colonydata
Member
- Reaction score
- 7
- Location
- Statesboro,GA
My grandfather got his computer infected with rouge security software last week.
this is not the first time it's happened. the technical braintrust of the family (my Georgia Tech Mech engineer cousin, and myself) have tried several times to show him how to tell the difference between rouge security software and the legit stuff we have installed on his computer. but it's just not working.
so i have been thinking of ways to improve user recognition of rouge vs. legit.
when i opened my business checking account and they went through the online banking enrollment they had me pick a picture and a write a short description that i would recognize later. the purpose being that after you put in your username it shows you that picture and your description to authenticate to you that you are indeed on the legit site and not on a phishing site.
i am wondering if something like that for AV software might be effective.
obviously it would have to be something known only to the end user and the legit software package. it should not be accessible to other programs (via api or scanning resource strings like the way people were able to get the oauth private key from the twitter for android app) so it's not something that various av packages can share (establishing trust networks would be hard, as it would take a third party similar to a Certificate Authority or validation authority to determine access).
am i missing something? i know it isnt perfect, if it was no one would get phished out of there online banking password), but my security training has taught me that you need multiple layers of security and this seems like it would be a pretty good layer to add.
this is not the first time it's happened. the technical braintrust of the family (my Georgia Tech Mech engineer cousin, and myself) have tried several times to show him how to tell the difference between rouge security software and the legit stuff we have installed on his computer. but it's just not working.
so i have been thinking of ways to improve user recognition of rouge vs. legit.
when i opened my business checking account and they went through the online banking enrollment they had me pick a picture and a write a short description that i would recognize later. the purpose being that after you put in your username it shows you that picture and your description to authenticate to you that you are indeed on the legit site and not on a phishing site.
i am wondering if something like that for AV software might be effective.
obviously it would have to be something known only to the end user and the legit software package. it should not be accessible to other programs (via api or scanning resource strings like the way people were able to get the oauth private key from the twitter for android app) so it's not something that various av packages can share (establishing trust networks would be hard, as it would take a third party similar to a Certificate Authority or validation authority to determine access).
am i missing something? i know it isnt perfect, if it was no one would get phished out of there online banking password), but my security training has taught me that you need multiple layers of security and this seems like it would be a pretty good layer to add.
