The antivirus paranoia culture

Recently, I’ve spent some time looking at the computer section of Yahoo! Answers, and it’s a fascinating place from a sociological perspective. If the questions and answers popular there are indicative of what common attitudes and practices are among Windows and Mac users, then this is how a typical user operates:

  • Install free antivirus software
  • Install Limewire and use it to download copyrighted songs and movies as well as software cracks.
  • Run as administrator all the time (no limited user account).
  • Get infected with a virus or rogue.
  • Ask for suggestions about a better antivirus.
  • Consider that maybe paid antivirus solutions may be more effective than free ones.
  • Consider that Frostwire may be safer than Limewire.
  • Switch antiviruses.
  • Switch P2P application.
  • Get infected again.
  • Try to remove the infection with MalwareBytes.
  • Spend hours trying to remove infections with various other programs.
  • Eventually give up and reformat entire drive without backing up files.
  • Continue cycle.

There also seems to be a popular misconception that Windows’ malware problem has to do primarily with its popularity and not any flaw in security (like running as administrator by default all the time). So when a trojan (which requires user stupidity, not a flaw in the security of the operating system) appears for Mac OS X, the Windows users on Yahoo! Answers say “Aha! See? Macs get viruses too. They’re no more secure than Windows” and the Mac users on Yahoo! Answers say “Oh, no. What antivirus should I use to protect my Mac? I thought Macs were immune to viruses.”

I hope you see the problem here. Antivirus software companies may not be so nefarious as to actually create viruses (though maybe they do—we don’t have any irrefutable evidence either way), but they have definitely created a culture of paranoia and not just healthy fear.

Most computer users are paralyzed when it comes to security. They have no concept whatsoever as to what makes a computer secure or insecure. They just think “If I run ‘the best’ antivirus software, I can do whatever I want and my computer will be safe.”

Yet, I’d be willing to bet that most of these people would be better at spotting a fake valet before handing over the keys to their cars and would know better than to actively seek out burglars to give out their bank ATM cards and PIN codes to.

What can we do to turn around this culture of paranoia and turn it into proper, healthy fear properly channeled through education and good practice?

I used to be part of this culture, back when I was an exclusive Windows user. I got malware of some kind and panicked. And I thought if I just got a “better” antivirus and changed from Internet Explorer to Firefox that my security would be so much better.

It wasn’t until I got more familiar with the worlds of Mac OS X and Ubuntu that I realized privilege separation matters. Yes, it’s theoretically conceivable that malware could infect a limited user account if it were designed that way, but if it did and was detected in a short amount of time, then it could be easily removed. Malware as it is now thrives because it digs deeply into the Windows system files so that booting into safe mode or trying to use system restore to get rid of it isn’t enough. If you use a limited user account, no system files will be affected, and if malware were ever designed to affect a limited user account, you could just delete that account and carry on.

More importantly, the paranoia comes from a total lack of understanding about how computers become infected with malware. They have the same understanding of computer diseases that “doctors” had about human diseases centuries ago. It’s a bad humor. It’s punishment for doing something evil. It’s not germs you actually have to come in contact with.

A lot of malware comes in not through software flaws but through user flaws. Social engineering is a great way to get malware installed because Microsoft, Apple, and Linux developers can do nothing about it through better programming. If you can trick the user into installing “the codec you need to watch this video” or “this pirated version of iWork” or “this cool new software,” then any kind of built-in security goes out the window.

Couldn’t these users who suffer from such paranoia and ignorance save themselves a lot of heartache if they did a few simple things?

  1. Use a limited user account in Windows
  2. Take ten minutes to read up on social engineering and how not to be a victim of it
  3. Back up personal files regularly
  4. Use Norton Ghost or Acronis True Image to image a working installation so a reinstall wouldn’t take so long
  5. Install system security updates

The way a lot of people run their computers, it’s like having rampant unprotected sex and then getting an HIV test every six months. That won’t stop HIV! Get a condom! Computers have condoms too, even though Microsoft doesn’t make them very easy to put on.

