PDA

View Full Version : Prospective customer attempts to pry for info


Encrypted Existence
10-14-2011, 04:12 PM
Hello all. I had a guy call me today and explain to me that he was infected with the trojan "bamital n". He proceeded to tell me that he had ran several anti-malware scans on his computer...they would identify the trojan...but it kept coming back. Long story short he asked me to do some "research" and then call him back. Right away I was suspicious. I did a bit of googling on the trojan and called him back. What's funny is this guy actually asked me in a round about way what I use! Needless to say I did not tell him. I responded with "I have some very advanced tools for this sort of thing" or something to that nature...not exactly sure what I said. I am fairly sure this is a common thing as I have seen other people post about it on TN. I was thinking it would be nice to come up with a default answer to give people when it becomes apparent to me that they are simply trying to use me for info. Any suggestions? What do you do if/when this type of situation occurs? Thanks.

FoolishTech
10-14-2011, 04:21 PM
Hello all. I had a guy call me today and explain to me that he was infected with the trojan "bamital n". He proceeded to tell me that he had ran several anti-malware scans on his computer...they would identify the trojan...but it kept coming back. Long story short he asked me to do some "research" and then call him back. Right away I was suspicious. I did a bit of googling on the trojan and called him back. What's funny is this guy actually asked me in a round about way what I use! Needless to say I did not tell him. I responded with "I have some very advanced tools for this sort of thing" or something to that nature...not exactly sure what I said. I am fairly sure this is a common thing as I have seen other people post about it on TN. I was thinking it would be nice to come up with a default answer to give people when it becomes apparent to me that they are simply trying to use me for info. Any suggestions? What do you do if/when this type of situation occurs? Thanks.

I tell people a little bit of the truth: I use a custom application that I personally wrote to assist me in the manual removal of malware. My techs say that "we" use a custom application that "we" have designed in-house.

Granted that wouldn't work for everyone :P but if you do use D7, feel free to say that "we" (the royal "we") use a custom designed application that assists us in manual removal of said viruses/malware.

When/if client asks about the custom app, I say it is designed for experienced technicians to assist in manual removal, hence it isn't a "scanner" in the traditional sense and would do you no good without a highly technical background...

Now I used to just say I do the majority of the removal manually, following up with those scanner apps (that your customer may or may not be familiar with) to cleanup the leftovers. I'll explain if I have to why the majority of the scanner tools are ineffective without some prior manual intervention.

PaulRome
10-14-2011, 04:27 PM
Tell them i do it manually, cause scanners are ineffective.

Best of luck

phaZed
10-14-2011, 04:29 PM
I tell them the truth... There is no way of diagnosing the problem over the phone. Just because you have XYZ virus doesn't mean there isn't something else such as an exploit delivery package hiding on the system, and there moat likely is; most infections don't usually apply themselves in one step, but are built on exploit upon exploit. We have advanced removal tools specifically for this type of scenario, however, even automated tools may fail to remove all threats, in which case we have the knowledge and experience to remove them manually. When would you like to come by the shop?

That's how I handle it.

RichmondTech
10-14-2011, 04:45 PM
I tell them the truth... There is no way of diagnosing the problem over the phone. Just because you have XYZ virus doesn't mean there isn't something else such as an exploit delivery package hiding on the system, and there moat likely is; most infections don't usually apply themselves in one step, but are built on exploit upon exploit. We have advanced removal tools specifically for this type of scenario, however, even automated tools may fail to remove all threats, in which case we have the knowledge and experience to remove them manually. When would you like to come by the shop?

That's how I handle it.

Exactly. There's no one size fits all solution. A tool you use in one scenario may not be effective in another. You need to look at the machine to determine what tools you need. That expertise is what people pay for.

Encrypted Existence
10-14-2011, 05:27 PM
most infections don't usually apply themselves in one step, but are built on exploit upon exploit. We have advanced removal tools specifically for this type of scenario, however, even automated tools may fail to remove all threats, in which case we have the knowledge and experience to remove them manually.

That's how I handle it.

Well said. Thanks for the input. Truth is I don't want to assume someone is fishing for info and end up being a jerk...but I also don't want to spend my valuable time on the phone with someone who has no intentions of using my services in the first place. I will use something along the lines of what's quoted above to cut straight to the point. Much appreciated.

