Zotob worm

As I have said in the past, Windows is an OS for the technically illiterate, it is designed so that older people and home users in general can use it to do their banking, bill paying, keep in touch with relatives, etc. without having to actually learn anything monumental and to simplifiy the office environment. Those who are technically illiterate also tend to be more trusting, they equate people on the internet with people that they meet in day to day life and don't really want to believe that there are people who would do harm to them or their equipment for no other reason than just for kicks. Let's face it, no matter what OS you use there are vulerablities. You can put locks on the doors but if a burgler wants into your house bad enough he is going to find a way in. A lock is only good to keep honest men honest....

I have to say, the best version of windows ever made was Win2000. I preferred that to XP, which I find to be a piece of shit. Unfortunatly for the games I play I must use it. No other OS is supported.

I do like my Mandrake as well, don't get me wrong. I just do not feel it is as good of a gaming console as Winblows.

Do I want these worm-coders caught? You are god damned right. I would honestly turn in my friend if he told me he intended to make a worm/virus or any other type of invasive software public. Would not give it a second thought. On the same page...if you are going to be in trouble for it, you might as well do your best at it.

I consider it a slap in the face that some nose-picking kid is writing these and thinking it is a joke to email it out. I don't care what age you are, if you find that funny it is on the same scale as laughing at farts and you obviously have not finished puberty yet and are therefore a kid. Well, then again I understand Cot enjoys a good fart or two. In any case, you get the gist of it.

It is almost as bad as that @ echo crap thinking if they spam it enough and then make it an executable batch file it is cool. I have one word, and I think some will agree with me on this....Fucktards.

If your issue is over the "look and feel" I believe you can choose to view Win XP in "Classic Mode"

If it is over what is under the hood, then ignore that.

[snip]

It's about the "under the hood" Cot. I know how to change the GUI settings in XP, but thanks for the help lol. If only they added more types....without having to pay. I mean the OS IS 300 dollars a liscense, the LEAST they could do is give some toys and include "tweak ui" without you having to search for it.

I feel 2k is more stable and I prefer it's command lines to XP's poor excuse for being.

Anyway...I think that sums it up.

Disagreed. What it really comes down to is that they don't equate the Internet in general with real life. People throw out physical junk mail all the time - but if it's spam from that nice Nigerian man who wants to give you thirty million dollars in exchange for all your banking details, that merits a reply. Here's someone offering to refinance their house at 0.7% interest if they just click on the little icon at the bottom of the email. And, of course, any purple gorilla you're ever offered for free to make your Internet experience that much better will never, ever come with any strings attached.

See, if they actually equated them with the people or situations they encounter in real life we'd be better off. Most people periodically change the oil in their cars; why is it so fucking difficult for people to just keep their fucking computers fucking patched? Because it's not real-life to them. The Internet, and the computer, and everything associated with them are so abstract that they're not seen as systemic or having real-world consequences. They're vaguely aware of the fact that something's not right, but because it's not on a par with the transmission blowing at 70mph on the freeway, it's not important.

It's easy for us to sit back and criticise, but most of the world just doesn't think in the same terms about computing as most of us do. The shit that drives us crazy is, to most people, both so abstract and commonplace in their world that they can't see why we get upset over it. Sure, maybe if they lose something they're working on, or pictures of the cats, or some MP3s they care - but that's only momentary because they can quantify a loss; that's the real-world consequence to them. The technical details of how that loss occurred, or why it's bad to let the thing causing the problem get a foothold in the first place, are totally lost on them.

Seriously, I really wish more people would just take the three-tenths of a second to evaluate that what they're being asked to do makes sense before clicking. While not stopping the problem completely, it would go a long way towards mitigating it somewhat.

xp seems to work great for me.. whatcha doin wrong?

Not doing anything wrong, I just hold the belief that 2000 is more stable, and is most definitly quicker. This is proven every time you look at the requirements for a game.

Here is an example: Battlefield 1942 requires 128MB of ram on 95, 98, 98SE and 2000. It requires 256 on XP.

You are so VERY right about this skroo. Although this little story is slightly different, it is along the same lines. My former boss had an older laptop that crashed one day. I pulled the hard drive out, bought a drive kit and tried to get into it that way. Nope. The platters were clacking a little bit. It was bad. Eventually, he got another one. I had told him from the first one to never put anything of his own stuff on it. Just use the computer as a "processor of work" - install just software on it. All other things should be on an external hard drive, which in turn could be backed up on the laptop. So, this new laptop was bought about 4 months ago - top of the line sleek, thin lightweight Sony Vaio. What happened? Knowing him with his stupid buddies always sending him porn shit, he probably got a virus and although the drive still works, he couldn't get into anything. Long story short, he still has a wonderful working Sony, but lost a good chunk of info.

This would be a little understandable if it was personal, but he owns two small businesses and he is running them from these laptops. He still didn't learn from the last time. Sometimes people just don't get it.

