Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

A Security Guide For Non-Technical Users? 274

kin_korn_karn asks: "Like many of you, I am the family IT department. I cannot convince my parents to follow proper PC security procedures. I'm not talking about enterprise-level things such as card swipes and fingerprint scanners, just simple measures like logging off of the PC when it's not in use. They, like many people of their generation, seem to be willing to sacrifice security for convenience, as long as their real data isn't being impacted. I can't seem to get it through to them that it's only a matter of time until they are. Since my own arguments aren't working, I need documented proof to back it up. Can Slashdot offer up some kind of arguments or information that I can use?"
"Does anyone know of a guide to IT security that:

a) Is written for a non-technical audience, but is neither condescending nor overly 'soft.'

b) Defines the various terminology (trojan, virus, zombie, etc.) clearly.

c) Explains what threats each security measure protects the user from.

d) Uses cases and examples to demonstrate the before and after scenarios, like: 'Jane's credit card number was intercepted via a non-encrypted connection. She started looking for the padlock symbol on her browser's status bar. Now, her credit card number looks like this: @*#(!@($).' (That's just an example, by the way)

It's the content that's important not the media, so your suggestions can be anything, be it an online document, multimedia presentation, or a print book."
This discussion has been archived. No new comments can be posted.

A Security Guide For Non-Technical Users?

Comments Filter:
  • by Anonymous Coward on Friday November 03, 2006 @05:08PM (#16709639)
    you should go outside and play catch with your son.
    • Seriously. This is perhaps one of the best posts I've ever seen on Slashdot.
    • Yeah, I've heard the same stuff from my family... "what do I care if somebody watches what I type" "I don't care if somebody reads my boring email or looks at pictures of my grandkids" etc. Drove me nuts!! I patiently explained "well, your system could be zombied and you'd be spreading spam, be a hopping-off point for hackers, a drop-box for software, etc." but it just never registered.

      I finally figured that I could either 1) go hardcore admin and completely lock down their PC to the point of only bare func
      • buy them Macs and quit worrying. I took the easy way out w/some old tangerine iMacs, a couple new Minis, and a family pack of Tiger.

        I tried to do that with my mother but she refuses to switch from her PC and instead prefers to call me and complain every time her computer is broken. Apparently Macs don't have any sort of voice chat functionality for the Yahoo Messenger client and they don't support something called Paltalk. I don't know why she does it, but she always goes out of her way to pick the most

      • Our family uses LTSP [ltsp.org] terminals (1999 era PCs sans hard drive from peoples dumpsters). They are connected to a $400 Dell server running Linux. Kids logins are automatically disabled until they finish chores. We have a computer curfew (auto-logout at midnight) on school nights. Family policy website filtering via squid for younger kids (as opposed to paying some company who may or may not share our values). In short, you can automate a lot of policies (you don't have to like mine) without limiting functi
      • Get Safe Online (Score:3, Informative)

        by AYeomans ( 322504 )
        Try pointing them at GetSafeOnline.org [getsafeonline.org] which is intended for a broader audience than security professionals. Failing that, once they get trashed, stick a Knoppix CD in the drive and boot off that for ever more.
    • Article submitter here. Not sure what you mean.

      I'm talking about my parents - they don't want to believe that they could be targeted. Part of the problem is that they think it's modesty - "Oh, nobody cares about what I do on the internet."

      The thing is, no, they don't care about you specifically, they care about everybody who passes information on the net or clicks on the wrong links. They're not singling you out, you're in the path of their drag-net.

      It's not like someone breaking into your house or tappi
      • Well,

        Ask them if a particular tuna in the sea was "targetted" for eating.

        On a more serious note, why not just switch them to Macintoshes?

        Much more secure. The only real risk is phishing, and there are some decent browser extensions to help with that (somewhat).
      • Yes, but the point still stands. For 90% of Windows viruses out there, the user has to do something. Forcing them to log out when they're not using the system doesn't help this one bit; the infection happens when they're *using* the computer. For the other 10%, well, you have taken the time to turn off unneeded services, and you have spent the $30 to get them a broadband hardware firewall, right? If you do those two things, XP firewall and a copy of AVG will take care of most of the rest, and limit you

      • I just replied about kids. Look 'round for it. :)

        For parents, they're harder. The older they get, the more in denial they'll be.

