Screenconnect, Connectwise, Logmein Rescue, Teamviewer11, ShowMyPC, Microsoft Registartion Files

peterbaker

AndyPix wrote: »

Yes - yes it is black and white .


If you install something on the instruction of someone on the phone you are doomed.(black)


If you dont then they cant do anything.(white)


It is a do or dont situation - binary

I get how you might think it.

Why cant you understand this ???

I understand perfectly what you are saying, but I do not understand why you are making it the be all and end all, because I do not live in a binary world. I live in a multi-faceted world where there are 1001 ways to skin the cat if you are a cat-skinner with cruel intent.

If the remote tools came with warnings then the scammers would either socially engineer the situation to say something like " Now, you will see a warning on your screen but just click ok to that" or would , like i said, use a remote access trojan instead ..

That is why the warning should not contain a simple "OK to that" option. If they have to use a remote access trojan then hopefully any self-respecting anti-virus will definitely block that instantly?

Look , I get your good intentions here but what you are suggesting is pointless - totally pointless

I get that the word "pointless" is one of the default words in your vocabulary. Mine includes a lot of default words too I guess which do not always advance an argument constructively.

Save your breath on this - it is a non starter, and concentrate on telling people not to install ANYTHING at the say so of a voice on the phone

You can do that too, but it is nowhere near enough. Real-time prompts from our computers (via the softwares whose manufacturers are responsible enough to realise it) are the best way to slow down scammers and make them wonder whether to hang up and move on to the next prospect.

(cant believe im still replying to this)

You have chosen to, but I am not going to make it easy for you to constantly knock good sense with your black and white approach to the risk. The risk presents with ever changing colour and only a well protected well programmed computer can intelligently warn of today's latest colourful changes in the world of scamming. Ask yourself this - Why is the risk of being scammed via verbal channels (telephone) connecting you and your computer to the big bad world any different to the risk of being scammed via digital channels (internet)? The bad stuff all comes down the same copper or fibre pipe and generally all involves you having been coerced into tapping the keyboard or clicking your mouse in a way that inadvertently let something nasty into your computer.

Antivirus software updates itself daily to cope with the latter risk at the common node in both risks (your computer). Surely it is a very small ask that antivirus programs contain a few decent algorithms which do something to mitigate the voice prompted risks that come down the line and cause certain keystrokes or clicks too?

AndyPix

peterbaker wrote: »

I understand perfectly what you are saying, but I do not understand why you are making it the be all and end all, ?

Because it is the be all and end all - it really is as simple as that - if you dont install something that someone on the phone tells you to then you are at no risk from this type of scam.


There is no arguing to that - it is a cold hard fact


And there is no real world scenario where you WOULD want to install something that someone on the phone tells you to.


So we are back to the binary situation.


Dont install anything , ever, on someone elses say so = you are safe

peterbaker wrote: »

You can do that too, but it is nowhere near enough.

Yes it is enough , no install = no problem , see above

peterbaker wrote: »

You have chosen to, but I am not going to make it easy for you to constantly knock good sense with your black and white approach to the risk.

Good sense is warning everyone not to install stuff on the back of a phone call .


What you are doing here is muddying the warters so much that the average non-techie will just be bewildered by what you are saying.


By your approach, the user would have, by now, engaged with the scammer and followed their instructions to the point where they see a warning on the teamviewer software , My arguement is that by this point it is too late, as they have played into the scammers hands and installed stuff on their computer at the say so of a stranger.


The best advice is the simplest - and easy for everyone to follow


You suggesting that the antivirus software should flag up software that isnt a virus is ridiculas and is never ever going to happen so it is pointless to discuss.


At this point i am definitely definitely out of this discussion and i wish you luck in your endevour

RumRat

Best let the thread die.......

To quote Carl Sagan...
You can't convince a believer of anything; for their belief is not based on evidence, it's based on a deep-seated need to believe.

peterbaker

By your approach, the user would have, by now, engaged with the scammer and followed their instructions to the point where they see a warning on the teamviewer software , My arguement is that by this point it is too late, as they have played into the scammers hands and installed stuff on their computer at the say so of a stranger.

I'm sorry AndyPix but you are blinkering yourself to the way humans interact with each other and typically how limited tech-ability vulnerable users interact with their computers. There is no pure binary scenario - you may be used to paring (and pairing) problems down to such in discrete lines of code when you are coding, and as a one-time coder I fully understand that, but for security advice I am sorry but binary doesn't hack it. Instead think layers of an onion of which your binary suggestion is near the outside skin. You must have heard that analogy before too?

The best advice is the simplest - and easy for everyone to follow

I don't disagree there and the simplest is:

"HEY STOP ... WHERE DO YOU THINK YOU ARE GOING WITH THIS? ARE YOU TALKING TO A SMOOTH TALKING TECH SUPPORT SCAMMER ON THE PHONE AT THIS MOMENT?"

