The Perfect Scam

Regarding fake antivirus software : The idea itself is not that innovative. Fake medicines have been part fo the crooks's easy-money-toolbox for ages. This just applies the "you look tired and sick. buy our snake oil to cure your ills" approach to computer users.<p>The tendency to pay up for dubious remedies of uncertain value is nothing new. Some ways of proposing expensive fake solutions to nonexistant problems are even legal.

The real problem are operating systems with long known problems in their fundamental security architecture. The result is that any script kiddie can click himself a botnet together in half an hour.<p>If Windows had repositories ("markets" how there are called nowadays), the problem would be much less severe. And if IE would have put less emphasis in creating own "MS-versions" of HTML and JS with every new release, and more emphasis on creating a solid product, the problem would be much less severe too. But they didn't so it isn't. Lucky scammers.

Does anyone here have any useful advice as to how to deal with (and get people to avoid) these types of things? I usually avoid tech support, but sometimes (parents, gf, close friends, etc.) it's unavoidable, and I've been seeing a lot of stuff like this lately.<p>Obviously the usual advice applies (let those damn system updates run, update AV, NoScript+Adblock+non-IE browser, when strange looking .exe files try to run don't let them, etc.), but I'm seeing this stuff come up on systems where people <i>are</i> doing these things right, and actually seem to know what they're doing. I don't use Windows a lot myself, so I don't know if these things are really tough to avoid, it's always possible that people <i>have</i> done some stupid things, I'm not sure...<p>It seems that more and more often, too, I'm ending up having to resort to digging through HijackThis logs and cleaning things up by hand, which is not something an average end-user can really be expected to do.<p>Am I missing some better advice to give people (better AV software, maybe? Some of the big ones are missing infections that I know are several weeks or months old, which I would think is enough time to get the signatures in there...), or is this really just something that the average PC user will be doomed to turn to their nerd friends and paid support people for help for the foreseeable future?

This is really a great article - detailing the extent of the malware and fake anti-malware market.

Dealing with this crap on people's computers is so infuriating that I've often wished the government would just green light CIA hits on the perpetrators in Russia. But realistically, it's VISA and Mastercard's fault.