While this article is a good read it is over two years old. This information may be out of date or not relevant, links to external sites may be broken, etc. Please let us know (contact or in the comments) if something is wrong or broken.

The Social Engineering of Computer Users

Social engineering causes people to no longer trust their computer’s security and in fact jeopardizes the PC’s operational status. This can cost you time and money.

Posted on June 12, 2009 by Perry Lund

Right now, there are computer users who are second guessing the security on their computers. Most are in their homes and some are in small- to medium-sized businesses with no internal IT support. In this article, we would like to explore social engineering and the dangers of media, marketing, and advertising on the typical computer user.

First, let’s get the definitions out in the open for the terms involved with this issue. “Social engineering” by one definition is the practice of obtaining confidential information by manipulating users. The term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. For our purposes, we want to focus on computer system access.

The next term to be defined is computer security software. “Security software” is a generic term referring to any computer program whose purpose is to help secure a computer system. Programs may be classified as anti-virus, cryptographic, firewall, and spyware removal software products. The last term we should define is “malware”. From the words “malicious” and “software”, it is software designed to infiltrate or damage a computer system without the owner’s informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

Almost all personal computers running the Microsoft Windows system have some form of security software running to protect them from virus and malware problems. Popular programs include Norton, McAfee, Kaspersky, TrendMicro, Sophos and other reputable products. There are even very low cost or free versions of some products like AVG, Clam Antivirus or Avira. Microsoft has a malware security product called Windows Defender built into Vista and Windows 7 and available for Windows XP.

The problem that we continue to see as computer professionals working with small business and home users is one of knowing and believing their computers are secure. There are two main problems we commonly see every week with clients and customers. The first problem is a simple one. When the subscription for a security product is due to be renewed, the computer user does not pay attention or purposefully ignores the warning. Subscriptions to maintain your security product are essential. We may not like the cost of security, but nonetheless, it is necessary for proper computer operations.

The more serious problem we are encounter now is the social engineering aspect of security. Initially, the media and marketing often play a negative role in influencing the bias and decision making of computer users. Advertising is everywhere regarding computer viruses, spyware and malware. So it is natural to question the security of your personal or business computer. However, the combination of advertising and social engineering bias is being exploited by malware authors and distributors.

Today, there are far more websites advertising promotions, and the search engines gobble up everything. When computer users search in Google, Bing (new Microsoft search engine), Yahoo and others — the results return good and bad sites. In the case of security software, there is an unfortunate tendency for malware to be disguised as a professional product. To top it off, the product is often free to download. If a computer user has some lingering doubt about their current computer’s security or perhaps feels that double protection is better than one product, the game is afoot.

Malware pop-up window.

Example of a browser pop-up disguising malware as a security product.

Once a malware program masquerading as “good spyware protection” is installed by a computer user, it will take over your system and start reporting that your computer system is infected with spyware, when in reality there was nothing wrong. The deception is complete now. If the computer user thought he had problems prior to this point in time, he or she has insured themselves a tech support call to professionals.

The best advice we can give from the professional side of computer security here at ArrowQuick is to ask before doing something that affects the operation of your computer, especially with regard to security. If you know you have a commercial product protecting your computer and it is up-to-date, trust its ability to protect you. Next, in regards to social engineering — make note of it, but if you do not understand or are unsure if it applies to your computer, ask a professional. Lastly, there is no such thing as a free lunch. Software usually costs money and the free products are going to have advertising built into them.

In conclusion, trust the security that you know you have installed on your PC and remember that people are looking for ways to trick you into doing things that are bad for your PC’s operational health.

Read More

You can also subscribe to our newsletter or browse our archives.

Join the Discussion

  1. Proworkflow says:
    December 27, 2009 at 5:15 am

    Social engendering is a very serious problem in the context of security. Usually the media and marketing play a positive role encouraging the computer users.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>