Cornerstone Technologies
10-14-2011, 06:32 PM
These are those time wasters we all dread. I think you handled it just fine actually. No need to get rude, just adamant about not disclosing free help. As time goes on, you will develop a pretty accurate ability to detect these kinds of calls earlier and earlier. The knowledge is applicable to telemarketers and the like too.

I think your title of this thread is optimistic. There is no potential in these kinds of people.

NETWizz
10-14-2011, 07:09 PM
I have always told them the truth... Then I tell them that tools like HiJackThis & AutoRuns in the wrong hands can cause more problems than they fix.

Appleby
10-15-2011, 06:18 AM
Agree with all the advice given. When I'm in this situation, I don't even do any research. I just tell them I will be glad to do a virus removal for them and my fee is $XX. If they ask how or what I will use to remove it, I tell them I have alot of professional tools I use, plus alot of manual removal. End of story. If they persist, I tell them that I can't explain manual removal to them because it takes years of experience and learning. I'm not rude, but I make it pretty clear that I'm not going to tell him to download XYZ and it will fix his problem.

I don't have this issue much but when it does, it doesn't really matter what you tell them because these type of people are doing exactly what you think they are....fishing for free advice.

1aComputerServices
10-15-2011, 12:53 PM
I use classified software and processes to remove your malware infection. If I tell you about them I will have to kill you. :D

NETWizz
10-15-2011, 02:13 PM
I use classified software and processes to remove your malware infection. If I tell you about them I will have to kill you. :D


I wouldn't say this because you are just going to piss them off. The way I look at it is that it is THEIR system and they have the RIGHT to know what software tools you are running against it...

It is no different than if they buy a RAM upgrade they have the right to know or even request what type of RAM. i.e. If they ask, "What RAM did you use?" you should answer: Crucial, Corsair, Patriot, Kingston, Infineon, Muskin, etc.

Ultimately, I strongly urge everyone to answer all questions about their process & procedure truthfully and completely. This doesn't mean spend an hour doing a remote session with them over the phone downloading the tools and training them for an hour how to use the tools though.


They are paying for your expertise NOT the tools you use.


Like my example above, there is no problem telling them that you use HiJackThis and AutoRuns then mentioning that they are very technical and in untrained hands they can cause MORE problems.


A customer is calling you to figure out how to do the work themselves. Tell them how you do it (be honest) and then scare them a little, so they don't want to risk doing the work themselves, but DO answer the questions and honestly.

Rosco
10-15-2011, 04:20 PM
Exactly. There's no one size fits all solution. A tool you use in one scenario may not be effective in another. You need to look at the machine to determine what tools you need. That expertise is what people pay for.

^^^^ i say something to this effect. also that i am the expert. you are paying for my knowledge more than anything!its just like hiring a plumber to fix your sink. that seems to make sense for most. its all about talking your service up without them feeling dumb.

MobileTechie
10-15-2011, 04:37 PM
I wouldn't say this because you are just going to piss them off. The way I look at it is that it is THEIR system and they have the RIGHT to know what software tools you are running against it...

It is no different than if they buy a RAM upgrade they have the right to know or even request what type of RAM. i.e. If they ask, "What RAM did you use?" you should answer: Crucial, Corsair, Patriot, Kingston, Infineon, Muskin, etc.

Ultimately, I strongly urge everyone to answer all questions about their process & procedure truthfully and completely. This doesn't mean spend an hour doing a remote session with them over the phone downloading the tools and training them for an hour how to use the tools though.


They are paying for your expertise NOT the tools you use.


Like my example above, there is no problem telling them that you use HiJackThis and AutoRuns then mentioning that they are very technical and in untrained hands they can cause MORE problems.


A customer is calling you to figure out how to do the work themselves. Tell them how you do it (be honest) and then scare them a little, so they don't want to risk doing the work themselves, but DO answer the questions and honestly.

Some person ringing up who is not paying for anything just yet has no rights whatsoever. I get calls like this myself; people fishing for tips. I just don't get into it with them at all.

I don't tell them exactly what I think is wrong with their system I say it could be a number of things, which is true seeing as I've not seen it yet. If they ask specific questions about how I do things I just say "If you'd like me to fix it I'm available tomorrow at 5pm" and nothing more. They are either calling for a booking or they're not. No way am I doing "research" on something like that with no booking in the diary.

