I know I'm probably preaching to the choir, but I think the main problem with spyware, malware and viruses today is that it is treated mainly as a technological problem, not a social one.
People are simply not capable or willing to get knowledgeable enough about computers to know what is normal computer-behaviour, and hence are unable to detect when things out of the ordinary happens. Like the Fake UIs in the article.
The result is people always pressing "Yes", "Ok" and similar when confronted with a choice. This is the problem. No technological means can stop an attack based on this vector: people willingly opening up their machine.
Selling people anti-spyware and AV-software and telling them that it will keep them safe is fraud at best.
Agreed. Any security based on users being knowledgeable about something is doomed to fail. There are those who comment on this site that insist that SSL certs are fine as they are, but that's really wishful thinking. It's just not realistic to expect that all users, or even all programmers, understand the semantics of a man in the middle attack. (There have been lots of posters here who wish that self-signed certs would just go through without any user notification!)
But I disagree in one sense: "No technological means can stop an attack based on this vector: people willingly opening up their machine" in an absolute sense is true. But greatly increased compartmentalization can greatly curtail the damage. Right now, opening up your machine instantly gives the attacker the keys to everything. If systems used something like capabilities, then it would be more like. "Okay, first it asked to install software. Now it's asking for more disk access. Now it wants my contact information...maybe something is up here?"
Perhaps malware can be reduced to the level of SPAM today -- something that's only still a real problem to the most clueless and gullible fraction of the populace.
I disagree, this is a technical problem. Atwood closed the dialog box and it still popped up a realistic UI.
The people reading this site might know there's something up but your average user won't. Windows and the programs that run on it pop up legitimate warnings all the time to regular users: "Please install this patch...", "There's an update to your program...", "You have unused icons...", etc.
People now expect messages like this. It is simply unrealistic to expect your average user to be not fooled when a well-written fake pops up on the screen.
I learned by myself to ignore those when i was 14. I didn't have any scanners or anti-virus software installed, so it was easy to figure out that these were fake. Jeff Atwood is probably smart enough to realize that by choosing to use windows, he is dooming himself to the death by a thousand pop-ups.