        It'll probably be a good case of identity theft, before they ask "so what can I do to protect myself?" Just try to explain things to them, and be prepared for the day that they come to you because their bank account is short several hundred dollars, or [insert evil case here]. That's when they'll start listening.
      • Re: (Score:2, Insightful)

        They're not singling you out, you're in the path of their drag-net.

        It's not like someone breaking into your house or tapping your phone where they have to go to a lot of trouble to get to you specifically. I'm not sure that they understand that you don't have to be targeted specifically to be a victim of identity theft or have your PC zombied.

        So talk about that kind of security (caution with email attachments and websites asking for personal info), rather than things like logging out ("proper PC securit

  • I doubt this will convince anyone, but...

    Yes, staying logged in all the time, and running as a priveleged user is convenient, for a while. Once your machine is compromised, however, the convenience goes out the window, and the pain begins.

    If people continue to run as admins, and with limited security, their computers WILL become infected with all sorts of nasties. How convenient is it to have to remedy this? How convenient is it to lose work? Booksmarks? Emails? Family photographs? The
    • by wsanders ( 114993 ) on Friday November 03, 2006 @06:27PM (#16710603) Homepage
      I stay logged in all the time. The only way someone is going to hack my system because of that is if they break into my house. If they break into my house (and survive) they stuff they get off any computer is the least of my worries.

      Even if my computer is turned off, and they run away with the hardware, it doesn't take much skill to recover data off it. If you have physical access to the device, you can read it, regardless of the OS.

      Which is why you need to use an encypting file system.

  • What's their motivation to learn this stuff? Their kid is already taking care of everything for them.

    How is logging off of their computer when it's not in use going to help them? Are there people walking through their living room, looking at the screen, and copying down their credit card numbers?

    If they have broadband, get them a router with a built-in firewall. If they're running Windows, turn on automatic updates. Neither of those things require any continuing effort or education on their part.

    • How is logging off of their computer when it's not in use going to help them?

      Logging off prevents unauthorized background processes (though, not services) from running with their user credentials when they are not at the machine. If said credentials include admin rights to the machine, the added security of logging off is huge. It's no different than choosing whether or not to leave the vault door open when you leave the bank.

      You make an excellent point:

      What's their motivation to learn this stuff? Their k
      • If said credentials include admin rights to the machine, the added security of logging off is huge.
        I see -- is it basically a Windows issue because every user has admin privileges by default? I guess to use the Linux/Unix analogy, it would be like logging in as root, running a web browser as root, doing a bunch of online shopping, and then leaving yourself logged in as root all day, with the web browser running. But this all seems to be under the assumption that they're inevitably going to have their mac

        • It is a Windows issue, but it is not a Windows-only issue. With XP, by default, the first user you create has admin rights. That's clearly bad. Even still, most people leave it alone and, for all intents and purposes, stay logged in as root all day long doing whatever it is they do. These people should log out as often as possible, whether or not the machine is in use.

          Even for a restricted user, logging out when the machine is not in use is good practice. Any process left running in the background, eve
      • by 511pf ( 685691 )
        The only way logging off will help is if malware authors don't put their crud in startup. ANY piece of malware that doesn't run as a service starts on login, so even if it doesn't run while you're logged off, it's going to run while you're logged on. If you've got a hole in the vault, closing the door isn't going to do you any good.
  • I dunno, but the "Dummy Guide To ...." seem to have done the job on many technical-like things to teach my dad: He now knows his way around the Internet, and isn't 'afraid' to use Windows anymore.
    Before he was always shitscared to either delete something by accident, or crashing it; which as he saw it was breaking the computer... permanently :)

    I think the Dummy Guides do a good job at not being too condescending, yet also maintain a good humorous writing style (just my opinion, and only from reading par
  • I cannot convince my parents to follow proper PC security procedures. I'm not talking about enterprise-level things such as card swipes and fingerprint scanners, just simple measures like logging off of the PC when it's not in use.

    What? Seriously? Get real. The only "security" that you should be worried about here is whether they have a solid non-Windows firewall box in front of the network. "Logging off"? Don't be silly: they don't have anything on there that's actually that confidential. What pu

  • I'm not talking about enterprise-level things such as card swipes and fingerprint scanners, just simple measures like logging off of the PC when it's not in use.