I had one recently where some guy calls up and goes off on on about the steps he'd taken and the guides he'd read on Bleeping Computer which I dutifully listened too knowing where he was going and then of course he came to "so if you were to do it, what would you do next" I said, as I always say "I wouldn't want to say until I've seen it to be honest, you never know what is going on until you see it...I available on Wed if you'd like me to remove it for you". He tried several more times but met with the same response. It's pretty simple to avoid.

I have had occasion to directly say to people "I don't mean to appear rude but I'm not a free service. If you need professional help I'm available but if you want free advice you'll need to try your luck on the internet forums". The only time I give free advice is when I cannot help them - they're outside my area or it's not worth my while.

Out of interest Netwizz - do you do this job for yourself or work as sys admin for a firm?

Do you do this sort of work Netwizz or do you work for a firm?

Martyn
10-15-2011, 05:03 PM
I agree with Mobile Techie. The problem is as soon as you give advice and it goes wrong(and it will) it's 'your fault' your advice was bad or whatever they want to think or say. It's difficult because I give offer free advice in the hope I will gain a client but I mean about maybe buying stuff not removing viruses or specific fixes.

NETWizz
10-15-2011, 06:07 PM
Out of interest Netwizz - do you do this job for yourself or work as sys admin for a firm?

Do you do this sort of work Netwizz or do you work for a firm?



1. I both work for myself and for a Government State Agency.

2. I have done this type of work in previous jobs, now I do mostly Enterprise type stuff like Active Directory, Exchange, SCCM, Cisco & Procurve switching/routing... stuff with SANs etc. *

Usually when we have a problem it involves at the very least a portion of 24 to 48 computers on a LAN, or an entire LAN, or hundreds or thousands of computers with a particular software issue.

I don't generally work on individual computers to solve individual problems. Instead, I work on things like deployment of software to ALL computers/users. I also manage an End-User Desktop Support group and optimize their work-flow processes... For instance, I have it down to where they can remotely re-image a computer by running a little tool I made & putting in that computer's name.

Ultimately, you and I work a different job, and I am not suggesting you give away your proprietary knowledge for free. There is a big difference between we use X and Y vs. an hour-long conversation HOW to use X and Y.



I also work for myself:

Several times a year I participate in putting out BIDs to do jobs for various firms that generally have 100+ if not 1000+ computers. In these BID proposals, I have to write EXACTLY what I will do (or what WE will do if working in a group)... Think of it like a 20-page work-order that is sometimes quoted as high as $120,000 depending on their size and what they want done... and how long it will take. <== Sometimes these jobs take several months. In fact I have spent as long as 30 hours writing a single BID!


I am not even interested in helping a small business with 10+ computers because the pay is so low and things are often done so backwards and cheap cheap cheap the reason I would be going in is that they wouldn't pay for an ounce for prevention and now won't pay for a pound of cure.



If someone asks me, "what are you going to do?":

I say, "In the Migration from Novell to Microsoft a team and I will...":


1. Install and configure Active Directory
2. Install Novell Identity Manager in the short term to syncronize your Novell eDirectory accounts with Microsoft Active Directory.
3. Remotely join ALL your computers to the Domain and set it up, so that users are logging on simotaneously to eDirectory and Active Directory
4. Move ALL Files and Data to higly-robust, clustered Microsoft shares in an organized, managed/replicated Namespace.
5. Re-Write equivalent Microsoft Logon Scripts
6. Push out the Shadow Copy Client to XP and configure it, so that you don't loose the functionality you had with Novell Salvage.
7. Upgrade ZENWorks to version 10 in eDirectory
8. Migrate ZENWorks to function with Active Diretory instead of eDirectory
9. Remotely uninstall the Novell Client for Windows from ALL computers.
10. Migrate from Novell GroupWise to Microsoft Exchange 2010... your employees will keep ALL of their existing email
11. Refine your Group Policies.
12. Set your IT team up to be able to deploy new workstations with Windows Deployment Services (WDS) instead of ZENWorks Imaging
13. Migrate your printing from Novell Distributed Print Services (NDPS) or iPrint to Microsoft's Document and print Services... <== This is before removing the Novell Clients though.
...

Price-tag: $120,000
Time: 2 months

# of People on project: 3 people

When they ask, "What do you use?" I tell them. It is not like they will figure it out in a million years.


