Ask Slashdot: What To Tell Non-Tech Savvy Family About Malware?

First time accepted submitter veganboyjosh writes "I got an instant message from an uncle the other day, asking me what was in the link I sent him. I hadn't sent him a link so I figured that his account had been hacked and he'd received a malicious link from some bot address with my name in the 'From' box. This was confirmed when he told me the address the link had come from. When I tried explaining what the link was, that his account had been hacked, and that he should change the password to his @aol.com email account, his response was 'No, I think your account was hacked, since the email came from you.' I went over it again, with a real-life analog of someone calling him on the phone and pretending to be me, but I'm not sure if that sunk in or not. This uncle is far from tech savvy. He's in his 60s, and uses Facebook several times a week. He knows I'm online much more and kind of know my way around. After his initial response, I didn't have it in me to get into the whole 'Never click a link from an unfamiliar email address' bit; to him, this wasn't an unfamiliar email address, it was mine. How do I explain this to him, and what else should I feel responsible for telling him?"

Think up a meatspace analogy

[The MAZZTer]

In this case, let's say your uncle mails his letters by leaving them in his mailbox (I think some places let you do this) for the mailman to pick up. Now let's say a shady guy comes along and copies the names of people your uncle is mailing letters to, including yours, then sends him a letter purportedly from you asking him to loan you money by wiring it to a specific bank account or whatever.

Your NAME was involved but you had nothing to do with it, and the scammer found out your name from him.

Just make shit up

[Anonymous Coward]

Seriously. Show him a segment in the e-mail header and say that's proof his shit was hacked. He won't know the difference anyway.

Tagged as funny, but makes a point.

[mark-t]

Really, I can't think oi a good reason to presume that either account was actually hacked. What's evidently happened, however, is that both parties have had their email addresses harvested, using one (falsely) as a sender and the other as recipient.

Nothing

[Andy Prough]

Get them a Chromebook and save $1200+ off the price of the Mac and be done with it.

Re:i think your uncle is right

[Anonymous Coward]

Yeah, he's spot on.

Uncle hacked hypothesis:
- malware resides in uncle's PC
- malware looks through uncle's address book
- malware sends email not to the people from the address book (otherwise the summary would've told us), but to the owner of the machine it already infected pretending to be someone he knows... what for?

veganboyjosh hacked hypothesis:
- malware resides in veganboyjosh's PC
- malware looks through veganboyjosh's address book
- malware, with the objective to infect more machines, emails veganboyjosh contacts pretending to be him

Which one makes more sense?

Re:Fake one yourself.

[toygeek]

I did this once to prove the point to my wife. I made up some ridiculous email and then called her and asked her if she got it. She had. When I told her it was from ME, she finally got the point. The email was telling her she was a winner of free tickets to a concert for an artist that hasn't performed in a VERY long time. And I didn't have to telnet into a server to do it. I just set up my mail program.

Re:Nothing

[hendridm]

This used to be good advice, because Macs were such a small share of the market that the malware authors didn't bother with them. This isn't quite so true any more.

It is true that Macs are not (relatively) free from threats anymore, but damn, they sure have a lot fewer to deal with. No?

Get Rid of Windows and Install Linux

[RudyHartmann]

My dad got infected by some malware a while back. He had WinXP Pro. My brothers tried to help him to no avail. He doesn't do well with keeping his antivrus and malware stuff updated. The old guy also does stuff I've told him not to do too. So he got this malware infection that told him that the FBI had locked his computer and to send $200 to a site to unlock it. He freaked out. So I installed Linux Mint 13 KDE 32-bit on his computer. He hasn't had to worry since. He likes it because its also faster. My family thinks I'm free tech support and I was getting real tired of fixing their installations. Now my brothers and uncle have installed Mint also. Life is much simpler for me now. :-)

Re:Nothing

[Anonymous Coward]

Apple is twice on that list, with Windows software. If you dig down all the way to the original reports, you'll find "Available for: Windows 7, Vista, XP SP2 or later". Windows is still a more vulnerable platform. I'm not saying that OSX is invulnerable - just that the top threats are still for Windows.

Re:Nothing

[stenvar]

In my experience, switching people from Windows to Linux is a lot less work than switching them from Windows to Mac: pretty as it is, the Mac has just too many annoying differences and annoying little usability problems. My parents could never get used to global menus on the Mac, for example. And remote system management on the Mac is also harder (the best you can do is try and set up remote desktop access). And, of course, there is the obvious advantage that people using Linux can continue to use the hardware they are already used to.

(Besides, you seem to be off your Apple marketing script: I thought the party line among Mac folks was that Mac is UNIX but Linux is not.)

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Nothing

[Runaway1956]

Funny - my wife had little problem migrating to Linux, either.

She resisted initially. But, I talked her into trying it out. I explained that I didn't want to spend yet more money on a license to install an operating system, when I could install a free system on her existing hardware. So, she went along, and tried it out.

There were some questions over the first few days. Fewer questions as the first weeks went by. Almost no questions over the next several months.

Today, I find her doing stuff that I NEVER told her about. Believe me, she is NOT a techy. She has little idea how any of the components in her machine work. She is NOT the person you want to choose new hardware. But, she has learned her way around Linux pretty well, with little pain. Occasionally, I even see a terminal open on her desktop. Do I pry? No way. Let the old girl do whatever pleases her - just like I do on my own computer!

Of course, most of what pleases her is Pogo games and watching soap operas. Silly waste of resource, if you ask me, LMAO

Nothing

[DaveGod]

what else should I feel responsible for telling him?

Nothing.

Tech enthusiasts often get satisfaction from helping others in this way. But you should always understand that you are not responsible for doing so, and they should understand that too. If they are difficult or unappreciative, well it's not your problem. If they don't follow your advice, it's not your problem. Your goal in doing it is because it's a nice and helpful i.e. good thing to do; when it stops feeling like that then you're not achieving the goal, it's not really nice and helpful no matter what your intentions, how right you may be or how much safer they might be for following it.

If your uncle knew a lot about cars and you were going to buy one, would you consider that he was obliged to find you a good runner and teach you how to drive? Would he even go into lots of detail or just give a handful of key general points? Would you definitely follow his advice to the letter or would you take it on board and do what you want to do?

The best advice I've given is that if there's any kind of account then you do not use links in emails, go to the site normally. Seeing as he went about asking you what the link was, perhaps that might already have sunk in.

FYI an email with your address in the "from" and his in the "to" field doesn't offer any clue which has been compromised, or if anyone has. One possibility would be if anyone has sent one of those stupid "forward 1000 times and Bill Gates donates $1b to charity" with both of your email addresses.

Re:Nothing

[loufoque]

People like you are the real problem.

Computers are working tools, and manipulating a tool is something that must be learned.
Many people seem to be strongly opposed to trying to understand how a computer works to use it, but sorry, that's just the way things work. People not trained in the use of machine tools are not allowed to use them, it should arguably be the same thing for computers.