Eventually, we'll blame non-secured consumers, then perhaps there won't be an internet highway, but lanes, depending on how safely you drive. Ad companies would pay a premium for secure users, so unlike a toll booth, safe driving would pay those who are secure. If we provide incentive, consumers will wise up. And, as we move further into the cloud, device infection can be centrally vaccinated.

If there are 1.9M machines in a single botnet that means there are a lot of idiots clicking things they shouldn't plus a lot of bad security software allowing machines to be infected.

IMO that's the real story, where was Symantec's product, was it on any of those 1.9M infected machines?

If so, you know your A/V isn't worth squat.

1. I wouldn't call them idots. They just don't know anything about all these things.

...you got a simple fever and visit a doctor for medication. Now if the doctor call you an idiot because you don't know anything about that fever and can't cure yourself, how do you feel?

2. If you think that anti virus is the right tool to protect your PC from such attack then this idot ( that's me :-) ) think that you need to learn more about it.

I don't know much about all these things but I believe that Firewall is the right tool.

I would like to know how many webmasterworld members has installed firewall on their home computers?

I have a friend that has been plagued by some kind of adware on his computer. I ask him if he wants help to deal with it, but he says it's now gone. I'm certain the AV tools do work, to an extent, but if it's the kind of malicious software I believe it is, then it'll be on his system, waiting for a trigger, and it'll re-start. It's already done that three times. If I could be sure it was only adware i'd be less concerned, but it could easily be something more sinister.

With 1.9 million computers indicated being infected, that's, potentially, an awful lot of click fraud.

If I see another http login page this week, I'm going to...
do nothing.

Yep, I agree, they aren't idiots, they are mostly either lazy or ignorant, often both.

Yep, I agree, they aren't idiots, they are mostly either lazy or ignorant, often both.

Nope. Idiots.

They've all been warned not to open emails that don't come from people they don't know and especially don't open file attachments you weren't expecting yet they do it anyway. Idiots.

Just like people are warned "hot plate" yet they touch it anyway just to verify it's hot.

Nope. Idiots.

They've all been warned not to open emails that don't come from people they don't know and especially don't open file attachments you weren't expecting yet they do it anyway. Idiots.

A friend of mine told me two days ago that someone who he exchanges emails with regularly and who is on holiday sent him an email complaining that he had been robbed of all his money and his passport. Needless to say I told him it was a scam but there was a viral attachment which he had already clicked on.

My friend who is a senior oncologist responsible for saving the lives of hundreds, maybe thousands of lives isn't really an idiot at all. If he was he would never be able to do his job. The guy on holiday posted details of the resort on Facebook - that was stupid but several billion other people do that.

There needs to be more determination to stamp this out at ISP or browser level. there are too many clever criminals out there for normal decent people to keep track of all their tricks.

Its perfectly possible for someone to be intelligent in one area of life, but act idiotically in others.

People are not willing to learn enough to use a computer safely. Its like driving a car without learning to drive (except the consequences are, at least, rarely fatal).

In your friend's case what he needed to know is

1) that email is easy to fake.
2) Be suspicious of unusual attachment types, or ones that are not suitable to the purpose (e.g. a zip file containing info that could easily have been in the body of the email).

Not difficult to understand.

On the other hand, the email client and OS are often to blame as well - its far too easy to hide attachment types, open attachments without any warning of what application is opening them (where its something suspicious) etc.

It's too easy to sit in an airport, sniffing unsecured wi-fi, watching everyone broadcast their login credz cuz they don't know the difference between http and https.

Again, making the consumer know this is crazy, any site that has an http login page available, that doesn't redirect to https, they're largely to blame.

Analogous to a car rental company that paints your credit card on the outside of the car they rented you, in base 16. Any criminally minded malcontent can make a teensy lil effort, and "hack" you.

Most hacking isn't hacking at all. I bet someone who works at Adobe, uses the same password everywhere they go, and broadcasts their digits all over the place too.

Security people keep building higher and higher walls (two step authentication), but the folks are compromising their digits as they walk around.

Very silly.

Next time someone tells you they got hacked, don't believe it, it's unlikely. More often, they're wearing their digits on a digital t-shirt and there's no real hacking involved.

Use unique, strong passwords, always use https to login.
If you use a password tool, you can automate both.