I agree with you about people throwing out physical junk mail all the time, but physical junk mail doesn't infect the mailbox, either. Let me offer a scenerio to illustrate my point: Mr. and Mrs. Jones get a computer that is given to the as a Christmas present so they can keep in touch with "Johnny" who is serving in Iraq. They have no previous computer experience, they learn the basics at the local community center class or through a ten hour "Introduction to Computers" class at the local community college. This is the extent of their computer knowledge. When someone offers them a cute little purple gorilla that will make their online experience easier for them by remembering their passwords and credit card information, they jump right onboard. Why? They do it because they simply do not understand the dangers involved. We know what we are looking for...most of the time in regards to virii, spyware, worms, or other types of malware. These type of people do not. They don't understand that by allowing a virus to live on their HD that they are spreading the virus to "Johnny" with their very next e-mail to him. When the nice Nigerian man sends them an e-mail asking for their banking information a lot of people are motivated by greed, some are motivated by a genuine desire to help another human who presents himself as being in a bad situation that is not of his own making. He presents himself as being the victim of a repressive government, playing on the sense of fair play that these people would have. People like this fall for scams all the time. They are the ones who lose their retirement funds to the guy who comes to their door offering to fix their roof or repair their driveway. They are simply decent, trusting people, who couldn't begin to imagine that someone who is truely evil could harm them through the computer that they have sitting in their living room.

These are the people that we should be looking out for, and I know many of us do.

Knowlege is power, and with power comes responsibility.

In a sense, it does. It still has to be thrown out, same as the electronic variety. Similarly, I could send out ten thousand suitably-worded postcards or make ten thousand phone calls ultimately requesting the recipient's personal info in exchange for something - and I'd be willing to bet that at least 1% of them would make it back. Expanding on that...

Right, but that was pretty much my point - that they don't equate it with 'real-life' threats. They don't think, "my credit card's in my wallet; if I need the number, why don't I just go get the damn thing?". To most people (and I'll have to see if I can dig up some of the studies that were done on this), the computer literally is a separate world to them.

Put it this way: how many times have you heard someone complain that their machine is running slowly? Probably quite a few. OK, now in each of those instances, how long have they lived with it for? Probably quite a while. And after going in and getting to the root of the problem (in this case, we'll say it's the typical Windows virus / spyware infection), in how many cases have they said that they didn't really care all that much, just that it was kind of annoying? Probably a decent percentage of them.

Now try to explain to them that this is a threat. Not something that's going to cause the machine to explode while they're in front of it, but a very real, very credible problem with consequences beyond simply making Excel take longer to start up. Chances are that they really won't care all that much. Yeah, it might've taken four hours of your time to clean it up, but as far as they're concerned it didn't do any tangible harm - and because there's no tangible harm, they just can't relate.

True, but as you pointed out, they may also have been just as easily scammed by the guy who came to their door offering roof repairs. Whether it's a Nigerian advance fee fraud scam or someone looking to sell aluminimum siding that never shows up, the method of delivery is largely immaterial because the issue is that some people don't assess the situation they're about to put themselves in. I'm not talking about analysing every last little move that they make, but if someone came up to you in the street and said, 'hey, I'll give you the keys to that Maserati over there if you'll just tell me your name, date of birth, address, telephone number, SSN, and credit card numbers', you'd walk away. For some reason, though, when it happens electronically, common sense goes right out the window. It has nothing to do with being a good, bad, greedy, or altruistic person and everything to do with perception of the environment.

My question is this, what are some good approaches to getting it through to them that this is a threat to them and others? As a helpdesk tech, I face this every day and still have a difficult time getting them to understand this without making them hyper paranoid about it, to the point they won't do their work.

Identify personal motvations of your target.
Provide examples of how they lose something they are motivated to keep or
provide example of how they can gain something they are motivated to have.
If they are rational and understand, they can see value in learning.

Totally agreed on this. These are core components of creating a Security Awareness Training program. If you can talk to the users on their level as to what liability to which they are exposing themselves, you may find that your users will adapt their behavior and stop being so careless.

<imho>I know I may catch some flack for this one, but for me, proper INFOSEC starts at the user level. It doesn't matter how many technical and physical controls you put into place, if your users don't follow stated policy, or actively circumvent it due to unnecessarily restrictive policies or lack of knowlege, you will not have the kind of security you want and need.</imho>

No matter how you view it, though, proper Security Awareness Training will go a long way in any organization.

The problem is that its not even always from a poor Nigerian man. My grandma is constantly tricked with the worms that use the send address of other people in her address book. Really the only thing that is going to fix problems like that is a widespread security awareness. Without knowing what the topic and body of something like that looks like it would be pretty simple to trick most people.

The problem worsens because there will never be a widespread way to spread information that would help people to realize how certain e-mails are formatted. That makes a group of people who will be a constant target for worm authors, but there is just no way to fix it.