Giving "Casuals" the Virus-Metric

Dave Smith dave at
Sun Feb 8 13:19:57 MST 2009

Daniel C. wrote:
> I'd like to put together a short article or white paper that will give
> casual computer users the tools to tell what's going to mess up their
> system and what isn't.  The problem is that, while I can tell what's
> dodgy and what isn't, I don't know how I can tell.  Can anyone here
> help me out with this?

Most people seem to remember tangible examples better than abstract 
principles. For example, if I say "the measured volume of a sound 
decreases proportional to the inverse square of the distance between 
transmitter and receiver," most lay people would forget that pretty 
quick. What I would say instead is "When I stand on a football field and 
yell to you from one end zone to the other, and then I move to the 50 
yard line and yell again, it will sound 4 times louder. If I move to the 
25 yard line, it will sound 16 times louder." That will stick in the lay 
person's mind somewhat better, I've found.

In your case, I would go look at a bunch of malware sites and take 
screenshots. I would then insert the screenshots into your white paper, 
graphically calling out the specific elements of the sites that make 
them look suspicious. I would also show screenshots of installers that 
look like they are doing naughty things (probably need a virtual machine 
for this one to not destroy a real box). Lastly, I would find two sets 
of error messages from Windows: The first set would contains messages 
that mean something bad is about to happen (or has happened). The other 
set would contain messages that are usually ignorable and a natural part 
of installing non-malicious software.

Good luck creating such a document. It will probably be quite a 
challenge to find enough representative material for a lay computer user 
to learn how to form a good definition for "suspicious" without 
overwhelming them with too much information.

I look forward to hearing how it goes.


More information about the PLUG mailing list