You have nothing to worry about sharing some info. I would not spend the time to walk someone through removing a Virus or Spyware on their own computer... not step-by-step researching the removal online... I would, however, tell them, "We use X and Y in a 27-step process..., which is kind of technical. You are welcome to do it on your own, but it is easy to mess up and cause even more problems making it ultimately cost more to fix."

Mushin
10-15-2011, 06:11 PM
I wouldn't say this because you are just going to piss them off. The way I look at it is that it is THEIR system and they have the RIGHT to know what software tools you are running against it...

It is no different than if they buy a RAM upgrade they have the right to know or even request what type of RAM. i.e. If they ask, "What RAM did you use?" you should answer: Crucial, Corsair, Patriot, Kingston, Infineon, Muskin, etc.

Ultimately, I strongly urge everyone to answer all questions about their process & procedure truthfully and completely. This doesn't mean spend an hour doing a remote session with them over the phone downloading the tools and training them for an hour how to use the tools though.


They are paying for your expertise NOT the tools you use.


Like my example above, there is no problem telling them that you use HiJackThis and AutoRuns then mentioning that they are very technical and in untrained hands they can cause MORE problems.


A customer is calling you to figure out how to do the work themselves. Tell them how you do it (be honest) and then scare them a little, so they don't want to risk doing the work themselves, but DO answer the questions and honestly.

I can not agree with you on this for many reasons. The answers other have given are the proper way to handle procedure questions.

First off as you have said they are paying for my expertise... and part of our expertise is knowing what tools to use and how to use them. Additionaly we don't use the same tool set for every situation... so it is pointless to tell them.

As for the hardware you install.. Sure tell them what brand since there is not expertise needed for this... but I don't tell them how to determine what type of ram they need or where to buy it... (We do document the type of ram on their work order though.)

Another reasons not to tell them what you use...
It can make you liable should they go download a "tool" and try it on their own. "Hey Mr. Computer Guy... I tried running XYZ and now I get a blue screen." Then this... person is not going to be happy and tell his friends or even worse. You get bad exposure for something that you did not do.

I also don't want inexperienced people trying to fix their computer the next time they have problems because they will usually make it worse. Arming them with the knowledge of the "tools" you use may make them try to save the computer themselves. In turn leading to even more problems and higher repair costs.

And finally... if a person has enough troubleshooting aptitude and desire to fix their computer on their own they also should have enough skill to research the common tools that are used and how to use them. Then they can attempt the repairs on their own without me us getting involved.

Mushin
10-15-2011, 06:20 PM
If someone asks me, "what are you going to do?":

I say, "In the Migration from Novell to Microsoft a team and I will...":


1. Install and configure Active Directory
2. Install Novell Identity Manager in the short term to syncronize your Novell eDirectory accounts with Microsoft Active Directory.
3. Remotely join ALL your computers to the Domain and set it up, so that users are logging on simotaneously to eDirectory and Active Directory
4. Move ALL Files and Data to higly-robust, clustered Microsoft shares in an organized, managed/replicated Namespace.
5. Re-Write equivalent Microsoft Logon Scripts
6. Push out the Shadow Copy Client to XP and configure it, so that you don't loose the functionality you had with Novell Salvage.
7. Upgrade ZENWorks to version 10 in eDirectory
8. Migrate ZENWorks to function with Active Diretory instead of eDirectory
9. Remotely uninstall the Novell Client for Windows from ALL computers.
10. Migrate from Novell GroupWise to Microsoft Exchange 2010... your employees will keep ALL of their existing email
11. Refine your Group Policies.
12. Set your IT team up to be able to deploy new workstations with Windows Deployment Services (WDS) instead of ZENWorks Imaging
13. Migrate your printing from Novell Distributed Print Services (NDPS) or iPrint to Microsoft's Document and print Services... <== This is before removing the Novell Clients though.
...

Price-tag: $120,000
Time: 2 months

# of People on project: 3 people

When they ask, "What do you use?" I tell them. It is not like they will figure it out in a million years.


You have nothing to worry about sharing some info. I would not spend the time to walk someone through removing a Virus or Spyware on their own computer... not step-by-step researching the removal online... I would, however, tell them, "We use X and Y in a 27-step process..., which is kind of technical. You are welcome to do it on your own, but it is easy to mess up and cause even more problems making it ultimately cost more to fix."

Ahh but what tools are you using for each of your steps... You see... what you are going to do is DIFFERENT that what tools you use. I don't think anyone here said not to tell them what you are going to do or what you did.