    It's been my experience that 95% of Windows viruses require some sort of stupid user action to install and spread. Logging off the PC will not help in that situation. Minimizing the machine's online presence will help far more: turn off unneeded services, use both software and hardware firewalls, and finally, make sure Preview mode is turned o
  • Your search is virtually impossible, because human nature isn't clear cut.

    No matter what you do, you will be leaned on for support.

    Best thing to do is to back out now, start telling everyone you meet that you know nothing about computers or the internet and in fact, your a luddite.

    Make loud and stupid jokes about "those machines" and "the weird guys in block A/downstairs/basement/geekery" and take up a sport, like wrestling or hurling.

    When your family ask you about your sudden lack of interest in helping th
    • its also wise to take up drinking at this point and to stop changing your clothes so regularly.
    • I somehow became the free IT support for family, friends, friends of my family, family of my friends, friends of the family of my friends, and so on.

      At one point I just had enough of corrupted registries, malware and those stupid IE toolbars, not to mention people asking me for pirated software (I am a committed Christian and do not want to break the laws of the land).

      From then on I said that I only support free/open source software and that if they wanted support then they must install Linux. Anybody that
      • Hear Hear!

        I've done the _exact_ same thing. Existing people are grandfathered in, but from (2 years ago) on wards; if you want computer support from me, you buy a Mac, or install Linux.

        Period.

        I do not fix IE problems anymore. I do not deal with spyware. I do not do reinstalls.
        I can potentially be persuaded to do data recovery, but then I'll get the data you want, and put it on a CD or DVD. No Windows reinstall.

        Ever.
        • by Marcion ( 876801 )
          >you buy a Mac, or install Linux.

          Whenever someone who looks a bit newbie asks what computer to get, I say a Mac because for three years they can go into the Apple Shop and ask any stupid question they like and someone will diligently answer. Hopefully, within the three years they will learn just enough to wing it from there.

          Existing hardware can become Linux easily, as long as people get out of the habit of buying any old USB device and expecting it to work.

          This is not only a Linux problem. I have one re
      • I had made the move to Linux 4 or 5 years ago, and also have used an OSX laptop for the last few years. The real beauty of this move isn't that Linux is that much easier to use (although I find it easier) but that I can use the excuse "i haven't used windows in years" when someone has a computer problem. I honestly don't know or really care how to fix those machines. It's a wonderful thing after years of being tech support for people. I still can and do on occasions fix windows issues, but I have to f
      • by AusIV ( 950840 )
        I can certainly associate with that. I've got a Linux desktop and a Windows Laptop (not windows much longer), and I use my laptop for little other than web browsing and word processing when I'm away from my desktop. I'm trying to unlearn as much as I can about windows so I can stop doing tech support for friends and family. I also try to hint that family members ought to move towards Linux, whenever they ask a question I respond "well, that would be fairly simple on Linux, but on windows you have to..." and
  • ...once!

    I had a similar problem with my parents several years ago (win98se), didn't belive me when I warned them not to run whatever came with the email and/or run wierd things downloaded from the web. So one day (by accident) a virus struck. An oldschool virus (atleast compared to todays more "useful" trojans, etc) which destroyed the MBR and partition tables.

    After that day, my problems have become very few and far between.

    Now, the moral of this story is:
    Some people will never understand the importance of
  • just simple measures like logging off of the PC when it's not in use.

    ... why? I'm as paranoid about security as anyone but I'm not afraid of people jumping in the window and sitting down at my keyboard ... you might be going a little over the top with your parents.

    Show them 1) the difference between a secure and non-secure connection and 2) good password conventions and that.
  • Tell them to watch a CitiBank commercial about identity theft. That should knock some sense in them.
  • The Fear (Score:5, Insightful)

    by arete ( 170676 ) <areteslashdot2@x i g . n et> on Friday November 03, 2006 @05:28PM (#16709937) Homepage
    First The Fear: I don't have the document you're looking for. But I think the basic problem is this: in the Real World, if you leave your door unlocked (I didn't say "open") in most neighborhoods it'll take years, at least, before you get broken into. Most people aren't going around trying residential doors. (Assuming you aren't conspicuously advertising more wealth than your neighbors) And if you're going to get broken into, having a locked door won't make much difference...

