nothing (Score:5, Informative)
This used to be good advice, because Macs were such a small share of the market that the malware authors didn't bother with them. This isn't quite so true any more.
If you want to get them a platform that won't be targeted by malware authors for quite some time, install Linux Mint on their PC. As a bonus, it won't cost anything extra (unless they have some shitty printer that has no Linux support, but a new Linux-compatible printer is much cheaper than a new Mac). As an extra bonus, you can install the KDE version of Linux Mint and assuming they're coming from XP or Win7, they won't even have to learn a whole new GUI paradigm.
Re: (Score:2, Interesting)
This used to be good advice, because Macs were such a small share of the market that the malware authors didn't bother with them. This isn't quite so true any more.
It is true that Macs are not (relatively) free from threats anymore, but damn, they sure have a lot fewer to deal with. No?
Re:Nothing (Score:5, Insightful)
This used to be good advice, because Macs were such a small share of the market that the malware authors didn't bother with them. This isn't quite so true any more.
It is true that Macs are not (relatively) free from threats anymore, but damn, they sure have a lot fewer to deal with. No?
Not anymore. Remember that story posted not so long ago?
http://thenextweb.com/microsoft/2012/11/02/microsofts-security-team-is-killing-it-not-one-product-on-kasperskys-top-10-vulnerabilities-list/ [thenextweb.com]
Apple is on that list twice (QuickTime and iTunes). Adobe is there a lot. No Microsoft products.
Feel free to bring the conspiracy/fraudulent research theories but really it's time people move on with old stuff.
Re: (Score:2, Interesting)
Apple is twice on that list, with Windows software. If you dig down all the way to the original reports, you'll find "Available for: Windows 7, Vista, XP SP2 or later". Windows is still a more vulnerable platform. I'm not saying that OSX is invulnerable - just that the top threats are still for Windows.
Re:Nothing (Score:5, Insightful)
None of the ten in your list are holes in operating systems; Oracle features prominently. The question is, how many trojans and viruses are there in the wild for the various OSes?
I'll believe MS is concerned with user security when they stop hiding extensions and stop mixing data and code.
Re:Nothing (Score:5, Informative)
Browser hijacks and browser vulnerabilities are exactly that, and have little to do with which operating systems they are being run on. Phishing attempts work on any operating system. My own operating system has been one flavor or another of Linux for many years now, and I have to be cautious. Mac, Windows, Unix, Solaris, Linux, DRDOS, MSDOS 6.22, - it doesn't matter which you are using if the exploit is aimed at the browser.
Re: (Score:2)
This used to be good advice, because Macs were such a small share of the market that the malware authors didn't bother with them. This isn't quite so true any more.
If you want to get them a platform that won't be targeted by malware authors for quite some time, install Linux Mint on their PC. As a bonus, it won't cost anything extra (unless they have some shitty printer that has no Linux support, but a new Linux-compatible printer is much cheaper than a new Mac). As an extra bonus, you can install the KDE version of Linux Mint and assuming they're coming from XP or Win7, they won't even have to learn a whole new GUI paradigm.
We have detected a suspicious transaction in your bank account. Please go to http://www.sitethatlookslikeyourbankbutisnt.com.ru/ [sitethatlo...snt.com.ru] and enter your username and password to confirm the transaction and also enter a brief description about why you think the OS you are running makes a difference here.
Re: (Score:2)
Phishing != "Malware".
Comment removed (Score:5, Informative)
Re: (Score:2)
That's funny, I never had to explain those things to my wife when I set her up with Linux. LibreOffice looks just like pre-ribbon versions of MS Office (or close enough that you can figure it out from the menus), KDE works much like Windows, and you don't need to know jack about UNIX filesystems or other innards to use a web browser and LibreOffice.
Re:Nothing (Score:4, Interesting)
Funny - my wife had little problem migrating to Linux, either.
She resisted initially. But, I talked her into trying it out. I explained that I didn't want to spend yet more money on a license to install an operating system, when I could install a free system on her existing hardware. So, she went along, and tried it out.
There were some questions over the first few days. Fewer questions as the first weeks went by. Almost no questions over the next several months.
Today, I find her doing stuff that I NEVER told her about. Believe me, she is NOT a techy. She has little idea how any of the components in her machine work. She is NOT the person you want to choose new hardware. But, she has learned her way around Linux pretty well, with little pain. Occasionally, I even see a terminal open on her desktop. Do I pry? No way. Let the old girl do whatever pleases her - just like I do on my own computer!
Of course, most of what pleases her is Pogo games and watching soap operas. Silly waste of resource, if you ask me, LMAO
Re:Nothing (Score:4, Interesting)
In my experience, switching people from Windows to Linux is a lot less work than switching them from Windows to Mac: pretty as it is, the Mac has just too many annoying differences and annoying little usability problems. My parents could never get used to global menus on the Mac, for example. And remote system management on the Mac is also harder (the best you can do is try and set up remote desktop access). And, of course, there is the obvious advantage that people using Linux can continue to use the hardware they are already used to.