You suggesting that the antivirus software should flag up software that isnt a virus is ridiculas and is never ever going to happen so it is pointless to discuss.

There you go again with the vocab defaults - seems we can't help ourselves when we get fired up, eh? Antivirus and associated internet protection softwares routinely block access to questionable websites. Even a visit to a remote control software website is very questionable for the vast majority of PC users, let alone an attempted download - both should be rigorously flagged as potentially dangerous in the wrong hands.

At this point i am definitely definitely out of this discussion and i wish you luck in your endevour

Many thanks and thanks for your thoughts!

almillar

Almillar conceded that ShowmyPC are being responsible in acknowledging their software gets used for malicious purposes. I am being responsible in making sure that your view on this important subject does not predominate in this, your favourite "home ground" forum.

I also said it's very unlikely to help, and I said lots of other stuff, but you just run with that if that's a 'win' to you. We all beleive your neighbour was scammed, you helped, and that you care. I care too. I don't want anybody to be scammed. You're just attacking in the wrong places.

I must presume that none of you self-contained fan-club of three or four have yet got to the stage with the inevitable loss of some of your marbles where you accept that you have started to more frequently forget things (including bloody great lists of household name brands that you scarcely use from one day to the next but which if someone says they work for one of them, you are instantly to put the phone down - wow ... I gave you Microsoft for ten, but you've added a whole new bunch ... is the world that bad? I had two calls from different people at my bank today ... should I have hung up?). You've an interesting take on these things, eh, almillar? Lock your doors and don't let anyone in? Is that it?

Fan club! Group of people that agree = fan club.
(BTW guys, the membership cards are in the post!)
Yes, peterbaker, I fear age, age ravages us all, and there will come a time when I rely on others and become more vulnerable. The safest thing to do, peterbaker, is treat a cold caller with healthy skepticism. I used multiple hypothetical examples because there's no point just saying MS - the scammers can be whoever they like. The point, which you willfully ignore or don't understand, is that if you tell these poor, vulnerable non techie people that you care for so much, not to talk to dubious people phoning them about their <computer, internet connection, bank, delivery etc>, then you DON'T NEED TO WORRY about WHAT REMOTE DESKTOP SOFTWARE IS. By the time they install this stuff, they've already been scammed. Stop the scam within the first few sentences. Why do you want to prolong it?
If someone genuine is phoning, you just need to 'screen' them a bit.

Stop trying to make this about vulnerable people. You've wasted several paragraphs on that. We're talking specifically about remote desktop software, which you are wrongly demonising. I don't expect everyone to know everything about computers, but surely you can see it's easier to tell a 'non-techie' to NOT talk to MS on the phone, instead of trying to explain the 'techie' stuff?!

and that means a few well placed responsible warnings when we are about to download unfamiliar dangerous software might help us keep out of trouble, even if they won't help you and your mates.

You continue to repeat yourself. I have repeatedly told you these could be disabled or smooth talked around, and you've continued to ignore me. What's your answer?

If we continue this discussion, you will need to assume that everyone in here has vulnerable family, neighours or friends, that they would want to protect, and not get scammed. You can't assume otherwise, or call anyone uncaring - you're not 'qualified' to do that.

Wrong again. The computer doesn't contain valuables in the normal case.

You've got experience of a scam, and you don't realise that a computer is valuable?! To the user, it does contain valuables - photos of the grandkids for example. To the scammer, it's a valuable tool to get cash out of a vulnerable person. You've seen it happen.

However, I doubt a scammer would ask a victim to go to zipcruncher unless he or she really had to ... doesn't assist in keeping up the pretence - zipcruncher doesn't sound very official does it?

Just, wow. Are these victims vulnerable or not? Are they easily manipulated or not?!

IF SOMEBODY CALLS YOU, AND ASKS YOU TO INSTALL *ANYTHING* THEN HANG UP THE PHONE ..

Tattoo it on your foreheads, people.

I understand perfectly what you are saying, but I do not understand why you are making it the be all and end all, because I do not live in a binary world. I live in a multi-faceted world where there are 1001 ways to skin the cat if you are a cat-skinner with cruel intent.

Share with us, oh wise one. For you have said many, many words, and claimed many qualifications and experiences. But you have not answered Andys black and white question - how can one be scammed, if one simply slams the phone down on the scammers, and doesn't install anything?

John_Gray

I have found that it is possible to put a user on one's Ignore List.

Does anyone know if it's possible to put an entire thread to which the Ignored User has 'contributed' on an Ignore List?

peterbaker

There is a better solution, John Gray - "Don't look, Ethel! But it's too late - she'd already been incensed" :rotfl:

almillar wrote:

I also said it's very unlikely to help, and I said lots of other stuff, but you just run with that if that's a 'win' to you.