13 comments

  1. Spot on, good post. Two points I’d make.

    The limited user account in Windows XP is an absolute nightmare to use. Even as someone who knows better. I tried it and ended up abandoning it. It’s horribly designed, of course, but more importantly, things just don’t work. It’s completely hideous. Vista is at least better, though unfortunately a lot of people turned UAC off because Microsoft screwed the pooch so badly in implementing that. Totally inexcusable, when Linux and OS X have had that sort of thing properly implemented for so long. But having that on as a default is at least a step in the right direction. Hopefully they’ll continue to move forward with Windows 7. I’d love to see them require a password instead of just clicking a prompt, but whatever.

    As far as image backups, how about some open-source love with Clonezilla? It’s not quite as user-friendly as Ghost or True Image, maybe, but it’s pretty simple to just do an image backup, and it’s free. It’s what I use to backup up my computer and my girlfriend’s.

  2. ~~~~~
    I’m not certain you know what you’re talking about.

    1. Use a limited user account in Windows – If I’m a limited user, I can’t install things, so what good is that?
    2. Take ten minutes to read up on social engineering and how not to be a victim of it – I don’t have time to read right now … I’m downloading my $50 OEM copy of Vista … I don’t have time to socialize, anyway.
    3. Back up personal files regularly – I don’t see what good backing up can do … it just puts me farther away from the keyboard and makes it harder to type.
    4. Use Norton Ghost or Acronis True Image to image a working installation so a reinstall wouldn’t take so long – Look, I’m not interested in a seance (what does that have to do with computers, anyway?) and I don’t have time to start drawing stuff … I told you, I’m busy downloading my $50 OEM copy of Vista!
    5. Install system security updates – Don’t you know that ‘update’ is when you ditch your girlfriend for her richer, prettier sister … and ,what does my social life have to do with my computer, anyway? (Uh, I’m too embarrassed to buy condoms … people stare at me.)
    ~~~~~
    While that was kinda fun to write, it’s not that far off the mark for some of the support requests I’ve had in the past. Item 3, in particular, is an almost verbatim replay of more than one support call.

    I’ve long maintained that if the Internet is an information highway, users should have to qualify for a driver’s license before they’re allowed to get access to it. And, perhaps, even before they’re allowed to buy a PC. Don’t expect it’ll ever happen, but I can dream, ya know?

  3. To install a new system isnt that big issue, aint? If it was infected, this is more easy, than searching and repairing. A backup CD (or DVD) with important datas, in a way stored (directories), so thats easy to copy again on harddisk – is it more than a day of working to install a new system?

    Or is it, that i think in this way, because i used windows more then seven years?

    At first, i got problems on my old pc using linux, many crashes, nothing worked at all and i couldnt use ubuntu or openSuse, with 192 mb ram. Now with a new PC i tried OpenSuse, and am just Fedora: Whats that with SELinux on fedora? I was having issues about updating or installing software and it was like a tilt. Okay, away with it. I am about to try ubuntu today. OpenSuse already works fine.

    At the beginning: I recognized that limited user privileges and just typed in “chmod 777 / -R” once, and since then nothing worked on that linux system. Lol. It was something a question, why I, THE USER cant change easiest things on MY COMPUTER.
    Then i got more familiar with sudo or sudo -s and to work from console. Okay, that works. I just dont need to change system, when the linux system (like opensuse, ubuntu etc.) works fine. Debian? Where is firefox? I was having problems to install firefox: It noticed, that theres a too old gtk+. Okay, debian out.
    At all, this is unix. And so i can arrange and know, that i am on a safe site. Thats okay.
    At windows? – i dont know, its like a condom with small holes, aint? Some surface, looks safe, but no deep convince.
    It looks like a cheap copy of linux.

    I know a guy, who uses antivirus on XP, but he s so paranoia awakened, that he also will never install software from specific sites, like mentioned in this article. So whats the reason to use antivirus for him? Lol.-

  4. Hey, I enjoyed your post and just wanted to say that your blog is quite the antithesis of mine… you’re a sister blog, if you will. I write about Linux and my personal political swingings which probably disagree with yours, judging by your tagline, except the racism thing.
    But you get the point. I’ll probably be coming back; it’s interesting to see a blog like yours (very similar writing style if I do say so myself, also), even if I probably won’t always agree.
    But I do on this point.

