Why is it bad for me if my computer is infected, if I don't notice? [closed]
Solution 1:
The best and least refutable argument is, that if you have nothing else to protect, you have your reputation.
If your account starts sending virus spam, you have to answer to everyone in your address book.
If the FBI starts asking why your PC engaged in a coordinated DDOS attack on a bank's website (because you got enrolled in the Zeus botnet), you have to let them sift through all your personal artefacts to (hopefully) prove you are not a cyber-criminal suitable for imprisonment for 30+ years. or worse yet, someone used your computer as a proxy for downloading child pornography, stealing and selling credit card data, or selling drugs on the silk road.
everyone has their reputation (and potentially their freedom) to protect. emphasizing that is one of the more effective ways to teach people (patching) religion. Just an investigation on some of these topics is enough to show up in background checks, which can follow you the rest of your life.
Solution 2:
He says
I don't want to update something that works, updates may break something. Look at our old computer that runs Windows 98, I've been using it every day for everything for 15 years now and it works without any problem, even though there's absolutely no antivirus or anything.
Clearly it works for him. His argument is good.
If somebody is not going to dodgy websites, not installing software, let's say they just use Word, and Outlook Express and they don't open attachments.
I have seen middle aged non-computer users in the family that use a computer minimally, and some elderly in the family, just don't get malware on their computer. I suppose they could misspell a URL but they manage with the one or two URLs they visit, or the URLs come up in the address bar. Or they have a button on the bookmark bar that sends them to the URL.
If somebody can survive in this day and age with Windows 98 and not get anything in 15 years, they are doing better than others with lots of "protection".
I may be flamed or downvoted for saying this but i'm inclined to agree with him. Not that it works for anybody but that it works for him, with his style of computer use.
One way you could show a flaw in his argument, is by taking down his computer yourself, remotely, without installing any special software or malware on there (and without social engineering that abuses his trust in you), and it should be realistic i.e. something that really could happen that you see happening. Good luck trying to do that!
You should also educate him as to the risks of our times, like he may get email purporting to be from people he knows, telling him they've lost all their money. And he shouldn't fall for that.
I'm sure many people know some cautious computer users in their 60s and even those in their 80s/90s who do not "browse" the web, and are just not getting malware on their computer! Like somebody that only uses the television to watch the BBC News, somebody might only use their web browser to go to the BBC News website. There are people like that believe it or not, and it'd take a miracle for them to get malware on their computer!
Added- David has mentioned there were days when IE and OE ran Active X without asking(though it could be configured to disable active X). And one could use Chrome and web mail. The former being a fast browser anyway, and the latter being very portable.
Solution 3:
Well, tell him to think about it like this:
If a human catches a biological virus and doesn't notice, then they'll probably end up spreading it everywhere and hurting other people. So maybe you shouldn't go around licking toilets (using XP), even if it doesn't bother you specifically.
Even if he doesn't notice his computer has become part of a botnet, he'll still be sending spam everywhere.
Solution 4:
Just because the user has not noticed any inclement behaviour yet does not mean they can expect that trend to continue in the future. Especially in a digital environment, where we have seen many times that security flaws are manipulated to extract useful information.
What's to stop your user from visiting a new website tomorrow that installs a keylogger on their machine? And soon after, noticing some unexpected purchases on their credit card. Not only is it possible, it's got significant enough probability to be a threat worth taking preemptive action over.
The important thing to realize is that anti-virus and other security is to stop your system from getting infected in the first place, not to fix problems when you notice them.
Like the old saying goes, an ounce of prevention is worth a pound of cure.