So now you know better about the risks and the "best way" to communicate the risks than one of the remote software manufacturers themselves?? I don't come here to win, Al.

I used multiple hypothetical examples because there's no point just saying MS - the scammers can be whoever they like.

Yes I know that's why you reminded us and it is a fair point in itself, but it does not help a vulnerable person. Vulnerable persons do not easily change their habits.

I advised the victim I helped two or three times during the recent episode to stop answering the phone with her name and to establish who the caller was without divulging who she was. I called her a couple of times - and you've already guessed how she answered

You cannot teach some vulnerable people new tricks.

That is why my suggestion is a much better communication method with much higher likelihood of suucess at getting through to the vulnerable at the very point they are about to fall hook line and sinker. Some say warnings by software manufacturers and/or by antivirus softwares will never happen. It already did with ShowmyPC. Their warning before download is not brilliant, but it is a start and it helps.

I honestly cannot understand your resistance to flagging remote control softwares as risky in the wrong hands? BY all means tatoo your own warning on foreheads but when you are on your own and not in front of a mirror, guess what? There's nothing to remind you!

Who does it harm to warn that in every instance that the software appears afresh on a computer not used with such software previously? Certainly no knowledgeable types who need to use such softwares should need to try to argue against it. So who else is arguing against it?

There'd be no inconvenience to genuine users. So why? I trust there is no suggestion that full uninhibited distribution of a manufacturers' remote control software is in the national interest, or in the best interests of capitalism for all or some such grounds, despite it being well known these softwares are currently being used daily by telephone scam boiler rooms?

Stop trying to make this about vulnerable people. You've wasted several paragraphs on that. We're talking specifically about remote desktop software, which you are wrongly demonising.

Erm ... pardon? It's my thread. Did you think it was a thread asking for new health warnings to be given to strong-willed very astute computer gurus?

I know why I started the thread thanks :T I think you can see why I started it too. I started it to argue for extra protection by software companies for vulnerable users. The obvious premise of my first post was that remote control softwares needed to come with health warnings because they can seriously damage unsuspecting vulnerable people's livelihoods..

I doubt I'd have been posting at all on MSE for the past 4 weeks had I not encountered all that evidence of a Microsoft Tech Support Scam on a vulnerable computer user's PC. On that machine I soon found a clear trail of use of all the remote control softwares listed in the thread title. I'd have otherwise been oblivious to the use of such softwares in such scams, until possibly someone else I knew may have fallen victim at some point in the future. As it is, I found out 4 weeks ago and I decided to share what I've learned for the public good.

Humans are all on a spectrum of some vulnerability to all sorts of risks. You, me, everyone. The risk I am highlighting damages thousands. The suggested warnings I have suggested damage no-one.

You continue to repeat yourself. I have repeatedly told you these could be disabled or smooth talked around, and you've continued to ignore me. What's your answer?

Could you talk me around such a warning? No. Could you talk my brothers ad sisters around such a warning. Doubtful. Could I talk you or AndyPix or tempus-fugit or RumRat or their families around such a warning. No, not them obviously

What about the other 40 million plus personal bank account holders with eBanking in the UK? How many of those could I (or you?) talk into dismissing a robust warning and or system block? And of those who could be talked past a software download warning, how many could be further talked around a warning from their trusted antivirus / firewall/ internet protection software which had blocked the software from any connection to the internet? All of the first group? Or just some? And how many of them might at that point suddenly wake up to what is happening because they remembered being educated on MSE not to sit down at their computer during a call with a stranger who asked them to switch on the computer? Certainly a good number. But what would prompt them? A sudden unprompted recall, or a real-time prompted recall - maybe a prompt by a bright red warning pop up which you could not just click "OK to that" but needed to succesfully negotiate some quizzing that might make a potential victim seriously question what was happening to them. I am sure Lorian could easily code something like he already did with a delay built in so that you cannot simply click through.

Please understand that all effective security is almost always about more than one method of actual protection or attack alert. Take simple house security and one of AndyPix's favorite words - it's pointless having a sophisticated alarm system if no bvgger is going to respond to it. In that case you may need good physical deterrents fitted first.

There are other forms of security which actually let attackers in so far so that they can be better identified and the threat extinguished in a special zone. Many medieval castle defences and later fortifications were designed that way, and so to an extent are firewall firmwares in routers.


There is no point in having an expensive lock on a door if one sharp blow to the door will burst the lock or striker out of the door or frame, or if the door can be levered off its hinges on the opposite side to the lock.

In some communities, Neighborhood Watch is still a deterrent to would be burglars, but you still need to lock your doors in such communities, and bad eggs crop up from time to time on those doorsteps also, but a perhaps less likely too if they see the NW signs!

