One week ago I gave my favorite niece (aged 13) my old laptop, with XP reinstalled, all patches applied, and with Microsoft Security Essentials. I gave her a choice of browsers, she uses IE 8 (obviously I was not going to leave IE 6 on her computer!!!).
Today I got a call from her mother; the computer is essentially non-functional due to XP antispyware 2012. Since both mother and daughter are computer illiterate I was unable to help over the phone (it's a 3+ hour drive to their home), so I told her to seek professional help.
Let me first vent my frustration. I was trying to get the mother to download a removal tool onto a thumb drive on another (non-infected) computer, and gave up when after ten minutes she was unable to save to the thumb drive
But then my question: how did the damned thing get onto the "protected" computer in the first place? Why/how did it get past Security Essentials?
And how does one help the truly computer illiterate from a distance
The problem is solved: The mother is a lawyer who has someone who takes care of the office computers and who will remove the virus. My post was about the frustration of trying to help someone (a very intelligent woman) who understands NOTHING (am I clear ) about computers.
Never thought of using the YouTube link given at the bottom of the first page of search results ... I am an old fashioned text guy who finds videos distracting. Will remember next time.
IE8 has (and has had numerous) inherent security holes over the last couple of years, in varying degrees of seriousness. (It was believed the Chinese/Google security issue of last year was partly as a result of a hole in IE8 - as many security updates/patches were issued immediately afterwards).
As there is now IE9, any holes in IE8, will not/never be patched. As XP doesn't support IE9, the best policy would be to consider ditching using IE8 on XP, and use something like Firefox or Chrome, whose security tends to tighter and updated regularly as and when required.
Danish vulnerability specialists Secunia give the following long-term, on-going advisory on IE8 - which may or may not be a factor in this case.
EDIT: I was familiar with a problem, a couple of years back with Super AntiSpyware Pro, and it tricks the user into believing that they already have an infection (fake trojan) and fools to encourage the user to download very convincing looking (but fake) M$ software to solve the problem - this is the virus.
Doesn't matter what type of security you have if someone just opens the door every time the bell rings.
In other words, if you're tricked into downloading and running something, and ignore the legitimate popups telling you that you're crazy and the programme you're about to run is the spawn of the devil, then what you gonna do.
Obviously ... I have never used any version of IE as my main browser, using Netscape, then Firefox, experimenting with Chrome, then returning to Firefox but ...
"You can lead a horse to water, but you can't make it drink"