    I would say the mean time before someone breaks into your house BECAUSE you didn't lock the door averages at LEAST years.

    The mean time until your online (routable) Windows computer is compromised if you don't have a reasonable firewall is something like 15 minutes (and falling) You need to strike home the fact that that's the AVERAGE time until someone WILL try to attack their computer. If someone is trying to steal from you every 15 minutes, you NEED to be paranoid.

    Second, of course, is education.
    First you need to decide whether you're going to keep fixing whatever messes they're going to make - or you need to say: "I've wasted enough time on your computer. If you don't follow the rules I set out for using it safely, I'm not fixing the problems you have - or I'm at least waiting weeks before I do." - and you need to be serious. If you fix it all for free, there is no incentive.

    One rule is not to download and install anything without your approval. If they see that warning screen and click "yes" - that's their problem. Those smiley toolbars don't get there by themselves.

    Then you need to do what you can for them automatically. I agree with another poster that logging off is not a high priority. A good "hardware" firewall is - with the "gaming" port forward OFF. Turn on automatic updates. Getting a mac is great : )

    If you can't do that, disabling ActiveX - COMPLETELY - (preferably also removing the IE icon and installing an alternate browser) helps a lot. Installing Spybot SSD and it's automatic protections helps.
    • by JWW ( 79176 )
      Or you could just get them to switch to OS X..... Much fewer steps.
      • The problem with that comes from parents like mine:

        * They want to be able to go to the store and buy new software to do task x, y, or/and z
        * My dad wants to play the occasional Solo FPS (for all that he's nearly 60 he loves the original half-life and doom and plays the newer incarnations...
        * Want to be able to run software that is often non-Mac compatable (ie my mom gets educational stuff from the state since she works at a day care and it's always been PC only)
        * occasionally want hardware to do X function
  • They won't listen. This is for all the times they told you to ride your bike with a helmet and you ignored them. Or they told you not to climb that really tall tree, and you ignored them. Or "don't play with the illegal fireworks!" ...and you ignored them.

    Just consider yourself lucky they don't go around naked.

  • ...when you're at home, if that's what you are talking about?
  • I've been wondering the same thing. I've just about given up on this topic with my family. But, I just got a great idea. I'm going to email them a link to this topic on /.

    It can't hurt.
  • Ultimatum (Score:4, Interesting)

    by Wiseleo ( 15092 ) on Friday November 03, 2006 @05:33PM (#16710007) Homepage
    Hi Mom,

    My clients are required to be at a certain level of security before they are eligible for our unlimited support plan. Until that point is reached, hourly billing is used. The reason for that is because it takes a lot of effort to keep their systems running smoothly at that point, so it's not profitable for us to keep them on the unlimited support plan.

    You are enjoying unlimited no-charge support from me, but it takes away from our time to talk with each other. Wouldn't you rather talk to me about stuff other than work when I come to visit you? If so, please follow these simple guidelines and don't install any software unless you call me first.

    Thank you Mom :-)
  • Listen, if you really can't trust your family members to the totally boring, non-sensitive information available on the average adults computer, you've got a lot more problems than security. Exactly what do you think you're protecting when you tell them to log off the PC when not in use?

    I never log off my own computer in my home. Why? Because I trust the people I live with, and I really don't have anything on the PC that's worth protecting anyway.

    Your parents are right. Why should they log off? Why sho
  • In order of importance

    1) Buy a hardware firewall, they are like $20 bucks these days
    2) Buy a USB flash or hard disk and setup an automatic backup to it of their files every day
    3) Ensure automatic updates are on and working
    4) Disable automatic preview in Outlook or upgrade to Outlook 2003+

    Optional:
    1) Disable windows firewall and install ZoneAlarm and AdAware
    2) Block myspace.com with host file
    3) Create user limited account and make them use it, although this is probably going to cause you more headaches than
    • Optional #3 is more problematic than you think... At least if you are doing this on a WIndows Home (or Pro machine not on a windows domain network). Why? Because a limited account in windows per SP2 can't even access the CD drive(s)... I went to do this for my SO's computer so her son could have a limited account to play his games on... But the limited user account can't even access the stupid CD drive to let him get by the disc in CD issue all games have these days... God save us from the people stealing c
      • by Sigma 7 ( 266129 )

        But the limited user account can't even access the stupid CD drive to let him get by the disc in CD issue all games have these days...

