A failure of education - a user switches to Linux because he is "click happy" and "gullible"
I found this blog via Digg today, and I am shaking my head in despair. It is a classic example of a failure on the part of a technician to *EDUCATE* his client about the dangers of the internet instead of taking the easy way out via a wipe and reload, and a classic example of why depending on software for protection, without education, will always fail.
He says "With that said the big question, “How can I keep this from happening.” I didn’t have a real good answer for him. I’ve tried different virus scanners, firewalls, spyware programs and the like. He is too gullible when it comes to the internet. Then it struck me, he only surfs the web, email, newsgroups and downloading pictures from his digital camera. I had a solution all along."
I ask you this - why the hell did this supposed computer savy friend simply depend on 'virus scanners, firewalls, spyware programs and the like'? Any real security professional knows that safe-hex is just as important, if not more so, than whatever feel-good layer of security software is installed. All is fallable.
And why the hell is the user still "gullible" despite an admitted monthly wipe and reload of his OS by his Linux-loving "friend" over who knows how long a period of time. What does his Linux using friend do while reimaging the computer? Does his Linux friend explain how the victim is getting infected and why? Does he teach him safe-hex? As for the friend's question "how can I keep this from happening", some honest talk about what the guy is doing wrong and how he is being infected would likely have gone a long way towards resolving the situation. But sadly, in my experience, when asked such a question Linux fans, Firefox fans, Opera fans, MAC fans etc etc will generally brush off the question with "oh, well, Windows/IE is really insecure, swap to <<software X>> and you'll be SAFE" without bothering to take things further and teach about safe-hex.
The MAC world is starting to feel the heat of malicious web content such as codecs. Do you really think that a "gullible" MAC user will hesitate to enter an admin password and install a fake codec so that he can view his video of choice when he has been told, and believes, that he is "safe"? Do you really believe that a "gullible" Linux user will not hesitate to take the steps necessary to install a malicious codec so that he can view the video of his choice, especially a Linux user who is "an avid porn surfer"?
A safety sytem that is built on "oh, but nobody is targetting it" or "there are no viruses for <<whatever>>" is no protection at all in the end.
In case you hadn't realised, yes I am angry. I get angry when *any* software or operating system is held up as some sort of miraculous "If he gets a virus now, I will be REALLY SURPRISED" panacea, because I *know* that sooner or later that software or OS will be targeted, and if people are being herded to whatever alternative without being taught how to be safe then, in the end, they are in just as much danger as before they switched. You see, all it takes is *ONE* exploit for whatever they are now using, and they're screwed.