Here is my what I am going to do list:
Determine if you computer has any hardware problems.
Determine if your computer has any software problems.
Determine if you have any virus infections.

If you have infections I am going to remove those infections and repair the damage they have caused.
To ensure minimize the chance of data loss we are going to make a backup of your computer first.
Once we are done removing the infections and repairing the software problems are going to optimize and update your computer so you can get the most performance out of it as possible.

NETWizz
10-15-2011, 06:31 PM
Yes, exactly...

That said you are NOT liable if you tell them, "We may use a multitude of tools such as A, B, C...X and Y... Some of the tools if used wrong will cause MORE problems."

You are only responsible if you say: "Use tool X. It will fix your problem." Then everything blows up and you told them to do it.

In other words, go ahead and tell them EXACTLY what you use, but don't tell them to actually use it! ... then you aren't responsible.

A Doctor might say, "We use scalpels, various clamps, and needles to do stitches... but in untrained hands may cause MORE problems." <== If the patient then operates on himself or herself, the doctor isn't responsible. :D

Also, NEVER make a diagnosis over the phone without seeing the computer... NOT until you have Seen It, have a signed Waiver, and a Work Order. You COULD always be wrong (either way)... Some problems are tough to diagnose... even tougher when the customer can't describe the details.


i.e. I have this problem with Application X, it gave me an error! What's the problem? <== No way you could know!

What did the error say?

In contrast, "In Application X, it keeps closing with error 0x80027523" <== You could probably figure it out because you have the details, but NEVER diagnose it over the phone.


Some person ringing up who is not paying for anything just yet has no rights whatsoever.

1. They have no rights if they are NOT going to pay.

2. Before they sign your work order & your waiver, they have every right to know about ANYTHING you are going to do.

3. If they then don't want you to do the process & procedures you described you want to do, they have every right to opt-out and not have it serviced by you...

************************************************** ********************************************

The bottom line: The customer ALWAYS has the right to informed consent, AND you ALWAYS have the right to keep your proprietary knowledge secret.

1aComputerServices
10-16-2011, 12:40 PM
I wouldn't say this because you are just going to piss them off. [/B]


I don't actually tell clients this. Most don't ask, they only care about being able to get on Facebook again.

Sarcasm is hard to detect when your looking at black and white text.

MobileTechie
10-16-2011, 06:18 PM
1. They have no rights if they are NOT going to pay.

2. Before they sign your work order & your waiver, they have every right to know about ANYTHING you are going to do.

3. If they then don't want you to do the process & procedures you described you want to do, they have every right to opt-out and not have it serviced by you...

The bottom line: The customer ALWAYS has the right to informed consent, AND you ALWAYS have the right to keep your proprietary knowledge secret.

I could probably understand this even without all the bolding, colouring and underlining you know :rolleyes:

That's your opinion stated as fact. Actually they have no rights really other than those agreed between the two parties or those bestowed by law. I don't know of any law going into such minute detail. I doubt one exists. I'm happy to give certain details at certain points in the process to certain people. If, as you say, they don't like it, then they can use someone else. It's never cropped up because normal, paying customers don't demand to know the exact tool or registry key I'm changing, only freeloaders.

sassenach
10-16-2011, 06:26 PM
The main tool that most of us will use is the x,000 hours of advanced tuition and research that gave us the knowledge to do the job.

othersteve
10-17-2011, 12:18 AM
I tell them I use custom-built software to remove the infections (because I actually do), and I don't mind also telling them that I use manual removal tools such as OTL as well. It's not like they're going to log on, read up on OTL, download it, and remove their own infection. It's a highly advanced tool that requires a ton of practice.

Then again, that's why I'm so good at what I do! :D

VortecPC
10-17-2011, 08:27 PM
I just ask people if they've ever used WinPE boot disks to edit registry hives. Usually sounds like greek to them so they give up trying to understand how to do it :p

Metanis
10-18-2011, 04:32 AM
At a shop I worked at a few years ago we were instructed to "turn on" our best business voice and let the customer know that we provide telephone support at $1.25 per minute and will that be Visa or MasterCard? Then you keep just returning the caller to your request for a credit card number.

We actually got a few sales this way too that usually turned into a service call.

Perhaps we lost some customers this way but chances are they wouldn't have been profitable anyway.

-Mike