        Works for me. Perhaps you were running an application that wasn't designed for Windows XP, including those that use such legacy copy-protection systems?

        Try a NO-CD crack on whatever software is affected. If it's old enough that it can't run from a LUA, it's old enough that it should have a NO-CD crack running around on the Internet several times over.

  • Linux, BSD, Solaris... Whichever is your own poison.

    Sure, there is "learning curve", but it is no steeper, than with Windows or anything else. All they are using is web-browser and e-mail (likely — through the browser), so they would not even notice...

    Of course, this is not going to remove all threats, but it will severely diminish them.

    And you'll be able to help them remotely...

  • I think maybe you need to really find hard facts on the risks, before you try convincing them of what those risks are. You might be very surprised. The sad truth is if a security measure makes things harder to use, that measure will often become a security liability. Force people to change their passwords every week and they post them on stickies on their monitors. You can't ignore the user as part of a security solution and only you know your users. You can change your users with education, but only a very

  • The problem of users not cooperating with security rules is largely a social problem, not a technical one, and needs social investigation.

    We found that one of the biggest reasons people don't cooperate is that it takes too long to report problems, and they don't want the inconvenience.

    We wrote a program that sends a screen copy to us by email when the user presses Windows_Key-F11. That makes it easy to get users to report problems that show some evidence on the screen.

    If it is easy to report proble
  • Rather than trying to bludgeon your family into compliance, why not work on finding a security solution that works with them not in spite of them?

    One of the biggest obstacles to educating users is the attitude that they are all stupid or lazy, and there is only one solution to security even if it doesn't fit their needs.
    1. Unplug all cables from your computer(s) and don't plug them back in.

    This applies to both technical and non-technical users.

  • I have installed an omnimorphic macro trojan key logger virus daemon on your parent's computer. It will add 47 strokes to your dad's golf score and change his Viagra prescription to aspirin. It modify your mom's recipes so that everything tastes like Chef Boy R/D. It will call the White House and make silly noises. It will break into the state's electronic voting machines and submit 67 million votes against Social Security and Medicade reform. It will send insulting email and bjornographic spam to ever
  • by Vellmont ( 569020 ) on Friday November 03, 2006 @06:16PM (#16710501) Homepage
    You seem to think that your problem is that your parents aren't technical enough to understand the threat. Your solution is to get them up to a similiar level of expertise that you're at. That's simply foolish.

    The problem is you aren't communicating effectively, or your parents aren't willing to listen. I don't need to understand the reasons WHY I should change my oil in my car every 3-6 months to do it. I only need to trust that if I don't, my car will suffer. Mechanics don't give out chemical assays of oil, results of wear tests, or the breakdown of acid-inhibitors etc to convince people to change oil, they rely on communication and reputation. "Bill's a good mechanic, he always knows what's wrong with my car. If he says to change my oil every 3 months, he's probbably right". The world is too complex to try to learn EVERYTHING.

    Maybe your problem is you don't really understand security yourself, so you can't explain it properly. Telling people to log off their own computer in their own household really adds no security from viruses, worms, etc. If you try to make this argument to your parents, you're just going to sound like you're (as another poster put it) "batshit insane". This destroys any credibility you have, and any sane advice like keeping up on updates, installing hardware firewalls, etc goes out the window.

    So, you need to work on your communication skills, not try to get your parents to have the same amount of knowledge you do.
  • Analogies (Score:4, Insightful)

    by Captain Spam ( 66120 ) on Friday November 03, 2006 @06:24PM (#16710573) Homepage
    One major problem is that many non-technical people try whatever is humanly possible to relate technical scenarios to "real-world" analogies. This goes for computer security, too; As other posters have mentioned, they try to line it up with their house in the neighborhood, and all too often come up with the line, "Well, why would they attack ME? I don't have anything valuable!". This, to them, equates with security. I should know, I've had that pulled on me before.

