Best Protection vs. What they Understand

[Bryce W]

As most computer literate people know, you need a good antivirus, firewall and all the windows updates in order to remain safe on the internet.

The other day I was called out to a computer repair where their Outlook Express wouldnt send or recieve emails, it turned out that their firewall was blocking any traffic going to or from Outlook Express.

A few weeks ago their usual computer techie installed "EZ Firewall" which seems to be a flavor of Zone Alarm to protect them.

To fix the Outlook Express problem I removed the entries for OE under "Program Control", reopened Outlook Express and the firewall popped up the message:

"Outlook is trying to connect to the internet: Allow / Deny"

And my client said "oh, and what do I do when those messages pop up? I usually click Deny".

Outlook Express is obviously going to try and connect to the internet so it should always be allowed but the client didnt know that. In their mind, any firewall message is a bad message like hackers are trying to get into the PC.

They have pretty much had zero idea what should be allowed and what shouldnt and because of this the firewall became a problem rather than helpful.

I ended up uninstalling the firewall and turned on WindowsXP SP2's standard firewall instead.

I often settle for what the client understands and have a little less protection because if they have something which offers more complete protection (such as a 3rd party firewall) and they dont know how to use it, its pretty much useless.

What do you guys think? Offer them something that gives them the best protection? or stick with something they understand?

 

[Kiwwa]

It's a tough question, the issue for me with allowing lesser defences onto their computer is that they could quite easily claim that I am liable for any damages or issues after 'downgrading them for their own good'.

But... I did quite often downgrade people's antivirus at my previous job... please forgive me AVG gods, I shall repent for installing Vet Antivirus!

But in all seriousness... Its a trade-off between what the user understands about the computer and what they understand about how much I and they are responsible for damages to their computer; If I know they're going to kick up a hassle about anything if it goes wrong, i'll spend the extra time with them explaining what their firewall is and when it is ok to click "allow".

 

[techbyte]

Out of interest, what are everyone's thoughts and approaches to contracts, disclaimers, liability insurance, etc? I don't (currently) use any of those during my on-site repair work, and so far haven't been caught out. Any horror stories out there?!

I was once following a supervisor's advice from a very-well-known firewall vendor (ironically) when the usual Add/Remove Programs and their own removal tool didn't work, which somehow basically resulted in this company's hard disk getting mangled. Wasn't my fault but spent a lot of time getting their 'survival-critical' data back!

You could argue that as soon as you answer the phone/e-mail and listen to their problem, you're potentially liable regardless of firewall brand, due to what you do or even don't say and subsequently do on the visit? In their eyes, you're the expert and the responsibility's all on your shoulders - hence the reason they called you?

 

[Bryce W]

I think most techies who have been operating for a while incorporate which protects their personal assets when they are being sued (such as their house and car) and limits sueing only to the amount that is invested in the business.

There is a local business Ive seen around here with about 12 or so techies and they have Liability insurance up to 1 million. Every single job their technicians do they have to get the client to sign a form confirming that the files on the harddrive are not worth more than 1 million dollars otherwise they cant work on it.

I have had a job or two where the **** hit the fan and something failed royally. Mostly when I was working with Windows ME.

I was uninstalling Norton Antivirus via the Add/Remove as it was causing problems and it nuked the registry somehow. Because it wasnt my fault I charged the client for the repair time. However if it was me accidently deleting something I shouldnt have or something else I have control over I would have bit the bullet and have not charged.

I think explaining what you have done on the computer to people is the best way to protect yourself if you dont have liability insurance or arent incorporated.

At every job I goto that has an internet connected computer I will check its windows updates, firewall and virus scanner to make sure they are all up to date and working. When I am done I would say:

"Because hackers are figuring out new ways to break into computers all the time your system needs patches to close these holes and I have set it to download and install these updates automatically. However if you see the yellow shield you should click on it and install the updates. I have also installed/updated your antivirus and.... etc etc etc... By having all these updated it should protect you from nasties getting on your computer without your input. However you need to be careful and not click on/install .... etc.. etc.. because you can still let nasties in regardless of what I install to protect you."

By saying this they feel that I am looking out for their best interests and they know that if they got a virus, it is probably their fault for letting it in (downloading/opening something they shouldnt have).
Because of this, when they call me I get a "can you come fix... I seem to have accidently done something" attitude instead of a "what you installed didnt work!" attitude.

 

[Stealth]

I wholeheartedly agree with giving the customer "the talk" (pun not intended).
I've done that in the past with customers who have the minimum amount of knowledge (the level you'd expect from someone who uses a regular Windows-Internet Exploit-Office type of computer) - and it has several positive effects. Teaches them responsibility, keeps you from having to do recurring visits (which are a notorious pain in the ass) and wipes some responsibility off you. I still get some "post-op" phonecalls, but they're usually resolved in less than five minutes after a brief supplement to "the talk".