Oh by the way, I really shouldn't have said "old fucks." Some young fucks have the same problem.
NoDeity wrote:Do you think it would be helpful to try to get them to use something like the AVG Free toolbar which rates pages (and therefore, presumably, the available downloads) for safety?
This is where I start to lose most people, since I don't believe in anti-virus in principle. Back to the analogies, anti-virus is like keeping a big list of names of people who are bad, and checking each person who rings your door bell against the list. The problem is that you can never have a complete list of names (anti-virus databases are continuously updated), and the fact that someone isn't on the list is not a sufficient condition to indicate that they are good. Someone walks up to you on the street and wants to take a peek at the contents of your wallet. You don't go and say "well, you aren't on my list yet, so go ahead."
Aside from that... With AVG specifically, I've seen it throw an alert upon starting Internet Explorer, claiming that some DLL is infected. Presumably the DLL got there somehow before, and so must have gotten past AVG already. So the damage the virus was capable of doing was already done (bank account info stolen, etc) between updates of AVG's database.
So long as computers continue to be as expressive as they are, viruses will continue to evolve, evade detection, and generally have the upper hand against users who rely on anti-virus.
What I advocate instead is 1) whitelisting and 2) sandboxing.
Whitelisting is easy, especially if you use a popular Linux distribution (one who has a reputation at stake). You simply install and update your software from the distribution repository.
For other downloaded programs, you sandbox them by running them under a separate user account from the one you use for important stuff. I have separate user accounts for:
- banking (including ordering from sites using credit card)
- web browsing in general
- administration (update software as root, etc)
If the "web browsing" context gets hijacked, I don't have to worry about revealing my bank account or other important information.
I am also suspicious of any software that is not available as sourcecode. So the typical EXE-only program you find on download sites always makes me nervous.
I think these two things, whitelisting (as opposed to blacklisting like anti-virus does) and sandboxing go a long way at restricting your exposure to viruses. The problem is it confuses people. People I talk to generally don't grasp the idea of having separate contexts on the computer for different purposes, or how a rouge EXE could expose your bank info to someone.
"Let us remember that no man can borrow money, as a good business transaction, under any system, unless he has the required security to make the lender whole in case he should lose the money. What a stupendous wrong is this—that a man having credit cannot use it, but must exchange it and pay a monopoly price, which is really for the privilege of using his own credit!"
Usery by Apex