    And this may be the problem you're experiencing. Try explaining that, in many cases, the computer itself is what "they" want (botnets, zombies, etc). Problem being, you'd be forced to come up with a real-world analogy for it. "It's like if someone could break into this house undetected, loaf around and steal food regularly, take your credit cards and use them freely, then start prank-calling the neighbors and blaming it on you, and everybody thought it WAS you."

    The whole issue of a Windows machine being broken into in 15 minuts of a fresh install is even more difficult to put in non-technical terms. "Imagine there was an army of zombies [or robots, or people] roaming the neighborhood. They're going around trying everyone's front door to see if it's locked, and if it isn't, they walk right in and take over the place. Sometimes they try to pick the locks. They don't care if anyone calls the cops on them, there's far more of them than there are cops. And they don't care how long it takes, there's enough of them to try each and every door. And they don't talk to each other, so they'll keep trying the same doors over and over with different lockpicks. And each house they take over produces more zombies [or robots, or people]."

    Now, both of those would just absurd to a non-techie, to say the least. So what I'm saying is that you need to try to draw analogies they can understand but don't sound ridiculous. You can provide documentation to back up your claims, but you'll need to convince them to read said documentation first, and that's where your creative storytelling skills come in.

    Just my two units of fractional currency.
  • Demonstration (Score:3, Interesting)

    by JWSmythe ( 446288 ) * <.jwsmythe. .at. .jwsmythe.com.> on Friday November 03, 2006 @06:28PM (#16710627) Homepage Journal
    I've had some good success through demonstration, and letting them make mistakes.

        My girlfriend is pretty good with her computer. She made mistakes before I met her, and learned from them.

        Her son has his own computer, and had made mistakes himself. With some stupid online game, someone got into his account, and messed it all up. His password was his own first name. I showed him some password scanning utilities, and explained how they work. I then described for him what a "good" password is.

        He then asked me "Can you hack their account, and mess it up?" I told him that I could, but I won't. Could I? Maybe. Maybe they were just as stupid themselves, and used easy passwords. Maybe if I looked around enough, there was something exploitable on the site. I wouldn't though, to teach him that revenge doesn't solve anything.

        I've shown both of them the joys of packet sniffing. While most of it was over their heads, showing them their own password was useful. "Look, I'm a hacker, and I can see everything you've done. To avoid me doing this, you should .... "

        Honestly, the best way I've found to protect myself is to learn what the bad guys are doing, and solve the problem. You have to teach them what the problems are, and how to protect themselves.

        It's usually better to teach someone yourself. You can judge if they are absorbing the information, instead of letting them skim over the pages that are greek to them. "Password security? Ya, I have a password. It's 1234."

        I've seen so many people in office environments who are just told "don't do this", but they don't understand why, so they'll still make mistakes. How many zombie machines are out there on the Internet right now, because people didn't understand what not to do and why?

        Be Mr. Evil Hacker for a while. Mess with them. Tell them exactly what you did, and how to fix it. If you keep messing with them, it's very likely they won't keep making the same mistakes. There's no need to do anything particularly damaging. More than likely, they'll do it on their own. :)

        In the last couple years, I've reinstalled Windows on my XP workstation three or four times, from using bad practices. It's my own dumb fault for doing things that I know I probably shouldn't be doing. Of course, I'm doing them to see how they work. :) Neither my girlfriends machine, nor her son's machine have had anything bad happen to them. I've even broken my Linux box, from doing very ill advised things. Doing it once gives me the experience of "what happens if....?", so I can help other people later. For me, I don't really care if I completely hose an OS installation. I'll wipe it out and reinstall. I always have another machine that I can use. :)

    • "I wouldn't though, to teach him that revenge doesn't solve anything."

      While this is morally a sound way to go, its kind of false to just claim that - especially to impressionable children. I saw a study a year or so ago that said revenge is a socially functional instinct [nytimes.com]. The point im trying to make is that while it may not make up for the injustice that was done to you, it provides closure and puts a nice big smile on your face. ''Revenge can be a very good deterrent to bad behavior, and bring feelings of

      • by izomiac ( 815208 )
        While you're completely right that said statement is false, I doubt that you should worry too much about telling it to "impressionable children". First of all, it's an immensely popular idea (a very common theme in TV & movies), so trying to prevent children from being exposed to it is futile. Second, one cannot be completely certain of much of anything. If we only told children what we absolutely know to be true, then we wouldn't be teaching them much at all. Third, it's probably decent advice even

      • Actually, the mentality I was going for was don't escalate a problem if you can't handle the consequences. I did go farther with him on it.