    Also to the former poster: Debian uses a program called “IceWeasel” instead of Firefox. Firefox has copyrighted images, so Debian swaps out the images and rehosts it as IceWeasel.

  5. I don’t ask that everyone agree with me. In fact, I would guess most of my readers don’t agree with me. That’s cool. It’s all about reading and sharing and exposing ourselves to other perspectives. Thanks for reading.

  6. I could not have worded it better. I have been a computer technician for years, as well as many years in the field troubleshooting WAN’s, and I have to say that you are very close to the mark. I used to be the same way, but learned from going to hundreds of homes that you can tell what is wrong before even touching the computer. The more computer illiterate the user, you can almost bet, the more messed up the pc. Limited use is a GOOD thing, though it wouldn’t do much for my job security.

  7. Sounds like an advertisement for Vista…….
    On the other hand, Microsoft appeared to acquiesce to the Mac users and idiot Windows users who believe them, that UAC is a bad thing as they were developing Windows 7. They were going to ship 7 with UAC turned down to the point where it was insecure. It seems that they have backed off of this bad course of action. Virtually *every* secure OS has this feature. You never run as root on a Unix system – that is what sudo is for. I think that dumb users get what they deserve. I just wish it didn’t affect all of the rest of us by their malware using up our network bandwidth. Behavior is perhaps the biggest contributor to susceptibility.

  8. The argument that not running as administrator is safer is bogus. If malware attacks my computer it’s looking for *my* information not Windows’. If malware trashes just my files and not the OS how am I better off? I have a disc with Windows on it and another disk with drivers on it. If I don’t have backups of my data (how many people actually back their computers up?) then I am left with an intact OS and none of the pictures of Cousin Susie’s Wedding or my latest term paper.

    Yes running as administrator is stupid without additional controls. I have commercial antimalware software and some trusted freeware that scans for specific malware, I dont use internet explorer unless I have to and I have noscript on. I don’t use p2p software for anything other than downloading things like Linux with bittorrent — and — if you’re getting viruses with p2p software chances are you’re doing something you shouldn’t be doing in the first place.

  9. Ubuntu isn’t perfect by any means.
    But it has Windows beat in two places.
    First, it’s free to download/install/use.
    Second, not many viruses are native to Linux!
    For those reasons alone I will stick with it.

  10. You need a bigger font god damn you. What the hell is the matter with you? Oh zoom in you say? WHY SHOULD I!!!

  11. Just ran rkhunter:
    Should I be concerned about this:
    erforming system configuration file checks
    [08:32:41] Info: Starting test name ‘system_configs’
    [08:32:41] Checking for SSH configuration file [ Not found ]
    [08:32:41] Checking for running syslog daemon [ Found ]
    [08:32:41] Checking for syslog configuration file [ Found ]
    [08:32:41] Info: Found syslog configuration file: /etc/syslog.conf
    [08:32:41] Checking if syslog remote logging is allowed [ Not allowed ]
    [08:32:41]
    [08:32:41] Performing filesystem checks
    [08:32:41] Info: Starting test name ‘filesystem’
    [08:32:41] Info: SCAN_MODE_DEV set to ‘THOROUGH’
    [08:32:42] Checking /dev for suspicious file types [ Warning ]
    [08:32:42] Warning: Suspicious file types found in /dev:
    [08:32:42] /dev/shm/pulse-shm-3529839246: data
    [08:32:42] /dev/shm/pulse-shm-3000754412: data
    [08:32:42] /dev/shm/pulse-shm-658733529: data
    [08:32:43] Checking for hidden files and directories [ Warning ]
    [08:32:43] Warning: Hidden directory found: /etc/.java
    [08:32:43] Warning: Hidden directory found: /dev/.udev
    [08:32:43] Warning: Hidden directory found: /dev/.initramfs
    [08:32:43]
    [08:32:43] Info: Test ‘apps’ disabled at users request.
    [08:32:43]

    Thnx

Leave a comment

Your email address will not be published. Required fields are marked *