Daniel C. wrote:
I'd like to put together a short article or white paper that will give casual computer users the tools to tell what's going to mess up their system and what isn't. The problem is that, while I can tell what's dodgy and what isn't, I don't know how I can tell. Can anyone here help me out with this?
Most people seem to remember tangible examples better than abstract principles. For example, if I say "the measured volume of a sound decreases proportional to the inverse square of the distance between transmitter and receiver," most lay people would forget that pretty quick. What I would say instead is "When I stand on a football field and yell to you from one end zone to the other, and then I move to the 50 yard line and yell again, it will sound 4 times louder. If I move to the 25 yard line, it will sound 16 times louder." That will stick in the lay person's mind somewhat better, I've found.
In your case, I would go look at a bunch of malware sites and take screenshots. I would then insert the screenshots into your white paper, graphically calling out the specific elements of the sites that make them look suspicious. I would also show screenshots of installers that look like they are doing naughty things (probably need a virtual machine for this one to not destroy a real box). Lastly, I would find two sets of error messages from Windows: The first set would contains messages that mean something bad is about to happen (or has happened). The other set would contain messages that are usually ignorable and a natural part of installing non-malicious software.
Good luck creating such a document. It will probably be quite a challenge to find enough representative material for a lay computer user to learn how to form a good definition for "suspicious" without overwhelming them with too much information.
I look forward to hearing how it goes. --Dave /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