        If I hacked the other kid's account (ignoring the legal problems), the kid would do something more. etc.. etc.. etc..

        It's a game that can't be won until it's way beyond what he's willing to handle.

        If he doesn't learn what the cause and consequence of the problem was, so he can fix it in the future, he'll kee
  • by zero1101 ( 444838 ) on Friday November 03, 2006 @06:29PM (#16710637) Homepage
    And it is often the only way. Get ahold of a spyware-infected machine, and download the file to which it's logging all its stolen data, then show it to your parents. (You'd be surprised how easy this is most of the time...also you can score some free Myspace accounts this way.) Maximum scare points apply if their PC is already infected and you can show them their personal data in the file. Watch how fast they change their passwords and lock down their PC!
  • After that, they're on their own.

    Why on earth would your parents need to log off of their personal machines when not in use? Do they take in boarders or something?
  • by wdr1 ( 31310 ) * <wdr1.pobox@com> on Friday November 03, 2006 @06:33PM (#16710695) Homepage Journal
    I'm wondering if you actually know what you're talking about, of if you're just some pedantic idiot attempting to assert he's smarter in something to his parents. Example: ...just simple measures like logging off of the PC when it's not in use.

    WTF? Why do they need to log off their own damn computer in their own damn house? If someone breaks in and gets physical access, I'm betting that unauthorized surfing isn't their top concern. And if you think having them log-off with thwart a thief from getting their data, you're crazy. If the thieves want the data, they'll get it by just stealing the drive & mounting it as a secondary drive.

    People like your parents are easy. They don't need to know about viruses & worms. You just set anti-virus to run and automatically update & have them use a mail client other than Outlook (e.g., Thunderbird or Euroda). You set up the firewall & just leave it. They don't need to know how to administer the fucking thing. Past that, you tell them basic things to avoid phising, never install anything without asking me. That's basically what we did with my mom & no problems. There's little chance of her fucking anything up, because, by and large, she doesn't know enough to get herself into trouble. She's not going to change the config on the firewall, as she doesn't even know what the hell a firewall is.

    It's typically people with a little knowledge that are a problem. They're the ones who get themselves into trouble. And while it sounds like your parents don't fall into that category, it sounds like their son does.

    -Bill

    • I'm wondering if you actually know what you're talking about, of if you're just some pedantic idiot attempting to assert he's smarter in something to his parents. Example: ...just simple measures like logging off of the PC when it's not in use.


      Sadly, I think you're right. There's a big collection of kids out there that think PCs are just one big interface, and think they're experts because they know more than mom and dad (who know nothing). They get big egos when Mom and Dad ask THEM for help on somethi
    • I was just getting ready to lambast the poster myself but you seem to have covered it. The gist of my post would have been a little more indirect (less finger pointing, not that its not throughly deserved). The average person need to know very little about security, and I never seen a good reason it shouldn't be that way. Your right to poke holes in the logging off assertion. Thats plain silly unless they've got ninja hackers sneaking into their house constantly downloading illegal warez and pornography. Ch
      • by wdr1 ( 31310 ) *
        The sad thing is this idiot is going to be working for out IT departments in five years.

        -Bill
        • by msimm ( 580077 )
          Well. We all started somewhere right? 5 years is long enough for the wide-eyed and wonder thing to get old and grow up a bit. Maybe this was an exciting little tryst. Maybe its the begining of a more serious relationship. Who knows.

          Lets just hope the Slashdot editors intended for this to be a weenie roast and didn't, you know, seriously ...
          :)
  • The following is an edited blockquote:

    Like many of you, I am the family Car Mechanic. I cannot convince my parents to change their Oil every 6 months or 6000 miles; whichever comes first. I'm not talking about enterprise-level things such as engine overhauls and rebuilding the clutch, just simple measures like letting the car warm up for 60 seconds before taking off. They, like many people of their generation, seem to be willing to sacrifice longevity of the vehicle for convenience, as long as they don't

  • Seriously, get a Mac.

    I know, that's the obvious answer. Especially coming from a Mac zealot.