(Besides, you seem to be off your Apple marketing script: I thought the party line among Mac folks was that Mac is UNIX but Linux is not.)
Re:Nothing (Score:4, Informative)
I would have said the reverse. The menu bar being at the top creates modality that makes it easy to discover which windows belonging to a given application. In the Windows/X11 world, trying to figure out which application a particular window came from can be a usability nightmare... except for apps that are designed so that all of your windows are subwindows of one big window, which makes your second monitor useless.
Or SSH or iChat/Messages screen sharing. The latter makes more sense for home use, IMO.
Unless it is ancient hardware with a PS/2 mouse and keyboard, you can usually just plug their existing hardware into a Mac and use it. People aren't used to the box on their desk; they're used to the peripherals and the OS, and you're changing the OS either way.
Re:Nothing (Score:5, Insightful)
People don't usually care what "application" a window belongs to; the fact that you care on the Mac is a holdover from the Mac's single tasking heritage (where the entire menu bar paradigm originated). What people do care about is that the menu entry they select operates on the document they are working on, and people get confused about that relationship on the Mac.
SSH isn't a good option because OSX command line administration is extremely obscure. iChat is mac specific.That points out another problem with switching to Mac: if you switch your parents, you really have to buy another Mac for yourself and set up Apple-related accounts and infrastructure everywhere. You can't maintain a Mac if you don't use one yourself, it is just too different.
I went down that road; bought a Mac for my parents and a MacBook and desktop for myself. It was a lot of work. In the end, the small benefits of OS X over Windows just didn't justify the big expense and work. A couple of machine generations later, my parents are on Linux, I'm back on Windows and Linux, and we're all a lot happier.
Re: (Score:3)
That points out another problem with switching to Mac: if you switch your parents, you really have to buy another Mac for yourself and set up Apple-related accounts and infrastructure everywhere. You can't maintain a Mac if you don't use one yourself, it is just too different.
Just switch your parents for ones using Linux then. Duh.
Re:Nothing (Score:5, Informative)
Most 'exploits' that get people these days are emails, etc, with fake notifications that get people to enter their login details for FaceBook, Gmail, etc. A Mac will not help for the majority of what gets people these days.
Re:Nothing (Score:5, Informative)
What he's getting at is that any OS on any computer is vulnerable to this sort of attack. Any OS at all that has a web browser: Windows, OSX, Linux, Android, iOS, *BSD, Solaris, whatever.
Once you click that link and enter your credentials, you are hacked. No resident virus required that has to hook your system via known attack vectors. Of course once you are hacked, it is much easier to get to that next step, if that's important to the attacker. But usually it's not, they're perfectly happy with your accounts.
Re:Nothing (Score:5, Insightful)
Even when you explain it to them, most of them are too dumb to understand it.
If you are a programmer, you are part of the problem. The user isn't dumb, s/he just has better things to do than become a Software Engineer just to use what has become an everyday appliance. The problem here is bad design, period. Accept that and maybe we can move on.
Needlessly complex tools (Score:4, Insightful)
People like you are the real problem.
You mean people who recognize that others have better things to do than waste their time learning a needlessly complex device? People like you are the reason Apple and Google are worth billions and you aren't because they understand design and you pretty clearly do not.
Computers are working tools, and manipulating a tool is something that must be learned.
So we should make tools intentionally difficult to use? I should have to learn a programming language to adjust the temperature on my thermostat? If someone cannot be trained to do a simple task quickly with a tool then the tool is badly designed. That is 100% the fault of the designer. While there is a learning curve to everything, it is a question of degrees. A tool that is unnecessarily hard to learn just because the designer could not be bothered to make it simpler is a bad tool. (and the designer of that tool is bad at design) Just because you can figure it out with sufficient effort doesn't mean it is a useful application of time and effort to do so.
Many people seem to be strongly opposed to trying to understand how a computer works to use it, but sorry, that's just the way things work.
So you know everything about how how an airplane works? You know enough to do all your own home repairs, no matter how complex? You know everything about engine repair and never need a mechanic? Of course you don't. Computers are tools and you can get useful work out of a tool without knowing all the details about how it works. In fact it would be a HUGE waste of money, brains and time for you to try to learn all of that.
People not trained in the use of machine tools are not allowed to use them, it should arguably be the same thing for computers.
I run a manufacturing company that uses machine tools. Very few of our employees know how to use even most of the features of them and yet they are able to do their jobs and do them well. They are trained on the bits that apply to their job and we try to keep those as simple as possible. They don't care about all the arcane details of the tools and they don't need to. If someone cannot be trained to do a simple task quickly with a tool then the tool is badly designed. Computers are no exception.