Insurance companies usually consider that if a house is constantly occupied during the working week, that is a lower risk than one left unoccupied when all are out to work, but maybe if you are home and vulnerable, you may be more of a target in this nasty world when at home, than when not at home.

There is almost never one single answer to any risk. And it is silly to suggest that if you make the mistake of letting a scammer talk you into installing Teamviewer or similar, that it is "gameover". If you wake up to what is happening at that point you may not yet have logged in to your bank account so whilst scammers might have some access to sensitive items on your PC, at least your bank account has not yet been emptied at the point you have finally come to your senses, hung up and yanked the router power cable from the wall!

Share with us, oh wise one. For you have said many, many words, and claimed many qualifications and experiences. But you have not answered Andys black and white question - how can one be scammed, if one simply slams the phone down on the scammers, and doesn't install anything?

His question is rhetorical, right? The very question qualifies the targeted person as someone aware of the telephone scam risk i.e. who is not as vulnerable as one who can be tricked.

Am I not stating the obvious in that response, and is not AndyPix doing the same by asking such a question??

rmg1

In my view (albeit relative layman), people need educating that MS, ISP, whoever, are not altruistic enough to phone you to "help" with any potential computer issues.

Now, I'm good at SQL coding, but just about hopeless at any other language except one.

I'll send you a spreadsheet with something useful on it (world cup team/score tracker anyone?).
You just plug in the scores for each game and the spreadsheet does the rest at the click of a button which is big, green and welcoming.

However, it needs a macro (VBA script for those who don't know what that is) to work so you have to enable macros (Excel comes with macros blocked by default so you'll need to switch them on for it to work properly).

Being the nice man that I am, I'm going to send this to you for free. I'll even walk you through enabling the macros so it works properly.

Unfortunately for you, I'm not such a nice man and I've added some extra code to trawl your hard-drive, pick up any useful files it finds and email them to me.

Will you see that happening? No.
Can you stop it? No, because you don't know it's happening.

Does this mean that MS Excel needs a warning as well?

All the warnings in the world (be they from anti-virus, anti-malware, download sections on web-pages, etc.) will not stop the smooth-talking scammer from getting you to by-pass those by some means or another.

Education is key.

almillar

You cannot teach some vulnerable people new tricks.

So she'll just get scammed again. She'll ignore any warnings you want the software makers to put in and click on through. This is all pointless.

The obvious premise of my first post was that remote control softwares needed to come with health warnings because they can seriously damage unsuspecting vulnerable people's livelihoods..

And everyone else says, warn people about the scams themselves.

I doubt I'd have been posting at all on MSE for the past 4 weeks had I not encountered all that evidence of a Microsoft Tech Support Scam on a vulnerable computer user's PC. On that machine I soon found a clear trail of use of all the remote control softwares listed in the thread title. I'd have otherwise been oblivious to the use of such softwares in such scams, until possibly someone else I knew may have fallen victim at some point in the future

Maybe you should READ in our beloved forum more than you POST then. You would have found plenty of tales of woe, and warning advice. If you've only just learnt all of this, it shows, again, that you're very late to the party and should maybe read up on the subject before providing help, or wasting your time and ours writing lengthy, content-less posts.

Humans are all on a spectrum of some vulnerability to all sorts of risks. You, me, everyone. The risk I am highlighting damages thousands. The suggested warnings I have suggested damage no-one.

Who would it harm to educate people about the actual scam? You continue, continue, continue to ignore that the warning can be removed or smooth talked over. This is a fundamental issue that destroys your plan.

What about the other 40 million plus personal bank account holders with eBanking in the UK?

Are they vulnerable or not? You claim they can be easily persuaded to do anything because they're vulnerable. They're already clicking through several warnings to be scammed. And you think 1 more warning will fix the problem. It won't. By Remote Desktop installation time comes along, their trust has already been earnt by the scammer. Break that trust. Identify scammers. Why wait until a vulnerable user is sitting looking at their screen?

His question is rhetorical, right? The very question qualifies the targeted person as someone aware of the telephone scam risk i.e. who is not as vulnerable as one who can be tricked.

No, it wasn't. You seem to think that people who are vulnerable enough to not 'slam a scammer' are suddenly computer experts when a big red warning comes up on a screen. I disagree. I don't think either of us can prove it either way.

agrinnall

almillar wrote: »

No, it wasn't. You seem to think that people who are vulnerable enough to not 'slam a scammer' are suddenly computer experts when a big red warning comes up on a screen. I disagree. I don't think either of us can prove it either way.

But I think most people would come down on the same side of the argument, and it's not the OP's side. I had thought about posting the same thing as you but I don't really want to engage with the OP any more, partly in case of being labelled as being in yet another group the he deems as inadequate in some way, and partly through fear of losing my sanity if I try any harder to grasp his point of view!