    However, I'm not a Mac zealot. Far from it. I probably run in the neighborhood of 10 different OSes in my home right now.

    About a year ago, I got so sick and tired of dealing with the CONSTANT spyware my relatives were getting that I just got fed up. The kids were constantly downloading P2P apps and ruining the machine.

    Finally, I said screw it. When one of my brothers decided he needed a computer for college, I b
  • Sit down with your folks and go and find vulnerabilities in random PCs on the net. Find whatever the black-hat tool du jour is, test it out to find whatever options give impressive looking results and then show them how easy it is. Show them the black-hat websites, tools and forums. I'm not suggesting you actually compromise someone else's machine or do anything illegal, just that you get close enough to doing it to demonstrate how it happens. When they see how easy it is for the bad guy, they might get a

  • Tell them to get a fucking Macintosh. Tell them if they don't get a Macintosh, you won't help them. If they don't like it, tough - DON'T HELP THEM. Don't enable them.

    They have to put down the Microsoft crack pipe. tough love.

    Your average Mac has lots and lots of software that ma and pa Kettle can make use of - iLife, safari, etc. it's all happy.

    If they won't behave responsibly, then give them toys they can't hurt themselves with.

    RS

  • Your request is self-defeating. I am a de-facto sysadmin for most of my friends and family, and I can summarize their stance on security in a few bullet points:

    1). Security is not important. Only computer geeks worry about it. I just want to browse the web, send email, and play games.
    2). Viruses happen to other people. I have nothing special on my machine, thus virus writers don't care about me, thus there's no need to worry.
    3). I don't know what spyware, trojans, backdoors, or keyloggers are, and I don't c
  • If they run Macintosh, they will have no viruses, trojans, or spyware. They will not become zombies on a botnet. They will not acquire keyloggers or malicious rootkits. Mac OS X Tiger's security features will take care of them. No need for anti-virus software or anti-spyware software.

    Your parents still need to know how to protect themselves from phishing attacks and other human engineering fraud. They still need to know how to protect their privacy.

    But if you simply switch them to Macintosh, the most seriou
  • by Pedrito ( 94783 ) on Friday November 03, 2006 @10:20PM (#16712429)
    You see, it's a generational gap. You need to explain things to your parents in terms they can understand. Explain that leaving your home computer logged in is like allowing the Soviets (don't worry, they'll know who the Soviets are) to put missiles in Cuba.

    Then explain to them that you're kind of like Joseph McCarthy and you're just trying to protect them. I think that'll get them to pay proper attention to your important message of salvation.
  • Some friends of mine were setting up a new computer and asked for my help. I created usernames for all 3 of them (Mom, Dad, and kid), that way when the log in, they get their own mail, their own IM accounts, etc.. It was all working fine.

    Then I came back a couple weeks later, and they had deleted the other accounts, and were using only 1 account. They said it was too complicated to use their own account.

    Now when the log in, they have to change the username of the last person who logged into IM, Mail, etc
  • Faithful translations are a rare and difficult thing, and that's what you're asking for. You want to translate from the language of a nation of techies, a nation that has years of experience that lets them instantly understand the implications of a phrase like "plaintext authentication", to the language of normal people who don't look under the hood and run systems that would make it hard to look under the hood if they wanted to.

    I know it's hard because I try it. I have a security blog for the nontechnical [berylliumsphere.com]
  • I don't usually log out of my main desktop either, because session management on Linux sucks, so when I log back in all I get is the same applications open. I do not get all the same web pages open, all of my bash histories contained within the correct Konsole windows (both scrollback history and command history), same vim or scite sessions open, etc. It's not much better on other OS's (except that there can be "fast user switching" which is sortof a good idea). And who wants to have to remember password
  • I have looked and asked. There is no "FreeSecurityGuide.com" you can send people to that will give them these basic tips. The result is that many IT people end up answering the same questions over and over for these people, some of whom are genuinely interested in learning.


    Your answer is that it doesn't exist.

  • ``They, like many people of their generation, seem to be willing to sacrifice security for convenience''

    There shouldn't be a trade-off between those two. Your system can only be convenient to use if it's also secure. A system that runs dog slow, crashes at inopportune times, and crowds the display with pop-ups and toolbars isn't very convenient, is it?

"How do I love thee? My accumulator overflows."

Working...