Re: (Score:3)
I'm not the one driving the plane, but I certainly expect that the pilot and his team certainly know how it works, yes.
I like work to be well done, so either I spend a lot of time studying the problem domain and attempt to do it myself once I'm confident that I can execute the proper procedures, or I contract a profes
Nothing (Score:4, Interesting)
Re: (Score:2)
That's pretty much true. You should only get a Mac if you're trying to do real work. For web surfing and email a Chromebook would be better for most non-savvy users.
Re:Nothing (Score:5, Informative)
And where, exactly, do you get paid money to buy a Chromebook?
MacBook Air starts at $999 [apple.com] for the 11" version, so in order to save 1200 bucks, you'd have to be given $201 when getting the Chromebook.
Sounds like a really bad deal for the manufacturer to be honest.
Hi there, you must be very pedantic and love to point out how utterly moronic everybody else is compared to you.
Welcome to Slashdot!
You will fit in quite nicely here.
Re:Did the message spoof your email address (Score:5, Insightful)
I consider myself pretty savvy, but I've been fooled a couple times by "fake" emails harvesting login credentials when I was tired and not thinking.
Both times I realized within minutes that I'd been had and went and changed the passwords immediately, but it's really easy to be fooled if you aren't paying attention.
Re: (Score:3, Insightful)
It's very hard to get fooled if you always think by default "it's a fake" and only revise that opinion after having convinced yourself that the mail is legit. Then the worst thing you might do when tired is to not react on a legitimate mail.
Re: (Score:2)
Re: (Score:2)
(...) there has to be some way the hacker knew to claim it was from you.
His uncle's address book, maybe? Sending emails from one address in the address book to another address doesn't make sense, though. How should the hacker decide which people actually have any kind of business with each other?
But here's a good scenario, and a quite valid one: His uncle used some sort of stupid "online holiday greetings card" service, one of those that need your email address and the one belonging to the recipient. Judging from the described level of knowledge his uncle has I wouldn't deem it
Re:Your uncle's right (Score:5, Informative)
Have you ever heard of backscatter spam?
Spammers use bots to browse the internet and scoop up email addresses. Then they send messages with one of those addresses in the "From" header and one in the "To" header. If the messages go through, one person receives spam. If they don't go through, the other person receives spam. Either way, someone gets spam.
None of this requires much technical knowledge. I can make backscatter spam by filling in a registration form on any website. I just put your address in the "email address" field, and the site sends you a confirmation email, typically from a no-reply@whatever.com email address. So it's basically impossible to stop.
Backscatter spam works because it looks like it came from someone it didn't. It's why web sites shouldn't provide alerts for messages that weren't delivered and why "out of office" messages or messages to confirm addresses are bad. Because any bot (or any person, too) can fill in a form and turn your website into a backscatter machine.
Re: (Score:2)
Re: (Score:2)
Not targeted enough. The chance that you get two identical emails from different sources and notice something's amiss is way too high. Plus too many people who know a thing about security would receive it and maybe warn their friends and relatives.
A much better way would be to set up some kind of service where someone has to enter his own and some other email address. First, you know who to target: The one stupid enough to use such a service. And you know exactly whose mail they would open. Make it some sor
Re: (Score:2)
Not targeted enough. The chance that you get two identical emails from different sources and notice something's amiss is way too high.
Not if they all know each other. At one place I used to work, people would forward emails all over the place, to both internal and external contacts.
If something was really funny or very relevent to the work, the popular people would see multiple copies as everyone sent it to them.
Funniest thing was that there was a poorly enforced policy about spamming, so nobody forwarded them to IT. If it was malware it usually got everybody before IT even knew about it.
Re: (Score:2)
I think this is mentioned, but nothing mentioned indicates either party was hacked. The from part of an email can be forged as easily as the from address on a piece of stationary. That email could have come from anywhere in the world and anyone. The only thing we can gather is that the spammer somehow connected the submitter's name with that of his uncle. It could have been either side, or a public mention of both addresses, or a third relative getting hacked that has both of you in their contact list. The raw headers *might* be able to tell you if it came from an aol email server but that still doesn't itself tell you who sent it.
"Once is happenstance. Twice is coincidence. Three times, it's enemy action."
If someone's got your email address and the address of someone you correspond with, and sends bogus emails to the correspondent with your return address, someone's been compromised.
Re: (Score:2)
You joke, but some people actually run into big problems with such things.
Like a friend of mine who happens to live in the small Austrian village "Fucking" [wikipedia.org] (despite the name the link is safe for work). I'm dead serious, a google picture search will provide the proof that this town exists.
Do you think he can order ANYTHING online? He doesn't even make it past the spam filter.
Re: (Score:2)
Obvious sister city candidate:
http://en.wikipedia.org/wiki/Intercourse,_Pennsylvania [wikipedia.org]